diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2018-11-14 13:11:05 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-14 13:11:05 -0800 |
| commit | b79f3a48140e99ac917274bfd680217fe28ae17c (patch) | |
| tree | 25c59bfdc659149a79035198994a7e1d2d394b3e /test | |
| parent | 7e9f7f62d230f7ed083c0c2d425ae47dac4f513f (diff) | |
| download | binaryen-b79f3a48140e99ac917274bfd680217fe28ae17c.tar.gz binaryen-b79f3a48140e99ac917274bfd680217fe28ae17c.tar.bz2 binaryen-b79f3a48140e99ac917274bfd680217fe28ae17c.zip | |
ReFinalize fix (#1742)
Handle a corner case in ReFinalize, which incrementally re-types code after changes. The problem is that if we need to figure out the type of a block, we look to the last element flowing out, or to breaks with values. If there is no such last element, and the breaks are not taken - they have unreachable values - then they don't tell us the block's proper type. We asserted that in such a case the block still had a type, and didn't handle this.
To fix it, we could look on the parent to see what type would fit. However, it seem simpler to just remove untaken breaks/switches as part of ReFinalization - they carry no useful info anyhow. After removing them, if the block has no other signal of a concrete type, it can just be unreachable.
This bug existed for at least 1.5 years - I didn't look back further. I think it was noticed by the fuzzer now due to recent fuzzing improvements and optimizer improvements, as I just saw this bug found a second time.
Diffstat (limited to 'test')
| -rw-r--r-- | test/passes/code-folding.txt | 4 | ||||
| -rw-r--r-- | test/passes/precompute.txt | 14 | ||||
| -rw-r--r-- | test/passes/remove-unused-brs.txt | 24 | ||||
| -rw-r--r-- | test/passes/remove-unused-brs.wast | 21 | ||||
| -rw-r--r-- | test/wasm2js/br.2asm.js | 16 |
5 files changed, 62 insertions, 17 deletions
diff --git a/test/passes/code-folding.txt b/test/passes/code-folding.txt index 75b9dc3c8..8b5e14d7a 100644 --- a/test/passes/code-folding.txt +++ b/test/passes/code-folding.txt @@ -109,8 +109,8 @@ (func $leave-inner-block-type (; 6 ;) (type $1) (block $label$1 (drop - (block $label$2 (result i32) - (br_if $label$2 + (block $label$2 + (block (unreachable) (unreachable) ) diff --git a/test/passes/precompute.txt b/test/passes/precompute.txt index 11bd93fc4..1c060fbef 100644 --- a/test/passes/precompute.txt +++ b/test/passes/precompute.txt @@ -162,7 +162,7 @@ (func $refinalize-two-breaks-one-unreachable (; 6 ;) (type $2) (drop (block $label$0 (result i64) - (br_if $label$0 + (block (select (i64.const 1) (block $block @@ -175,17 +175,21 @@ ) (i32.const 0) ) - (i32.const 1) + (drop + (i32.const 1) + ) ) ) ) ) (func $one-break-value-and-it-is-unreachable (; 7 ;) (type $3) (result f64) (local $var$0 i32) - (block $label$6 (result f64) - (br_if $label$6 + (block $label$6 + (block (unreachable) - (i32.const 0) + (drop + (i32.const 0) + ) ) ) ) diff --git a/test/passes/remove-unused-brs.txt b/test/passes/remove-unused-brs.txt index 5db42249d..b5bcce9f2 100644 --- a/test/passes/remove-unused-brs.txt +++ b/test/passes/remove-unused-brs.txt @@ -1922,4 +1922,28 @@ ) ) ) + (func $fuzz-block-unreachable-brs-with-values (; 80 ;) (type $2) (result i32) + (local $0 i32) + (loop $label$1 + (block $label$2 + (br_if $label$1 + (i32.eqz + (get_local $0) + ) + ) + (tee_local $0 + (loop $label$5 + (br_if $label$5 + (block + (unreachable) + (drop + (i32.const 0) + ) + ) + ) + ) + ) + ) + ) + ) ) diff --git a/test/passes/remove-unused-brs.wast b/test/passes/remove-unused-brs.wast index c63dc4689..8325b47ac 100644 --- a/test/passes/remove-unused-brs.wast +++ b/test/passes/remove-unused-brs.wast @@ -1540,5 +1540,26 @@ (br $label$1) ) ) + (func $fuzz-block-unreachable-brs-with-values (result i32) + (local $0 i32) + (loop $label$1 (result i32) + (block $label$2 (result i32) + (if + (get_local $0) + (set_local $0 + (loop $label$5 + (br_if $label$5 + (br_if $label$2 + (unreachable) + (i32.const 0) + ) + ) + ) + ) + ) + (br $label$1) + ) + ) + ) ) diff --git a/test/wasm2js/br.2asm.js b/test/wasm2js/br.2asm.js index a877618a1..bea5cf57b 100644 --- a/test/wasm2js/br.2asm.js +++ b/test/wasm2js/br.2asm.js @@ -510,7 +510,7 @@ function asmFunc(global, env, buffer) { } function $54() { - var $0 = 0, $1_1 = 0; + var $0 = 0; block : { block0 : { $0 = 8; @@ -523,10 +523,8 @@ function asmFunc(global, env, buffer) { function $55() { var $0 = 0, $1_1 = 0; block : { - block1 : { - $0 = 8; - break block; - }; + $0 = 8; + break block; }; return 1 + $0 | 0 | 0; } @@ -541,12 +539,10 @@ function asmFunc(global, env, buffer) { } function $57() { - var $0 = 0, $1_1 = 0; + var $0 = 0; block : { - block2 : { - $0 = 8; - break block; - }; + $0 = 8; + break block; }; return 1 + $0 | 0 | 0; } |