diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/passes/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | src/passes/EncloseWorld.cpp | 155 | ||||
| -rw-r--r-- | src/passes/pass.cpp | 3 | ||||
| -rw-r--r-- | src/passes/passes.h | 1 | ||||
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 37 | ||||
| -rw-r--r-- | src/tools/wasm-reduce.cpp | 1 |
6 files changed, 177 insertions, 21 deletions
diff --git a/src/passes/CMakeLists.txt b/src/passes/CMakeLists.txt index e46163406..6b78e487d 100644 --- a/src/passes/CMakeLists.txt +++ b/src/passes/CMakeLists.txt @@ -35,6 +35,7 @@ set(passes_SOURCES DuplicateImportElimination.cpp DuplicateFunctionElimination.cpp DWARF.cpp + EncloseWorld.cpp ExtractFunction.cpp Flatten.cpp FuncCastEmulation.cpp diff --git a/src/passes/EncloseWorld.cpp b/src/passes/EncloseWorld.cpp new file mode 100644 index 000000000..5c6b70546 --- /dev/null +++ b/src/passes/EncloseWorld.cpp @@ -0,0 +1,155 @@ +/* + * Copyright 2024 WebAssembly Community Group participants + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// +// "Closes" the world, in the sense of making it more compatible with the +// --closed-world flag, in a potentially destructive manner. This is mainly +// useful for fuzzing (in that a random module is usually very incomptable with +// closed world, with most types being public and hence unoptimizable, but +// running this pass makes as many as we can fully private). +// +// The fixup we do is to find references sent out/received in, and to +// externalize / internalize them. For example, this export: +// +// (func $refs (export "refs") (param $x (ref $X)) (result (ref $Y)) +// +// would have the following function exported in its place: +// +// (func $refs-closed (export "refs") (param $x externref) (result externref) +// (extern.convert_any +// (call $refs +// (ref.cast (ref $X) +// (any.convert_extern +// (local.get $x)))))) +// + +#include "ir/names.h" +#include "pass.h" +#include "wasm-builder.h" +#include "wasm.h" + +namespace wasm { + +namespace { + +struct EncloseWorld : public Pass { + void run(Module* module) override { + // Handle exports. + // TODO: Non-function exports. + std::vector<std::unique_ptr<Export>> newExports; + for (auto& ex : module->exports) { + if (ex->kind == ExternalKind::Function) { + auto* func = module->getFunction(ex->value); + // If this opens up types, replace it with an enclosed stub. + if (opensTypes(func)) { + auto stubName = makeStubStubForExport(func, module); + ex->value = stubName; + } + } + } + for (auto& ex : newExports) { + module->addExport(std::move(ex)); + } + + // TODO: Handle imports. + } + +private: + // Whether a type is an "open" ref, that is, a type that closed-world would + // consider to keep things public and prevent some amount of closed-world + // optimizations. + bool isOpenRef(Type t) { + // Only externref keeps things closed, and we must ignore things that + // cannot be converted to/from it (like funcrefs), so we can just check for + // the top type being any. + return t.isRef() && t.getHeapType().getTop() == HeapType::any; + } + + // Whether a function causes types to be open. + bool opensTypes(Function* func) { + for (const auto& param : func->getParams()) { + if (isOpenRef(param)) { + return true; + } + } + // TODO: Handle tuple results. + return isOpenRef(func->getResults()); + } + + // Make an enclosed stub function for an exported function, and return its + // name. + Name makeStubStubForExport(Function* func, Module* module) { + // Pick a valid name for the stub we are about to create. + auto stubName = Names::getValidFunctionName( + *module, std::string("stub$") + func->name.toString()); + + // Create the stub. + Builder builder(*module); + + // The stub's body is just a call to the original function, but with some + // conversions to/from externref. + std::vector<Expression*> params; + + auto externref = Type(HeapType::ext, Nullable); + + // Handle params. + std::vector<Type> stubParams; + for (const auto& param : func->getParams()) { + if (!isOpenRef(param)) { + // A normal parameter. Just pass it to the original function. + auto* get = builder.makeLocalGet(stubParams.size(), param); + params.push_back(get); + stubParams.push_back(param); + } else { + // A type we must fix up: receive as an externref and then internalize + // and cast before sending to the original function. + auto* get = builder.makeLocalGet(stubParams.size(), externref); + auto* interned = builder.makeRefAs(AnyConvertExtern, get); + // This cast may be trivial, but we leave it to the optimizer to remove. + auto* cast = builder.makeRefCast(interned, param); + params.push_back(cast); + stubParams.push_back(externref); + } + } + + auto* call = builder.makeCall(func->name, params, func->getResults()); + + // Generate the stub's type. + auto oldResults = func->getResults(); + Type resultsType = isOpenRef(oldResults) ? externref : oldResults; + auto type = Signature(Type(stubParams), resultsType); + + // Handle the results and make the body. + Expression* body; + if (!isOpenRef(oldResults)) { + // Just use the call. + body = call; + } else { + // Fix up the call's result. + body = builder.makeRefAs(ExternConvertAny, call); + } + + module->addFunction(builder.makeFunction(stubName, type, {}, body)); + + return stubName; + } +}; + +} // anonymous namespace + +Pass* createEncloseWorldPass() { return new EncloseWorld(); } + +} // namespace wasm diff --git a/src/passes/pass.cpp b/src/passes/pass.cpp index 4be24cebf..7f6985e0f 100644 --- a/src/passes/pass.cpp +++ b/src/passes/pass.cpp @@ -159,6 +159,9 @@ void PassRegistry::registerPasses() { registerPass("emit-target-features", "emit the target features section in the output", createEmitTargetFeaturesPass); + registerPass("enclose-world", + "modify the wasm (destructively) for closed-world", + createEncloseWorldPass); registerPass("extract-function", "leaves just one function (useful for debugging)", createExtractFunctionPass); diff --git a/src/passes/passes.h b/src/passes/passes.h index aadd26d41..b313b3431 100644 --- a/src/passes/passes.h +++ b/src/passes/passes.h @@ -46,6 +46,7 @@ Pass* createDWARFDumpPass(); Pass* createDuplicateImportEliminationPass(); Pass* createDuplicateFunctionEliminationPass(); Pass* createEmitTargetFeaturesPass(); +Pass* createEncloseWorldPass(); Pass* createExtractFunctionPass(); Pass* createExtractFunctionIndexPass(); Pass* createFlattenPass(); diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index ed653ef6b..135e50393 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -62,6 +62,17 @@ void TranslateToFuzzReader::pickPasses(OptimizationOptions& options) { // things like ClusterFuzz, where we are using Binaryen to fuzz other things // than itself). As a result, the list of passes here is different from // fuzz_opt.py. + + // Enclose the world, some of the time. We do this before picking any other + // passes so that we make the initial fuzz contents more optimizable by + // closed-world passes later. Note that we do this regardless of whether we + // are in closed-world mode or not, as it is good to get this variety + // regardless. + if (oneIn(2)) { + options.passes.push_back("enclose-world"); + } + + // Main selection of passes. while (options.passes.size() < 20 && !random.finished() && !oneIn(3)) { switch (upTo(42)) { case 0: @@ -1075,30 +1086,14 @@ Function* TranslateToFuzzReader::addFunction() { // Add hang limit checks after all other operations on the function body. wasm.addFunction(std::move(allocation)); // Export some functions, but not all (to allow inlining etc.). Try to export - // at least one, though, to keep each testcase interesting. Only functions - // with valid params and returns can be exported because the trap fuzzer - // depends on that (TODO: fix this). - auto validExportType = [](Type t) { - if (!t.isRef()) { - return true; - } - auto heapType = t.getHeapType(); - return heapType == HeapType::ext || heapType == HeapType::func || - heapType == HeapType::string; - }; + // at least one, though, to keep each testcase interesting. Avoid non- + // nullable params, as those cannot be constructed by the fuzzer on the + // outside. bool validExportParams = std::all_of(paramType.begin(), paramType.end(), [&](Type t) { - return validExportType(t) && t.isDefaultable(); + return t.isDefaultable(); }); - // Note: spec discussions around JS API integration are still ongoing, and it - // is not clear if we should allow nondefaultable types in exports or not - // (in imports, we cannot allow them in the fuzzer anyhow, since it can't - // construct such values in JS to send over to the wasm from the fuzzer - // harness). - bool validExportResults = - std::all_of(resultType.begin(), resultType.end(), validExportType); - if (validExportParams && validExportResults && - (numAddedFunctions == 0 || oneIn(2)) && + if (validExportParams && (numAddedFunctions == 0 || oneIn(2)) && !wasm.getExportOrNull(func->name)) { auto* export_ = new Export; export_->name = func->name; diff --git a/src/tools/wasm-reduce.cpp b/src/tools/wasm-reduce.cpp index 8d9858b78..026825118 100644 --- a/src/tools/wasm-reduce.cpp +++ b/src/tools/wasm-reduce.cpp @@ -275,6 +275,7 @@ struct Reducer "--dae-optimizing", "--dce", "--duplicate-function-elimination", + "--enclose-world", "--gto", "--inlining", "--inlining-optimizing", |