| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The `op` string_view was intentionally created to point into the `buf` buffer so
that reading past its end would still be safe, but some C++ standard library
implementations assert when reading past the end of a string_view. Change the
generated code to read out of `buf` instead to avoid those assertions.
Fixes #5322.
Fixes #5342.
|
| |
|
|
|
|
|
| |
If a global's type is not fully refined, then when --gsi replaces a reference with
a global.get, we end up with a type that might not be good enough. For example,
if the type is any then it is not a subtype of eq and we can't do ref.eq on it, which
this pass requires. We also can't just do struct.get on it if it is a too-distant parent
or such.
|
| |
|
|
|
| |
This PR adds support for Atomic instructions in the multi-memory lowering pass. Also includes optional bounds checks per the wasm spec guidelines, (visitAtomicRMW, visitAtomicCmpxchg, visitAtomicWait, visitAtomicNotify).
Note: The latter two instructions, memory.atomic.wait and memory.atomic.notify, have browser engine implementations that predate the still-in-progress threads spec. And whether or not atomic.notify should trap for out-of-bounds addresses remains an open issue. For now, this PR is using the same semantics as v8, which is to bounds check all Atomic instructions the same way and trap for out-of-bounds.
|
| |
|
| |
This PR adds support for SIMD instructions in the multi-memory lowering pass. Also includes optional bounds checks per the wasm spec guidelines, (SIMDLoad, SIMDLoadSplat, SIMDLoadExtend, SIMDLoadZero, SIMDLoadStoreLane load | store).
|
| |
|
| |
Per the wasm spec guidelines for Load (rule 10) & Store (rule 12), this PR adds an option for bounds checking, producing a runtime error if the instruction exceeds the bounds of the particular memory within the combined memory.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We switched from emitting the legacy `ref.cast_static` instruction to emitting
`ref.cast null` in #5331, but that wasn't quite correct. The legacy instruction
had polymorphic typing so that its output type was nullable if and only if its
input type was nullable. In contrast, `ref.cast null` always has a a nullable
output type.
Fix our output by instead emitting non-nullable `ref.cast` if the output should
be non-nullable. Parse `ref.cast` in binary and text forms as well. Since the IR
can only represent the legacy polymorphic semantics, disallow unsupported casts
from nullable to non-nullable references or vice versa for now.
|
| |
|
|
|
|
|
| |
The standard casting instructions now allow casting to basic heap types, not
just user-defined types, but they also require that the intended type and
argument type have a common supertype. Update the validator to use the standard
rules, update the binary parser and printer to allow basic types, and update the
tests to remove or modify newly invalid test cases.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this we hit an assert with no line number info (or in a no-asserts build,
bad things can happen). With this:
$ bin/wasm-opt -all ~/Downloads/crash.wat --nominal
[parse exception: Invalid ref for ref.as (at 155065:119)]
Fatal: error parsing wasm
(That can only happen for ref.as_non_null, as all the others do not have that
assert - their types do not depend on the child's type, so their finalize does not
error. Still, it is nice to validate earlier for them as well, so this PR handles them
all.)
|
| |
|
|
|
|
|
| |
We previously supported only the non-standard cast instructions introduced when
we were experimenting with nominal types. Parse the names and opcodes of their
standard counterparts and switch to emitting the standard names and opcodes.
Port all of the tests to use the standard instructions, but add additional tests
showing that the non-standard versions are still parsed correctly.
|
| | |
|
| |
|
|
|
|
|
|
| |
This finds types that can be merged into their super: types that add no
fields, and are not used in casts, etc. - so we might as well use the super.
This complements TypeSSA, in that it can merge back the new types that
TypeSSA created, if we never found a use for them. Without this, TypeSSA
can bloat binary size quite a lot (I see 10-20%).
|
| |
|
|
|
|
|
|
|
|
| |
The upstream WasmGC spec has removed `data` and introduced `struct`. To make the
migration easier, we have been supporting `struct` as an `alias` for `data` and
`structref` as an alias for `dataref`.
Update the tests to prefer the `struct` aliases over `data` for test input to
make the future migration easier. Also update some tests that had stale comments
about ref.null types being updated and remove some tests for instructions like
br_on_data and ref.as_data that do not make sense without a `data` type.
|
| |
|
| |
Previously it only handled structs.
|
| |
|
|
|
|
|
|
|
|
|
| |
Followup to #5293, this fixes a small regression there regarding assertions. We do have
a need to visit non-instrumented functions if we want assertions, as we assert on some
things there, namely that such functions do not change the state (if they changed it,
we'd need to instrument them to handle that properly).
This moves that logic into a new pass. We run that pass when assertions are enabled.
Test diff basically undoes part the test diff from that earlier PR for that one file.
|
| | |
|
| |
|
|
|
|
|
| |
Previously we had types like `LocalT` and `MemoryT` to represent references to
locals and memories, but when we added field indices in #5255, we had to use
`FieldIdxT` instead of `FieldT` because `FieldT` was already in use as the type
representing a field itself. Update `LocalT`, `MemoryT` and `GlobalT` to have
`Idx` in their names to be consistent with `FieldIdxT`.
|
| |
|
|
|
|
|
|
|
| |
Add a way to proxy passes and the addition of passes in pass runners. With
that we can make Asyncify only modify functions it actually needs to. On a
project that Asyncify only needs to modify a few functions on, this can save
a huge amount of time as it avoids flattening+optimizing the majority of
the module.
Fixes #4822
|
| |
|
|
| |
This should unbreak the build. This is an old problem but was just noticed due to
a recent emscripten change (emscripten-core/emscripten#18292).
|
| |
|
| |
This helps cut the size and build time of the emsdk package.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This creates new nominal types for each (interesting) struct.new. That then allows
type-based optimizations to be more precise, as those optimizations will track
separate info for each struct.new, in effect. That is kind of like SSA, however, we
do not handle merges. For example:
x = struct.new $A (5);
print(x.value);
y = struct.new $A (11);
print(y.value);
// => //
x = struct.new $A.x (5);
print(x.value);
y = struct.new $A.y (11);
print(y.value);
After the pass runs each of those struct.new creates a unique type, and type-based
analysis can see that 5 or 11 are the only values written in that type (if nothing else
writes there).
This bloats the type section with the new subtypes, so it is best used with a pass
to merge unneeded duplicate types, which a later PR will add. That later PR will
exactly merge back in the types created here, which are nominally different but
indistinguishable otherwise.
This pass is not enabled by default. It's not clear yet where is the best place to do it,
as it must be balanced by type merging, but it might be better to do multiple
rounds of optimization between the two. Needs more investigation.
|
| |
|
| |
This better reflects what it really means. Also declare it with option()
|
| |
|
|
|
|
|
|
| |
wasm-s-parser.cpp was detecting the end of type strings by looking for null
characters, but those null characters would be past the end of the relevant
string_view. Bring that code in line with similar code by checking the length of
the string_view instead. Fixes an assertion failure in MSVC debug mode.
Fixes #5312.
|
| |
|
|
|
|
|
|
| |
MSVC's implementation of `strtod` doesn't return a negative Nan for "-nan", so
we already had a workaround to explicitly handle that case without calling
`strtod`. Unfortunately the workaround was not used for negative NaNs with
payloads, so there were still bugs. Fix the problem and make the code even more
portable by avoiding `strtod` completely for any kind of nan, positive or
negative, with or without payload.
|
| |
|
|
| |
We generalized the underlying API, TypeBuilder::setSubType, to allow it to take
any HeapType as the supertype in #5045. Make the same change now in the helper.
|
| |
|
|
|
| |
In favor of the more portable code snippet using `std::copysign`. Also
reintroduce assertions that the NaNs have the expected signs. This continues
work started in #5302.
|
| |
|
|
|
|
|
| |
Since `data` has been removed from the upstream proposal and `struct` has been
added in its place, update the type fuzzer to be structured around `struct` and
`array` (which it had not previously been updated to support) rather than
`data`. A follow-on PR will make the broader change of removing `data` and
adding `struct`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Before we implemented bottom heap types, `ref.null` had to be annotated with
specific types. The `LUBFinder` utility ignored these types so that it could
find the best LUB from all considered non-null expressions, then go back and
update the type annotations on the nulls to match that LUB. Now that we have
bottom types, however, none of that is necessary, and in fact ignoring nulls can
miss possible refinements to bottom types.
Update and simplify `LUBFinder` so that it is a simple wrapper around the
underlying `Type::getLeastUpperBound` utility with no additional logic. Update
tests to account for the more powerful optimizations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With this change we default to an open world, that is, we do the safe thing
by default: we no longer assume a closed world. Users that want a closed
world must pass --closed-world.
Atm we just do not run passes that assume a closed world. (We might later
refine them to find which types don't escape and only optimize those.) The
RemoveUnusedModuleElements is an exception in that the closed-world
flag influences one part of its operation, but not the rest.
Fixes #5292
|
| |
|
|
|
| |
As noticed in #5303, the test changes here are because we did unnecessary work
which created a new rec group, which then led to a rec group being printed out.
|
| |
|
| |
As suggested in #5218
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
It turns out that this assumption does not necessarily hold on Windows with
Visual Studio 2019. Instead of using `NAN` and `-NAN`, explicitly construct
positive and negative NaN values with `std::copysign`, which should be portable.
Fixes #5291.
|
| |
|
|
| |
The caller fills the map with what is relevant anyhow, so we don't need to check
before looking for an item in the map.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inlining had a bug where it gave return_calls in inlined callees concrete types
even when they should have remained unreachable. This bug flew under the radar
because validation had a bug where it allowed expressions to have concrete types
when they should have been unreachable. The fuzzer found this bug by adding
another pass after inlining where the unexpected types caused an assertion
failure.
Fix the bugs and add a test that would have triggered the inlining bug.
Unfortunately the test would have also passed before this change due to the
validation bug, but it's better than nothing.
Fixes #5294.
|
| |
|
|
|
|
|
|
|
|
|
| |
The logic that is split out into mapTypes gets a map of old type => new type and then
updates the module to replace the old with the new.
This will be useful in a future pass to merge types. We will tell it to map the types to
be merged with the types we want to merge them into.
This removes an assert on all types being in the map to allow some of them not to be.
(the new pass that will use this will only want to map some types).
|
| | |
|
| | |
|
| |
|
| |
The flag does nothing so far.
|
| |
|
|
| |
Equirecursive is no longer standards track and its implementation is extremely
complex. Remove it.
|
| |
|
|
|
|
|
|
|
|
| |
This makes Binaryen's default type system match the WasmGC spec.
Update the way type definitions without supertypes are printed to reduce the
output diff for MVP tests that do not involve WasmGC. Also port some
type-builder.cpp tests from test/example to test/gtest since they needed to be
rewritten to work with isorecursive type anyway.
A follow-on PR will remove equirecursive types completely.
|
| |
|
|
|
| |
Dumping the text is nice sometimes, but on huge testcases the wat can be 1 GB
in size (!), and so dumping one per pass can lead to using 20 GB or so for the full
optimization pipeline. Emit just the binary to avoid that.
|
| |
|
| |
Same testcase as in #5287 but in another pass.
|
| |
|
| |
This reflects that naming used in the spec.
|
| | |
|
| |
|
| |
This addresses feedback missed in #5279.
|
| |
|
|
|
|
|
|
|
| |
Update `HeapType::getFeatures` to report that GC is used for heap types that
have nontrivial recursion groups or supertypes. Update validation to check the
features on function heap types, not just their individual params and results.
This fixes a fuzz bug in #5239 where initial contents included a rec group but
the fuzzer disabled GC. Since the resulting module passed validation, the rec
groups made it into the binary output, making the type section malformed.
|
| |
|
|
|
| |
Normally we ignore them anyhow (unreachability is an effect, either a trap or
a control flow switch), but in traps-never-happen mode we can ignore a trap, so
we need to check this manually.
|
| |
|
| |
This workaround is no longer needed after commit emscripten-core/emscripten@ce4c405.
|
