| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Parse the formats allowed by the spec proposal and emit the i32x4
canonical format.
|
| | |
|
| |
|
| |
And run it in wasm-emscripten-finalize. This will prevent the emscripten output from changing when the target features section lands in LLVM.
|
| |
|
|
| |
We now implement addFunction by creating a wasm module to wrap
that JS function and simply adding it to the table.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See #1919 - we did not do this consistently before.
This adds a lowMemoryUnused option to PassOptions. It can be passed on the commandline with --low-memory-unused. If enabled, we run the new optimize-added-constants pass, which does the real work here, replacing older code in post-emscripten.
Aside from running at the proper time (unlike the old pass, see #1919), this also has a -propagate mode, which can do stuff like this:
y = x + 10
[..]
load(y)
[..]
load(y)
=>
y = x + 10
[..]
load(x, offset=10)
[..]
load(x, offset=10)
That is, it can propagate such offsets to the loads/stores. This pattern is common in big interpreter loops, where the pointers are offsets into a big struct of state.
The pass does this propagation by using a new feature of LocalGraph, which can verify which locals are in SSA mode. Binaryen IR is not SSA (intentionally, since it's a later IR), but if a local only has a single set for all gets, that means that local is in such a state, and can be optimized. The tricky thing is that all locals are initialized to zero, so there are at minimum two sets. But if we verify that the real set dominates all the gets, then the zero initialization cannot reach them, and we are safe.
This PR also makes safe-heap aware of lowMemoryUnused. If so, we check for not just an access of 0, but the range 0-1023.
This makes zlib 5% faster, with either the wasm backend or asm2wasm. It also makes it 0.5% smaller. Also helps sqlite (1.5% faster) and lua (1% faster)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* make DE_NAN avoid creating nan literals in the first place
* add a reducer option `--denan` to not introduce nans in destructive reduction
* add a `Literal::isNaN()` method
* also remove the default exception logging from the fuzzer js glue, which is a source of non-useful VM differences (like nan nondeterminism)
* added an option `--no-fuzz-nans` to make it easy to avoid nans when fuzzing (without hacking the source and recompiling).
Background: trying to get fuzzing on jsc working despite this open issue: https://bugs.webkit.org/show_bug.cgi?id=175691
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A user that just does
```
wasm-opt input.wasm -O
```
may assume that the input file should have been optimized. But without `-o` we don't emit any output.
Often you may not want any output, like if you just want to run a pass like `--metrics`. But for most users wasm-opt is probably going to be used as an optimizer of files. So this PR suggests we emit a warning in that case.
For comparison, `llvm-opt` would print to the console, but it avoids printing a binary there so it issues a warning. Instead of this warning, perhaps we should do the same? That would also not be confusing.
Closes #1907
|
| |
|
|
|
| |
We should emit a file with only the data segments, starting from the global base, and not starting from zero (the data before is unneeded, and the emscripten loading code assumes it isn't there).
Also fix the auto updater to work properly on .mem test updating.
|
| |
|
|
|
|
| |
Bulk memory operations
The only parts missing are the interpreter implementation
and spec tests.
|
| |
|
| |
To calculate the metadata, we must look at the segments. If we split them out earlier (which we do for threads), they aren't there.
|
| |
|
| |
Before this, we just did not emit illegal dynCalls. This was wrong as we do need them (e.g. if a function with a setjmp call calls a function with an i64 param - we'll have an invoke with that signature there). We just need to legalize them. This fixes that by first emitting them, and second by running legalization late, after dynCalls have been generated, so it legalizes them too.
|
| |
|
|
|
|
|
| |
See emscripten-core/emscripten#7928 - we have been optimizing all wasms until now, and noticed this when the wasm object file path did not do so. When not optimizing, our methods of handling EM_ASM and EM_JS fail since the patterns are different.
Specifically, for EM_ASM we hunt for emscripten_asm_const(X, where X is a constant, but without opts it may be a get of a local. For EM_JS, the function body may not just contain a const, but a block with a set of the const and a return of a get later.
This adds logic to track gets and sets in basic blocks, which is sufficient to handle this.
|
| |
|
|
|
| |
* Also fixes some bugs in wasm2js tests that did not validate.
* Rename FeatureOptions => ToolOptions, as they now contain all the basic stuff each tool needs for commandline options (validation yes or no, and which features if so).
|
| |
|
|
|
|
| |
This takes advantage of the recent memory simplification in emscripten, where JS static allocation is done at compile time. That means we know the stack's initial location at compile time, and can apply it. This is the binaryen side of that:
* asm2wasm support for asm.js globals with an initial value var X = Y; where Y is not 0 (which is what the stack now is).
* wasm-emscripten-finalize support for a flag --initial-stack-pointer=X, and remove the old code to import the stack's initial location.
|
| |
|
|
| |
* Use modern T p = v; notation to initialize class fields
* Use modern X() = default; notation for empty class constructors
|
| |
|
|
|
|
|
|
|
|
|
| |
The main fuzz_opt.py script compares JS VMs, and separately runs binaryen's fuzz-exec that compares the binaryen interpreter to itself (before and after opts). This PR lets us directly compare binaryen's interpreter output to JS VMs. This found a bunch of minor things we can do better on both sides, giving more fuzz coverage.
To enable this, a bunch of tiny fixes were needed:
* Add --fuzz-exec-before which is like --fuzz-exec but just runs the code before opts are run, instead of before and after.
* Normalize double printing (so JS and C++ print comparable things). This includes negative zero in JS, which we never printed properly til now.
* Various improvements to how we print fuzz-exec logging - remove unuseful things, and normalize the others across JS and C++.
* Properly legalize the wasm when --emit-js-wrapper (i.e., we will run the code from JS), and use that in the JS wrapper code.
|
| |
|
|
|
| |
This fixes the memory leak in WasmBinaryBuilder::readSignatures() caused probably the exception thrown there before the FunctionType object is safe.
This also makes it clear that the Module becomes the owner of the FunctionType objects.
|
| |
|
|
|
|
| |
Automated renaming according to
https://github.com/WebAssembly/spec/issues/884#issuecomment-426433329.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
After we added logging to the fuzzer, we forgot to add to the JS glue code the necessary imports so it can be run there too.
Also adds legalization for the JS glue code imports and exports.
Also adds a missing validator check on imports having a function type (the fuzzing code was missing one).
Fixes #1842
|
| | |
|
| | |
|
| |
|
|
| |
* Fuzzing v128 and associated bug fixes
|
| |
|
|
|
| |
Even when we don't want to fully legalize code for JS, we should still legalize things that only JS cares about. In particular, dynCall_* methods are used from JS to call into the wasm table, and if they exist they are only for JS, so we should only legalize them.
The use case motivating this is that in dynamic linking you may want to disable legalization, so that wasm=>wasm module calls are fast even with i64s, but you do still need dynCalls to be legalized even in that case, otherwise an invoke with an i64 parameter would fail.
|
| |
|
|
|
|
|
|
|
| |
Implement and test the following functionality for SIMD.
- Parsing and printing
- Assembling and disassembling
- Interpretation
- C API
- JS API
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Move the code around so the assertions are not caught in the big try-catch that reports errors as parsing errors.
|
| | |
|
| |
|
| |
I broke this to be alwasy empty in #1795.
|
| | |
|
| |
|
|
| |
Add feature flags and struct interface. Default feature set has all feature enabled.
|
| |
|
|
|
|
|
|
| |
expected names (#1795)
This means lld can emscripten can disagree about the naming of these
imports and emscripten-wasm-finalize will take care of paper over the
differences.
|
| |
|
|
| |
This is sort of like --strip on a native binary. The more specific use case for us is e.g. you link with a library that has -g in its CFLAGS, but you don't want debug info in your final executable (I hit this with poppler now). We can make emcc pass this to binaryen if emcc is not building an output with intended debug info.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The wasm backend uses a wasm global (__stack_pointer) for the shadow
stack location. In order to make this work with shared libraries the
main module would have to export this global and shared libraries would
need to import it. This means we'd be relying of mutable globals which
are not yet implemented in all browsers.
This change allows is to move forward with shared libraries without
mutable global support by replacing all stack pointer access in shared
libraries with functions calls.
|
| |
|
|
|
|
|
|
| |
Before we just looked at function return values when looking for differences before and after running some passes, while fuzzing. This adds logging of values during execution, which can represent control flow, monitor locals, etc., giving a lot more opportunities for the fuzzer to find problems.
Also:
* Clean up the sigToFunctionType function, which allocated a struct and returned it. This makes it safer by returning the struct by value, which is also easier to use in this PR.
* Fix printing of imported function calls without a function type - turns out we always generate function types in loading, so we didn't notice this was broken, but this new fuzzer feature hit it.
|
| |
|
|
|
| |
This picks up from #1644 and indeed borrows the test case from there.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Where reasonable from a readability perspective, remove default cases
in switches over types and instructions. This makes future feature
additions easier by making the compiler complain about each location
where new types and instructions are not yet handled.
|
| |
|
| |
Reducing on text files can be useful as in binaryen the binary reading and writing has some noticeable effects (due to wasm and binaryen IR not being identical, while the text format is a closer match.
|
| |
|
|
|
| |
(#1751)
partially solves #1676.
|
| |
|
| |
This tries to reduce by replacing targets with the default, and by shrinking the list of targets.
|
| |
|
|
| |
In this case we won't want generate any of the normal memory
helper functions (they come from the main module).
|
| |
|
|
| |
This writes the data section into a file suitable for use with emscripten's
--memory-init-file flag
|
| |
|
|
|
|
| |
* Recombine function pieces after randomly generating them, by creating copies and moving them around. This gives a realistic probability to seeing duplicate expressions, which some optimizations look for, which otherwise the fuzzer would have almost never reached.
* Mutate function pieces after recombination, giving not only perfect duplicates but also near-duplicates.
These operations take into account the type, but not the nesting and uniqueness of labels, so we fix that up afterwards (when something is broken, we replace it with something trivial).
|
| | |
|
