summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Generate unique block names when inlining (#5697)Alon Zakai2023-05-051-3/+16
| | | | | | | | | | | Each time we inline we put the contents in a block. Before we used the same name each time we inlined the same method, and as a result had many conflicts if a function was inlined many times. With this PR we emit a different name each time. This is not 100% NFC as it does change block names, which is observable in the IR (as can be seen in the test updates). This helps #5696 in speeding up UniqueNameManner.
* [Wasm GC] Automatically make RefCast heap types more precise (#5704)Alon Zakai2023-05-051-1/+15
| | | | | | | | | | | | | | We already did this for nullablilty, and so for the same reasons we should do it for heap types as well. Also, I realized that doing so would solve #5703, which is the new test added for TypeRefining here. The fuzz bug solved here is that our analysis of struct gets/sets will skip copy operations - a read from a field that is written into it. And we skip fallthrough values while doing so, since it doesn't matter if the read goes through an if arm or a cast. An if would automatically get a more precise type during refinalize, so this PR does the same for a cast basically. Fixes #5703
* [NFC] Scan first in UniqueNameMapper (#5696)Alon Zakai2023-05-051-2/+43
| | | | | | | | We can scan far faster than the name mapping process itself, so do that first, as in the common case nothing needs to be fixed up. This together with #5697 significantly reduces the overhead in --inlining-optimizing of UniqueNameMapper, from something like 50% to 10%.
* [NFC] Track the kinds of items that names refer to in ↵Alon Zakai2023-05-055-48/+135
| | | | | | | | | | | | wasm-delegations-fields (#5690) This makes delegations-fields track Kinds. That is, rather than say a field is just a Name, we can say it is a name of kind Function. This allows users to track references to functions, tables, memories, etc., in a simple and generic way, avoiding duplicated code which we have atm. (In particular this will help wasm-merge in the future.) This also uses that functionality in two small places to show the benefits (see memory-utils.cpp and MemoryPacking.cpp).
* [NFC] Refactor each of ArrayNewSeg and ArrayInit into subclasses for ↵Alon Zakai2023-05-0425-368/+563
| | | | | | | | | | | Data/Elem (#5692) ArrayNewSeg => ArrayNewSegData, ArrayNewSegElem ArrayInit => ArrayInitData, ArrayInitElem Basically we remove the opcode and use the class type to differentiate them. This adds some code but it makes the representation simpler and more compact in memory, and it will help with #5690
* Fix DeadArgumentElimination return value opts on nesting+recursion (#5701)Alon Zakai2023-05-041-13/+16
| | | | | | | | | | | | | | | | The testcase here has a recursive call that is also nested in itself, something like (return (call $me (return .. This found a bug in our return value removal logic. When we remove a return value we both modify call sites (to add drops) and modify returns (to remove their values). One of those uses pointers into the IR which the other invalidated, so the order of the two matters. This PR just reorders that code to fix the bug.
* Fallback to direct inlining if the outline will be inlined. (#5698)Goktug Gokdogan2023-05-041-4/+38
| | | | | | | | | | | | | | | | This workarounds the extra work around the edge case where; - Function is too big to full-inline - It is a candidate for partial inline - Outlined version becomes eligible for full-inline. In such a case, binaryen would introduce a temporary state with partial inlined functions and later on inline them. J2CL hit this scenario for String literal which resulted in significant regressions in compilation time. This patch updates partial inlining analysis to identify the edge case and direct to full-inlining when that happens.
* Emit memory segment index for data segments (#5699)Alon Zakai2023-05-031-0/+9
| | | Before this fix we would flip all data segments to use the first memory.
* [NFC] Start tracking InliningMode and memoize it to avoid re-analysis. (#5695)Goktug Gokdogan2023-05-021-73/+72
|
* [Wasm GC] Always refinalize in SignatureRefining (#5694)Alon Zakai2023-05-011-9/+2
| | | | We used to refine only for result changes, but param changes can also lead to opportunities.
* [NFC] Inlining: Split maybeSplit into canSplit/doSplit (#5691)Goktug Gokdogan2023-04-281-115/+108
| | | This will make future improvements easier.
* Fix name deduplication with partial names sections (#5689)Alon Zakai2023-04-281-0/+43
| | | | | | | | | | We already deduplicated names in the names section (to defend against a weird binary), but we also need to deduplicate the names of items not in the names section, so they don't overlap with the names that are. See example in the testcase. Normally wasm files use names for all items in each group. This only became noticeable in some wasm-ctor-eval work where new temp globals were added that were not given names.
* [NFC] Assert that module maps are the right size (#5687)Alon Zakai2023-04-251-0/+8
| | | | If the names are not unique then the map would be smaller than the vector it is built from.
* [Wasm GC] Ignore GC cycle leaks in LSan (#5686)Alon Zakai2023-04-241-9/+26
| | | | | Leaks happen since we use std::shared_ptr which does not handle cycles. But since Binaryen isn't used in long-running code it's probably find to just let them leak, and ignore them in LSan, for now.
* [EH] Support assert_exception (#5684)Heejin Ahn2023-04-231-3/+19
| | | | | | | | `assert_exception` is similar to `assert_trap` but for exceptions, which is supported in the interpreter of the EH proposal (https://github.com/WebAssembly/exception-handling/tree/main/interpreter). We've been using `assert_trap` for both traps and exceptions, but this PR distinguishes them.
* [NFC] Simplify rec group initialization in wasm-type.cpp (#5683)Thomas Lively2023-04-202-34/+28
| | | | | | | | Now that we no longer support constructing basic heap types in TypeBuilder, we can fully initialize rec groups when they are created, rather than having to initialize them later during the build step after any basic types have been canonicalized. Alongside that change, also simplify the process of initializing a type builder slot to avoid completely overwriting the HeapTypeInfo in the slot and avoid the hacky workarounds that required.
* [Wasm GC] ReFinalize when needed in SimplifyGlobals (#5682)Alon Zakai2023-04-201-4/+23
|
* [Wasm GC] Fix a trapsNeverHappen corner case with if/select of a trapping ↵Alon Zakai2023-04-201-4/+22
| | | | | | | | | | | | | | | arm (#5681) The logic says that if an if/select has an arm that returns a null type, and the if/select goes into a cast, then we can ignore that arm in tnh mode (as it would trap, and we are ignoring the possibility of a trap). But it is not enough to return a null type - the null must actually flow out, rather than say a return be executed before. One existing test needed adjustment, as it used calls for "thing with effects". But a call can transfer control flow when EH is enabled, and this pass has -all. Rather than mess with the features, I switched the effects to be locals.
* [NFC] Minor simplifications in wasm-type.cpp (#5680)Thomas Lively2023-04-201-43/+12
| | | | | | | | | | | This capability was originally introduced to support calculating LUBs in the equirecursive type system, but has not been needed for anything except tests since the equirecursive type system was removed. Since building basic heap types is no longer useful and was a source of significant complexity, remove the APIs that allowed it and the tests that used those APIs. Also remove test/example/type-builder.cpp, since a significant portion of it tested the removed APIs and the rest is already better tested in test/gtest/type-builder.cpp.
* Remove the ability to construct basic types in a TypeBuilder (#5678)Thomas Lively2023-04-196-274/+35
| | | | | | | | | | | This capability was originally introduced to support calculating LUBs in the equirecursive type system, but has not been needed for anything except tests since the equirecursive type system was removed. Since building basic heap types is no longer useful and was a source of significant complexity, remove the APIs that allowed it and the tests that used those APIs. Also remove test/example/type-builder.cpp, since a significant portion of it tested the removed APIs and the rest is already better tested in test/gtest/type-builder.cpp.
* Disable the memory64 feature in Memory64Lowering.cpp (#5679)Thomas Lively2023-04-191-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Disable sign extension in SignExtLowering.cpp The sign extension lowering pass would previously lower away the sign extension instructions, but it wouldn't disable the sign extension feature, so follow-on passes such as optimize-instructions could reintroduce sign extension instructions. Fix the pass to disable the sign extension feature to prevent sign extension instructions from being reintroduced later. * update pass description * Disable the memory64 feature in Memory64Lowering.cpp For consistency with other feature lowering passes, disable memory64 in addition to lowering its use away. Although no other passes would introduce new uses of memory64 at the moment, this makes the lowering pass more robust against a future where memory64 might accidentally be reintroduced after being lowered away. * Update test/lit/passes/memory64-lowering-features.wast Co-authored-by: Alon Zakai <azakai@google.com> --------- Co-authored-by: Alon Zakai <azakai@google.com>
* Disable sign extension in SignExtLowering.cpp (#5676)Thomas Lively2023-04-192-1/+10
| | | | | | | | | | | | | * Disable sign extension in SignExtLowering.cpp The sign extension lowering pass would previously lower away the sign extension instructions, but it wouldn't disable the sign extension feature, so follow-on passes such as optimize-instructions could reintroduce sign extension instructions. Fix the pass to disable the sign extension feature to prevent sign extension instructions from being reintroduced later. * update pass description
* Fuzzer: Use subtype consistently in make() (#5674)Alon Zakai2023-04-191-4/+4
|
* [Wasm GC] Fix GUFA on array.init of a bottom type (#5675)Alon Zakai2023-04-191-2/+6
|
* [Wasm GC] Fuzz array.copy and array.fill (#5663)Alon Zakai2023-04-172-4/+88
|
* [Wasm GC] OptimizeInstructions: Don't turn ref.test into unreachable ↵Alon Zakai2023-04-171-2/+6
| | | | | | | | | | | | immediately (#5673) Emit an unreachable, but guarded by a block as we do in other cases in this pass, to avoid having unreachable code that is not fully propagated during the pass (as we only do a full refinalize at the end). See existing comments starting with "Make sure to emit a block with the same type as us" in the pass. This is mostly not a problem with other casts, but ref.test returns an i32 which we have lots of code that tries to optimize.
* Remove the nominal type system (#5672)Thomas Lively2023-04-179-290/+65
| | | | | And since the only type system left is the standard isorecursive type system, remove `TypeSystem` and its associated APIs entirely. Delete a few tests that only made sense under the isorecursive type system.
* [Wasm GC] Fix SignatureRefining on a call_ref to a bottom type (#5670)Alon Zakai2023-04-171-3/+10
| | | | | | | Before this PR we hit the assert on the type not being basic. We could also look into fixing the caller to skip bottom types, but as bottom types trivially have no subtypes, it is more future-facing to simply handle it.
* [Wasm GC] Improve GC operation coverage by using locals more (#5661)Alon Zakai2023-04-172-19/+60
| | | | | | | | | | | | When we emit e.g. a struct.get's reference, this PR makes us prefer a non-nullable value, and even to reuse an existing local if possible. By doing that we reduce the risk of a trap, and also by using locals we end up testing operations on the same data, like this: x = new A(); x.a = .. foo(x.a) In contrast, without this PR each of those x. uses might be new A().
* Remove the --hybrid and --nominal command line options (#5669)Thomas Lively2023-04-144-47/+2
| | | | | After this change, the only type system usable from the tools will be the standard isorecursive type system. The nominal type system is still usable via the API, but it will be removed entirely in a follow-on PR.
* wasm-reduce: Add more passes (#5667)Alon Zakai2023-04-141-0/+6
|
* [Wasm GC] Casts of a non-nullable bottom type to non-null fail (#5645)Alon Zakai2023-04-124-37/+88
| | | | | | | | | | | Casting (ref nofunc) to (ref func) seems like it can succeed based on the rule of "if it's a subtype, it can cast ok." But the fuzzer found a corner case where that leads to a validation error (see testcase). Refactor the cast evaluation logic to handle uninhabitable refs directly, and return Unreachable for them (since the cast cannot even be reached). Also reorder the rule checks there to always check for a non-nullable cast of a bottom type (which always fails).
* [NFC] Refactor some old fuzzer code (#5658)Alon Zakai2023-04-121-13/+8
| | | | A return value was unused, and we have BranchUtils::operateOnScopeNameDefs now which can replace old manual code.
* [NFC] Refactor fuzzer array check logic (#5659)Alon Zakai2023-04-121-20/+30
|
* Fuzzer: When nested under makeTrivial(), avoid normal make() (#5657)Alon Zakai2023-04-122-0/+16
| | | | | | | | Without this, in certain complex operations we could end up calling a nested make() operation that included nontrivial things, which could cause problems. The specific problem I encountered was in fixAfterChanges() we tried to fix up a duplicate label, but calling makeTrivial() emitted something very large that happened to include a new block with a new label nested under a struct.get, and that block's label conflicted with a label we'd already processed.
* [Wasm GC] Fuzz struct.set and array.set (#5655)Alon Zakai2023-04-122-1/+73
|
* Add a name hint to getValidName() (#5653)Alon Zakai2023-04-111-19/+45
| | | | | | | Without the hint, we always look for a valid name using name$0, $1, $2, etc., starting from 0, and in some cases that can lead to quadratic behavior. Noticed on a testcase in the fuzzer that runs for over 24 seconds (I gave up at that point) but takes only 2 seconds with this.
* [Wasm GC] Fuzz struct.get and array.get (#5651)Alon Zakai2023-04-104-4/+76
|
* [GUFA] Fix packed field filtering (#5652)Alon Zakai2023-04-101-6/+41
| | | | | | | | | | | | | | | | | | | | | | Technically we need to filter both before and after combining, that is, if a location's contents will be filtered by F() then if the new contents are x and old contents y then we need to end up with F(F(x) U F(y)). That is, filtering before is necessary to ensure the union of content does not end up unnecessarily large, and the filtering after is necessary to ensure the final result is properly filtered to fit. (If our representation were perfect then this would not be needed, but it is not, as the union of two exact types can end up as a very large cone, for example.) For efficiency we have been filtering afterwards. But that is not enough for packed fields, it turns out, where we must filter before. If we don't, then if inputs 0 and 0x100 arrive to an i8 field then combining them we get "unknown integer" (which is then filtered by 0xff, but it's too late). By filtering before, the actual values are both 0 and we end up with that as the only possible value. It turns out that filtering before is enough for such fields, so do only that.
* Do not flatten memory when array.new_data is present (#5650)Alon Zakai2023-04-101-12/+25
| | | Like data.drop etc., it notices data segment identity.
* binaryen.js: Use malloc/free instead of stackAlloc in setMemory (#5646)Mathias Nater2023-04-101-2/+6
| | | | | Memory data segments can be of large size, and might not fit in the stack. fixes #5595
* [Wasm GC] Update struct.get types in TypeRefining (#5649)Alon Zakai2023-04-101-1/+27
| | | | | We depended on ReFinalize doing it for us, and that usually works, but there is a corner case that depends on knowing all the type changes being done. So use our complete information to update those types in the pass.
* Fix MemoryPacking handling of array.init_data (#5644)Thomas Lively2023-04-071-5/+7
| | | | | | | | Do not optimize out or split segments that are referred to array.init_data instructions. Fixes a bug where segments could get optimized out, producing invalid modules. Doing the work to actually split segments used by array.init_data is left for the future. Also fix a latent UBSan failure revealed by the new test case.
* [NFC] Use the new getField() in the heap type fuzzer (#5643)Alon Zakai2023-04-071-17/+10
|
* Fix and simplify refinalization in OptimizeInstructions (#5642)Alon Zakai2023-04-071-23/+7
| | | | | The fuzzer found another case we were missing. I realized that we can just check for this in replaceCurrent, at least for places that call that method, which is the common case. So this simplifies the code while fixing a bug.
* [Wasm GC] Handle packed fields in GUFA and CFP (#5640)Alon Zakai2023-04-072-0/+42
| | | | | The same bug was present in both: We ignored packing, so writing a larger value than fits in the field would lead to us propagating that original value.
* [GUFA] Refine global types during flow (#5639)Alon Zakai2023-04-072-12/+32
| | | | | | | | | | | | Previously (ref.as_non_null (global.get ..)) would return the global with no changes, and if the global was nullable then the type didn't match the output, which hit an assertion (where GUFA checks that the contents match the declared type in the wasm). To fix this, refine global types, that is, the type we track on GlobalInfo may be more refined than the global itself. In the above example, if the global is nullable then the GlobalInfo would point to that global but have a non-nullable type. In fact the code was already prepared for this, and few changes were needed.
* [Wasm GC] Fix an assertion in array.set processing in OptimizeInstructions ↵Alon Zakai2023-04-072-3/+26
| | | | (#5641)
* [Wasm GC] Fix GUFA on ArrayInit (#5638)Alon Zakai2023-04-071-3/+14
|
* Implement array.fill, array.init_data, and array.init_elem (#5637)Thomas Lively2023-04-0622-31/+629
| | | | | These complement array.copy, which we already supported, as an initial complete set of bulk array operations. Replace the WIP spec tests with the upstream spec tests, lightly edited for compatibility with Binaryen.