| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Without this we hit an assertion on trying to write the binary, on a missing
heap type.
|
| |
|
|
| |
Only very rarely ask to create a huge array, as that can easily hit a host
size limit and cause a run to be ignored.
|
| |
|
|
|
| |
We can't just skip host limits (#5534) but must also ignore execution at that
point, as optimizations can change the results if they change whether we reach
a host limit.
|
| |
|
|
|
|
| |
This was not noticed before because normally if there is a function type
with multiple results then there is also a function with that property. But
it is possible to make small testcases without such a function, and one might
be imported etc., so we do need to validate this.
|
| |
|
|
| |
This makes it possible to get the JSPI'ed version of the function from the
function table.
|
| |
|
|
| |
We handle this like the existing handling of TrapException: we skip running
this module (since we can't even instantiate it, so there is nothing to run).
|
| |
|
| |
It is not a constant instruction and cannot be used in globals.
|
| |
|
|
| |
(#5529)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This is a (more) standard name for `array.init_static`. (The full upstream name
in the spec repo is `array.new_canon_fixed`, but I'm still hoping we can drop
`canon` from all the instruction names and it doesn't appear elsewhere in
Binaryen).
Update all the existing tests to use the new name and add a test specifically to
ensure the old name continues parsing.
|
| |
|
|
|
|
|
|
| |
To match the standard instruction name, rename the expression class without
changing any parsing or printing behavior. A follow-on PR will take care of the
functional side of this change while keeping support for parsing the old name.
This change will allow `ArrayInit` to be used as the expression class for the
upcoming `array.init_data` and `array.init_elem` instructions.
|
| |
|
|
|
| |
With this, the sourcemap testcase outputs the exact same thing as the input.
Followup to #5504
|
| |
|
|
|
| |
Without this fix, the common idiom of using `INT_MAX` in C source to mean an
unlimited number of waiters should be woken up actually compiled down to an
argument of -1 in JS, causing zero waiters to be woken.
|
| |
|
|
|
|
|
|
|
|
| |
Before, a single ctor with GC worked, but any subsequent ones simply dropped
the globals from the previous ones, because we were missing an addGlobal in
an important place.
Also, we can get confused about which global names are in use in the module, so fix
that as well by storing them directly (we keep removing and re-adding globals, so
we can't use the normal module mechanism to find which names are in use).
|
| |
|
|
| |
Like MemoryInit, this instruction cares about segment identity, so merging
segments into one big one for flattening is disallowed.
|
| |
|
|
| |
The stack logic was incorrect, and led to source locations being emitted
on parents instead of children.
|
| |
|
| |
Fixes #5511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the idea was that we started with HANG_LIMIT = 10 or so, and we'd decrement
it by one in each potentially-recursive call and loop entry. When we reached 0 we'd start
to unwind the stack. Then, after we unwound it all the way, we'd reset HANG_LIMIT before
calling the next export.
That approach adds complexity that each "execution wrapper", like for JS or for --fuzz-exec,
had to manually reset HANG_LIMIT. That was done by calling an export. Calls to those
exports had to appear in various places, which is sort of a hack.
The new approach here does the following when the hang limit reaches zero: It resets
HANG_LIMIT, and it traps. The trap unwinds the call stack all the way out. When the next
export is called, it will have a fresh hang limit since we reset it before the trap.
This does have downsides. Before, we did not always trap when we hit the hang limit but
rather we'd emit something unreachable, like a return. The idea was that we'd leave the
current function scope at least, so we don't hang forever. That let us still execute a small
amount of code "on the way out" as we unwind the stack. I'm not sure it's worth the
complexity for that.
The advantages of this PR are to simplify the code, and also it makes more fuzzing
approaches easy to implement. I'd like to add a wasm-ctor-eval fuzzer, and having to add
hacks to call the hang limit init export in it would be tricky. With this PR, the execution
model is simple in the fuzzer: The exports are called one by one, in order, and that's it -
no extra magic execution needs to be done.
Also bump the hang limit from 10 to 100, just to give some more chance for code to run.
|
| |
|
|
| |
Until we get full support for serializing table changes, stop evalling so we do
not break things.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
(#5510)
Simply loop over the values and use tuple.make.
This also adds a lit test for ctor-eval. I found that the problem blocking us
before was the logging, which confuses the update script. As this test at
least does not require that logging, this PR adds a --quiet flag that
disables the logging, and then a lit test just works.
|
| |
|
| |
This is enough to test RSE.
|
| | |
|
| |
|
| |
This is enough for DAE and other opts to run on string consts.
|
| |
|
|
|
| |
This is necessary to avoid fuzzer breakage after #5497 as it added a test with
strings. We could also ignore that file, like we do for other string files, but this
was not much work so just implement it.
|
| |
|
|
| |
Half the time, never add any unreachable code. This ensures we run the
most code we possibly can half the time, at least.
|
| |
|
|
| |
string.eq does, and when we added string.compare I forgot to adjust the
boolean property for that new opcode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the fuzzer replace things with an unreachable instruction in
rare situations. The hope was to find bugs like #5487, but instead it's
mostly found bugs in the inliner actually (#5492, #5493).
This also fixes an uncovered bug in the fuzzer, where we refinalized in
more than one place. It is unsafe to do so before labels are fixed up
(as duplicate labels can confuse us as to which types are needed; this
is actually the same issue as in #5492). To fix that, remove the extra
refinalize that was too early, and also rename the fixup function since
it does a general fixup for all the things.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
See example in the new comment. In general, we never want to go from
unreachable to reachable (refinalize doesn't even try), as it misses out on
DCE opportunities. Also it may have validation issues, which is how the
fuzzer found this.
Remove code in the same place that was redundant after the refinalize
was added in #5492. That simplifies some existing testcases slightly, by
removing an unneeded br we added, and now we add a new unreachable
at the end in other cases that need it.
|
| |
|
|
|
|
|
|
|
|
| |
Store string data as GC data. Inefficient (one Const per char), but ok for now.
Implement string.new_wtf16 and string.const, enough for basic testing.
Create strings in makeConstantExpression, which enables ctor-eval support.
Print strings in fuzz-exec which makes testing easier.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We must refinalize as inlining unreachable code can lead to
more things becoming unreachable.
We also must uniquify label names before refinalizing, as the
IR must be valid at that time, so that code is moved.
This causes some minor changes to existing test code (some
label changes, and refinalization makes more things
unreachable), but only the two new tests show actual problems
that needed to be fixed.
|
| |
|
|
|
| |
The assertion that the offset is zero does not necessarily hold for code that
uses this instruction via the clang builtin. Add support so that Emscripten
wasm2js tests pass in the presence of such code.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can handle e.g.
(drop
(i32.add
(call ..)
(call ..)
)
)
We can remove the add and just leave two dropped calls:
(drop
(call ..)
)
(drop
(call ..)
)
|
| |
|
|
|
|
|
|
|
| |
A cast to a non-nullable null (an impossible type) must trap.
In traps-never-happen mode, a cast that either returns a null or traps will
definitely return a null.
Followup to #5461 which emits casts to bottom types.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Exposes the constants
**Unary**
* BinaryenRelaxedTruncSVecF32x4ToVecI32x4
* BinaryenRelaxedTruncSVecF32x4ToVecI32x4
* BinaryenRelaxedTruncZeroSVecF64x2ToVecI32x4
* BinaryenRelaxedTruncZeroUVecF64x2ToVecI32x4
**Binary**
* BinaryenRelaxedSwizzleVecI8x16
* BinaryenRelaxedMinVecF32x4
* BinaryenRelaxedMaxVecF32x4
* BinaryenRelaxedMinVecF64x2
* BinaryenRelaxedMaxVecF64x2
* BinaryenRelaxedQ15MulrSVecI16x8
* BinaryenDotI8x16I7x16SToVecI16x8
**SIMDTernary**
* BinaryenRelaxedFmaVecF32x4
* BinaryenRelaxedFmsVecF32x4
* BinaryenRelaxedFmaVecF64x2
* BinaryenRelaxedFmsVecF64x2
* BinaryenLaneselectI8x16
* BinaryenLaneselectI16x8
* BinaryenLaneselectI32x4
* BinaryenLaneselectI64x2
* BinaryenDotI8x16I7x16AddSToVecI32x4
so the respective instructions can be produced and inspected with the C API.
|
| |
|
| |
See WebAssembly/stringref#60
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a type hierarchy has abstract classes in the middle, that is, types that
are never instantiated, then we can optimize casts and other operations
to them. Say in Java that we have `AbstractList`, and it only has one
subclass `IntList` that is ever created, then any place we have an `AbstractList`
we must actually have an `IntList`, or a null. (Or, if no subtype is instantiated,
then the value must definitely be a null.)
The actual implementation does a type mapping, that is, it finds all places
using an abstract type and makes them refer to the single instantiated
subtype (or null). After that change, no references to the abstract type
remain in the program, so this both refines types and also cleans up the
type section.
|
| |
|
|
| |
It did not have proper annotation for the safety field, and also
it could not handle basic heap types.
|
| |
|
| |
Followup to #5474
|
| |
|
|
|
|
|
|
|
|
|
| |
If traps can happen, then we can't always remove a trap on null
on the ref input to struct.set, since it has two children,
(struct.set
(ref.as_non_null X)
(call $foo))
Removing the ref.as would not prevent a trap, as the struct.set
will trap, but it does move the trap to after the call which is bad.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
call.without.effects (#5477)
If we see
(struct.new $A
(call $call.without.effects ;; intrinsic
(ref.func $getter)
)
)
then we can ignore side effects in that call, as the intrinsic tells us to. However,
that function is still called (it will be called normally, after intrinsics are lowered
away), and we should not remove it.
That is, such an intrinsic call can be removed, but it cannot be left as it is
and also ignored as if it does not exist.
|
| | |
|
| |
|
|
| |
Adds APIs for string.from_code_point, string.new_utf8_try,
string.new_utf8_array_try (#5459) and string.compare (#5453).
|
| |
|
|
| |
When we see a call_ref or call_indirect of a heap type, we might be calling a
subtype of that type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is similar to the existing optimization for function references: a RefFunc is
just a reference, and we do not consider the function actually used unless some
CallRef can actually call it. Here we optimize StructNew fields by tracking if they
are read. Consider this object:
(struct.new $object
(global.get $vtable)
)
Before this PR, when we saw that StructNew we'd make that global used, and
process all of its contents, which look like this:
(global $vtable
(struct.new $object
(ref.func $foo)
)
)
With this PR we track which fields on the struct types are even read. If they
are not then we do not add uses of the things they refer to. In this example,
the global vtable would be referenced, but not used, and likewise the RefFunc
inside it.
The technical way we handle this is to walk StructNews carefully: when we see
a field that has been read, we can just read it normally, but if it has not been
read then we note it on the side, and only process it later if we see a read.
|
| |
|
|
|
| |
This is a long-standing bug - we ignored the possibility of table.set in this
pass. We have few tests for this so it took a while for the fuzzer to notice it
I suppose.
|
| |
|
|
|
| |
We only checked for an unsigned overflow, which was wrong.
Fixes #5464
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This pass talked about reachability and uses and such, but it wasn't very clear
on those things. This refactors it to clarify that we look for references and uses,
and what that means. Specifically, a reference to something makes us keep it
alive, as we need to refer to it; a use makes us also keep it identical in its
contents so that when it is used no behavior changes. A function reference
without a call_ref that can call it is an example of a reference without a use,
which this pass already optimized.
To make that more clear in the code, this refactors out the reference-finding
logic into a new struct, ReferenceFinder.
This also replaces the normal walking logic with a more manual traversal
using ChildIterator. This is necessary to properly differentiate references from
uses, but is not immediately useful in this PR except for clarity. It will be
necessary in the next PR, which this prepares for, in which we'll optimize more
reference-but-not-use things.
|
| |
|
|
|
|
| |
Use an `IndexedTypeNameGenerator` to give types stable names for the entire
`dump` method rather than generating fresh type names every time a single type
is printed. This makes it possible to understand the relationships between the
types in the debug output.
|
