| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Checks if a value is being dropped higher up, like
```
(drop
(block i32
(block i32
(i32.const 1)
)
)
)
```
Handling this forces us to be careful in that pass about whether a value is used, and whether the type matters (for example, we can't replace a unary with its child in all cases, if the return value matters).
|
| |
|
|
|
| |
Trying to refactor the code to be simpler and less redundant, I ran into some perf issues that it seems like a small vector, with fixed-size storage and optional additional storage as needed, might help with. This implements that class and uses it in a few places.
This seems to help, I see some 1-2% fewer instructions and cycles in `perf stat`, but it's hard to tell if it really makes a noticeable difference.
|
| |
|
|
|
|
|
|
|
| |
* make DE_NAN avoid creating nan literals in the first place
* add a reducer option `--denan` to not introduce nans in destructive reduction
* add a `Literal::isNaN()` method
* also remove the default exception logging from the fuzzer js glue, which is a source of non-useful VM differences (like nan nondeterminism)
* added an option `--no-fuzz-nans` to make it easy to avoid nans when fuzzing (without hacking the source and recompiling).
Background: trying to get fuzzing on jsc working despite this open issue: https://bugs.webkit.org/show_bug.cgi?id=175691
|
| |
|
| |
See [emscripten-core/emscripten#7679
|
| |
|
|
|
| |
We should emit a file with only the data segments, starting from the global base, and not starting from zero (the data before is unneeded, and the emscripten loading code assumes it isn't there).
Also fix the auto updater to work properly on .mem test updating.
|
| |
|
| |
The hardcoded 16 size was no longer valid. This was broken for a while, but happened to not overwrite important memory. Testing with the wasm backend did hit breakage.
|
| |
|
|
|
|
| |
Bulk memory operations
The only parts missing are the interpreter implementation
and spec tests.
|
| |
|
| |
To calculate the metadata, we must look at the segments. If we split them out earlier (which we do for threads), they aren't there.
|
| |
|
|
|
|
|
|
| |
WebAssembly/tool-conventions#93 has a summary of emscripten's current thinking on this. For Binaryen, we don't want to do anything to the producers section by default, but do want it to be possible to optionally remove it. To achieve that, this PR
* creates a --strip-producers pass that removes that section.
* creates a --strip-debug pass that removes debug info, same as the old --strip, which is still around but deprecated.
A followup in emscripten will use this pass by default.
|
| |
|
| |
Before this, we just did not emit illegal dynCalls. This was wrong as we do need them (e.g. if a function with a setjmp call calls a function with an i64 param - we'll have an invoke with that signature there). We just need to legalize them. This fixes that by first emitting them, and second by running legalization late, after dynCalls have been generated, so it legalizes them too.
|
| |
|
|
|
|
|
|
|
|
| |
FuncCastEmulation supports a hardcoded number of parameters:
// This should be enough for everybody. (As described above, we need this
// to match when dynamically linking, and also dynamic linking is why we
// can't just detect this automatically in the module we see.)
static const int NUM_PARAMS = 15;
Turns out 15 is not enough for everybody: Ruby 2.6.0 needs NUM_PARAMS = 16. This patch is necessary to support Ruby 2.6.0 in WebAssembly, and in fact is the only patch needed to make the relevant build process work with an otherwise normal emscripten toolchain.
|
| |
|
|
|
|
|
| |
See emscripten-core/emscripten#7928 - we have been optimizing all wasms until now, and noticed this when the wasm object file path did not do so. When not optimizing, our methods of handling EM_ASM and EM_JS fail since the patterns are different.
Specifically, for EM_ASM we hunt for emscripten_asm_const(X, where X is a constant, but without opts it may be a get of a local. For EM_JS, the function body may not just contain a const, but a block with a set of the const and a return of a get later.
This adds logic to track gets and sets in basic blocks, which is sufficient to handle this.
|
| |
|
|
|
| |
* Also fixes some bugs in wasm2js tests that did not validate.
* Rename FeatureOptions => ToolOptions, as they now contain all the basic stuff each tool needs for commandline options (validation yes or no, and which features if so).
|
| |
|
|
|
|
| |
This takes advantage of the recent memory simplification in emscripten, where JS static allocation is done at compile time. That means we know the stack's initial location at compile time, and can apply it. This is the binaryen side of that:
* asm2wasm support for asm.js globals with an initial value var X = Y; where Y is not 0 (which is what the stack now is).
* wasm-emscripten-finalize support for a flag --initial-stack-pointer=X, and remove the old code to import the stack's initial location.
|
| |
|
|
|
|
|
|
|
|
|
| |
The main fuzz_opt.py script compares JS VMs, and separately runs binaryen's fuzz-exec that compares the binaryen interpreter to itself (before and after opts). This PR lets us directly compare binaryen's interpreter output to JS VMs. This found a bunch of minor things we can do better on both sides, giving more fuzz coverage.
To enable this, a bunch of tiny fixes were needed:
* Add --fuzz-exec-before which is like --fuzz-exec but just runs the code before opts are run, instead of before and after.
* Normalize double printing (so JS and C++ print comparable things). This includes negative zero in JS, which we never printed properly til now.
* Various improvements to how we print fuzz-exec logging - remove unuseful things, and normalize the others across JS and C++.
* Properly legalize the wasm when --emit-js-wrapper (i.e., we will run the code from JS), and use that in the JS wrapper code.
|
| |
|
|
|
| |
This broke when we refactored imports, as now Global has two more fields.
Test is on --func-metrics, which depends on copying to compute some things.
|
| |
|
| |
Updates tests to the latest notation changes, and also remove wasm.js (see kripken/emscripten#7831 ) as we'd need to either rebuild it or update it for the new notation as well, and it's not used at this point.
|
| |
|
| |
Don't depend on the hash values for ordering - use a fixed order based on order of appearance.
|
| |
|
|
|
|
| |
Automated renaming according to
https://github.com/WebAssembly/spec/issues/884#issuecomment-426433329.
|
| | |
|
| |
|
| |
We iterated over a set. Instead, iterate over the relevant items in their order in the IR.
|
| |
|
|
|
|
|
|
|
| |
After we added logging to the fuzzer, we forgot to add to the JS glue code the necessary imports so it can be run there too.
Also adds legalization for the JS glue code imports and exports.
Also adds a missing validator check on imports having a function type (the fuzzing code was missing one).
Fixes #1842
|
| |
|
| |
With this we can optimize redundant global accesses fairly well (at least locally; licm also works), see #1831
|
| |
|
|
|
|
|
| |
Without this change, sequences like `i32.const 0, i32x4.splat` will
get precomputed to v128.const ops, which are much larger and also not
implemented in V8 yet. Until we have SIMD-aware optimization passes or
at least engine support for v128.const, do not perform such
transformations.
|
| |
|
|
| |
actually flow a value. fixes #1833 (#1835)
|
| | |
|
| |
|
|
| |
* Fuzzing v128 and associated bug fixes
|
| |
|
|
|
| |
Even when we don't want to fully legalize code for JS, we should still legalize things that only JS cares about. In particular, dynCall_* methods are used from JS to call into the wasm table, and if they exist they are only for JS, so we should only legalize them.
The use case motivating this is that in dynamic linking you may want to disable legalization, so that wasm=>wasm module calls are fast even with i64s, but you do still need dynCalls to be legalized even in that case, otherwise an invoke with an i64 parameter would fail.
|
| |
|
|
| |
This allows emscripten to generate table of the correct size.
Right now is simply defaults to creating a table to size 1024.
|
| |
|
|
|
|
|
|
|
| |
Implement and test the following functionality for SIMD.
- Parsing and printing
- Assembling and disassembling
- Interpretation
- C API
- JS API
|
| |
|
| |
When emscripten knows that the runtime will not be exited, it can tell codegen to not emit atexit() calls (since those callbacks will never be run). This saves both code size and startup time. In asm2wasm the JSBackend does it directly. For the wasm backend, this pass does the same on the output wasm.
|
| |
|
| |
I think I added this error for fuzzing, but it is harmful as it prevents a module with too many locals from being loaded - if we could load it, we might be able to optimize it to have fewer locals...
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
We have a bug open (#1813) to verify that we don't loose coverage
but there is no point in keeping these unused files for now.
|
| | |
|
| |
|
| |
I broke this to be alwasy empty in #1795.
|
| |
|
| |
Remove the existing hack, and optimize them just like we do for ifs and blocks. This is now able to handle a few more cases than before.
|
| |
|
|
| |
into br_if,* - we can handle a concretely typed if as well, which can happen at the end of a block (#1799)
|
| | |
|
| |
|
|
|
|
| |
We now emit more sets and tees of if-elses from simplify-locals, and
coalesce-locals is necessary to remove them if they are ineffectual,
that is, if no get will read them.
|
| |
|
|
|
|
|
|
| |
We turned an if into a select when optimizing for size (and if
side effects etc. allow so). This patch improves that, doing it
not just when optimizing for size, but also when it looks
beneficial given the amount of work on both sides of the if. As
a result we can create selects in -O3 etc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an if-else.
If an if sets a local,
(if
(..condition..)
(set_local $x (..value..))
)
we can turn it into
(set_local $x
(if
(..condition..)
(..value..)
(get_local $x)
)
)
This increases code size and adds a branch in the if, but allows
the set to be optimized into a tee or optimized out entirely. In
the worst case, other optimizations can break up an if with a copy
in one of its arms later.
Includes a determinism fix for EquivalentSets, which this patch
triggered.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If copies is the case where an if arm is a get that feeds into
a set of the same local:
(set_local $x
(if (result i32)
(..condition..)
(..result)
(get_local $x)
)
)
We can rework this so that the if-else is only an if, which
executes the code path not going to the get.
This was done in coalesce-locals only because it is likely to
work there as after coalescing there are more copies. However,
the logic is of removing a branch, and so belongs in
remove-unused-brs, and fits alongside existing logic there
for handling ifs with an arm that is a br. Also refactor that
code so that the two optimizations can feed into each other.
|
| |
|
|
|
|
|
|
| |
expected names (#1795)
This means lld can emscripten can disagree about the naming of these
imports and emscripten-wasm-finalize will take care of paper over the
differences.
|
| |
|
|
| |
This is sort of like --strip on a native binary. The more specific use case for us is e.g. you link with a library that has -g in its CFLAGS, but you don't want debug info in your final executable (I hit this with poppler now). We can make emcc pass this to binaryen if emcc is not building an output with intended debug info.
|
| |
|
|
|
|
|
|
| |
Before we just looked at function return values when looking for differences before and after running some passes, while fuzzing. This adds logging of values during execution, which can represent control flow, monitor locals, etc., giving a lot more opportunities for the fuzzer to find problems.
Also:
* Clean up the sigToFunctionType function, which allocated a struct and returned it. This makes it safer by returning the struct by value, which is also easier to use in this PR.
* Fix printing of imported function calls without a function type - turns out we always generate function types in loading, so we didn't notice this was broken, but this new fuzzer feature hit it.
|
| |
|
|
|
| |
This picks up from #1644 and indeed borrows the test case from there.
|
| | |
|
