From ca27f40a2f1070a16ee7c0efc18ff35d342d8027 Mon Sep 17 00:00:00 2001
From: Thomas Lively <7121787+tlively@users.noreply.github.com>
Date: Thu, 1 Jul 2021 01:56:23 +0000
Subject: Preserve Function HeapTypes (#3952)

When using nominal types, func.ref of two functions with identical signatures
but different HeapTypes will yield different types. To preserve these semantics,
Functions need to track their HeapTypes, not just their Signatures.

This PR replaces the Signature field in Function with a HeapType field and adds
new utility methods to make it almost as simple to update and query the function
HeapType as it was to update and query the Function Signature.
---
 src/tools/fuzzing.h | 72 +++++++++++++++++++++++++----------------------------
 1 file changed, 34 insertions(+), 38 deletions(-)

(limited to 'src/tools/fuzzing.h')

diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h
index 03efd8134..dcdfd391f 100644
--- a/src/tools/fuzzing.h
+++ b/src/tools/fuzzing.h
@@ -592,7 +592,7 @@ private:
     auto funcName = Names::getValidFunctionName(wasm, exportName);
     auto* func = new Function;
     func->name = funcName;
-    func->sig = Signature(Type::none, Type::none);
+    func->type = Signature(Type::none, Type::none);
     func->body = builder.makeGlobalSet(HANG_LIMIT_GLOBAL,
                                        builder.makeConst(int32_t(HANG_LIMIT)));
     wasm.addFunction(func);
@@ -616,7 +616,7 @@ private:
       func->name = name;
       func->module = "fuzzing-support";
       func->base = name;
-      func->sig = Signature(type, Type::none);
+      func->type = Signature(type, Type::none);
       wasm.addFunction(func);
     }
   }
@@ -684,7 +684,7 @@ private:
       funcContext->typeLocals[type].push_back(params.size());
       params.push_back(type);
     }
-    func->sig = Signature(Type(params), getControlFlowType());
+    func->type = Signature(Type(params), getControlFlowType());
     Index numVars = upToSquared(MAX_VARS);
     for (Index i = 0; i < numVars; i++) {
       auto type = getConcreteType();
@@ -698,7 +698,7 @@ private:
       func->vars.push_back(type);
     }
     // with small chance, make the body unreachable
-    auto bodyType = func->sig.results;
+    auto bodyType = func->getResults();
     if (oneIn(10)) {
       bodyType = Type::unreachable;
     }
@@ -737,7 +737,7 @@ private:
     }
     // add some to an elem segment
     while (oneIn(3) && !finishedInput) {
-      auto type = Type(HeapType(func->sig), NonNullable);
+      auto type = Type(func->type, NonNullable);
       std::vector<ElementSegment*> compatibleSegments;
       ModuleUtils::iterActiveElementSegments(
         wasm, [&](ElementSegment* segment) {
@@ -746,7 +746,7 @@ private:
           }
         });
       auto& randomElem = compatibleSegments[upTo(compatibleSegments.size())];
-      randomElem->data.push_back(builder.makeRefFunc(func->name, func->sig));
+      randomElem->data.push_back(builder.makeRefFunc(func->name, func->type));
     }
     numAddedFunctions++;
     return func;
@@ -760,8 +760,8 @@ private:
         builder.makeSequence(makeHangLimitCheck(), loop->body, loop->type);
     }
     // recursion limit
-    func->body =
-      builder.makeSequence(makeHangLimitCheck(), func->body, func->sig.results);
+    func->body = builder.makeSequence(
+      makeHangLimitCheck(), func->body, func->getResults());
   }
 
   // Recombination and mutation can replace a node with another node of the same
@@ -967,7 +967,7 @@ private:
         // We can't allow extra imports, as the fuzzing infrastructure wouldn't
         // know what to provide.
         func->module = func->base = Name();
-        func->body = make(func->sig.results);
+        func->body = make(func->getResults());
       }
       // Optionally, fuzz the function contents.
       if (upTo(RESOLUTION) >= chance) {
@@ -1033,12 +1033,12 @@ private:
     std::vector<Expression*> invocations;
     while (oneIn(2) && !finishedInput) {
       std::vector<Expression*> args;
-      for (const auto& type : func->sig.params) {
+      for (const auto& type : func->getParams()) {
         args.push_back(makeConst(type));
       }
       Expression* invoke =
-        builder.makeCall(func->name, args, func->sig.results);
-      if (func->sig.results.isConcrete()) {
+        builder.makeCall(func->name, args, func->getResults());
+      if (func->getResults().isConcrete()) {
         invoke = builder.makeDrop(invoke);
       }
       invocations.push_back(invoke);
@@ -1052,7 +1052,7 @@ private:
     }
     auto* invoker = new Function;
     invoker->name = name;
-    invoker->sig = Signature(Type::none, Type::none);
+    invoker->type = Signature(Type::none, Type::none);
     invoker->body = builder.makeBlock(invocations);
     wasm.addFunction(invoker);
     auto* export_ = new Export;
@@ -1236,8 +1236,8 @@ private:
     }
     assert(type == Type::unreachable);
     Expression* ret = nullptr;
-    if (funcContext->func->sig.results.isConcrete()) {
-      ret = makeTrivial(funcContext->func->sig.results);
+    if (funcContext->func->getResults().isConcrete()) {
+      ret = makeTrivial(funcContext->func->getResults());
     }
     return builder.makeReturn(ret);
   }
@@ -1437,13 +1437,13 @@ private:
         target = pick(wasm.functions).get();
       }
       isReturn = type == Type::unreachable && wasm.features.hasTailCall() &&
-                 funcContext->func->sig.results == target->sig.results;
-      if (target->sig.results != type && !isReturn) {
+                 funcContext->func->getResults() == target->getResults();
+      if (target->getResults() != type && !isReturn) {
         continue;
       }
       // we found one!
       std::vector<Expression*> args;
-      for (const auto& argType : target->sig.params) {
+      for (const auto& argType : target->getParams()) {
         args.push_back(make(argType));
       }
       return builder.makeCall(target->name, args, type, isReturn);
@@ -1468,8 +1468,8 @@ private:
       if (auto* get = data[i]->dynCast<RefFunc>()) {
         targetFn = wasm.getFunction(get->func);
         isReturn = type == Type::unreachable && wasm.features.hasTailCall() &&
-                   funcContext->func->sig.results == targetFn->sig.results;
-        if (targetFn->sig.results == type || isReturn) {
+                   funcContext->func->getResults() == targetFn->getResults();
+        if (targetFn->getResults() == type || isReturn) {
           break;
         }
       }
@@ -1490,12 +1490,12 @@ private:
       target = make(Type::i32);
     }
     std::vector<Expression*> args;
-    for (const auto& type : targetFn->sig.params) {
+    for (const auto& type : targetFn->getParams()) {
       args.push_back(make(type));
     }
     // TODO: use a random table
     return builder.makeCallIndirect(
-      funcrefTableName, target, args, targetFn->sig, isReturn);
+      funcrefTableName, target, args, targetFn->getSig(), isReturn);
   }
 
   Expression* makeCallRef(Type type) {
@@ -1511,19 +1511,19 @@ private:
       // TODO: handle unreachable
       target = wasm.functions[upTo(wasm.functions.size())].get();
       isReturn = type == Type::unreachable && wasm.features.hasTailCall() &&
-                 funcContext->func->sig.results == target->sig.results;
-      if (target->sig.results == type || isReturn) {
+                 funcContext->func->getResults() == target->getResults();
+      if (target->getResults() == type || isReturn) {
         break;
       }
       i++;
     }
     std::vector<Expression*> args;
-    for (const auto& type : target->sig.params) {
+    for (const auto& type : target->getParams()) {
       args.push_back(make(type));
     }
     // TODO: half the time make a completely random item with that type.
     return builder.makeCallRef(
-      builder.makeRefFunc(target->name, target->sig), args, type, isReturn);
+      builder.makeRefFunc(target->name, target->type), args, type, isReturn);
   }
 
   Expression* makeLocalGet(Type type) {
@@ -2112,7 +2112,7 @@ private:
         if (!wasm.functions.empty() && !oneIn(wasm.functions.size())) {
           target = pick(wasm.functions).get();
         }
-        return builder.makeRefFunc(target->name, target->sig);
+        return builder.makeRefFunc(target->name, target->type);
       }
       if (type == Type::i31ref) {
         return builder.makeI31New(makeConst(Type::i32));
@@ -2133,8 +2133,8 @@ private:
       }
       // TODO: randomize the order
       for (auto& func : wasm.functions) {
-        if (type == Type(HeapType(func->sig), NonNullable)) {
-          return builder.makeRefFunc(func->name, func->sig);
+        if (type == Type(func->type, NonNullable)) {
+          return builder.makeRefFunc(func->name, func->type);
         }
       }
       // We failed to find a function, so create a null reference if we can.
@@ -2143,17 +2143,13 @@ private:
       }
       // Last resort: create a function.
       auto heapType = type.getHeapType();
-      Signature sig;
-      if (heapType.isSignature()) {
-        sig = heapType.getSignature();
-      } else {
-        assert(heapType == HeapType::func);
+      if (heapType == HeapType::func) {
         // The specific signature does not matter.
-        sig = Signature(Type::none, Type::none);
+        heapType = Signature(Type::none, Type::none);
       }
       auto* func = wasm.addFunction(builder.makeFunction(
         Names::getValidFunctionName(wasm, "ref_func_target"),
-        sig,
+        heapType,
         {},
         builder.makeUnreachable()));
       return builder.makeRefFunc(func->name, heapType);
@@ -2681,8 +2677,8 @@ private:
   }
 
   Expression* makeReturn(Type type) {
-    return builder.makeReturn(funcContext->func->sig.results.isConcrete()
-                                ? make(funcContext->func->sig.results)
+    return builder.makeReturn(funcContext->func->getResults().isConcrete()
+                                ? make(funcContext->func->getResults())
                                 : nullptr);
   }
 
-- 
cgit v1.2.3