From 3c66ad3c7c602416d4cf674b3d7528d9acd6d51f Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Wed, 25 Nov 2020 15:36:04 -0800 Subject: [TypedFunctionReferences] Enable call_ref in fuzzer, and fix minor misc fuzz bugs (#3401) * Count signatures in tuple locals. * Count nested signature types (confirming @aheejin was right, that was missing). * Inlining was using the wrong type. * OptimizeInstructions should return -1 for unhandled types, not error. * The fuzzer should check for ref types as well, not just typed function references, similar to what GC does. * The fuzzer now creates a function if it has no other option for creating a constant expression of a function type, then does a ref.func of that. * Handle unreachability in call_ref binary reading. * S-expression parsing fixes in more places, and add a tiny fuzzer for it. * Switch fuzzer test to just have the metrics, and not print all the fuzz output which changes a lot. Also fix noprint handling which only worked on binaries before. * Fix Properties::getLiteral() to use the specific function type properly, and make Literal's function constructor require that, to prevent future bugs. * Turn all input types into nullable types, for now. --- src/wasm/wasm-binary.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/wasm/wasm-binary.cpp') diff --git a/src/wasm/wasm-binary.cpp b/src/wasm/wasm-binary.cpp index 20b0899a5..170aa17bb 100644 --- a/src/wasm/wasm-binary.cpp +++ b/src/wasm/wasm-binary.cpp @@ -1357,7 +1357,8 @@ Type WasmBinaryBuilder::getType() { case BinaryConsts::EncodedType::nullable: return Type(getHeapType(), /* nullable = */ true); case BinaryConsts::EncodedType::nonnullable: - return Type(getHeapType(), /* nullable = */ false); + // FIXME: for now, force all inputs to be nullable + return Type(getHeapType(), /* nullable = */ true); case BinaryConsts::EncodedType::i31ref: return Type::i31ref; default: @@ -5291,6 +5292,7 @@ void WasmBinaryBuilder::visitRefFunc(RefFunc* curr) { functionRefs[index].push_back(curr); // we don't know function names yet // To support typed function refs, we give the reference not just a general // funcref, but a specific subtype with the actual signature. + // FIXME: for now, emit a nullable type here curr->finalize( Type(HeapType(getFunctionSignatureByIndex(index)), /* nullable = */ true)); } @@ -5440,6 +5442,12 @@ void WasmBinaryBuilder::visitCallRef(CallRef* curr) { BYN_TRACE("zz node: CallRef\n"); curr->target = popNonVoidExpression(); auto type = curr->target->type; + if (type == Type::unreachable) { + // If our input is unreachable, then we cannot even find out how many inputs + // we have, and just set ourselves to unreachable as well. + curr->finalize(type); + return; + } if (!type.isRef()) { throwError("Non-ref type for a call_ref: " + type.toString()); } -- cgit v1.2.3