The translation of Operator::Select and Operator::TypedSelect for vector-typed
operands, lacks the relevant bitcasting of the operands to I8X16. This commit
adds it.
In the current translation of wasm (128-bit) SIMD into CLIF, we work around differences in the
type system models of wasm vs CLIF by inserting `bitcast` (a no-op cast) CLIF instructions before
more or less every use of a SIMD value. Unfortunately this was not being done consistently and
even small examples with a single if-then-else diamond that produces a SIMD value, could cause a
verification failure downstream. In this case, the jump out of the "else" block needed a
bitcast, but didn't have one.
This patch wraps creation of CLIF jumps and conditional branches up into three functions,
`canonicalise_then_jump` and `canonicalise_then_br{z,nz}`, and uses them consistently. They
first cast the relevant block formal parameters, then generate the relevant kind of branch/jump.
Hence, provided they are also used consistently in future to generate branches/jumps in this
file, we are protected against such failures.
The patch also adds a large(ish) comment at the top explaining this in more detail.
* Validate modules while translating
This commit is a change to cranelift-wasm to validate each function body
as it is translated. Additionally top-level module translation functions
will perform module validation. This commit builds on changes in
wasmparser to perform module validation interwtwined with parsing and
translation. This will be necessary for future wasm features such as
module linking where the type behind a function index, for example, can
be far away in another module. Additionally this also brings a nice
benefit where parsing the binary only happens once (instead of having an
up-front serial validation step) and validation can happen in parallel
for each function.
Most of the changes in this commit are plumbing to make sure everything
lines up right. The major functional change here is that module
compilation should be faster by validating in parallel (or skipping
function validation entirely in the case of a cache hit). Otherwise from
a user-facing perspective nothing should be that different.
This commit does mean that cranelift's translation now inherently
validates the input wasm module. This means that the Spidermonkey
integration of cranelift-wasm will also be validating the function as
it's being translated with cranelift. The associated PR for wasmparser
(bytecodealliance/wasmparser#62) provides the necessary tools to create
a `FuncValidator` for Gecko, but this is something I'll want careful
review for before landing!
* Read function operators until EOF
This way we can let the validator take care of any issues with
mismatched `end` instructions and/or trailing operators/bytes.
This is a close analogue to bnjbvr@'s fix in commit 518b7a7e. Similar to
that fix, this PR fixes a bug in which the Wasm translator could
misalign its value stack and either mistranslate or cause a panic with a
type-checking error.
Found via fuzzing by :decoder in SpiderMonkey (bug 1664453).
Parameters are duplicated when pushing an If block, so they're available
to the Else block without an extra heap allocation. However, when
truncating the stack after popping the If control frame, the stack size
at entry doesn't account for the duplicated parameters. That is
intentional: the Else block uses this value to know what's the stack
size when it is entered, so there's nothing to change there.
This patch makes the wasm translation truncates the value stack to the
right size after an If block, by taking those duplicated parameters into
account.
The Wasm translation handles unreachable code sections
specially, skipping ops until the end of a block and a control-flow
merger at which code becomes reachable again. Unfortunately, while the
ordinary else-op handler properly sets up the value stack for the
else-branch with the parameters to the if/else, the unreachable-case
else-op handler did not. This resulted in a bad translation and CLIF
type error despite valid Wasm.
Found via fuzzing by :decoder in
https://bugzilla.mozilla.org/show_bug.cgi?id=1657895.
Because Wasm SIMD vectors store their type as `v128`, there is a mismatch between the more specific types Cranelift uses and Wasm SIMD. Because of this mismatch, Wasm SIMD translates to the default Cranelift type `I8X16`, causing issues when more specific type information is available (e.g. `I32x4`). To fix this, all incoming values to SIMD instructions are checked during translation (not runtime) and if necessary cast from `I8X16` to the appropriate type by functions like `optionally_bitcast_vector`, `pop1_with_bitcast` and `pop2_with_bitcast`. However, there are times when we must also cast to `I8X16` for outgoing values, as with `local.set` and `local.tee`.
There are other ways of resolving this (e.g., see adding a new vector type, https://github.com/bytecodealliance/cranelift/pull/1251) but we discussed staying with this casting approach in https://github.com/bytecodealliance/wasmtime/issues/1147.
* Bitcast vectors immediately before a return
* Bitcast vectors immediately before a block end
* Use helper function for bitcasting arguments
* Add FuncTranslationState::peekn_mut; allows mutating of peeked values
* Bitcast values in place, avoiding an allocation
Also, retrieves the correct EBB header types for bitcasting on Operator::End.
* Bitcast values of a function with no explicit Wasm return instruction
* Add Signature::return_types method
This eliminates some duplicate code and avoids extra `use`s of `Vec`.
* Add Signature::param_types method; only collect normal parameters in both this and Signature::return_types
* Move normal_args to Signature::num_normal_params method
This matches the organization of the other Signature::num_*_params methods.
* Bitcast values of Operator::Call and Operator::CallIndirect
* Add DataFlowGraph::ebb_param_types
* Bitcast values of Operator::Br and Operator::BrIf
* Bitcast values of Operator::BrTable
As an implementation-specific limit, we do not allow the full index space of
`0..=2^32 - 1` because we reserve index `2^32 - 1` for ourselves in
`cranelift-entity`.
Fixes#1306
We weren't previously keeping track of quite the right information for whether
an `if .. else .. end`'s following block was reachable or not. It should be
reachable if the head is reachable and either the consequent or alternative end
reachable (and therefore fall through to the following block) or do an early
`br_if` to it.
This commit rejiggers `ControlStackFrame::If` to keep track of reachability at
the end of the consequent (we don't need to keep track of it at the end of the
alternative, since that is simply `state.reachable`) and adds Wasm tests for
every reachability situation we can encounter with `if .. else .. end`.
Fixes#1132
This commit fixes a bug where at the end of an `if..else..end`'s consequent
block, we would sometimes erroneously jump to the `else` block instead of to the
following destination block. Not good!
This commit introduces initial support for multi-value Wasm. Wasm blocks and
calls can now take and return an arbitrary number of values.
The encoding for multi-value blocks means that we need to keep the contents of
the "Types" section around when translating function bodies. To do this, we
introduce a `WasmTypesMap` type that maps the type indices to their parameters
and returns, construct it when parsing the "Types" section, and shepherd it
through a bunch of functions and methods when translating function bodies.
* Move `return_at_end` out of Settings and into the wasm FuncEnvironment.
The `return_at_end` flag supports users that want to append a custom
epilogue to Cranelift-produced functions. It arranges for functions to
always return via a single return statement at the end, and users are
expected to remove this return to append their code.
This patch makes two changes:
- First, introduce a `fallthrough_return` instruction and use that
instead of adding a `return` at the end. That's simpler than having
users remove the `return` themselves.
- Second, move this setting out of the Settings and into the wasm
FuncEnvironment. This flag isn't something the code generator uses,
it's something that the wasm translator uses. The code generator
needs to preserve the property, however we can give the
`fallthrough_return` instruction properties to ensure this as needed,
such as marking it non-cloneable.
Maintain an explicit "reachable" flag when decoding wasm. Push placeholder
frames on the control-flow stack instead of just maintaining a count of
the stack depth in unreachable code, so that we can whether If blocks
have Elses, and whether block exits are branched to, in all contexts.
Fixes#217.
* wasm testsuite: ignore hidden files in test dir
and report a rejected file. it was picking up vim .swp files
* wasmtests: correct wat syntax in icall.wat
The function environment is now expected to keep track of the function
signatures in the module, and it is asked to generate Cretonne
signatures to be used for indirect calls.
The combination of make_indirect_sig() and translate_call_indirect()
callbacks allow the runtime to insert additional function arguments for
indirect calls such as vmctx pointers and CFI-style signature identifiers.
