Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Strings] Work around ref.cast not working on string views, and add fuzzing #6549

Merged
merged 6 commits into from
Apr 29, 2024
Merged

[Strings] Work around ref.cast not working on string views, and add fuzzing #6549

merged 6 commits into from
Apr 29, 2024

Conversation

kripken
Copy link
Member

@kripken kripken commented Apr 25, 2024

As suggested in #6434 (comment) , lower ref.cast of string views
to ref.as_non_null in binary writing. It is a simple hack that avoids the
problem of V8 not allowing them to be cast.

Add fuzzing support for the last three core string operations, after which
that problem becomes very frequent.

Also add yet another makeTrappingRefUse that was missing in that
fuzzer code.

@kripken kripken requested a review from tlively April 25, 2024 23:40
@kripken kripken mentioned this pull request Apr 25, 2024
Closed
tlively
tlively reviewed Apr 26, 2024
View reviewed changes
src/wasm/wasm-stack.cpp
heapType == HeapType::stringview_iter) {
// We cannot cast string views to/from anything, so the input must also
// be a view.
assert(curr->ref->type.getHeapType() == heapType);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this will handle casts to bottom correctly. If a string view is cast to (ref none), we should just emit (unreachable) because that cast cannot possibly succeed. If a string view is cast to (ref null none), I haven't thought of anything better than emitting (ref.is_null) (if (result nullref) (then (ref.null none)) (else (unreachable)).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't comprehensive atm, I guess, yeah, but it should handle all the things the fuzzer and the optimizer emit. I'm not sure if it's worth handling more things.

tlively
tlively approved these changes Apr 26, 2024
View reviewed changes
Copy link
Member

@tlively tlively left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough, I guess this isn't the only problem we have in principle that we don't run into in practice. And hopefully we will be able to remove the view types soon either way.

kripken added a commit to kripken/binaryen that referenced this pull request Apr 29, 2024
@kripken
fix bug due to interaction with WebAssembly#6549
1f07285
@kripken kripken merged commit 63d308f into WebAssembly:main Apr 29, 2024
13 checks passed
@kripken kripken deleted the fuzz.string.measure branch April 29, 2024 18:30
@gkdn gkdn mentioned this pull request Aug 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tlively tlively tlively approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kripken @tlively