[custom-descriptors] Update struct.new parsing and validation (#7643)

When allocating structs that have custom descriptors, struct.new and
struct.new_default must take an additional operand for the descriptor.

---------

Co-authored-by: Alon Zakai <[email protected]>

Author: tlively

scripts/test/fuzzing.py

@@ -114,8 +114,9 @@
     # TODO: fuzzer support for custom descriptors
     'custom-descriptors.wast',
     'br_on_cast_desc.wast',
-    'ref.get_cast.wast',
+    'ref.get_desc.wast',
     'ref.cast_desc.wast',
+    'struct.new-desc.wast',
     # TODO: fix split_wast() on tricky escaping situations like a string ending
     #       in \\" (the " is not escaped - there is an escaped \ before it)
     'string-lifting-section.wast',

src/ir/child-typer.h

@@ -934,16 +934,19 @@ template<typename Subtype> struct ChildTyper : OverriddenVisitor<Subtype> {
   }
 
   void visitStructNew(StructNew* curr) {
-    if (curr->isWithDefault()) {
-      return;
-    }
     if (self().skipUnreachable() && !curr->type.isRef()) {
       return;
     }
-    const auto& fields = curr->type.getHeapType().getStruct().fields;
-    assert(fields.size() == curr->operands.size());
-    for (size_t i = 0; i < fields.size(); ++i) {
-      note(&curr->operands[i], fields[i].type);
+    if (!curr->isWithDefault()) {
+      const auto& fields = curr->type.getHeapType().getStruct().fields;
+      assert(fields.size() == curr->operands.size());
+      for (size_t i = 0; i < fields.size(); ++i) {
+        note(&curr->operands[i], fields[i].type);
+      }
+    }
+    auto desc = curr->type.getHeapType().getDescriptorType();
+    if (desc) {
+      note(&curr->descriptor, Type(*desc, NonNullable, Exact));
     }
   }
 

src/ir/cost.h

@@ -693,6 +693,7 @@ struct CostAnalyzer : public OverriddenVisitor<CostAnalyzer, CostType> {
     for (auto* child : curr->operands) {
       ret += visit(child);
     }
+    ret += maybeVisit(curr->descriptor);
     return ret;
   }
   CostType visitStructGet(StructGet* curr) {

src/wasm-builder.h

@@ -921,23 +921,32 @@ class Builder {
     return ret;
   }
   StructNew* makeStructNew(HeapType type,
-                           std::initializer_list<Expression*> args) {
+                           std::initializer_list<Expression*> args,
+                           Expression* descriptor = nullptr) {
     auto* ret = wasm.allocator.alloc<StructNew>();
     ret->operands.set(args);
+    ret->descriptor = descriptor;
     ret->type = Type(type, NonNullable, Exact);
     ret->finalize();
     return ret;
   }
-  StructNew* makeStructNew(HeapType type, ExpressionList&& args) {
+  StructNew* makeStructNew(HeapType type,
+                           ExpressionList&& args,
+                           Expression* descriptor = nullptr) {
     auto* ret = wasm.allocator.alloc<StructNew>();
     ret->operands = std::move(args);
+    ret->descriptor = descriptor;
     ret->type = Type(type, NonNullable, Exact);
     ret->finalize();
     return ret;
   }
-  template<typename T> StructNew* makeStructNew(HeapType type, const T& args) {
+  template<typename T>
+  StructNew* makeStructNew(HeapType type,
+                           const T& args,
+                           Expression* descriptor = nullptr) {
     auto* ret = wasm.allocator.alloc<StructNew>();
     ret->operands.set(args);
+    ret->descriptor = descriptor;
     ret->type = Type(type, NonNullable, Exact);
     ret->finalize();
     return ret;

src/wasm-delegations-fields.def

@@ -667,6 +667,7 @@ DELEGATE_FIELD_CHILD(BrOn, ref)
 DELEGATE_FIELD_CASE_END(BrOn)
 
 DELEGATE_FIELD_CASE_START(StructNew)
+DELEGATE_FIELD_OPTIONAL_CHILD(StructNew, descriptor)
 DELEGATE_FIELD_CHILD_VECTOR(StructNew, operands)
 DELEGATE_FIELD_CASE_END(StructNew)
 

src/wasm.h

@@ -1672,6 +1672,8 @@ class StructNew : public SpecificExpression<Expression::StructNewId> {
   // case, and binaryen doesn't guarantee roundtripping binaries anyhow.
   ExpressionList operands;
 
+  Expression* descriptor = nullptr;
+
   bool isWithDefault() { return operands.empty(); }
 
   void finalize();

src/wasm/wasm-ir-builder.cpp

@@ -2214,15 +2214,17 @@ Result<> IRBuilder::makeBrOn(
 Result<> IRBuilder::makeStructNew(HeapType type) {
   StructNew curr(wasm.allocator);
   curr.type = Type(type, NonNullable, Exact);
-  // Differentiate from struct.new_default with a non-empty expression list.
   curr.operands.resize(type.getStruct().fields.size());
   CHECK_ERR(visitStructNew(&curr));
-  push(builder.makeStructNew(type, std::move(curr.operands)));
+  push(builder.makeStructNew(type, std::move(curr.operands), curr.descriptor));
   return Ok{};
 }
 
 Result<> IRBuilder::makeStructNewDefault(HeapType type) {
-  push(builder.makeStructNew(type, {}));
+  StructNew curr(wasm.allocator);
+  curr.type = Type(type, NonNullable, Exact);
+  CHECK_ERR(visitStructNew(&curr));
+  push(builder.makeStructNew(type, {}, curr.descriptor));
   return Ok{};
 }
 

src/wasm/wasm-validator.cpp

@@ -3147,6 +3147,18 @@ void FunctionValidator::visitStructNew(StructNew* curr) {
       }
     }
   }
+
+  auto descType = curr->type.getHeapType().getDescriptorType();
+  if (!descType) {
+    shouldBeFalse(curr->descriptor,
+                  curr,
+                  "struct.new of type without descriptor should lack one");
+  } else {
+    shouldBeSubType(curr->descriptor->type,
+                    Type(*descType, Nullable, Exact),
+                    curr,
+                    "struct.new descriptor operand should have proper type");
+  }
 }
 
 void FunctionValidator::visitStructGet(StructGet* curr) {