[Custom Descriptors] Ensure descriptor validity in Unsubtyping (#7743)

We already partially handled the interaction between descriptors and
subtyping by ensuring that B <: A implies B.desc <: A.desc if B.desc and
A.desc both exist. However, there was a subtler situation we did not
handle:

A -> A.desc
^      ^
|    B.desc
|      ^
C -> C.desc

This subtyping violates the constraint that the descriptor of C's
immediate supertype must be the immediate supertype of C's descriptor.
To fix this, find the described type B to insert between C and A before
establishing C.desc <: B.desc <: A.desc.

Author: tlively

src/passes/Unsubtyping.cpp

@@ -492,6 +492,7 @@ struct Unsubtyping : Pass {
       }
       if (HeapType::isSubType(*oldSuper, super)) {
         // sub <: oldSuper <: super
+        processDescribed(sub, *oldSuper, super);
         noteSubtype(*oldSuper, super);
         // We already handled sub <: oldSuper, so we're done.
         return;
@@ -501,6 +502,7 @@ struct Unsubtyping : Pass {
       // super will already be in the same tree when we process them below, so
       // when we process casts we will know that we only need to process up to
       // oldSuper.
+      processDescribed(sub, super, *oldSuper);
       process(super, *oldSuper);
     }
 
@@ -512,6 +514,42 @@ struct Unsubtyping : Pass {
     processCasts(sub, super, oldSuper);
   }
 
+  void processDescribed(HeapType sub, HeapType mid, HeapType super) {
+    // We are establishing sub <: mid <: super. If super describes the immediate
+    // supertype of the type sub describes, then once we insert mid between them
+    // we would have this:
+    //
+    // A -> super
+    // ^     ^
+    // |    mid
+    // |     ^
+    // C -> sub
+    //
+    // This violates the requirement that the descriptor of C's immediate
+    // supertype must be the immediate supertype of C's descriptor. To fix it,
+    // we have to find the type B that mid describes and insert it between A and
+    // C:
+    //
+    // A -> super
+    // ^     ^
+    // B -> mid
+    // ^     ^
+    // C -> sub
+    //
+    // We do this eagerly before we establish sub <: mid <: super so that if
+    // establishing that subtyping requires recursively establishing other
+    // subtypings, we can depend on the invariant that the described types are
+    // always set up correctly beforehand.
+    auto subDescribed = sub.getDescribedType();
+    auto superDescribed = super.getDescribedType();
+    if (subDescribed && superDescribed &&
+        types.getSupertype(*subDescribed) == superDescribed) {
+      auto midDescribed = mid.getDescribedType();
+      assert(midDescribed);
+      process(*subDescribed, *midDescribed);
+    }
+  }
+
   void processDefinitions(HeapType sub, HeapType super) {
     if (super.isBasic()) {
       return;

test/lit/passes/unsubtyping-desc.wast

@@ -62,3 +62,75 @@
   ;; CHECK:      (global $A.desc (ref null $A.desc) (global.get $B.desc))
   (global $A.desc (ref null $A.desc) (global.get $B.desc))
 )
+
+(module
+  (rec
+    ;; CHECK:      (rec
+    ;; CHECK-NEXT:  (type $top (sub (descriptor $top.desc (struct))))
+    (type $top (sub (descriptor $top.desc (struct))))
+    ;; CHECK:       (type $mid (sub $top (descriptor $mid.desc (struct))))
+    (type $mid (sub $top (descriptor $mid.desc (struct))))
+    ;; CHECK:       (type $bot (sub $mid (descriptor $bot.desc (struct))))
+    (type $bot (sub $mid (descriptor $bot.desc (struct))))
+    ;; CHECK:       (type $top.desc (sub (describes $top (struct))))
+    (type $top.desc (sub (describes $top (struct))))
+    ;; CHECK:       (type $mid.desc (sub $top.desc (describes $mid (struct))))
+    (type $mid.desc (sub $top.desc (describes $mid (struct))))
+    ;; CHECK:       (type $bot.desc (sub $mid.desc (describes $bot (struct))))
+    (type $bot.desc (sub $mid.desc (describes $bot (struct))))
+  )
+
+  ;; top -> top.desc
+  ;; ^
+  ;; |(2) mid -> mid.desc
+  ;; |            ^ (1)
+  ;; bot -> bot.desc
+  ;;
+  ;; bot <: top implies bot.desc <: top.desc, but we already have
+  ;; bot.desc <: mid.desc, so that gives us bot.desc <: mid.desc <: top.desc.
+  ;; This is only valid if we also have bot <: mid <: top.
+
+  ;; CHECK:      (global $bot-mid-desc (ref null $mid.desc) (struct.new_default $bot.desc))
+  (global $bot-mid-desc (ref null $mid.desc) (struct.new $bot.desc))
+  ;; CHECK:      (global $bot-top (ref null $top) (struct.new_default $bot
+  ;; CHECK-NEXT:  (ref.null none)
+  ;; CHECK-NEXT: ))
+  (global $bot-top (ref null $top) (struct.new $bot (ref.null none)))
+)
+
+(module
+  (rec
+    ;; CHECK:      (rec
+    ;; CHECK-NEXT:  (type $top (sub (descriptor $top.desc (struct))))
+    (type $top (sub (descriptor $top.desc (struct))))
+    ;; CHECK:       (type $mid (sub $top (descriptor $mid.desc (struct))))
+    (type $mid (sub $top (descriptor $mid.desc (struct))))
+    ;; CHECK:       (type $bot (sub $mid (descriptor $bot.desc (struct))))
+    (type $bot (sub $mid (descriptor $bot.desc (struct))))
+    ;; CHECK:       (type $top.desc (sub (describes $top (struct))))
+    (type $top.desc (sub (describes $top (struct))))
+    ;; CHECK:       (type $mid.desc (sub $top.desc (describes $mid (struct))))
+    (type $mid.desc (sub $top.desc (describes $mid (struct))))
+    ;; CHECK:       (type $bot.desc (sub $mid.desc (describes $bot (struct))))
+    (type $bot.desc (sub $mid.desc (describes $bot (struct))))
+  )
+
+  ;; Same as above, but the order of the initial subtypings is reversed.
+  ;;
+  ;; top -> top.desc
+  ;; ^
+  ;; |(1) mid -> mid.desc
+  ;; |            ^ (2)
+  ;; bot -> bot.desc
+  ;;
+  ;; bot <: top implies bot.desc <: top.desc. When we add bot.desc <: mid.desc,
+  ;; that gives us bot.desc <: mid.desc <: top.desc. This is only valid if we
+  ;; also have bot <: mid <: top.
+
+  ;; CHECK:      (global $bot-top (ref null $top) (struct.new_default $bot
+  ;; CHECK-NEXT:  (ref.null none)
+  ;; CHECK-NEXT: ))
+  (global $bot-top (ref null $top) (struct.new $bot (ref.null none)))
+  ;; CHECK:      (global $bot-mid-desc (ref null $mid.desc) (struct.new_default $bot.desc))
+  (global $bot-mid-desc (ref null $mid.desc) (struct.new $bot.desc))
+)