Fix RefNull issues (#3123)

dcodeIO · web-flow · commit 643facd9bf6a · 2020-09-13T06:11:17.000+02:00
* ExpressionAnalyzer: Fix `ref.null ht` equality check to include `ht`.
* Precompute: Fix `ref.null ht` expression reuse to also update `ht`.
* Fuzzing: Fix `ref.null func` becoming canonicalized to `ref.func $funcref`
  when evaluating execution results, by adding a check for `isNull`.
* Fuzzing: Print actual and expected execution results when aborting.
* Tests: Update `if-arms-subtype` test in `optimize-instructions` to check
  that identical `if` arms become folded while not identical arms are kept.
diff --git a/src/ir/ExpressionAnalyzer.cpp b/src/ir/ExpressionAnalyzer.cpp
@@ -219,7 +219,7 @@ template<typename T> void visitImmediates(Expression* curr, T& visitor) {
       visitor.visitInt(curr->op);
       visitor.visitNonScopeName(curr->nameOperand);
     }
-    void visitRefNull(RefNull* curr) {}
+    void visitRefNull(RefNull* curr) { visitor.visitType(curr->type); }
     void visitRefIsNull(RefIsNull* curr) {}
     void visitRefFunc(RefFunc* curr) { visitor.visitNonScopeName(curr->func); }
     void visitTry(Try* curr) {}
diff --git a/src/passes/Precompute.cpp b/src/passes/Precompute.cpp
@@ -134,9 +134,12 @@ struct Precompute
             curr->finalize();
             return;
           }
-        } else if (singleValue.isNull() &&
-                   curr->value->template is<RefNull>()) {
-          return;
+        } else if (singleValue.isNull()) {
+          if (auto* n = curr->value->template dynCast<RefNull>()) {
+            n->finalize(singleValue.type);
+            curr->finalize();
+            return;
+          }
         } else if (singleValue.type == Type::funcref) {
           if (auto* r = curr->value->template dynCast<RefFunc>()) {
             r->func = singleValue.getFunc();
diff --git a/src/tools/execution-results.h b/src/tools/execution-results.h
@@ -73,7 +73,7 @@ struct ExecutionResults {
           // change (after duplicate function elimination or roundtripping)
           // while the function contents are still the same
           for (Literal& val : ret) {
-            if (val.type == Type::funcref) {
+            if (val.type == Type::funcref && !val.isNull()) {
               val = Literal::makeFunc(Name("funcref"));
             }
           }
@@ -112,7 +112,8 @@ struct ExecutionResults {
       }
       std::cout << "[fuzz-exec] comparing " << name << '\n';
       if (results[name] != other.results[name]) {
-        std::cout << "not identical!\n";
+        std::cout << "not identical! " << results[name]
+                  << " != " << other.results[name] << "\n";
         return false;
       }
     }
diff --git a/test/passes/optimize-instructions_all-features.txt b/test/passes/optimize-instructions_all-features.txt
@@ -10,11 +10,11 @@
  (type $i64_=>_i64 (func (param i64) (result i64)))
  (type $i32_i64_f32_=>_none (func (param i32 i64 f32)))
  (type $i32_i64_f32_f64_=>_none (func (param i32 i64 f32 f64)))
+ (type $none_=>_anyref (func (result anyref)))
  (type $i32_i32_i32_=>_none (func (param i32 i32 i32)))
  (type $i32_i32_f64_f64_=>_none (func (param i32 i32 f64 f64)))
  (type $i32_i64_f64_i32_=>_none (func (param i32 i64 f64 i32)))
  (type $none_=>_f64 (func (result f64)))
- (type $none_=>_anyref (func (result anyref)))
  (memory $0 0)
  (export "load-off-2" (func $load-off-2))
  (func $f (param $i1 i32) (param $i2 i64)
@@ -3712,9 +3712,16 @@
    (unreachable)
   )
  )
- (func $if-arms-subtype (result anyref)
+ (func $if-arms-subtype-fold (result anyref)
   (ref.null extern)
  )
+ (func $if-arms-subtype-nofold (result anyref)
+  (if (result anyref)
+   (i32.const 0)
+   (ref.null extern)
+   (ref.null func)
+  )
+ )
  (func $optimize-boolean-context (param $x i32) (param $y i32)
   (if
    (local.get $x)
diff --git a/test/passes/optimize-instructions_all-features.wast b/test/passes/optimize-instructions_all-features.wast
@@ -4207,8 +4207,17 @@
       (unreachable)
     )
   )
-  ;; Tests when if arms are subtype of if's type
-  (func $if-arms-subtype (result anyref)
+  ;; These functions test if an `if` with subtyped arms is correctly folded
+  ;; 1. if its `ifTrue` and `ifFalse` arms are identical (can fold)
+  (func $if-arms-subtype-fold (result anyref)
+    (if (result anyref)
+      (i32.const 0)
+      (ref.null extern)
+      (ref.null extern)
+    )
+  )
+  ;; 2. if its `ifTrue` and `ifFalse` arms are not identical (cannot fold)
+  (func $if-arms-subtype-nofold (result anyref)
     (if (result anyref)
       (i32.const 0)
       (ref.null extern)

Original file line number	Diff line number	Diff line change
`@@ -219,7 +219,7 @@ template<typename T> void visitImmediates(Expression* curr, T& visitor) {`
`219`	`219`	`visitor.visitInt(curr->op);`
`220`	`220`	`visitor.visitNonScopeName(curr->nameOperand);`
`221`	`221`	`}`
`222`		`- void visitRefNull(RefNull* curr) {}`
	`222`	`+ void visitRefNull(RefNull* curr) { visitor.visitType(curr->type); }`
`223`	`223`	`void visitRefIsNull(RefIsNull* curr) {}`
`224`	`224`	`void visitRefFunc(RefFunc* curr) { visitor.visitNonScopeName(curr->func); }`
`225`	`225`	`void visitTry(Try* curr) {}`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ struct ExecutionResults {`
`73`	`73`	`// change (after duplicate function elimination or roundtripping)`
`74`	`74`	`// while the function contents are still the same`
`75`	`75`	`for (Literal& val : ret) {`
`76`		`- if (val.type == Type::funcref) {`
	`76`	`+ if (val.type == Type::funcref && !val.isNull()) {`
`77`	`77`	`val = Literal::makeFunc(Name("funcref"));`
`78`	`78`	`}`
`79`	`79`	`}`
`@@ -112,7 +112,8 @@ struct ExecutionResults {`
`112`	`112`	`}`
`113`	`113`	`std::cout << "[fuzz-exec] comparing " << name << '\n';`
`114`	`114`	`if (results[name] != other.results[name]) {`
`115`		`- std::cout << "not identical!\n";`
	`115`	`+ std::cout << "not identical! " << results[name]`
	`116`	`+ << " != " << other.results[name] << "\n";`
`116`	`117`	`return false;`
`117`	`118`	`}`
`118`	`119`	`}`