Make imported functions inexact

CHANGELOG.md

@@ -15,6 +15,10 @@ full changeset diff at the end of each section.
 Current Trunk
 -------------
 
+ - C and JS APIs now assume RefFuncs are created after imported functions (non-
+   imported functions can still be created later). This is necessary because
+   imported function types can vary (due to Custom Descriptors), and we need to
+   look up that type at RefFunc creation time.
  - The --mod-asyncify-never-unwind and --mod-asyncify-always-and-only-unwind
    passed were deleted.  They only existed to support the lazy code loading
    support in emscripten that was removed. (#7893)

scripts/fuzz_opt.py

@@ -2482,7 +2482,7 @@ def get_random_opts():
 # disabled, its dependent features need to be disabled as well.
 IMPLIED_FEATURE_OPTS = {
     '--disable-reference-types': ['--disable-gc', '--disable-exception-handling', '--disable-strings'],
-    '--disable-gc': ['--disable-strings', '--disable-stack-switching'],
+    '--disable-gc': ['--disable-strings', '--disable-stack-switching', '--disable-custom-descriptors'],
 }
 
 print('''

src/binaryen-c.cpp

@@ -157,7 +157,7 @@ Literal fromBinaryenLiteral(BinaryenLiteral x) {
     }
   }
   if (heapType.isSignature()) {
-    return Literal::makeFunc(Name(x.func), heapType);
+    return Literal::makeFunc(Name(x.func), type);
   }
   assert(heapType.isData());
   WASM_UNREACHABLE("TODO: gc data");
@@ -1609,8 +1609,21 @@ BinaryenExpressionRef BinaryenRefAs(BinaryenModuleRef module,
 BinaryenExpressionRef BinaryenRefFunc(BinaryenModuleRef module,
                                       const char* func,
                                       BinaryenHeapType type) {
-  return static_cast<Expression*>(
-    Builder(*(Module*)module).makeRefFunc(func, HeapType(type)));
+  // We can assume imports have been created at this point in time, but not
+  // other defined functions. See if the function exists already, and assume it
+  // is non-imported if not. TODO: If we want to allow creating imports later,
+  // we would need an API addition or change.
+  auto* wasm = (Module*)module;
+  if (wasm->getFunctionOrNull(func)) {
+    // Use the HeapType constructor, which will do a lookup on the module.
+    return static_cast<Expression*>(
+      Builder(*(Module*)module).makeRefFunc(func, HeapType(type)));
+  } else {
+    // Assume non-imported, and provide the full type for that.
+    Type full = Type(HeapType(type), NonNullable, Exact);
+    return static_cast<Expression*>(
+      Builder(*(Module*)module).makeRefFunc(func, full));
+  }
 }
 
 BinaryenExpressionRef BinaryenRefEq(BinaryenModuleRef module,

src/ir/ReFinalize.cpp

@@ -116,9 +116,7 @@ void ReFinalize::visitMemoryGrow(MemoryGrow* curr) { curr->finalize(); }
 void ReFinalize::visitRefNull(RefNull* curr) { curr->finalize(); }
 void ReFinalize::visitRefIsNull(RefIsNull* curr) { curr->finalize(); }
 void ReFinalize::visitRefFunc(RefFunc* curr) {
-  // TODO: should we look up the function and update the type from there? This
-  // could handle a change to the function's type, but is also not really what
-  // this class has been meant to do.
+  curr->finalize(curr->type.getHeapType(), *getModule());
 }
 void ReFinalize::visitRefEq(RefEq* curr) { curr->finalize(); }
 void ReFinalize::visitTableGet(TableGet* curr) { curr->finalize(); }

src/ir/module-splitting.cpp

@@ -73,6 +73,7 @@
 #include "ir/export-utils.h"
 #include "ir/module-utils.h"
 #include "ir/names.h"
+#include "ir/utils.h"
 #include "pass.h"
 #include "support/insert_ordered.h"
 #include "wasm-builder.h"
@@ -274,7 +275,8 @@ TableSlotManager::Slot TableSlotManager::getSlot(Name func, HeapType type) {
                   activeBase.index + Index(activeSegment->data.size())};
 
   Builder builder(module);
-  activeSegment->data.push_back(builder.makeRefFunc(func, type));
+  auto funcType = Type(type, NonNullable, Inexact);
+  activeSegment->data.push_back(builder.makeRefFunc(func, funcType));
 
   addSlot(func, newSlot);
   if (activeTable->initial <= newSlot.index) {
@@ -339,6 +341,7 @@ struct ModuleSplitter {
   void setupTablePatching();
   void shareImportableItems();
   void removeUnusedSecondaryElements();
+  void updateIR();
 
   ModuleSplitter(Module& primary, const Config& config)
     : config(config), primary(primary), tableManager(primary),
@@ -355,6 +358,7 @@ struct ModuleSplitter {
     setupTablePatching();
     shareImportableItems();
     removeUnusedSecondaryElements();
+    updateIR();
   }
 };
 
@@ -372,7 +376,7 @@ void ModuleSplitter::setupJSPI() {
     // Add an imported function to load the secondary module.
     auto import = Builder::makeFunction(
       ModuleSplitting::LOAD_SECONDARY_MODULE,
-      Type(Signature(Type::none, Type::none), NonNullable, Exact),
+      Type(Signature(Type::none, Type::none), NonNullable, Inexact),
       {});
     import->module = ENV;
     import->base = ModuleSplitting::LOAD_SECONDARY_MODULE;
@@ -516,6 +520,7 @@ void ModuleSplitter::exportImportFunction(Name funcName,
       func->hasExplicitName = primaryFunc->hasExplicitName;
       func->module = config.importNamespace;
       func->base = exportName;
+      func->type = func->type.with(Inexact);
       secondary->addFunction(std::move(func));
     }
   }
@@ -790,9 +795,8 @@ void ModuleSplitter::setupTablePatching() {
       placeholder->name = Names::getValidFunctionName(
         primary, std::string("placeholder_") + placeholder->base.toString());
       placeholder->hasExplicitName = true;
-      placeholder->type = secondaryFunc->type;
-      elem = Builder(primary).makeRefFunc(placeholder->name,
-                                          placeholder->type.getHeapType());
+      placeholder->type = secondaryFunc->type.with(Inexact);
+      elem = Builder(primary).makeRefFunc(placeholder->name, placeholder->type);
       primary.addFunction(std::move(placeholder));
     });
 
@@ -833,8 +837,7 @@ void ModuleSplitter::setupTablePatching() {
           // primarySeg->data[i] is a placeholder, so use the secondary
           // function.
           auto* func = replacement->second;
-          auto* ref = Builder(secondary).makeRefFunc(func->name,
-                                                     func->type.getHeapType());
+          auto* ref = Builder(secondary).makeRefFunc(func->name, func->type);
           secondaryElems.push_back(ref);
           ++replacement;
         } else if (auto* get = primarySeg->data[i]->dynCast<RefFunc>()) {
@@ -876,7 +879,7 @@ void ModuleSplitter::setupTablePatching() {
       }
       auto* func = curr->second;
       currData.push_back(
-        Builder(secondary).makeRefFunc(func->name, func->type.getHeapType()));
+        Builder(secondary).makeRefFunc(func->name, func->type));
     }
     if (currData.size()) {
       finishSegment();
@@ -971,11 +974,37 @@ void ModuleSplitter::removeUnusedSecondaryElements() {
   // code size in the primary module as well.
   for (auto& secondaryPtr : secondaries) {
     PassRunner runner(secondaryPtr.get());
+    // Do not validate here in the middle, as the IR still needs updating later.
+    runner.options.validate = false;
     runner.add("remove-unused-module-elements");
     runner.run();
   }
 }
 
+void ModuleSplitter::updateIR() {
+  // Imported functions may need type updates.
+  struct Fixer : public PostWalker<Fixer> {
+    void visitRefFunc(RefFunc* curr) {
+      auto& wasm = *getModule();
+      auto* func = wasm.getFunction(curr->func);
+      if (func->type != curr->type) {
+        // This became an import, and lost exactness.
+        assert(!func->type.isExact());
+        assert(curr->type.isExact());
+        if (wasm.features.hasCustomDescriptors()) {
+          // Add a cast, as the parent may depend on the exactness to validate.
+          replaceCurrent(Builder(wasm).makeRefCast(curr, curr->type));
+        }
+        curr->type = curr->type.with(Inexact);
+      }
+    }
+  } fixer;
+  fixer.walkModule(&primary);
+  for (auto& secondaryPtr : secondaries) {
+    fixer.walkModule(secondaryPtr.get());
+  }
+}
+
 } // anonymous namespace
 
 Results splitFunctions(Module& primary, const Config& config) {

src/ir/possible-contents.cpp

@@ -27,6 +27,7 @@
 #include "ir/module-utils.h"
 #include "ir/possible-contents.h"
 #include "support/insert_ordered.h"
+#include "wasm-type.h"
 #include "wasm.h"
 
 namespace std {
@@ -641,9 +642,15 @@ struct InfoCollector
     addRoot(curr);
   }
   void visitRefFunc(RefFunc* curr) {
-    addRoot(curr,
-            PossibleContents::literal(
-              Literal::makeFunc(curr->func, curr->type.getHeapType())));
+    if (!getModule()->getFunction(curr->func)->imported()) {
+      // This is not imported, so we know the exact function literal.
+      addRoot(
+        curr,
+        PossibleContents::literal(Literal::makeFunc(curr->func, *getModule())));
+    } else {
+      // This is imported, so it might be anything of the proper type.
+      addRoot(curr);
+    }
 
     // The presence of a RefFunc indicates the function may be called
     // indirectly, so add the relevant connections for this particular function.
@@ -1861,8 +1868,7 @@ void TNHOracle::infer() {
         //       lot of other optimizations become possible anyhow.
         auto target = possibleTargets[0]->name;
         info.inferences[call->target] =
-          PossibleContents::literal(Literal::makeFunc(
-            target, wasm.getFunction(target)->type.getHeapType()));
+          PossibleContents::literal(Literal::makeFunc(target, wasm));
         continue;
       }
 

src/ir/properties.h

@@ -116,7 +116,7 @@ inline Literal getLiteral(const Expression* curr) {
   } else if (auto* n = curr->dynCast<RefNull>()) {
     return Literal(n->type);
   } else if (auto* r = curr->dynCast<RefFunc>()) {
-    return Literal::makeFunc(r->func, r->type.getHeapType());
+    return Literal::makeFunc(r->func, r->type);
   } else if (auto* i = curr->dynCast<RefI31>()) {
     if (auto* c = i->value->dynCast<Const>()) {
       return Literal::makeI31(c->value.geti32(),

src/literal.h

@@ -30,6 +30,7 @@
 
 namespace wasm {
 
+class Module;
 class Literals;
 struct FuncData;
 struct GCData;
@@ -70,6 +71,9 @@ class Literal {
 
 public:
   // Type of the literal. Immutable because the literal's payload depends on it.
+  // For references to defined heap types, this is almost always an exact type.
+  // The exception is references to imported functions, since the function
+  // provided at instantiation time may have a subtype of the import type.
   const Type type;
 
   Literal() : v128(), type(Type::none) {}
@@ -90,7 +94,7 @@ class Literal {
   explicit Literal(const std::array<Literal, 8>&);
   explicit Literal(const std::array<Literal, 4>&);
   explicit Literal(const std::array<Literal, 2>&);
-  explicit Literal(std::shared_ptr<FuncData> funcData, HeapType type);
+  explicit Literal(std::shared_ptr<FuncData> funcData, Type type);
   explicit Literal(std::shared_ptr<GCData> gcData, HeapType type);
   explicit Literal(std::shared_ptr<ExnData> exnData);
   explicit Literal(std::shared_ptr<ContData> contData);
@@ -252,7 +256,8 @@ class Literal {
   }
   // Simple way to create a function from the name and type, without a full
   // FuncData.
-  static Literal makeFunc(Name func, HeapType type);
+  static Literal makeFunc(Name func, Type type);
+  static Literal makeFunc(Name func, Module& wasm);
   static Literal makeI31(int32_t value, Shareability share) {
     auto lit = Literal(Type(HeapTypes::i31.getBasic(share), NonNullable));
     lit.i32 = value | 0x80000000;

src/parser/contexts.h

@@ -1419,6 +1419,9 @@ struct ParseModuleTypesCtx : TypeParserCtx<ParseModuleTypesCtx>,
       return in.err(pos, "expected signature type");
     }
     f->type = f->type.with(type.type);
+    if (f->imported()) {
+      f->type = f->type.with(Inexact);
+    }
     // If we are provided with too many names (more than the function has), we
     // will error on that later when we check the signature matches the type.
     // For now, avoid asserting in setLocalName.
@@ -1601,7 +1604,7 @@ struct ParseDefsCtx : TypeParserCtx<ParseDefsCtx>, AnnotationParserCtx {
     elems.push_back(expr);
   }
   void appendFuncElem(std::vector<Expression*>& elems, Name func) {
-    auto type = wasm.getFunction(func)->type.getHeapType();
+    auto type = wasm.getFunction(func)->type;
     elems.push_back(builder.makeRefFunc(func, type));
   }
 

src/passes/ExtractFunction.cpp

@@ -22,6 +22,7 @@
 
 #include <cctype>
 
+#include "ir/utils.h"
 #include "pass.h"
 #include "wasm-builder.h"
 #include "wasm.h"
@@ -37,6 +38,7 @@ static void extract(PassRunner* runner, Module* module, Name name) {
       func->module = "env";
       func->base = func->name;
       func->vars.clear();
+      func->type = func->type.with(Inexact);
       func->body = nullptr;
     } else {
       found = true;
@@ -46,6 +48,10 @@ static void extract(PassRunner* runner, Module* module, Name name) {
     Fatal() << "could not find the function to extract\n";
   }
 
+  // Update function references after making things imports.
+  ReFinalize().run(runner, module);
+  ReFinalize().walkModuleCode(module);
+
   // Leave just one export, for the thing we want.
   module->exports.clear();
   module->updateMaps();

src/passes/FuncCastEmulation.cpp

@@ -178,7 +178,7 @@ struct FuncCastEmulation : public Pass {
         }
         auto* thunk = iter->second;
         ref->func = thunk->name;
-        ref->finalize(thunk->type.getHeapType());
+        ref->finalize(thunk->type.getHeapType(), *module);
       }
     }
 

src/passes/InstrumentBranchHints.cpp

@@ -102,6 +102,7 @@
 #include "ir/names.h"
 #include "ir/parents.h"
 #include "ir/properties.h"
+#include "ir/utils.h"
 #include "pass.h"
 #include "support/string.h"
 #include "wasm-builder.h"
@@ -193,19 +194,26 @@ struct InstrumentBranchHints
       auto* func = module->getFunction(existing);
       func->body = Builder(*module).makeNop();
       func->module = func->base = Name();
+      func->type = func->type.with(Exact);
     }
 
     // Add our import.
     auto* func = module->addFunction(Builder::makeFunction(
       Names::getValidFunctionName(*module, BASE),
-      Signature({Type::i32, Type::i32, Type::i32}, Type::none),
+      Type(Signature({Type::i32, Type::i32, Type::i32}, Type::none),
+           NonNullable,
+           Exact),
       {}));
     func->module = MODULE;
     func->base = BASE;
     logBranch = func->name;
 
     // Walk normally, using logBranch as we go.
     Super::doWalkModule(module);
+
+    // Update ref.func type changes.
+    ReFinalize().run(getPassRunner(), module);
+    ReFinalize().walkModuleCode(module);
   }
 };