Fix inlining of return_call*
#6448
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
|
I haven't had time to review in detail yet, but a quick comment: I think you need to also fix the interpreter on |
|
Yes, working on it now :) |
src/passes/Inlining.cpp
Outdated
| auto var = builder->addVar(getFunction(), sig.params[i]); | ||
| branchBlock->list.push_back( | ||
| builder->makeLocalSet(var, curr->operands[i])); | ||
| curr->operands[i] = builder->makeLocalGet(var, sig.params[i]); |
There was a problem hiding this comment.
This can perhaps use ir/localize.h. That would avoid putting things in locals unnecessarily (it will leave things with no effects in place). But if it's more work maybe not worth it.
There was a problem hiding this comment.
It looks like this would be slightly tricky to use. The result of ChildLocalizer::getReplacement may or may not contain the parent (in this case the call), but we need to know where the parent is so we can replace it with a branch. We could add a new getChildrenReplacment method that returns a block with only the sets, perhaps.
There was a problem hiding this comment.
Just pushed this change, PTAL.
| } | ||
|
|
||
| void walk(Expression*& curr) { | ||
| PostWalker<Updater>::walk(curr); |
There was a problem hiding this comment.
Rather than these two lines, can just implement visitFunction.
There was a problem hiding this comment.
Oh no, because it's not the entire function that gets walked, just the block containing the inlined body.
There was a problem hiding this comment.
Ah, thanks, that's what I was missing...
src/passes/Inlining.cpp
Outdated
| return; | ||
| } | ||
|
|
||
| Block* body = curr->cast<Block>(); |
There was a problem hiding this comment.
Why must the function body be a block?
There was a problem hiding this comment.
This is the block we create to hold the inlined contents in the parent. We always create a block in case there are any returns in the inlined contents that would need to be transformed into branches out of that block.
There was a problem hiding this comment.
Are you sure you are passing the block? The inliner is crashing on this example.
(module
(import "env" "h" (func $h (result i32)))
(func $g (param $x i32) (result i32)
(if (result i32) (local.get $x)
(then
(return_call $h)
)
(else
(i32.const 17)
)
)
)
(func (export "f") (param $x i32) (result i32)
(call $g (local.get $x))
)
)There was a problem hiding this comment.
No, this comment was incorrect. I fixed it though, so the latest version of this branch should be good. I just tested this example locally and it worked fine.
There was a problem hiding this comment.
Oops, good catch. I've moved it to the correct PR now.
| // inlined body. The branch label will be set later when we create branch | ||
| // targets for the calls. | ||
| Block* childBlock = ChildLocalizer(curr, getFunction(), *module, options) | ||
| .getChildrenReplacement(); |
There was a problem hiding this comment.
This should avoid adding temp vars when there is no need - is there a test that shows that? (I seem to see locals created all the time but I probably just missed it.)
| ;; CHECK-NEXT: (block | ||
| ;; CHECK-NEXT: (block $__return_call | ||
| ;; CHECK-NEXT: (block | ||
| ;; CHECK-NEXT: (br $__return_call) |
There was a problem hiding this comment.
The lack of local.set here demonstrates that we successfully skipped using a local for this parameter. The test output still has a local because of the next inlining iteration.
There was a problem hiding this comment.
Got it, thanks. Yeah, that local.set has two causes in these tests now made this hard to see...
kripken
left a comment
kripken
left a comment
There was a problem hiding this comment.
lgtm with fuzzing + landing at the same time as the other PR.
| ;; CHECK-NEXT: (block | ||
| ;; CHECK-NEXT: (block $__return_call | ||
| ;; CHECK-NEXT: (block | ||
| ;; CHECK-NEXT: (br $__return_call) |
There was a problem hiding this comment.
Got it, thanks. Yeah, that local.set has two causes in these tests now made this hard to see...
Previously we transformed return calls in inlined function bodies into normal calls followed by branches out to the caller code. Similarly, when inlining a `return_call` callsite, we simply added a `return` after the body inlined at the callsite. These transformations would have been correct if the semantics of return calls were to call and then return, but they are not correct for the actual semantics of returning and then calling. The previous implementation is observably incorrect for return calls inside try blocks, where the previous implementation would run the inlined body within the try block, but the proper semantics would be to run the inlined body outside the try block. Fix the problem by tranforming inlined return calls to branches followed by calls rather than as calls followed by branches. For the case of inlined return call callsites, insert branches out of the original body of the caller and inline the body of the callee as a sibling of the original caller body. For the other case of return calls appearing in inlined bodies, translate the return calls to branches out to calls inserted as siblings of the original inlined body. In both cases, it would have been convenient to use multivalue block return to send call parameters along the branches to the calls, but unfortunately in our IR that would have required tuple-typed scratch locals to unpack the tuple of operands at the call sites. It is simpler to just use locals to propagate the operands in the first place.
tlively
force-pushed
the
return-call-inlining
branch
from
25537ae to
12b5f92
Compare
We previously interpreted return calls as calls followed by returns, but that is not correct both because it grows the size of the execution stack and because it runs the called functions in the wrong context, which can be observable in the case of exception handling. Update the interpreter to handle return calls correctly by adding a new `RETURN_CALL_FLOW` that behaves like a return, but carries the arguments and reference to the return-callee rather than normal return values. `callFunctionInternal` is updated to intercept this flow and call return-called functions in a loop until a function returns with some other kind of flow. Pull in the upstream spec tests return_call.wast, return_call_indirect.wast, and return_call_ref.wast with light editing so that we parse and validate them successfully. * Handle return calls in wasm-ctor-eval (#6464) When an evaluated export ends in a return call, continue evaluating the return-called function. This requires propagating the parameters, handling the case that the return-called function might be an import, and fixing up local indices in case the final function has different parameters than the original function. * Update effects.h to handle return calls correctly (#6470) As far as their surrounding code is concerned return calls are no different from normal returns. It's only from a caller's perspective that a function containing a return call also has the effects of the return-callee. To model this more precisely in EffectAnalyzer, stash the throw effect of return-callees on the side and only merge it in at the end when analyzing the effects of a full function body.
Previously we transformed return calls in inlined function bodies into normal
calls followed by branches out to the caller code. Similarly, when inlining a
return_callcallsite, we simply added areturnafter the body inlined at thecallsite. These transformations would have been correct if the semantics of
return calls were to call and then return, but they are not correct for the
actual semantics of returning and then calling.
The previous implementation is observably incorrect for return calls inside try
blocks, where the previous implementation would run the inlined body within the
try block, but the proper semantics would be to run the inlined body outside the
try block.
Fix the problem by tranforming inlined return calls to branches followed by
calls rather than as calls followed by branches. For the case of inlined return
call callsites, insert branches out of the original body of the caller and
inline the body of the callee as a sibling of the original caller body. For the
other case of return calls appearing in inlined bodies, translate the return
calls to branches out to calls inserted as siblings of the original inlined
body.
In both cases, it would have been convenient to use multivalue block return to
send call parameters along the branches to the calls, but unfortunately in our
IR that would have required tuple-typed scratch locals to unpack the tuple of
operands at the call sites. It is simpler to just use locals to propagate the
operands in the first place.