Skip to content

[Custom Descriptors] Propagate subtyping to describees in Unsubtyping #7927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 29, 2025
Merged

[Custom Descriptors] Propagate subtyping to describees in Unsubtyping #7927

merged 3 commits into from
Sep 29, 2025

Conversation

tlively
Copy link
Member

@tlively tlively commented Sep 26, 2025

An upcoming change to the custom descriptor validation rules will
require describees to be in a subtype relationship whenever their
descriptors are. This is similar to the requirement we already have in
the opposite direction. Update Unsubtyping to respect this upcoming
rule.

@tlively
[NFC] Add debug tracing to Unsubtyping
fb093b2
@tlively
[Custom Descriptors] Propagate subtyping to describees in Unsubtyping
1931b55 
An upcoming change to the custom descriptor validation rules will
require describees to be in a subtype relationship whenever their
descriptors are. This is similar to the requirement we already have in
the opposite direction. Update Unsubtyping to respect this upcoming
rule.
@tlively tlively requested a review from kripken September 26, 2025 01:34
Base automatically changed from unsubypting-tracing to main September 29, 2025 18:00
@tlively tlively merged commit ed83899 into main Sep 29, 2025
16 checks passed
@tlively tlively deleted the unsubypting-propagate-left branch September 29, 2025 20:26
@kripken
Copy link
Member

kripken commented Sep 29, 2025

Fuzz bug bisected to here:

(module
 (rec                        
  (type $0 (sub (descriptor $1 (struct (field (mut (ref null $1))) (field (mut i16)) (field (mut (ref null $0))) (field i8) (field (mut i31ref)) (field (mut i64))))))
  (type $1 (sub (describes $0 (descriptor $3 (struct)))))
  (type $2 (sub (struct (field (ref null $4)) (field externref))))
  (type $3 (sub (describes $1 (descriptor $4 (struct (field i32))))))
  (type $4 (sub (describes $3 (struct (field (mut i64)) (field (mut i8))))))
  (type $5 (sub (func (result (ref $0)))))
  (type $6 (func (param i64 f32 f32 (ref null $4) (ref null $0) (ref $4)) (result v128)))
  (type $7 (array (mut (ref null $7))))
 )
 (rec
  (type $8 (struct (field (mut i8)) (field (mut (ref $7))) (field (mut i64))))
  (type $9 (struct (field v128)))
  (type $10 (descriptor $12 (struct (field (mut i8)) (field (mut v128)) (field (ref array)) (field i8))))
  (type $11 (array i16))
  (type $12 (sub (describes $10 (descriptor $13 (struct (field (ref $19)) (field arrayref) (field (ref null $6)) (field i64) (field (ref null $13)) (field (mut i8)))))))
  (type $13 (sub (describes $12 (descriptor $17 (struct (field i8) (field i8) (field (mut (ref null $12))))))))
  (type $14 (func (param f32 (ref null $10)) (result v128)))
  (type $15 (array (mut externref)))
  (type $16 (array externref))
  (type $17 (sub (describes $13 (struct (field i8) (field (mut f32)) (field (ref $7))))))
  (type $18 (sub (array i8)))
  (type $19 (sub (struct (field (mut eqref)) (field (mut i16)) (field (ref $21)))))
  (type $20 (sub (func (param (ref $22) (ref null $8) f32 f64 i32) (result (ref func)))))
  (type $21 (sub (array i16)))
  (type $22 (sub (func (param (ref null $4)) (result (ref null $21)))))
 )
 (rec
  (type $23 (sub $18 (array i8)))
  (type $24 (func (result (ref $4))))
  (type $25 (sub final $0 (descriptor $26 (struct (field (mut (ref null $1))) (field (mut i16)) (field (mut (ref null $0))) (field i8) (field (mut i31ref)) (field (mut i64))))))
  (type $26 (sub final $1 (describes $25 (descriptor $29 (struct (field f64) (field i32))))))
  (type $27 (sub final $20 (func (param (ref $22) eqref f32 f64 i32) (result (ref nofunc)))))
  (type $28 (array (ref null $31)))
  (type $29 (sub final $3 (describes $26 (descriptor $30 (struct (field i32) (field f32) (field (ref $3)) (field (mut i32)) (field i31ref))))))
  (type $30 (sub final $4 (describes $29 (descriptor $31 (struct (field (mut i64)) (field (mut i8)) (field (mut externref)) (field (mut (ref func))) (field i16))))))
  (type $31 (describes $30 (descriptor $32 (struct))))
  (type $32 (sub $3 (describes $31 (descriptor $33 (struct (field i32) (field (ref $33)) (field (mut i16)) (field (mut i64)))))))
  (type $33 (sub final $4 (describes $32 (struct (field (mut i64)) (field (mut i8)) (field i64) (field (mut (ref $18)))))))
 )
 (type $34 (func (result (ref null $25))))
 (global $global$0 (ref (exact $0)) (struct.new_default $0
  (struct.new_default $1
   (ref.null none)
  )
 ))
 (export "func_67" (func $0))
 (func $0 (type $34) (result (ref null $25))
  (unreachable)
 )
)
$ bin/wasm-opt a.wat -all --unsubtyping
wasm-opt: src/passes/Unsubtyping.cpp:516: void wasm::{anonymous}::Unsubtyping::process(wasm::HeapType, wasm::HeapType): Assertion `HeapType::isSubType(sub, super)' failed.
Aborted (core dumped)

@tlively

@tlively
Copy link
Member Author

tlively commented Sep 30, 2025

Fixed by #7932.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kripken kripken kripken approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tlively @kripken