This is an archive of the discontinued LLVM Phabricator instance.

Differential D57909

[WebAssembly] Don't generate invalid modules when function signatures mismatch
ClosedPublic

Authored by sbc100 on Feb 7 2019, 10:15 AM.

Details

Reviewers
ruiu
Commits
rG6540e5700297: [WebAssembly] Don't generate invalid modules when function signatures mismatch
rLLD354528: [WebAssembly] Don't generate invalid modules when function signatures mismatch
rL354528: [WebAssembly] Don't generate invalid modules when function signatures mismatch
Summary

Previously we could emit a warning and generate a potentially invalid
wasm module (due to call sites and functions having conflicting
signatures). Now, rather than create invalid binaries we handle such
cases by creating stub functions containing unreachable, effectively
turning these into runtime errors rather than validation failures.

Fixes PR40470

Diff Detail

Event Timeline

sbc100 created this revision.Feb 7 2019, 10:15 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 7 2019, 10:15 AM
Herald added subscribers: llvm-commits, dexonsmith, steven_wu and 5 others. · View Herald Transcript
Harbormaster completed remote builds in B27898: Diff 185810.Feb 7 2019, 10:15 AM
sbc100 updated this revision to Diff 185823.Feb 7 2019, 11:00 AM
  • add docs
Harbormaster completed remote builds in B27903: Diff 185823.Feb 7 2019, 11:01 AM
sbc100 updated this revision to Diff 185828.Feb 7 2019, 11:06 AM
  • rebase
Harbormaster completed remote builds in B27906: Diff 185828.Feb 7 2019, 11:08 AM
sbc100 retitled this revision from [WebAssembly] Handle mismatched signatures more gracefully to [WebAssembly] Don't generate invalid modules when function signatures mismatch.Feb 7 2019, 11:12 AM
sbc100 updated this revision to Diff 185837.Feb 7 2019, 11:37 AM
  • comments
Harbormaster completed remote builds in B27909: Diff 185837.Feb 7 2019, 11:37 AM
sbc100 updated this revision to Diff 185844.Feb 7 2019, 12:03 PM
  • rebase
Harbormaster completed remote builds in B27914: Diff 185844.Feb 7 2019, 12:04 PM
sbc100 updated this revision to Diff 185872.Feb 7 2019, 2:50 PM

rebase

Harbormaster completed remote builds in B27920: Diff 185872.Feb 7 2019, 2:50 PM
sbc100 added a reviewer: ruiu.Feb 7 2019, 2:51 PM
sbc100 updated this revision to Diff 185873.Feb 7 2019, 2:53 PM
  • fix after upstream llvm change
Harbormaster completed remote builds in B27921: Diff 185873.Feb 7 2019, 2:53 PM
ruiu added inline comments.Feb 7 2019, 2:56 PM
docs/WebAssembly.rst
98 ↗(On Diff #185872)

Is this a new default behavior? I wonder what is the motivation of the change. I mean, finding an error at static-link-time is almost always better than finding it at run-time, no?

sbc100 marked an inline comment as done.Feb 7 2019, 3:05 PM
sbc100 added inline comments.
docs/WebAssembly.rst
98 ↗(On Diff #185872)

It complicated.

Before this change, we generate a warning and an invalid module.

I've tried in the past to make this a hard error because generating an invalid module seems like always the wrong thing to do.

When I do this lots of things break. The most common failure is CMake checks for whether a function exists. Cmake create a tiny C program with the named symbol and checks that it links. But it doesn't know the signature so I always uses "char <func>()". This is almost always wrong but the expectation is that linking should work.

In you actually tried to execute that at runtime you'd get undefined behaviour, but its not trying to run it.

So, the conclusion was to make this the default behaviour and allow the link to succeed, and have an option for a more strict mode.

We could invert the option... but that wouldn't save us any complexity and I quite the like the default to match the native linker behaviour.

ruiu added a comment.Feb 7 2019, 3:18 PM

Ah, thanks for the explanation. I think that makes sense to me.

If you create a module with a invalid function type, what would happen at runtime? Does it fail to load?

sbc100 added a comment.Feb 7 2019, 3:37 PM
In D57909#1389792, @ruiu wrote:

Ah, thanks for the explanation. I think that makes sense to me.

If you create a module with a invalid function type, what would happen at runtime? Does it fail to load?

Yes, the browser would fail to validate the module.

Now it will validate, and even run, as long as you don't hit that invalid call sites.

ruiu added a comment.Feb 7 2019, 3:49 PM

How can you fix the CMake issue you mentioned by this change? If CMake checks only if a source file compiles, then this patch doesn't change the behavior (previously we created a broken module but it at least links). If CMake actually tries to run a function, then previously it fails at load-time, and with this patch it would fail when a program attempt to execute a function. So, looks like the behavior observed by CMake doesn't change that much. What am I missing?

sbc100 added a comment.Feb 7 2019, 3:57 PM
In D57909#1389855, @ruiu wrote:

How can you fix the CMake issue you mentioned by this change? If CMake checks only if a source file compiles, then this patch doesn't change the behavior (previously we created a broken module but it at least links). If CMake actually tries to run a function, then previously it fails at load-time, and with this patch it would fail when a program attempt to execute a function. So, looks like the behavior observed by CMake doesn't change that much. What am I missing?

You are right, I'm sorry, there is a little more to the story: The emscripten toolchain driver "emcc" runs a post-link tool after lld which will fail (quite rightly) when given an invalid module.

I think its pretty safe to say we should never generate invalid modules anyway, so even without this issue I would say the current state is broken.

sbc100 added a comment.Feb 7 2019, 4:00 PM

Also, I should have mentioned that we can improve on this change by allowing for more flexible stub functions.

For example, if one translation unit declares a function as returning void but the function as defined returns, say, int32, we can have a stub function that simply drops the return value. We have pass in LLVM that already does this for uses within the same bitcode file https://github.com/llvm-mirror/llvm/blob/master/lib/Target/WebAssembly/WebAssemblyFixFunctionBitcasts.cpp.

ruiu added inline comments.Feb 7 2019, 4:21 PM
docs/WebAssembly.rst
101–106 ↗(On Diff #185873)

Could you update this comment a bit to reflect the discussion we've had so far? I think that it should mention the following things:

  • The runtime verifier rejects modules if it finds a function type mismatch
  • So there's no point of creating a module by ignoring type mismatch errors
  • But sometimes link failure as a result of a type mismatch is too strict; you want to create an executable even if it contains a few errors.
  • So lld/wasm supports two modes: one is to report an error for type mismatch and exit. The other is to create a stub function for an erroneous function, so that the generated file at least passes the verifier, which effectively turns a type error into a runtime error. The latter is the default mode.
wasm/Options.td
94 ↗(On Diff #185873)

Remove a space before :. Indent with two spaces.

wasm/SymbolTable.cpp
311 ↗(On Diff #185873)

created -> Created

410–411 ↗(On Diff #185873)

else if should be on the same line.

571–572 ↗(On Diff #185873)

It looks like you are trying to reduce the number of stub functions, by generating only one stub for each function type. But is this necessary? Given that no production code will contain a stub, no one cares if a binary with type mismatch contains many duplicated stubs?

sbc100 updated this revision to Diff 185894.Feb 7 2019, 4:53 PM
sbc100 marked 5 inline comments as done.
  • feedback + clang-format
wasm/Options.td
94 ↗(On Diff #185873)

Ha.. I hit my clang format button to get this :)

wasm/SymbolTable.cpp
571–572 ↗(On Diff #185873)

Yes, I create one stub for each variant of each symbol by encoding the signature into a string and appending it to the symbol name.

Are you suggesting that createFunctionVariant not even use the symbol table at all and just unconditionally create a new Symbol outside the symbol table? I guess it might work, but I'm not sure how much simpler it would make the code.

Finally I'm not sure this won't end up happening somewhat in production code, especially if we implement the more useful stubs that coerce rather than trap.

Harbormaster completed remote builds in B27932: Diff 185894.Feb 7 2019, 4:53 PM
ruiu added inline comments.Feb 7 2019, 5:05 PM
wasm/SymbolTable.cpp
571–572 ↗(On Diff #185873)

I don't have a clear idea what I was suggesting, but feels like there's room to simplify the way how we creates stub functions. Currently the code for creating stub functions somewhat scatters over many places in this file.

I wonder if you can create a vector to which we store all (undefined?) symbols that we find type mismatch, and scan that vector at some point to create stubs?

sbc100 updated this revision to Diff 186332.Feb 11 2019, 2:12 PM
  • move to monorepo
Harbormaster completed remote builds in B28022: Diff 186332.Feb 11 2019, 2:12 PM
sbc100 updated this revision to Diff 186339.Feb 11 2019, 2:29 PM
  • group functions
Harbormaster completed remote builds in B28026: Diff 186339.Feb 11 2019, 2:30 PM
sbc100 updated this revision to Diff 186349.Feb 11 2019, 3:14 PM
  • more testing
Harbormaster completed remote builds in B28028: Diff 186349.Feb 11 2019, 3:14 PM
sbc100 marked an inline comment as done.Feb 11 2019, 3:15 PM
sbc100 added inline comments.
wasm/SymbolTable.cpp
571–572 ↗(On Diff #185873)

My intent here is pretty much as you describe. I have a side data structure SymVariants which contains all the symbols have have mismatching symbols. This structure is empty for normal programs and only becomes populated once we have our first mismatch.

Admittedly this has to be handled in two places (for both defined and undefined functions) and we don't know which one will come first.

I'm refactored to try to keep the new code together and added more test cases.

ruiu added inline comments.Feb 11 2019, 4:00 PM
lld/wasm/SymbolTable.cpp
126–127

Could you add a short comment here saying that if one symbol is a function and the other is not a function, it is always a function type error?

126–127

It looks like this function does two different things:

  1. verifying that both symbols are function symbols
  2. verifying that the two functions have the same type signature

a boolean return value doesn't make much sense for (1).

I'd remove this part of code from this function and move that error check to the caller.

lld/wasm/Symbols.h
76

At this point we probably should simply make Name a public member, as it has both set and get accessors.

sbc100 updated this revision to Diff 186568.Feb 12 2019, 5:13 PM
sbc100 marked 2 inline comments as done.
  • feedback
Herald added a subscriber: jdoerfert. · View Herald TranscriptFeb 12 2019, 5:13 PM
Harbormaster completed remote builds in B28080: Diff 186568.Feb 12 2019, 5:13 PM
ruiu added inline comments.Feb 12 2019, 7:49 PM
lld/wasm/Options.td
94

A little bikeshedish, but --signature-check=strict or --strict-signature-check feel natural to me, but --signature-check-strict seems a bit odd as a command line option name.

sbc100 edited the summary of this revision. (Show Details)Feb 15 2019, 1:02 PM
sbc100 updated this revision to Diff 187283.Feb 18 2019, 4:14 PM
  • Remove variant symbols from the symbol table.
Harbormaster completed remote builds in B28262: Diff 187283.Feb 18 2019, 4:15 PM
ruiu added inline comments.Feb 19 2019, 11:31 AM
lld/wasm/Options.td
94

Sorry for being nitpicky, but since command line names cannot change once set, so bear with me...

There's no linker command line option that ends with -checking. Perhaps a most similar option is -warn-mismatch and -no-warn-mismatch, which is in the form of -<verb>-... and -no-<verb>-. Maybe we should follow that convention? I.e. -check-signature?

Does anyone have a suggestion?

sbc100 updated this revision to Diff 187428.Feb 19 2019, 12:37 PM
  • remove setName
Harbormaster completed remote builds in B28293: Diff 187428.Feb 19 2019, 12:37 PM
sbc100 updated this revision to Diff 187680.Feb 20 2019, 2:34 PM
sbc100 marked an inline comment as done.
  • remove new flag. Just go with --fatal-warnings for now
Harbormaster completed remote builds in B28349: Diff 187680.Feb 20 2019, 2:34 PM
ruiu accepted this revision.Feb 20 2019, 2:38 PM

LGTM

This revision is now accepted and ready to land.Feb 20 2019, 2:38 PM
Closed by commit rL354528: [WebAssembly] Don't generate invalid modules when function signatures mismatch (authored by sbc). · Explain WhyFeb 20 2019, 3:19 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lld/
docs/
19 lines
test/
wasm/
Inputs/
11 lines
lto/
1 line
2 lines
39 lines
wasm/
1 line
21 lines
3 lines
7 lines
180 lines
3 lines

Diff 186568

lld/docs/WebAssembly.rst

Show First 20 LinesShow All 89 Lines▼ Show 20 Lines
Bahaviour Bahaviour
--------- ---------
In general, where possible, the WebAssembly linker attempts to emulate the In general, where possible, the WebAssembly linker attempts to emulate the
behavior of a traditional ELF linker, and in particular the ELF port of lld. behavior of a traditional ELF linker, and in particular the ELF port of lld.
For more specific details on how this is achieved see the tool conventions on For more specific details on how this is achieved see the tool conventions on
linking_. linking_.
Function Signatrues
~~~~~~~~~~~~~~~~~~~
One way in which the WebAssembly linker differs from traditional native linkers
is that function signature checking is strict in WebAssembly. It is a
validation error for a module to contain to call site that doesn't agree with
the target signature. Even though this is undefined behavior in C/C++ its not
uncommon to find this in real world C/C++ programs. For example, a call site in
one complication unit which calls a function defined in another complication
unit but with too many arguments.
In order not to generate such invalid modules lld has two modes of handling such
mismatches: it can simply error out or it can create stub functions that will
trap at runtime (functions that contain only an ``unreachable`` instruction)
and use these stub functions at the otherwise invalid call sites.
The later is the default behavior and the ``--signature-check-strict`` option
can be used to disable this and instead error out.
Imports and Exports Imports and Exports
~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
When building a shared library any symbols marked as ``visibility=default`` will When building a shared library any symbols marked as ``visibility=default`` will
be exported. When building an executable, only the entry point and symbols be exported. When building an executable, only the entry point and symbols
flagged as ``WASM_SYMBOL_EXPORTED`` are exported by default. In LLVM the flagged as ``WASM_SYMBOL_EXPORTED`` are exported by default. In LLVM the
``WASM_SYMBOL_EXPORTED`` flag is applied to any symbol in the ``llvm.used`` list ``WASM_SYMBOL_EXPORTED`` flag is applied to any symbol in the ``llvm.used`` list
which corresponds to ``__attribute__((used))`` in C/C++ sources. which corresponds to ``__attribute__((used))`` in C/C++ sources.
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

lld/test/wasm/Inputs/call-ret32.ll

  • This file was added.
target triple = "wasm32-unknown-unknown"
@ret32_address = global i32 (float)* @ret32, align 4
define hidden i32* @call_ret32() {
entry:
%call1 = call i32 @ret32(float 0.000000e+00)
ret i32* bitcast (i32 (float)** @ret32_address to i32*)
}
declare i32 @ret32(float)

lld/test/wasm/lto/signature-mismatch.ll

Show All 9 Lines
; f is defined to take no argument in archive.ll which is compiled to bitcode ; f is defined to take no argument in archive.ll which is compiled to bitcode
declare void @f(i32); declare void @f(i32);
define void @_start() { define void @_start() {
call void @f(i32 0) call void @f(i32 0)
ret void ret void
} }
; CHECK: error: function signature mismatch: f
; CHECK: >>> defined as (i32) -> void in {{.*}}signature-mismatch.ll.tmp1.o ; CHECK: >>> defined as (i32) -> void in {{.*}}signature-mismatch.ll.tmp1.o
; CHECK: >>> defined as () -> void in lto.tmp ; CHECK: >>> defined as () -> void in lto.tmp

lld/test/wasm/signature-mismatch-weak.ll

; RUN: llc -filetype=obj %p/Inputs/weak-symbol1.ll -o %t.weak.o ; RUN: llc -filetype=obj %p/Inputs/weak-symbol1.ll -o %t.weak.o
; RUN: llc -filetype=obj %p/Inputs/strong-symbol.ll -o %t.strong.o ; RUN: llc -filetype=obj %p/Inputs/strong-symbol.ll -o %t.strong.o
; RUN: llc -filetype=obj %s -o %t.o ; RUN: llc -filetype=obj %s -o %t.o
; RUN: wasm-ld -o %t.wasm %t.o %t.strong.o %t.weak.o 2>&1 | FileCheck %s ; RUN: wasm-ld -o %t.wasm %t.o %t.strong.o %t.weak.o 2>&1 | FileCheck %s
target triple = "wasm32-unknown-unknown" target triple = "wasm32-unknown-unknown"
declare i32 @weakFn() local_unnamed_addr declare i32 @weakFn() local_unnamed_addr
define void @_start() local_unnamed_addr { define void @_start() local_unnamed_addr {
entry: entry:
%call = call i32 @weakFn() %call = call i32 @weakFn()
ret void ret void
} }
; CHECK: warning: function signature mismatch: weakFn ; CHECK: warning: function signature mismatch: weakFn
; CHECK-NEXT: >>> defined as () -> i32 in {{.*}}signature-mismatch-weak.ll.tmp.o ; CHECK-NEXT: >>> defined as () -> i32 in {{.*}}signature-mismatch-weak.ll.tmp.weak.o
; CHECK-NEXT: >>> defined as () -> i64 in {{.*}}signature-mismatch-weak.ll.tmp.strong.o ; CHECK-NEXT: >>> defined as () -> i64 in {{.*}}signature-mismatch-weak.ll.tmp.strong.o

lld/test/wasm/signature-mismatch.ll

; RUN: llc -filetype=obj %p/Inputs/ret32.ll -o %t.ret32.o ; RUN: llc -filetype=obj %p/Inputs/ret32.ll -o %t.ret32.o
; RUN: llc -filetype=obj %p/Inputs/call-ret32.ll -o %t.call.o
; RUN: llc -filetype=obj %s -o %t.main.o ; RUN: llc -filetype=obj %s -o %t.main.o
; RUN: not wasm-ld --fatal-warnings -o %t.wasm %t.main.o %t.ret32.o 2>&1 | FileCheck %s ; RUN: wasm-ld --export=call_ret32 -o %t.wasm %t.main.o %t.ret32.o %t.call.o
; RUN: obj2yaml %t.wasm | FileCheck %s -check-prefix=YAML
; RUN: not wasm-ld --fatal-warnings -o %t.wasm %t.main.o %t.ret32.o %t.call.o 2>&1 | FileCheck %s
; Run the test again by with the object files in the other order to verify ; Run the test again by with the object files in the other order to verify
; the check works when the undefined symbol is resolved by an existing defined ; the check works when the undefined symbol is resolved by an existing defined
; one. ; one.
; RUN: not wasm-ld --fatal-warnings -o %t.wasm %t.ret32.o %t.main.o 2>&1 | FileCheck %s -check-prefix=REVERSE ; RUN: not wasm-ld --fatal-warnings -o %t.wasm %t.call.o %t.ret32.o %t.main.o 2>&1 | FileCheck %s
; RUN: not wasm-ld --fatal-warnings -o %t.wasm %t.call.o %t.main.o %t.ret32.o 2>&1 | FileCheck %s
; We also have a specific flag to enable strict signature checking
; RUN: not wasm-ld --signature-check-strict -o %t.wasm %t.main.o %t.ret32.o 2>&1 | FileCheck %s
target triple = "wasm32-unknown-unknown" target triple = "wasm32-unknown-unknown"
@ret32_address_main = global i32 (i32, i64, i32)* @ret32, align 4
; Function Attrs: nounwind ; Function Attrs: nounwind
define hidden void @_start() local_unnamed_addr #0 { define hidden void @_start() local_unnamed_addr {
entry: entry:
%call = tail call i32 @ret32(i32 1, i64 2, i32 3) #2 %call1 = call i32 @ret32(i32 1, i64 2, i32 3)
%addr = load i32 (i32, i64, i32)*, i32 (i32, i64, i32)** @ret32_address_main, align 4
%call2 = call i32 %addr(i32 1, i64 2, i32 3)
ret void ret void
} }
declare i32 @ret32(i32, i64, i32) local_unnamed_addr #1 declare i32 @ret32(i32, i64, i32) local_unnamed_addr
; CHECK: error: function signature mismatch: ret32 ; CHECK: error: function signature mismatch: ret32
; CHECK-NEXT: >>> defined as (i32, i64, i32) -> i32 in {{.*}}.main.o ; CHECK-NEXT: >>> defined as (i32, i64, i32) -> i32 in {{.*}}.main.o
; CHECK-NEXT: >>> defined as (f32) -> i32 in {{.*}}.ret32.o ; CHECK-NEXT: >>> defined as (f32) -> i32 in {{.*}}.ret32.o
; REVERSE: error: function signature mismatch: ret32 ; YAML: - Type: CUSTOM
; REVERSE-NEXT: >>> defined as (f32) -> i32 in {{.*}}.ret32.o ; YAML-NEXT: Name: name
; REVERSE-NEXT: >>> defined as (i32, i64, i32) -> i32 in {{.*}}.main.o ; YAML-NEXT: FunctionNames:
; YAML-NEXT: - Index: 0
; YAML-NEXT: Name: __wasm_call_ctors
; YAML-NEXT: - Index: 1
; YAML-NEXT: Name: 'unreachable:ret32'
; YAML-NEXT: - Index: 2
; YAML-NEXT: Name: _start
; YAML-NEXT: - Index: 3
; YAML-NEXT: Name: ret32
; YAML-NEXT: - Index: 4
; YAML-NEXT: Name: call_ret32
; YAML-NEXT: ...

lld/wasm/Config.h

Show All 29 Linesstruct Configuration {
bool SharedMemory; bool SharedMemory;
bool ImportTable; bool ImportTable;
bool MergeDataSegments; bool MergeDataSegments;
bool Pie; bool Pie;
bool PrintGcSections; bool PrintGcSections;
bool Relocatable; bool Relocatable;
bool SaveTemps; bool SaveTemps;
bool Shared; bool Shared;
bool SignatureCheckStrict;
bool StripAll; bool StripAll;
bool StripDebug; bool StripDebug;
bool StackFirst; bool StackFirst;
bool Trace; bool Trace;
uint32_t GlobalBase; uint32_t GlobalBase;
uint32_t InitialMemory; uint32_t InitialMemory;
uint32_t MaxMemory; uint32_t MaxMemory;
uint32_t ZStackSize; uint32_t ZStackSize;
Show All 23 Lines

lld/wasm/Driver.cpp

Show First 20 LinesShow All 315 Lines▼ Show 20 Lines Config->MergeDataSegments =
Args.hasFlag(OPT_merge_data_segments, OPT_no_merge_data_segments, Args.hasFlag(OPT_merge_data_segments, OPT_no_merge_data_segments,
!Config->Relocatable); !Config->Relocatable);
Config->Pie = Args.hasFlag(OPT_pie, OPT_no_pie, false); Config->Pie = Args.hasFlag(OPT_pie, OPT_no_pie, false);
Config->PrintGcSections = Config->PrintGcSections =
Args.hasFlag(OPT_print_gc_sections, OPT_no_print_gc_sections, false); Args.hasFlag(OPT_print_gc_sections, OPT_no_print_gc_sections, false);
Config->SaveTemps = Args.hasArg(OPT_save_temps); Config->SaveTemps = Args.hasArg(OPT_save_temps);
Config->SearchPaths = args::getStrings(Args, OPT_L); Config->SearchPaths = args::getStrings(Args, OPT_L);
Config->Shared = Args.hasArg(OPT_shared); Config->Shared = Args.hasArg(OPT_shared);
Config->SignatureCheckStrict = Args.hasArg(OPT_signature_check_strict);
Config->StripAll = Args.hasArg(OPT_strip_all); Config->StripAll = Args.hasArg(OPT_strip_all);
Config->StripDebug = Args.hasArg(OPT_strip_debug); Config->StripDebug = Args.hasArg(OPT_strip_debug);
Config->StackFirst = Args.hasArg(OPT_stack_first); Config->StackFirst = Args.hasArg(OPT_stack_first);
Config->Trace = Args.hasArg(OPT_trace); Config->Trace = Args.hasArg(OPT_trace);
Config->ThinLTOCacheDir = Args.getLastArgValue(OPT_thinlto_cache_dir); Config->ThinLTOCacheDir = Args.getLastArgValue(OPT_thinlto_cache_dir);
Config->ThinLTOCachePolicy = CHECK( Config->ThinLTOCachePolicy = CHECK(
parseCachePruningPolicy(Args.getLastArgValue(OPT_thinlto_cache_policy)), parseCachePruningPolicy(Args.getLastArgValue(OPT_thinlto_cache_policy)),
"--thinlto-cache-policy: invalid cache policy"); "--thinlto-cache-policy: invalid cache policy");
▲ Show 20 LinesShow All 219 Lines▼ Show 20 Lines if (!Config->Shared && !Config->Entry.empty()) {
EntrySym = handleUndefined(Config->Entry); EntrySym = handleUndefined(Config->Entry);
if (EntrySym && EntrySym->isDefined()) if (EntrySym && EntrySym->isDefined())
EntrySym->ForceExport = true; EntrySym->ForceExport = true;
else else
error("entry symbol not defined (pass --no-entry to supress): " + error("entry symbol not defined (pass --no-entry to supress): " +
Config->Entry); Config->Entry);
} }
// Make sure we have resolved all symbols.
if (!Config->AllowUndefined)
Symtab->reportRemainingUndefines();
} }
if (errorCount()) if (errorCount())
return; return;
// Do link-time optimization if given files are LLVM bitcode files. // Do link-time optimization if given files are LLVM bitcode files.
// This compiles bitcode files into real object files. // This compiles bitcode files into real object files.
Symtab->addCombinedLTOObject(); Symtab->addCombinedLTOObject();
if (errorCount()) if (errorCount())
return; return;
// Resolve any variant symbols that were created due to signature
// mismatchs.
Symtab->handleSymbolVariants();
if (errorCount())
return;
if (!Config->Relocatable) {
// Add synthetic dummies for weak undefined functions. Must happen // Add synthetic dummies for weak undefined functions. Must happen
// after LTO otherwise functions may not yet have signatures. // after LTO otherwise functions may not yet have signatures.
if (!Config->Relocatable)
Symtab->handleWeakUndefines(); Symtab->handleWeakUndefines();
// Make sure we have resolved all symbols.
if (!Config->AllowUndefined)
Symtab->reportRemainingUndefines();
}
if (EntrySym) if (EntrySym)
EntrySym->setHidden(false); EntrySym->setHidden(false);
if (errorCount()) if (errorCount())
return; return;
// Do size optimizations: garbage collection // Do size optimizations: garbage collection
markLive(); markLive();
// Write the result to the file. // Write the result to the file.
writeResult(); writeResult();
} }

lld/wasm/Options.td

Show First 20 LinesShow All 85 Lines▼ Show 20 Lines
def relocatable: F<"relocatable">, HelpText<"Create relocatable object file">; def relocatable: F<"relocatable">, HelpText<"Create relocatable object file">;
def shared: F<"shared">, HelpText<"Build a shared object">; def shared: F<"shared">, HelpText<"Build a shared object">;
def strip_all: F<"strip-all">, HelpText<"Strip all symbols">; def strip_all: F<"strip-all">, HelpText<"Strip all symbols">;
def strip_debug: F<"strip-debug">, HelpText<"Strip debugging information">; def strip_debug: F<"strip-debug">, HelpText<"Strip debugging information">;
def signature_check_strict: F<"signature-check-strict">,
ruiuUnsubmitted
Not Done
ReplyInline Actions

A little bikeshedish, but --signature-check=strict or --strict-signature-check feel natural to me, but --signature-check-strict seems a bit odd as a command line option name.

ruiu: A little bikeshedish, but `--signature-check=strict` or `--strict-signature-check` feel natural…
ruiuUnsubmitted
Not Done
ReplyInline Actions

Sorry for being nitpicky, but since command line names cannot change once set, so bear with me...

There's no linker command line option that ends with -checking. Perhaps a most similar option is -warn-mismatch and -no-warn-mismatch, which is in the form of -<verb>-... and -no-<verb>-. Maybe we should follow that convention? I.e. -check-signature?

Does anyone have a suggestion?

ruiu: Sorry for being nitpicky, but since command line names cannot change once set, so bear with me..
HelpText<"Error on function signature mismatch">;
def threads: F<"threads">, HelpText<"Run the linker multi-threaded">; def threads: F<"threads">, HelpText<"Run the linker multi-threaded">;
def trace: F<"trace">, HelpText<"Print the names of the input files">; def trace: F<"trace">, HelpText<"Print the names of the input files">;
defm trace_symbol: Eq<"trace-symbol", "Trace references to symbols">; defm trace_symbol: Eq<"trace-symbol", "Trace references to symbols">;
defm undefined: Eq<"undefined", "Force undefined symbol during linking">; defm undefined: Eq<"undefined", "Force undefined symbol during linking">;
▲ Show 20 LinesShow All 80 LinesShow Last 20 Lines

lld/wasm/SymbolTable.h

Show First 20 LinesShow All 73 Lines▼ Show 20 Linespublic:
bool addComdat(StringRef Name); bool addComdat(StringRef Name);
DefinedData *addSyntheticDataSymbol(StringRef Name, uint32_t Flags); DefinedData *addSyntheticDataSymbol(StringRef Name, uint32_t Flags);
DefinedGlobal *addSyntheticGlobal(StringRef Name, uint32_t Flags, DefinedGlobal *addSyntheticGlobal(StringRef Name, uint32_t Flags,
InputGlobal *Global); InputGlobal *Global);
DefinedFunction *addSyntheticFunction(StringRef Name, uint32_t Flags, DefinedFunction *addSyntheticFunction(StringRef Name, uint32_t Flags,
InputFunction *Function); InputFunction *Function);
void handleSymbolVariants();
void handleWeakUndefines(); void handleWeakUndefines();
private: private:
std::pair<Symbol *, bool> insert(StringRef Name, const InputFile *File); std::pair<Symbol *, bool> insert(StringRef Name, const InputFile *File);
std::pair<Symbol *, bool> insertName(StringRef Name); std::pair<Symbol *, bool> insertName(StringRef Name);
bool createFunctionVariant(StringRef Name, const WasmSignature *Sig,
const InputFile *File, Symbol **Out);
InputFunction *replaceWithUnreachable(Symbol *Sym, const WasmSignature &Sig, InputFunction *replaceWithUnreachable(Symbol *Sym, const WasmSignature &Sig,
StringRef DebugName); StringRef DebugName);
// Maps symbol names to index into the SymVector. -1 means that symbols // Maps symbol names to index into the SymVector. -1 means that symbols
// is to not yet in the vector but it should have tracing enabled if it is // is to not yet in the vector but it should have tracing enabled if it is
// ever added. // ever added.
llvm::DenseMap<llvm::CachedHashStringRef, int> SymMap; llvm::DenseMap<llvm::CachedHashStringRef, int> SymMap;
std::vector<Symbol *> SymVector; std::vector<Symbol *> SymVector;
// For certain symbols types, e.g. function symbols, we allow for muliple
// variants of the same symbol with different signatures.
llvm::DenseMap<llvm::CachedHashStringRef, std::vector<Symbol *>> SymVariants;
llvm::DenseSet<llvm::CachedHashStringRef> Comdats; llvm::DenseSet<llvm::CachedHashStringRef> Comdats;
// For LTO. // For LTO.
std::unique_ptr<BitcodeCompiler> LTO; std::unique_ptr<BitcodeCompiler> LTO;
}; };
extern SymbolTable *Symtab; extern SymbolTable *Symtab;
} // namespace wasm } // namespace wasm
} // namespace lld } // namespace lld
#endif #endif

lld/wasm/SymbolTable.cpp

Show First 20 LinesShow All 92 Lines▼ Show 20 Linesstd::pair<Symbol *, bool> SymbolTable::insertName(StringRef Name) {
} }
if (!IsNew) if (!IsNew)
return {SymVector[SymIndex], false}; return {SymVector[SymIndex], false};
Symbol *Sym = reinterpret_cast<Symbol *>(make<SymbolUnion>()); Symbol *Sym = reinterpret_cast<Symbol *>(make<SymbolUnion>());
Sym->IsUsedInRegularObj = false; Sym->IsUsedInRegularObj = false;
Sym->Traced = Trace; Sym->Traced = Trace;
Sym->setName(Name);
SymVector.emplace_back(Sym); SymVector.emplace_back(Sym);
return {Sym, true}; return {Sym, true};
} }
std::pair<Symbol *, bool> SymbolTable::insert(StringRef Name, std::pair<Symbol *, bool> SymbolTable::insert(StringRef Name,
const InputFile *File) { const InputFile *File) {
Symbol *S; Symbol *S;
bool WasInserted; bool WasInserted;
std::tie(S, WasInserted) = insertName(Name); std::tie(S, WasInserted) = insertName(Name);
if (!File || File->kind() == InputFile::ObjectKind) if (!File || File->kind() == InputFile::ObjectKind)
S->IsUsedInRegularObj = true; S->IsUsedInRegularObj = true;
return {S, WasInserted}; return {S, WasInserted};
} }
static void reportTypeError(const Symbol *Existing, const InputFile *File, static void reportTypeError(const Symbol *Existing, const InputFile *File,
llvm::wasm::WasmSymbolType Type) { llvm::wasm::WasmSymbolType Type) {
error("symbol type mismatch: " + toString(*Existing) + "\n>>> defined as " + error("symbol type mismatch: " + toString(*Existing) + "\n>>> defined as " +
toString(Existing->getWasmType()) + " in " + toString(Existing->getWasmType()) + " in " +
toString(Existing->getFile()) + "\n>>> defined as " + toString(Type) + toString(Existing->getFile()) + "\n>>> defined as " + toString(Type) +
" in " + toString(File)); " in " + toString(File));
} }
// Check the type of new symbol matches that of the symbol is replacing. // Check the type of new symbol matches that of the symbol is replacing.
// For functions this can also involve verifying that the signatures match. // Returns true if the function types match, false is there is a singature
ruiuUnsubmitted
Not Done
ReplyInline Actions

Could you add a short comment here saying that if one symbol is a function and the other is not a function, it is always a function type error?

ruiu: Could you add a short comment here saying that if one symbol is a function and the other is not…
ruiuUnsubmitted
Done
ReplyInline Actions

It looks like this function does two different things:

  1. verifying that both symbols are function symbols
  2. verifying that the two functions have the same type signature

a boolean return value doesn't make much sense for (1).

I'd remove this part of code from this function and move that error check to the caller.

ruiu: It looks like this function does two different things: 1. verifying that both symbols are…
static void checkFunctionType(Symbol *Existing, const InputFile *File, // mismatch.
const WasmSignature *NewSig) { bool signatureMatches(FunctionSymbol *Existing, const WasmSignature *NewSig) {
auto ExistingFunction = dyn_cast<FunctionSymbol>(Existing);
if (!ExistingFunction) {
reportTypeError(Existing, File, WASM_SYMBOL_TYPE_FUNCTION);
return;
}
if (!NewSig) if (!NewSig)
return; return true;
const WasmSignature *OldSig = ExistingFunction->Signature; const WasmSignature *OldSig = Existing->Signature;
if (!OldSig) { if (!OldSig) {
ExistingFunction->Signature = NewSig; Existing->Signature = NewSig;
return; return true;
} }
if (*NewSig != *OldSig) return *NewSig == *OldSig;
warn("function signature mismatch: " + Existing->getName() +
"\n>>> defined as " + toString(*OldSig) + " in " +
toString(Existing->getFile()) + "\n>>> defined as " +
toString(*NewSig) + " in " + toString(File));
} }
static void checkGlobalType(const Symbol *Existing, const InputFile *File, static void checkGlobalType(const Symbol *Existing, const InputFile *File,
const WasmGlobalType *NewType) { const WasmGlobalType *NewType) {
if (!isa<GlobalSymbol>(Existing)) { if (!isa<GlobalSymbol>(Existing)) {
reportTypeError(Existing, File, WASM_SYMBOL_TYPE_GLOBAL); reportTypeError(Existing, File, WASM_SYMBOL_TYPE_GLOBAL);
return; return;
} }
▲ Show 20 LinesShow All 98 Lines▼ Show 20 LinesSymbol *SymbolTable::addDefinedFunction(StringRef Name, uint32_t Flags,
bool WasInserted; bool WasInserted;
std::tie(S, WasInserted) = insert(Name, File); std::tie(S, WasInserted) = insert(Name, File);
if (WasInserted || S->isLazy()) { if (WasInserted || S->isLazy()) {
replaceSymbol<DefinedFunction>(S, Name, Flags, File, Function); replaceSymbol<DefinedFunction>(S, Name, Flags, File, Function);
return S; return S;
} }
if (Function) bool CreatedNewVariant = false;
checkFunctionType(S, File, &Function->Signature); auto ExistingFunction = dyn_cast<FunctionSymbol>(S);
if (!ExistingFunction) {
reportTypeError(S, File, WASM_SYMBOL_TYPE_FUNCTION);
return S;
}
if (Function && !signatureMatches(ExistingFunction, &Function->Signature))
CreatedNewVariant =
createFunctionVariant(Name, &Function->Signature, File, &S);
if (shouldReplace(S, File, Flags)) { if (CreatedNewVariant || shouldReplace(S, File, Flags)) {
// If the new defined function doesn't have signture (i.e. bitcode // If the new defined function doesn't have signture (i.e. bitcode
// functions) but the old symbol does then preserve the old signature // functions) but the old symbol does, then preserve the old signature
const WasmSignature *OldSig = nullptr; const WasmSignature *OldSig = nullptr;
if (auto* F = dyn_cast<FunctionSymbol>(S)) if (auto* F = dyn_cast<FunctionSymbol>(S))
OldSig = F->Signature; OldSig = F->Signature;
if (auto *L = dyn_cast<LazySymbol>(S)) if (auto *L = dyn_cast<LazySymbol>(S))
OldSig = L->Signature; OldSig = L->Signature;
auto NewSym = replaceSymbol<DefinedFunction>(S, Name, Flags, File, Function);
auto NewSym =
replaceSymbol<DefinedFunction>(S, S->getName(), Flags, File, Function);
if (!NewSym->Signature) if (!NewSym->Signature)
NewSym->Signature = OldSig; NewSym->Signature = OldSig;
} }
return S; return S;
} }
Symbol *SymbolTable::addDefinedData(StringRef Name, uint32_t Flags, Symbol *SymbolTable::addDefinedData(StringRef Name, uint32_t Flags,
InputFile *File, InputSegment *Segment, InputFile *File, InputSegment *Segment,
uint32_t Address, uint32_t Size) { uint32_t Address, uint32_t Size) {
LLVM_DEBUG(dbgs() << "addDefinedData:" << Name << " addr:" << Address LLVM_DEBUG(dbgs() << "addDefinedData:" << Name << " addr:" << Address
<< "\n"); << "\n");
▲ Show 20 LinesShow All 64 Lines▼ Show 20 LinesSymbol *SymbolTable::addUndefinedFunction(StringRef Name, StringRef ImportName,
bool WasInserted; bool WasInserted;
std::tie(S, WasInserted) = insert(Name, File); std::tie(S, WasInserted) = insert(Name, File);
if (WasInserted) if (WasInserted)
replaceSymbol<UndefinedFunction>(S, Name, ImportName, ImportModule, Flags, replaceSymbol<UndefinedFunction>(S, Name, ImportName, ImportModule, Flags,
File, Sig); File, Sig);
else if (auto *Lazy = dyn_cast<LazySymbol>(S)) else if (auto *Lazy = dyn_cast<LazySymbol>(S))
Lazy->fetch(); Lazy->fetch();
else else {
checkFunctionType(S, File, Sig); auto ExistingFunction = dyn_cast<FunctionSymbol>(S);
if (!ExistingFunction) {
reportTypeError(S, File, WASM_SYMBOL_TYPE_FUNCTION);
return S;
}
if (!signatureMatches(ExistingFunction, Sig))
if (createFunctionVariant(Name, Sig, File, &S))
replaceSymbol<UndefinedFunction>(S, S->getName(), ImportName,
ImportModule, Flags, File, Sig);
}
return S; return S;
} }
Symbol *SymbolTable::addUndefinedData(StringRef Name, uint32_t Flags, Symbol *SymbolTable::addUndefinedData(StringRef Name, uint32_t Flags,
InputFile *File) { InputFile *File) {
LLVM_DEBUG(dbgs() << "addUndefinedData: " << Name << "\n"); LLVM_DEBUG(dbgs() << "addUndefinedData: " << Name << "\n");
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Linesvoid SymbolTable::addLazy(ArchiveFile *File, const Archive::Symbol *Sym) {
LLVM_DEBUG(dbgs() << "replacing existing undefined\n"); LLVM_DEBUG(dbgs() << "replacing existing undefined\n");
File->addMember(Sym); File->addMember(Sym);
} }
bool SymbolTable::addComdat(StringRef Name) { bool SymbolTable::addComdat(StringRef Name) {
return Comdats.insert(CachedHashStringRef(Name)).second; return Comdats.insert(CachedHashStringRef(Name)).second;
} }
static char encodeValType(ValType Type) {
switch (Type) {
case ValType::I32:
return 'i';
case ValType::I64:
return 'j';
case ValType::F32:
return 'f';
case ValType::F64:
return 'd';
case ValType::V128:
return 'V';
case ValType::EXCEPT_REF:
return 'e';
}
llvm_unreachable("invalid wasm type");
}
static std::string encodeSignature(const WasmSignature &Sig) {
std::string S = ":";
for (ValType Type : Sig.Returns)
S += encodeValType(Type);
S += ':';
for (ValType Type : Sig.Params)
S += encodeValType(Type);
return S;
}
// The new signature doesn't match. Create a variant to the symbol with
// the signature encoded in the name and return that instead.
// These symbols are then unified later in handleSymbolVariants.
bool SymbolTable::createFunctionVariant(StringRef Name,
const WasmSignature *Sig,
const InputFile *File, Symbol **Out) {
StringRef NewName = Saver.save(Name + encodeSignature(*Sig));
LLVM_DEBUG(dbgs() << "createFunctionVariant: " << Name << " -> " << NewName
<< " " << toString(*Sig) << "\n");
bool WasInserted;
Symbol *NewSym;
std::tie(NewSym, WasInserted) = insert(NewName, File);
if (WasInserted) {
LLVM_DEBUG(dbgs() << "added new variant\n");
SymVariants[CachedHashStringRef(Name)].push_back(NewSym);
} else {
LLVM_DEBUG(dbgs() << "variant already exists: " << toString(*NewSym) << "\n");
assert(*cast<FunctionSymbol>(NewSym)->Signature == *Sig);
}
*Out = NewSym;
return WasInserted;
}
// Set a flag for --trace-symbol so that we can print out a log message // Set a flag for --trace-symbol so that we can print out a log message
// if a new symbol with the same name is inserted into the symbol table. // if a new symbol with the same name is inserted into the symbol table.
void SymbolTable::trace(StringRef Name) { void SymbolTable::trace(StringRef Name) {
SymMap.insert({CachedHashStringRef(Name), -1}); SymMap.insert({CachedHashStringRef(Name), -1});
} }
static const uint8_t UnreachableFn[] = { static const uint8_t UnreachableFn[] = {
0x03 /* ULEB length */, 0x00 /* ULEB num locals */, 0x03 /* ULEB length */, 0x00 /* ULEB num locals */,
0x00 /* opcode unreachable */, 0x0b /* opcode end */ 0x00 /* opcode unreachable */, 0x0b /* opcode end */
}; };
// Replace the given symbol body with an unreachable function. // Replace the given symbol body with an unreachable function.
// This is used by handleWeakUndefines in order to generate a callable // This is used by handleWeakUndefines in order to generate a callable
// equivalent of an undefined function. // equivalent of an undefined function and also handleSymbolVariants for
// undefined functions that don't match the signature of the definition.
InputFunction *SymbolTable::replaceWithUnreachable(Symbol *Sym, InputFunction *SymbolTable::replaceWithUnreachable(Symbol *Sym,
const WasmSignature &Sig, const WasmSignature &Sig,
StringRef DebugName) { StringRef DebugName) {
auto *Func = make<SyntheticFunction>(Sig, Sym->getName(), DebugName); auto *Func = make<SyntheticFunction>(Sig, Sym->getName(), DebugName);
Func->setBody(UnreachableFn); Func->setBody(UnreachableFn);
SyntheticFunctions.emplace_back(Func); SyntheticFunctions.emplace_back(Func);
replaceSymbol<DefinedFunction>(Sym, Sym->getName(), Sym->getFlags(), nullptr, Func); replaceSymbol<DefinedFunction>(Sym, Sym->getName(), Sym->getFlags(), nullptr, Func);
return Func; return Func;
Show All 30 Lines for (Symbol *Sym : getSymbols()) {
InputFunction* Func = replaceWithUnreachable(Sym, *Sig, DebugName); InputFunction* Func = replaceWithUnreachable(Sym, *Sig, DebugName);
// Ensure it compares equal to the null pointer, and so that table relocs // Ensure it compares equal to the null pointer, and so that table relocs
// don't pull in the stub body (only call-operand relocs should do that). // don't pull in the stub body (only call-operand relocs should do that).
Func->setTableIndex(0); Func->setTableIndex(0);
// Hide our dummy to prevent export. // Hide our dummy to prevent export.
Sym->setHidden(true); Sym->setHidden(true);
} }
} }
static void reportFunctionSignatureMismatch(StringRef SymName,
FunctionSymbol *A,
FunctionSymbol *B, bool Error) {
std::string msg = ("function signature mismatch: " + SymName +
"\n>>> defined as " + toString(*A->Signature) + " in " +
toString(A->getFile()) + "\n>>> defined as " +
toString(*B->Signature) + " in " + toString(B->getFile()))
.str();
if (Error)
error(msg);
else
warn(msg);
}
// Remove any variant symbols that were created due to function signature
// mismatches.
void SymbolTable::handleSymbolVariants() {
for (auto Pair : SymVariants) {
// Push the initial symbol onto the list of variants.
StringRef SymName = Pair.first.val();
std::vector<Symbol *> &Variants = Pair.second;
// Insert the canonical symbol (the one with the base symbol name and the
// one that linker saw first) on the start of the variant list.
Variants.push_back(find(SymName));
#ifndef NDEBUG
dbgs() << "symbol with (" << Variants.size()
<< ") variants: " << SymName << "\n";
for (auto *Symbol : Variants) {
dbgs() << Symbol << "\n";
dbgs() << " variant: " + Symbol->getName() << "\n";
}
#endif
// Find the one definition.
DefinedFunction *Defined = nullptr;
for (auto *Symbol : Variants) {
if (auto F = dyn_cast<DefinedFunction>(Symbol)) {
Defined = F;
break;
}
}
// If there are no definitions, and the undefined symbols disagree on
// the signature, there is not we can do since we don't know which one
// to use as the signature on the import.
if (!Defined) {
reportFunctionSignatureMismatch(SymName,
cast<FunctionSymbol>(Variants[0]),
cast<FunctionSymbol>(Variants[1]), true);
return;
}
for (auto *Symbol : Variants) {
if (Symbol != Defined) {
auto *F = cast<FunctionSymbol>(Symbol);
reportFunctionSignatureMismatch(SymName, F, Defined,
Config->SignatureCheckStrict);
StringRef DebugName = Saver.save("unreachable:" + toString(*F));
replaceWithUnreachable(F, *F->Signature, DebugName);
}
}
}
}

lld/wasm/Symbols.h

Show First 20 LinesShow All 67 Lines▼ Show 20 Linespublic:
bool isUndefWeak() const { bool isUndefWeak() const {
// See comment on lazy symbols for details. // See comment on lazy symbols for details.
return isWeak() && (isUndefined() || isLazy()); return isWeak() && (isUndefined() || isLazy());
} }
// Returns the symbol name. // Returns the symbol name.
StringRef getName() const { return Name; } StringRef getName() const { return Name; }
// TODO(sbc): Make this member public since it has both setter and getter.
ruiuUnsubmitted
Not Done
ReplyInline Actions

At this point we probably should simply make Name a public member, as it has both set and get accessors.

ruiu: At this point we probably should simply make `Name` a public member, as it has both set and get…
void setName(StringRef S) { Name = S; }
// Returns the file from which this symbol was created. // Returns the file from which this symbol was created.
InputFile *getFile() const { return File; } InputFile *getFile() const { return File; }
uint32_t getFlags() const { return Flags; } uint32_t getFlags() const { return Flags; }
InputChunk *getChunk() const; InputChunk *getChunk() const;
// Indicates that the section or import for this symbol will be included in // Indicates that the section or import for this symbol will be included in
▲ Show 20 LinesShow All 371 LinesShow Last 20 Lines