Add asserts in Asyncify (#2338)

With the optional asserts, we throw if we see an unwind begin in code that we thought could never unwind (say, because the user incorrectly blacklisted it).

Helps with emscripten-core/emscripten#9389

Author: kripken

src/passes/Asyncify.cpp

@@ -241,6 +241,12 @@
 //
 //      As with --asyncify-imports, you can use a response file here.
 //
+//  --pass-arg=asyncify-asserts
+//
+//      This enables extra asserts in the output, like checking if we in
+//      an unwind/rewind in an invalid place (this can be helpful for manual
+//      tweaking of the whitelist/blacklist).
+//
 // TODO When wasm has GC, extending the live ranges of locals can keep things
 //      alive unnecessarily. We may want to set locals to null at the end
 //      of their original range.
@@ -363,9 +369,10 @@ class ModuleAnalyzer {
                  std::function<bool(Name, Name)> canImportChangeState,
                  bool canIndirectChangeState,
                  const String::Split& blacklistInput,
-                 const String::Split& whitelistInput)
+                 const String::Split& whitelistInput,
+                 bool asserts)
     : module(module), canIndirectChangeState(canIndirectChangeState),
-      globals(module) {
+      globals(module), asserts(asserts) {
 
     blacklist.insert(blacklistInput.begin(), blacklistInput.end());
     whitelist.insert(whitelistInput.begin(), whitelistInput.end());
@@ -561,6 +568,7 @@ class ModuleAnalyzer {
   GlobalHelper globals;
   std::set<Name> blacklist;
   std::set<Name> whitelist;
+  bool asserts;
 };
 
 // Checks if something performs a call: either a direct or indirect call,
@@ -606,6 +614,10 @@ class AsyncifyBuilder : public Builder {
                       makeGlobalGet(ASYNCIFY_STATE, i32),
                       makeConst(Literal(int32_t(value))));
   }
+
+  Expression* makeNegatedStateCheck(State value) {
+    return makeUnary(EqZInt32, makeStateCheck(value));
+  }
 };
 
 // Instrument control flow, around calls and adding skips for rewinding.
@@ -622,13 +634,16 @@ struct AsyncifyFlow : public Pass {
   runOnFunction(PassRunner* runner, Module* module_, Function* func_) override {
     module = module_;
     func = func_;
+    builder = make_unique<AsyncifyBuilder>(*module);
     // If the function cannot change our state, we have nothing to do -
     // we will never unwind or rewind the stack here.
     if (!analyzer->needsInstrumentation(func)) {
+      if (analyzer->asserts) {
+        addAssertsInNonInstrumented(func);
+      }
       return;
     }
     // Rewrite the function body.
-    builder = make_unique<AsyncifyBuilder>(*module);
     // Each function we enter will pop one from the stack, which is the index
     // of the next call to make.
     auto* block = builder->makeBlock(
@@ -841,6 +856,65 @@ struct AsyncifyFlow : public Pass {
     // don't want it to be seen by asyncify itself.
     return builder->makeCall(ASYNCIFY_GET_CALL_INDEX, {}, none);
   }
+
+  // Given a function that is not instrumented - because we proved it doesn't
+  // need it, or depending on the whitelist/blacklist - add assertions that
+  // verify that property at runtime.
+  // Note that it is ok to run code while sleeping (if you are careful not
+  // to break assumptions in the program!) - so what is actually
+  // checked here is if the state *changes* in an uninstrumented function.
+  // That is, if in an uninstrumented function, a sleep should not begin
+  // from any call.
+  void addAssertsInNonInstrumented(Function* func) {
+    auto oldState = builder->addVar(func, i32);
+    // Add a check at the function entry.
+    func->body = builder->makeSequence(
+      builder->makeLocalSet(oldState,
+                            builder->makeGlobalGet(ASYNCIFY_STATE, i32)),
+      func->body);
+    // Add a check around every call.
+    struct Walker : PostWalker<Walker> {
+      void visitCall(Call* curr) {
+        // Tail calls will need another type of check, as they wouldn't reach
+        // this assertion.
+        assert(!curr->isReturn);
+        handleCall(curr);
+      }
+      void visitCallIndirect(CallIndirect* curr) {
+        // Tail calls will need another type of check, as they wouldn't reach
+        // this assertion.
+        assert(!curr->isReturn);
+        handleCall(curr);
+      }
+      void handleCall(Expression* call) {
+        auto* check = builder->makeIf(
+          builder->makeBinary(NeInt32,
+                              builder->makeGlobalGet(ASYNCIFY_STATE, i32),
+                              builder->makeLocalGet(oldState, i32)),
+          builder->makeUnreachable());
+        Expression* rep;
+        if (isConcreteType(call->type)) {
+          auto temp = builder->addVar(func, call->type);
+          rep = builder->makeBlock({
+            builder->makeLocalSet(temp, call),
+            check,
+            builder->makeLocalGet(temp, call->type),
+          });
+        } else {
+          rep = builder->makeSequence(call, check);
+        }
+        replaceCurrent(rep);
+      }
+      Function* func;
+      AsyncifyBuilder* builder;
+      Index oldState;
+    };
+    Walker walker;
+    walker.func = func;
+    walker.builder = builder.get();
+    walker.oldState = oldState;
+    walker.walk(func->body);
+  }
 };
 
 // Instrument local saving/restoring.
@@ -1048,8 +1122,8 @@ struct Asyncify : public Pass {
     bool allImportsCanChangeState =
       stateChangingImports == "" && ignoreImports == "";
     String::Split listedImports(stateChangingImports, ",");
-    auto ignoreIndirect =
-      runner->options.getArgumentOrDefault("asyncify-ignore-indirect", "");
+    auto ignoreIndirect = runner->options.getArgumentOrDefault(
+                            "asyncify-ignore-indirect", "") == "";
     String::Split blacklist(
       String::trim(read_possible_response_file(
         runner->options.getArgumentOrDefault("asyncify-blacklist", ""))),
@@ -1058,6 +1132,8 @@ struct Asyncify : public Pass {
       String::trim(read_possible_response_file(
         runner->options.getArgumentOrDefault("asyncify-whitelist", ""))),
       ",");
+    auto asserts =
+      runner->options.getArgumentOrDefault("asyncify-asserts", "") != "";
 
     blacklist = handleBracketingOperators(blacklist);
     whitelist = handleBracketingOperators(whitelist);
@@ -1105,9 +1181,10 @@ struct Asyncify : public Pass {
     // Scan the module.
     ModuleAnalyzer analyzer(*module,
                             canImportChangeState,
-                            ignoreIndirect == "",
+                            ignoreIndirect,
                             blacklist,
-                            whitelist);
+                            whitelist,
+                            asserts);
 
     // Add necessary globals before we emit code to use them.
     addGlobals(module);

test/passes/asyncify_pass-arg=asyncify-asserts_pass-arg=asyncify-whitelist@waka.txt

@@ -0,0 +1,207 @@
+(module
+ (type $f (func))
+ (type $FUNCSIG$i (func (result i32)))
+ (type $FUNCSIG$vi (func (param i32)))
+ (import "env" "import" (func $import))
+ (import "env" "import2" (func $import2 (result i32)))
+ (import "env" "import3" (func $import3 (param i32)))
+ (memory $0 1 2)
+ (table $0 2 2 funcref)
+ (elem (i32.const 0) $calls-import2-drop $calls-import2-drop)
+ (global $__asyncify_state (mut i32) (i32.const 0))
+ (global $__asyncify_data (mut i32) (i32.const 0))
+ (export "asyncify_start_unwind" (func $asyncify_start_unwind))
+ (export "asyncify_stop_unwind" (func $asyncify_stop_unwind))
+ (export "asyncify_start_rewind" (func $asyncify_start_rewind))
+ (export "asyncify_stop_rewind" (func $asyncify_stop_rewind))
+ (func $calls-import (; 3 ;) (type $f)
+  (local $0 i32)
+  (local.set $0
+   (global.get $__asyncify_state)
+  )
+  (block
+   (block
+    (call $import)
+    (if
+     (i32.ne
+      (global.get $__asyncify_state)
+      (local.get $0)
+     )
+     (unreachable)
+    )
+   )
+   (nop)
+  )
+ )
+ (func $calls-import2-drop (; 4 ;) (type $f)
+  (local $0 i32)
+  (local $1 i32)
+  (local $2 i32)
+  (local.set $1
+   (global.get $__asyncify_state)
+  )
+  (block
+   (local.set $0
+    (block (result i32)
+     (local.set $2
+      (call $import2)
+     )
+     (if
+      (i32.ne
+       (global.get $__asyncify_state)
+       (local.get $1)
+      )
+      (unreachable)
+     )
+     (local.get $2)
+    )
+   )
+   (drop
+    (local.get $0)
+   )
+   (nop)
+  )
+ )
+ (func $returns (; 5 ;) (type $FUNCSIG$i) (result i32)
+  (local $x i32)
+  (local $1 i32)
+  (local $2 i32)
+  (local $3 i32)
+  (local $4 i32)
+  (local $5 i32)
+  (local $6 i32)
+  (local.set $5
+   (global.get $__asyncify_state)
+  )
+  (block
+   (block
+    (local.set $1
+     (block (result i32)
+      (local.set $6
+       (call $import2)
+      )
+      (if
+       (i32.ne
+        (global.get $__asyncify_state)
+        (local.get $5)
+       )
+       (unreachable)
+      )
+      (local.get $6)
+     )
+    )
+    (local.set $x
+     (local.get $1)
+    )
+    (nop)
+    (local.set $2
+     (local.get $x)
+    )
+    (local.set $3
+     (local.get $2)
+    )
+   )
+   (local.set $4
+    (local.get $3)
+   )
+   (return
+    (local.get $4)
+   )
+  )
+ )
+ (func $calls-indirect (; 6 ;) (type $FUNCSIG$vi) (param $x i32)
+  (local $1 i32)
+  (local $2 i32)
+  (local.set $2
+   (global.get $__asyncify_state)
+  )
+  (block
+   (local.set $1
+    (local.get $x)
+   )
+   (block
+    (call_indirect (type $f)
+     (local.get $1)
+    )
+    (if
+     (i32.ne
+      (global.get $__asyncify_state)
+      (local.get $2)
+     )
+     (unreachable)
+    )
+   )
+   (nop)
+  )
+ )
+ (func $asyncify_start_unwind (; 7 ;) (param $0 i32)
+  (global.set $__asyncify_state
+   (i32.const 1)
+  )
+  (global.set $__asyncify_data
+   (local.get $0)
+  )
+  (if
+   (i32.gt_u
+    (i32.load
+     (global.get $__asyncify_data)
+    )
+    (i32.load offset=4
+     (global.get $__asyncify_data)
+    )
+   )
+   (unreachable)
+  )
+ )
+ (func $asyncify_stop_unwind (; 8 ;)
+  (global.set $__asyncify_state
+   (i32.const 0)
+  )
+  (if
+   (i32.gt_u
+    (i32.load
+     (global.get $__asyncify_data)
+    )
+    (i32.load offset=4
+     (global.get $__asyncify_data)
+    )
+   )
+   (unreachable)
+  )
+ )
+ (func $asyncify_start_rewind (; 9 ;) (param $0 i32)
+  (global.set $__asyncify_state
+   (i32.const 2)
+  )
+  (global.set $__asyncify_data
+   (local.get $0)
+  )
+  (if
+   (i32.gt_u
+    (i32.load
+     (global.get $__asyncify_data)
+    )
+    (i32.load offset=4
+     (global.get $__asyncify_data)
+    )
+   )
+   (unreachable)
+  )
+ )
+ (func $asyncify_stop_rewind (; 10 ;)
+  (global.set $__asyncify_state
+   (i32.const 0)
+  )
+  (if
+   (i32.gt_u
+    (i32.load
+     (global.get $__asyncify_data)
+    )
+    (i32.load offset=4
+     (global.get $__asyncify_data)
+    )
+   )
+   (unreachable)
+  )
+ )
+)

test/passes/asyncify_pass-arg=asyncify-asserts_pass-arg=asyncify-whitelist@waka.wast

@@ -0,0 +1,25 @@
+(module
+  (memory 1 2)
+  (type $f (func))
+  (import "env" "import" (func $import))
+  (import "env" "import2" (func $import2 (result i32)))
+  (import "env" "import3" (func $import3 (param i32)))
+  (table 1 1)
+  (func $calls-import
+    (call $import)
+  )
+  (func $calls-import2-drop
+    (drop (call $import2))
+  )
+  (func $returns (result i32)
+    (local $x i32)
+    (local.set $x (call $import2))
+    (local.get $x)
+  )
+  (func $calls-indirect (param $x i32)
+    (call_indirect (type $f)
+      (local.get $x)
+    )
+  )
+)
+