[wasm-gc] Use corresponding null type in gc operator reducer

Bug: v8:7748 Change-Id: I511d5016ae5106a1e4aa148038b3ab2f43da1a6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810177 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#82286}

[wasm-gc] Use corresponding null type in gc operator reducer
Bug: v8:7748 Change-Id: I511d5016ae5106a1e4aa148038b3ab2f43da1a6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810177 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#82286}
0cb7e245 · Matthias Liedtke · V8 LUCI CQ · 97d1ab6c · 0cb7e245 · 0cb7e245
Commit 0cb7e245 authored Aug 09, 2022 by Matthias Liedtke Committed by V8 LUCI CQ Aug 09, 2022
Showing with 23 additions and 13 deletions

wasm-gc-operator-reducer.cc src/compiler/wasm-gc-operator-reducer.cc +5 -5

wasm-subtyping.cc src/wasm/wasm-subtyping.cc +15 -8

wasm-subtyping.h src/wasm/wasm-subtyping.h +3 -0

No files found.
--- a/src/compiler/wasm-gc-operator-reducer.cc
+++ b/src/compiler/wasm-gc-operator-reducer.cc
@@ -149,12 +149,12 @@ Reduction WasmGCOperatorReducer::ReduceIf(Node* node, bool condition) {
      Node* control = NodeProperties::GetControlInput(condition_node);
      wasm::TypeInModule object_type = ObjectTypeFromContext(object, control);
      if (object_type.type.is_bottom()) return NoChange();
-      // If the checked value is null, narrow the type to nullref, otherwise to
-      // non-null.
+      // If the checked value is null, narrow the type to the corresponding
+      // null type, otherwise to a non-null reference.
      bool is_null =
          condition == (condition_node->opcode() == IrOpcode::kIsNull);
-      object_type.type =
-          is_null ? wasm::kWasmNullRef : object_type.type.AsNonNull();
+      object_type.type = is_null ? wasm::ToNullSentinel(object_type)
+                                 : object_type.type.AsNonNull();
      return UpdateNodeAndAliasesTypes(node, parent_state, object, object_type,
                                       true);
    }
@@ -271,7 +271,7 @@ Reduction WasmGCOperatorReducer::ReduceWasmTypeCast(Node* node) {
                                       : gasm_.Int32Constant(0);
    gasm_.TrapUnless(SetType(non_trapping_condition, wasm::kWasmI32),
                     TrapId::kTrapIllegalCast);
-    Node* null_node = SetType(gasm_.Null(), wasm::kWasmNullRef);
+    Node* null_node = SetType(gasm_.Null(), wasm::ToNullSentinel(object_type));
    ReplaceWithValue(node, null_node, gasm_.effect(), gasm_.control());
    node->Kill();
    return Replace(null_node);

--- a/src/wasm/wasm-subtyping.cc
+++ b/src/wasm/wasm-subtyping.cc
@@ -99,8 +99,8 @@ bool ValidFunctionSubtypeDefinition(uint32_t subtype_index,
  return true;
 }

-HeapType::Representation NullSentinel(HeapType type, const WasmModule* module) {
-  switch (type.representation()) {
+HeapType::Representation NullSentinelImpl(TypeInModule type) {
+  switch (type.type.heap_type().representation()) {
    case HeapType::kI31:
    case HeapType::kNone:
    case HeapType::kEq:
@@ -119,8 +119,9 @@ HeapType::Representation NullSentinel(HeapType type, const WasmModule* module) {
    case HeapType::kNoFunc:
      return HeapType::kNoFunc;
    default:
-      return module->has_signature(type.ref_index()) ? HeapType::kNoFunc
-                                                     : HeapType::kNone;
+      return type.module->has_signature(type.type.ref_index())
+                 ? HeapType::kNoFunc
+                 : HeapType::kNone;
  }
 }

@@ -542,14 +543,20 @@ TypeInModule Intersection(ValueType type1, ValueType type2,
    return {kWasmBottom, module1};
  }
  // Check for common null representation.
-  HeapType::Representation null_type1 =
-      NullSentinel(type1.heap_type(), module1);
-  if (null_type1 == NullSentinel(type2.heap_type(), module2)) {
-    return {ValueType::RefNull(HeapType(null_type1)), module1};
+  ValueType null_type1 = ToNullSentinel({type1, module1});
+  if (null_type1 == ToNullSentinel({type2, module2})) {
+    return {null_type1, module1};
  }
  return {kWasmBottom, module1};
 }

+ValueType ToNullSentinel(TypeInModule type) {
+  HeapType::Representation null_heap = NullSentinelImpl(type);
+  DCHECK(
+      IsHeapSubtypeOf(HeapType(null_heap), type.type.heap_type(), type.module));
+  return ValueType::RefNull(null_heap);
+}
+
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8
--- a/src/wasm/wasm-subtyping.h
+++ b/src/wasm/wasm-subtyping.h
@@ -153,6 +153,9 @@ V8_INLINE V8_EXPORT_PRIVATE TypeInModule Intersection(TypeInModule type1,
  return Intersection(type1.type, type2.type, type1.module, type2.module);
 }

+// Returns the matching abstract null type (none, nofunc, noextern).
+ValueType ToNullSentinel(TypeInModule type);
+
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8