Upgraded to Binaryen 125

Author: BlobMaster41

src/compiler.ts

@@ -651,11 +651,9 @@ export class Compiler extends DiagnosticEmitter {
       }
     }
 
-    // finalize runtime features (RTTI must be compiled here as it affects memory layout)
+    // finalize runtime features (RTTI only - visitGlobals/visitMembers are compiled after shadow stack pass)
     module.removeGlobal(BuiltinNames.rtti_base);
     if (this.runtimeFeatures & RuntimeFeatures.Rtti) compileRTTI(this);
-    // NOTE: compileVisitGlobals and compileVisitMembers are deferred until after
-    // custom passes (like shadow stack) that may trigger additional compilations
 
     let memoryOffset = i64_align(this.memoryOffset, options.usizeType.byteSize);
 
@@ -757,18 +755,24 @@ export class Compiler extends DiagnosticEmitter {
       }
     }
 
-    // Run custom passes
+    // Run shadow stack pass first (may trigger compilation of functions that need visit functions)
     if (hasShadowStack) {
       this.shadowStack.walkModule();
     }
-    if (program.lookup("ASC_RTRACE") != null) {
-      new RtraceMemory(this).walkModule();
-    }
 
-    // Finalize visit functions after custom passes that may trigger additional compilations
+    // Compile visit functions after shadow stack pass (which may have set runtimeFeatures flags)
     if (this.runtimeFeatures & RuntimeFeatures.visitGlobals) compileVisitGlobals(this);
     if (this.runtimeFeatures & RuntimeFeatures.visitMembers) compileVisitMembers(this);
 
+    // Run shadow stack pass again with a fresh instance to transform any __tostack calls in visit functions
+    if (hasShadowStack && (this.runtimeFeatures & (RuntimeFeatures.visitGlobals | RuntimeFeatures.visitMembers))) {
+      new ShadowStackPass(this).walkModule();
+    }
+
+    if (program.lookup("ASC_RTRACE") != null) {
+      new RtraceMemory(this).walkModule();
+    }
+
     return module;
   }
 

src/module.ts

@@ -271,20 +271,28 @@ export const enum ExpressionId {
   TableSet = 47 /* _BinaryenTableSetId */,
   TableSize = 48 /* _BinaryenTableSizeId */,
   TableGrow = 49 /* _BinaryenTableGrowId */,
+  TableFill = 50 /* _BinaryenTableFillId */,
+  TableCopy = 51 /* _BinaryenTableCopyId */,
+  TableInit = 52 /* _BinaryenTableInitId */,
   Try = 54 /* _BinaryenTryId */,
+  TryTable = 55 /* _BinaryenTryTableId */,
   Throw = 56 /* _BinaryenThrowId */,
   Rethrow = 57 /* _BinaryenRethrowId */,
+  ThrowRef = 58 /* _BinaryenThrowRefId */,
   TupleMake = 59 /* _BinaryenTupleMakeId */,
   TupleExtract = 60 /* _BinaryenTupleExtractId */,
   RefI31 = 61 /* _BinaryenRefI31Id */,
   I31Get = 62 /* _BinaryenI31GetId */,
   CallRef = 63 /* _BinaryenCallRefId */,
   RefTest = 64 /* _BinaryenRefTestId */,
   RefCast = 65 /* _BinaryenRefCastId */,
+  RefGetDesc = 66 /* _BinaryenRefGetDescId */,
   BrOn = 67 /* _BinaryenBrOnId */,
   StructNew = 68 /* _BinaryenStructNewId */,
   StructGet = 69 /* _BinaryenStructGetId */,
   StructSet = 70 /* _BinaryenStructSetId */,
+  StructRMW = 71 /* _BinaryenStructRMWId */,
+  StructCmpxchg = 72 /* _BinaryenStructCmpxchgId */,
   ArrayNew = 73 /* _BinaryenArrayNewId */,
   ArrayNewData = 74 /* _BinaryenArrayNewDataId */,
   ArrayNewElem = 75 /* _BinaryenArrayNewElemId */,
@@ -304,7 +312,13 @@ export const enum ExpressionId {
   StringConcat = 91 /* _BinaryenStringConcatId */,
   StringEq = 92 /* _BinaryenStringEqId */,
   StringWTF16Get = 94 /* _BinaryenStringWTF16GetId */,
-  StringSliceWTF = 95 /* _BinaryenStringSliceWTFId */
+  StringSliceWTF = 95 /* _BinaryenStringSliceWTFId */,
+  ContNew = 96 /* _BinaryenContNewId */,
+  ContBind = 97 /* _BinaryenContBindId */,
+  Suspend = 98 /* _BinaryenSuspendId */,
+  Resume = 99 /* _BinaryenResumeId */,
+  ResumeThrow = 100 /* _BinaryenResumeThrowId */,
+  StackSwitch = 101 /* _BinaryenStackSwitchId */
 }
 
 /** Binaryen external kind constants. */

src/passes/shadowstack.ts

@@ -109,6 +109,8 @@ import {
   _BinaryenFunctionSetBody,
   _BinaryenGetExport,
   _BinaryenGetFunction,
+  _BinaryenGetFunctionByIndex,
+  _BinaryenGetNumFunctions,
   _BinaryenLocalSetGetIndex,
   _BinaryenLocalSetGetValue,
   _BinaryenLocalSetIsTee,
@@ -322,7 +324,7 @@ export class ShadowStackPass extends Pass {
   /** Makes a check that the current stack pointer is valid. */
   makeStackCheck(): ExpressionRef {
     let module = this.module;
-    if (!this.hasStackCheckFunction) {
+    if (!this.hasStackCheckFunction && !module.hasFunction("~stack_check")) {
       this.hasStackCheckFunction = true;
       module.addFunction("~stack_check", TypeRef.None, TypeRef.None, null,
         module.if(
@@ -573,65 +575,96 @@ export class ShadowStackPass extends Pass {
 
   /** @override */
   walkModule(): void {
-    // Run the pass normally
-    super.walkModule();
-
-    // Instrument returns in functions utilizing stack slots
+    // Walk functions in a loop until no new functions are added.
+    // This is necessary because transforming __tostack calls and instrumenting
+    // functions may trigger compilation of new functions (e.g., via makeStackCheck -> makeStaticAbort).
+    let moduleRef = this.module.ref;
     let module = this.module;
-    let instrumentReturns = new InstrumentReturns(this);
-    for (let _keys = Map_keys(this.slotMaps), i = 0, k = _keys.length; i < k; ++i) {
-      let func = _keys[i];
-      let slotMap = changetype<SlotMap>(this.slotMaps.get(func));
-      let frameSize = slotMap.size * this.ptrSize;
+    let lastNumFunctions: Index = 0;
+    let iteration = 0;
 
-      // Instrument function returns
-      instrumentReturns.frameSize = frameSize;
-      instrumentReturns.walkFunction(func);
+    // Set of functions that have already been instrumented
+    let instrumentedFunctions = new Set<FunctionRef>();
 
-      // Instrument function entry
-      let stmts = new Array<ExpressionRef>();
-      // __stack_pointer -= frameSize
-      stmts.push(
-        this.makeStackOffset(-frameSize)
-      );
-      // memory.fill(__stack_pointer, 0, frameSize)
-      this.makeStackFill(frameSize, stmts);
-
-      // Handle implicit return
-      let body = _BinaryenFunctionGetBody(func);
-      let bodyType = _BinaryenExpressionGetType(body);
-      if (bodyType == TypeRef.Unreachable) {
-        // body
-        stmts.push(
-          body
-        );
-      } else if (bodyType == TypeRef.None) {
-        // body
-        stmts.push(
-          body
-        );
-        // __stack_pointer += frameSize
-        stmts.push(
-          this.makeStackOffset(+frameSize)
-        );
-      } else {
-        let temp = this.getSharedTemp(func, bodyType);
-        // t = body
-        stmts.push(
-          module.local_set(temp, body, false)
-        );
-        // __stack_pointer += frameSize
-        stmts.push(
-          this.makeStackOffset(+frameSize)
-        );
-        // -> t
+    while (true) {
+      let currentNumFunctions = _BinaryenGetNumFunctions(moduleRef);
+      if (currentNumFunctions == lastNumFunctions) break;
+
+      // Walk only the newly added functions (from lastNumFunctions to currentNumFunctions)
+      for (let i = lastNumFunctions; i < currentNumFunctions; ++i) {
+        this.walkFunction(_BinaryenGetFunctionByIndex(moduleRef, i));
+      }
+
+      // Instrument returns and entries for functions with slots that haven't been instrumented yet
+      let instrumentReturns = new InstrumentReturns(this);
+      for (let _keys = Map_keys(this.slotMaps), i = 0, k = _keys.length; i < k; ++i) {
+        let func = _keys[i];
+        if (instrumentedFunctions.has(func)) continue;
+        instrumentedFunctions.add(func);
+
+        let slotMap = changetype<SlotMap>(this.slotMaps.get(func));
+        let frameSize = slotMap.size * this.ptrSize;
+
+        // Instrument function returns
+        instrumentReturns.frameSize = frameSize;
+        instrumentReturns.walkFunction(func);
+
+        // Instrument function entry
+        let stmts = new Array<ExpressionRef>();
+        // __stack_pointer -= frameSize
         stmts.push(
-          module.local_get(temp, bodyType)
+          this.makeStackOffset(-frameSize)
         );
+        // memory.fill(__stack_pointer, 0, frameSize)
+        this.makeStackFill(frameSize, stmts);
+
+        // Handle implicit return
+        let body = _BinaryenFunctionGetBody(func);
+        let bodyType = _BinaryenExpressionGetType(body);
+        if (bodyType == TypeRef.Unreachable) {
+          // body
+          stmts.push(
+            body
+          );
+        } else if (bodyType == TypeRef.None) {
+          // body
+          stmts.push(
+            body
+          );
+          // __stack_pointer += frameSize
+          stmts.push(
+            this.makeStackOffset(+frameSize)
+          );
+        } else {
+          let temp = this.getSharedTemp(func, bodyType);
+          // t = body
+          stmts.push(
+            module.local_set(temp, body, false)
+          );
+          // __stack_pointer += frameSize
+          stmts.push(
+            this.makeStackOffset(+frameSize)
+          );
+          // -> t
+          stmts.push(
+            module.local_get(temp, bodyType)
+          );
+        }
+        _BinaryenFunctionSetBody(func, module.flatten(stmts, bodyType));
+      }
+
+      lastNumFunctions = currentNumFunctions;
+      iteration++;
+
+      // Safety limit to prevent infinite loops
+      if (iteration > 100) {
+        throw new Error("ShadowStackPass: too many iterations, possible infinite loop");
       }
-      _BinaryenFunctionSetBody(func, module.flatten(stmts, bodyType));
     }
 
+    // Walk globals (only once, since they don't trigger new function compilation)
+    this.walkGlobals();
+
     // Update functions we added more locals to
     // TODO: _BinaryenFunctionAddVar ?
     for (let _keys = Map_keys(this.tempMaps), i = 0, k = _keys.length; i < k; ++i) {