Add uint32_t i32 field to Value union

[chfast]

Problems this introduces

• stack.top() = 0 only zeros the .i32 now.
• FizzyValue{1} only inits the .i32 part. This is excessively used in C API tests. And cannot be disabled. In C++20 you can do FizzyValue{.i64 = 1}.

[chfast]

This ultimately need typed execution API because Result(0) now tests i32 result instead of i64. It is necessary to also check if we are testing correct types.

[axic]

What was the blocker on this? It would make the Rust API a tiny bit nicer too.

[chfast]

What was the blocker on this? It would make the Rust API a tiny bit nicer too.

Unit tests expectations update.

[codecov]

Codecov Report

Merging #517 (0fd8f0d) into master (76a3b2a) will decrease coverage by 0.01%.
The diff coverage is 99.29%.

@@            Coverage Diff             @@
##           master     #517      +/-   ##
==========================================
- Coverage   99.31%   99.30%   -0.02%     
==========================================
  Files          72       72              
  Lines       10257    10304      +47     
==========================================
+ Hits        10187    10232      +45     
- Misses         70       72       +2     

Flag	Coverage Δ
spectests	91.49% <100.00%> (-0.01%)	⬇️
unittests	99.30% <99.29%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
test/testfloat/testfloat.cpp	89.51% <0.00%> (-1.27%)	⬇️
lib/fizzy/execute.cpp	100.00% <100.00%> (ø)
lib/fizzy/instantiate.cpp	100.00% <100.00%> (ø)
lib/fizzy/stack.hpp	100.00% <100.00%> (ø)
lib/fizzy/value.hpp	100.00% <100.00%> (ø)
test/unittests/api_test.cpp	100.00% <100.00%> (ø)
test/unittests/capi_test.cpp	100.00% <100.00%> (ø)
test/unittests/cxx20_span_test.cpp	100.00% <100.00%> (ø)
test/unittests/execute_numeric_test.cpp	100.00% <100.00%> (ø)
test/unittests/execute_test.cpp	100.00% <100.00%> (ø)
... and 7 more

[axic]

This is now blocked on explicitly typing number literals in the tests.

[axic]

Eventually we should also remove this, if we merge this PR.

[axic]

@chfast do you want to remove it in a separate commit, or a separate PR? I can do the removal too.

[axic]

Well, actually shouldn't all the test code be using as<uint32_t>()? We can apply that parallel to this PR.

[chfast]

Well, actually shouldn't all the test code be using as<uint32_t>()? We can apply that parallel to this PR.

The Result() was checking this to some distinct. But I went with additional type checking to solved it for good.

[chfast]

@chfast do you want to remove it in a separate commit, or a separate PR? I can do the removal too.

In #691.

[gumb0]

Hm, I'm confused by union initialization again. Does default initialization like this set the active member of the union?

[chfast]

I'm confused too. This was only found by GCC coverage build.

The 0 is definitely wrong because it calls the special constructor and inits .i32 only.

But the default constructor should be wrong too because it should only init the first field and .i32 is the first one. This works however for current compilers. I wander if MSan can help here. Would be good if you can check the spec yourself.

One solution to solve this is to provide own implementation of the default constructor which inits .i64 (or define i64 = 0;). But with that the Value looses some properties like "is trivially constructable".

Second solution is to move .i64 to the first position. This guarantees the Value{} to be fully zero-initialized. Same for FizzyValue in C API.

But I don't see any sanity solution to init locals with zero without knowing the type.

[chfast]

I don't believe I'm doing it again to myself, but:

1. The Value{} is value-initialization.
2. if T is a class type with a default constructor that is neither user-provided nor deleted (that is, it may be a class with an implicitly-defined or defaulted default constructor), the object is zero-initialized.
3. Zero-initialization: If T is a union type, the first non-static named data member is zero-initialized and all padding is initialized to zero bits.

So I think the Value{} is correct here as it zeros all object's bytes.

[gumb0]

It seems to depend on the interpretation of what is "padding" for a union - whether unused bits of inactive members are "padding". I see some people having doubts about this here: https://stackoverflow.com/questions/11812555/how-to-zero-initialize-an-union#comment15704643_11812606 I have not found a definite answer to this yet.

However, I had a concern about something else (perhaps not directly related to this PR): we zero-initialize Values of locals here, which might or might not choose the active member of the union (I have not found the answer to this either). Then function may access them right away with local.get, then some other operation may access some member of it - can be any type member. Then this may or may not be UB.

We can add a test for this, but as I remember sanitizers didn't catch union type punning.

And if we're required to set the right type, then there's no way around needing the types of locals when initializing.

[gumb0]

We can add a test for this, but as I remember sanitizers didn't catch union type punning.

Well, the tests you added here (execute.local_init) already check this actually. Because checking the result of a function reads some specific member of Value union.

[chfast]

It seems to depend on the interpretation of what is "padding" for a union - whether unused bits of inactive members are "padding". I see some people having doubts about this here: https://stackoverflow.com/questions/11812555/how-to-zero-initialize-an-union#comment15704643_11812606 I have not found a definite answer to this yet.

Agree. This definition issues would be nice to clear.

However, I had a concern about something else (perhaps not directly related to this PR): we zero-initialize Values of locals here, which might or might not choose the active member of the union (I have not found the answer to this either).

"the object's first non-static named data member is zero initialized and padding is initialized to zero bits"

This indicates that the first member is initialized then the active one.

Then function may access them right away with local.get, then some other operation may access some member of it - can be any type member. Then this may or may not be UB.

We can add a test for this, but as I remember sanitizers didn't catch union type punning.

This is true. I have found multiple notes that GCC explicitly supports union-based type punning as some kind of C++ extension. But I cannot find it in documentation.
It is also said that Clang's UBSan should report all UB's Clang recognizes (otherwise it is a compiler bug), so this can indicate this is also supported in Clang.

And if we're required to set the right type, then there's no way around needing the types of locals when initializing.

That's would be very pedantic way of handling this. I would stay with investigating C++ standard and compiler documentation + have many tests for this.

Another alternative to investigate is to use std::memset() as a way of fixing theoretical UB (similarly to std::memcpy() being a (the only) correct way of doing type punning).

[chfast]

I did some experiments and it looks like GCC and MSVC inits the whole object while Clang only the first element: https://godbolt.org/z/cWscY8.

See also: https://stackoverflow.com/questions/37226837/union-zero-initialization-with-clang-vs-gcc

[gumb0]

This may be a good reason to make i64 the first member. Are there any advantages for it to be the second other than aesthetical?

[chfast]

Just esthetics. I'm keeping it though for now to catch issues and add regression tests.

[chfast]

I don't see any significant speed difference except for noise. The GCC LTO build is much noisier.

fizzy/execute/blake2b/512_bytes_rounds_1_mean                     +0.0095         +0.0095            80            81            80            81
fizzy/execute/blake2b/512_bytes_rounds_16_mean                    +0.0085         +0.0085          1207          1217          1207          1217
fizzy/execute/ecpairing/onepoint_mean                             +0.0072         +0.0072        404734        407646        404736        407648
fizzy/execute/keccak256/512_bytes_rounds_1_mean                   +0.0201         +0.0201           101           103           101           103
fizzy/execute/keccak256/512_bytes_rounds_16_mean                  +0.0131         +0.0131          1489          1508          1489          1508
fizzy/execute/memset/256_bytes_mean                               -0.0167         -0.0167             7             7             7             7
fizzy/execute/memset/60000_bytes_mean                             -0.0209         -0.0209          1539          1507          1539          1507
fizzy/execute/mul256_opt0/input1_mean                             +0.0347         +0.0347            29            30            29            30
fizzy/execute/ramanujan_pi/33_runs_mean                           -0.0274         -0.0274           114           111           114           111
fizzy/execute/sha1/512_bytes_rounds_1_mean                        +0.0303         +0.0303            88            91            88            91
fizzy/execute/sha1/512_bytes_rounds_16_mean                       +0.0334         +0.0334          1225          1266          1225          1266
fizzy/execute/sha256/512_bytes_rounds_1_mean                      +0.0075         +0.0075            80            81            80            81
fizzy/execute/sha256/512_bytes_rounds_16_mean                     +0.0087         +0.0087          1101          1111          1101          1111
fizzy/execute/taylor_pi/pi_1000000_runs_mean                      -0.0011         -0.0011         40619         40573         40620         40573
fizzy/execute/micro/eli_interpreter/exec105_mean                  -0.0150         -0.0150             5             4             5             4
fizzy/execute/micro/factorial/20_mean                             +0.0207         +0.0206             1             1             1             1
fizzy/execute/micro/fibonacci/24_mean                             +0.0175         +0.0175          5048          5137          5048          5137
fizzy/execute/micro/host_adler32/1_mean                           +0.0211         +0.0211             0             0             0             0
fizzy/execute/micro/host_adler32/1000_mean                        -0.0042         -0.0042            31            31            31            31
fizzy/execute/micro/icall_hash/1000_steps_mean                    +0.0033         +0.0033            69            69            69            69
fizzy/execute/micro/spinner/1_mean                                -0.0603         -0.0603             0             0             0             0
fizzy/execute/micro/spinner/1000_mean                             -0.0134         -0.0134             9             9             9             9

[gumb0]

Looks fine to me

[axic]

Notpick, we do not actually need _u32 here, right?

[chfast]

No. But using _u32 gives higher confidence (i.e. someone has thought what the result type is expected). Still gray area though.