Odin: simplify the masked index bounds check test.

RESOLVED FIXED in Firefox 39

Status

()

Core
JavaScript Engine: JIT
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: dougc, Assigned: dougc)

Tracking

unspecified
mozilla39
Points:
---

Firefox Tracking Flags

(firefox39 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

3 years ago
The test of a masked index against the known minimum heap length is overly complex and while the recent update fixes an issue it is still a little too conservative and misses some opportunities.
(Assignee)

Comment 1

3 years ago
Created attachment 8583043 [details] [diff] [review]
Simplify the masked index bounds check test.

This code was way too complex, sorry. It just needed to compare the mask to the length and avoid negative indexes when the top bit of the mask is set.
Attachment #8583043 - Flags: review?(sphink)
Comment on attachment 8583043 [details] [diff] [review]
Simplify the masked index bounds check test.

Review of attachment 8583043 [details] [diff] [review]:
-----------------------------------------------------------------

Makes sense to me. A slightly different way of stating it is that ANDing the mask with the index can only decrease the mask if it's unsigned, so mask ≤ max => (x & mask) ≤ max since (mask & x) ≤ mask ≤ max. Pretty much the same as what your comment says.

And yet -- I'd rather luke stamp this too, if you don't mind. My paranoia knows no bounds.

::: js/src/asmjs/AsmJSValidate.cpp
@@ +4444,5 @@
>      uint32_t mask2;
>      if (IsLiteralOrConstInt(f, maskNode, &mask2)) {
>          // Flag the access to skip the bounds check if the mask ensures that an 'out of
> +        // bounds' access can not occur based on the current heap length constraint. The
> +        // maxium of a masked index is the mask itself so simply compare the mask to the

*maximum
Attachment #8583043 - Flags: review?(sphink)
Attachment #8583043 - Flags: review?(luke)
Attachment #8583043 - Flags: review+

Comment 3

3 years ago
(In reply to Steve Fink [:sfink, :s:] from comment #2)
> My paranoia knows no bounds.

NO_BOUNDS_CHECK, even?

Comment 4

3 years ago
Comment on attachment 8583043 [details] [diff] [review]
Simplify the masked index bounds check test.

Much simpler.
Attachment #8583043 - Flags: review?(luke) → review+
(Assignee)

Comment 5

3 years ago
Created attachment 8583435 [details] [diff] [review]
Simplify the masked index bounds check test.

Fix the source comment. Carrying forward r+.
Attachment #8583043 - Attachment is obsolete: true
Attachment #8583435 - Flags: review+
(Assignee)

Comment 6

3 years ago
Requesting checkin. Try build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=0748011b8259
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/7e4aab7d129f
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox39: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
You need to log in before you can comment on or make changes to this bug.