[exploration] Add more agressive BCE for wasm
Categories
(Core :: JavaScript: WebAssembly, task, P3)
Tracking
()
People
(Reporter: lami4ka, Unassigned)
References
(Blocks 2 open bugs)
Details
Attachments
(1 file)
10.37 KB,
patch
|
Details | Diff | Splinter Review |
Add BCE that accounts for constants, small constant offset adds and leverages the slop.
Reporter | ||
Comment 1•8 years ago
|
||
Adding patch here to keep track of idea. Its not ready for review, just communicates the idea. It introduces: 1) Handle bounds checks on constants 2) For each address remember and check against all bounds check locations 3) When bounds checking addr+const_off, see if addr was previously checked with an offset either larger, or less than slop smaller from const_off
Comment 2•6 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Updated•6 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•3 years ago
|
Comment 3•3 years ago
|
||
Bug 1739971 comment 1 is related.
Updated•3 years ago
|
Comment 4•3 years ago
|
||
Action item here: When the memory's lower limit equals its upper limit then the memory's size is a known constant and can be inlined in the bounds check, we do this for tables but not for memories. Test case:
wasmDis(new WebAssembly.Module(wasmTextToBinary(`
(module
(memory 1 1)
(func (param i32) (result i32)
(i32.load (local.get 0))))`)))
Run with --disable-wasm-huge-memory --spectre-mitigations=off
, output currently looks like this (Linux ABI):
00000014 41 8b 46 08 movl 0x08(%r14), %eax
00000018 3b f8 cmp %eax, %edi
0000001A 0f 82 02 00 00 00 jb 0x0000000000000022
00000020 0f 0b ud2
00000022 41 8b 04 3f movl (%r15,%rdi,1), %eax
Since the memory's length is known that could be cmp %eax, 65536
I think. Since the limit is always some number of pages this optimization is friendly to ARM64 as well.
(Even with an unknown limit we could be comparing directly with memory, though in many cases the bounds check can be commoned so that's a different investigation.)
For tables it was pretty common for the table length to be fixed, last I looked. For memory this is likely less common, but some data would be welcome.
Description
•