Open Bug 1298203 Opened 8 years ago Updated 3 years ago

[exploration] Add more agressive BCE for wasm

Categories

(Core :: JavaScript: WebAssembly, task, P3)

task

Tracking

()

People

(Reporter: lami4ka, Unassigned)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Add BCE that accounts for constants, small constant offset adds and leverages the slop.
Adding patch here to keep track of idea. Its not ready for review, just communicates the idea. It introduces:

1) Handle bounds checks on constants
2) For each address remember and check against all bounds check locations
3) When bounds checking addr+const_off, see if addr was previously checked with an offset either larger, or less than slop smaller from const_off
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
Component: JavaScript Engine: JIT → Javascript: WebAssembly
Depends on: 1590305
Blocks: 1590305
No longer depends on: 1590305
Assignee: lami4ka → nobody
Blocks: wasm64
Status: REOPENED → NEW
Depends on: 1735207
See Also: → 1739971
Severity: normal → N/A
Type: enhancement → task
Summary: Baldr: Add more agressive BCE → [exploration] Add more agressive BCE for wasm

Action item here: When the memory's lower limit equals its upper limit then the memory's size is a known constant and can be inlined in the bounds check, we do this for tables but not for memories. Test case:

wasmDis(new WebAssembly.Module(wasmTextToBinary(`
(module
  (memory 1 1)
  (func (param i32) (result i32)
    (i32.load (local.get 0))))`)))

Run with --disable-wasm-huge-memory --spectre-mitigations=off, output currently looks like this (Linux ABI):

00000014  41 8b 46 08               movl 0x08(%r14), %eax
00000018  3b f8                     cmp %eax, %edi
0000001A  0f 82 02 00 00 00         jb 0x0000000000000022
00000020  0f 0b                     ud2
00000022  41 8b 04 3f               movl (%r15,%rdi,1), %eax

Since the memory's length is known that could be cmp %eax, 65536 I think. Since the limit is always some number of pages this optimization is friendly to ARM64 as well.

(Even with an unknown limit we could be comparing directly with memory, though in many cases the bounds check can be commoned so that's a different investigation.)

For tables it was pretty common for the table length to be fixed, last I looked. For memory this is likely less common, but some data would be welcome.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: