Closed Bug 1799856 Opened 2 years ago Closed 1 year ago

wasm-gc via Ion: implement array.{new,new_default,new_fixed,new_data,new_elem,get,get_s,get_u,set,len,copy}

Categories

(Core :: JavaScript: WebAssembly, enhancement)

Product:
Core
Component:
JavaScript: WebAssembly
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
109 Branch
Tracking Flags:
Tracking Status
firefox109 --- fixed

People

(Reporter: jseward, Assigned: jseward)

References

(Blocks 2 open bugs)

Details

Attachments

(3 files)

Initial implementation. Depends on bug 1797933.
40.99 KB, patch
Details | Diff | Splinter Review
Bug 1799856 - (part 1) wasm-gc via Ion: implement array.{new,new_default,new_fixed,new_data,new_elem,get,get_s,get_u,set,len,copy}. r=rhunt.
48 bytes, text/x-phabricator-request
Details | Review
Bug 1799856 - (part 2) wasm-gc via Ion: tidy up and document checks for oversize arrays and structs. r=rhunt.
48 bytes, text/x-phabricator-request
Details | Review

In other words, implement enough so all tests preceding those for
array.new_fixed in js/src/jit-test/tests/wasm/gc/arrays.js, will run with
--wasm-compiler=ion.

Depends on: 1797933
Summary: wasm-gc via Ion: implement array.{new,new_default,get,get_s,get_u,set,len} → wasm-gc via Ion: implement array.{new,new_default,new_fixed,new_data,new_elem,get,get_s,get_u,set,len,copy}
Blocks: 1802287

This patch provides Ion implementations of the wasm-gc
array.{new,new_default,new_fixed,new_data,new_elem,get,get_s,get_u,set,len,copy}
instructions. The implementation is functionally complete but has two
caveats:

(1) Checks for oversize (implementation-limits-exceeding) structs and arrays
are inadequate. A followup patch in this same bug will fix that.

(2) In order to limit further complexity in this complex patch, array address
computations are done entirely in MIR. This means no new LIRs or codegen
artefacts are needed, but we fail to take advantage of target-specific
complex addressing modes. Bug 1802287 is a followup to add such
functionality. The present patch has been designed so that the upgrade
can be slotted in neatly by updating just the two methods
{read,write}GcValueAtBasePlusScaledIndex.

A few of the changes are not in WasmIonCompile.cpp:

  • Alias sets: new categories WasmArrayNumElements, WasmArrayDataPointer,
    WasmArrayDataArea.

  • OpIter<Policy>::readArrayNewFixed: updated to produce a vector of values;
    was not necessary in baseline but it is now. Callers modified accordingly.

All of the remaining changes are in WasmIonCompile.cpp, in more or less this
order:

  • [cleanup] new method FunctionCompiler::emitInstanceCall, which is used to
    common up the frequently repeated code sequence passInstance ; passArg* ; finishCall.

  • new methods for performing Wasm-Gc style reads and writes. This is a
    refactoring that is used to support both the existing struct. insns and
    the new array. ones:

    • writeGcValueAtBase, writeGcValueAtBasePlusOffset,
      writeGcValueAtBasePlusScaledIndex

    • readGcValueAtBasePlusOffset, readGcValueAtBasePlusScaledIndex

  • new methods to help do address arithmetic in MIR:

    • targetIs64Bit, constantTargetWord, computeBasePlusScaledIndex

    • (in IonTypes.h) TargetWordMIRType

  • new methods to help generate array access code:

    • getWasmArrayObjectNumElements, getWasmArrayObjectData to retrieve
      WasmArrayObject fields

    • setupForArrayAccess, which generates a null check, retrieves the array
      size, does a bounds check, and returns the data-area pointer. Used for
      both reads and writes.

    • createArrayNewCallAndLoop: this is really the implementation of array.new.
      There's no feasible way to do it outside of class FunctionCompiler given
      existing visibility constraints. It creates a call to Instance::arrayNew,
      followed by an initialisation loop.

  • [cleanup] some more methods have been marked [[nodiscard]].

  • Finally, the various EmitArray* functions. These are pretty short, as a
    result of all the support code in FunctionCompiler.

  • [bug fix] OpIter<Policy>::readArrayNew: Arguments numElements and offset
    were popped in the incorrect order (per the spec). This wasn't visible when
    only used by baseline since it doesn't use that mechanism to acquire operands.

This patch:

  • introduces and enforces a maximum array payload size of 1987654321 bytes
    (around 1.9GB), as a new constant MaxArrayPayloadBytes

  • enforces the existing but unenforced max-fields-in-a-struct constant
    MaxStructFields (== 1000)

  • adds tests, to the extent possible

  • fixes a missing allocation-ballast check in EmitStructNew exposed by the tests

Specifically:

  • array.new, array.new_default: enhanced limit check in
    WasmArrayObject::createArray

  • array.new_fixed, array.new_data, array.new_element: no new tests needed, as
    explained in the test cases.

  • BaseCompiler::emitArrayNewFixed and (Ion's) EmitArrayNewFixed: add
    comments/assertions consistent with the previous point

  • struct.new, struct.new_default: add a check at validation time (in the
    iterator)

Depends on D163112

Pushed by jseward@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0c09a0c4a6e7
(part 1) wasm-gc via Ion: implement array.{new,new_default,new_fixed,new_data,new_elem,get,get_s,get_u,set,len,copy}.  r=rhunt.
https://hg.mozilla.org/integration/autoland/rev/2ccccf8fc42d
(part 2) wasm-gc via Ion: tidy up and document checks for oversize arrays and structs.  r=rhunt.

https://hg.mozilla.org/mozilla-central/rev/0c09a0c4a6e7
https://hg.mozilla.org/mozilla-central/rev/2ccccf8fc42d

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox109: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 109 Branch
Regressions: 1803750
Blocks: 1863435
No longer blocks: 1802287
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: