Odinmonkey: add pre-heap buffer guard pages to avoid bounds checks for accesses that are known not to be negative by more than a small amount.




6 years ago
Last year


(Reporter: dougc, Unassigned)


(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)


After bug 979480 it becomes possible to allocate guard pages before the heap buffer.  These could be protected so that a read or write causes a SIGSEGV and the signal handler could emulate an out of bounds access.  This would allow bounds checks to be avoided when the index can be proven to no be negative by more than a small amount.  For example, an access with a hoisted mask minus a small constant u8[i&m - c].

An alternative is to bias the heap base so that small negative offsets are not really out of bounds.  For example u8[i&m - c + bias] where the bias would be common to most heap accesses so could be a common heap base offset and thus would not need to be computed on each heap access.

The use of guard pages has the advantage of not requiring an extension to the asm.js common usage or syntax, and would give more compact asm.js code by avoiding the addition of the bias on each heap access.  Handling the out-of-bounds access would be much slower in the signal handler but code would not be expected to hit this anyway.
Sounds great!

To wit, this was a prerequisite for bug 865523 (except with a much larger pre-heap guard region).  I see I resolved it WONTFIX, but I'm not sure why; I've always wondered how the 2-instruction sequence would compare to the current 3-instruction sequence.
Blocks: wasm-perf
Priority: -- → P5
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Closed: Last year
Resolution: --- → INACTIVE
Resolution: INACTIVE → ---
You need to log in before you can comment on or make changes to this bug.