Changeset 226461 in webkit for trunk/Source/JavaScriptCore/b3/testb3.cpp

Timestamp:

Jan 5, 2018, 2:02:31 PM (7 years ago)

Author:

[email protected]

Message:

TypedArrays and Wasm should use index masking.
​https://bugs.webkit.org/show_bug.cgi?id=181313

Reviewed by Michael Saboff.

Source/JavaScriptCore:

We should have index masking for our TypedArray code in the
DFG/FTL and for Wasm when doing bounds checking. Index masking for
Wasm is added to the WasmBoundsCheckValue. Since we don't CSE any
WasmBoundsCheckValues we don't need to worry about combining a
bounds check for a load and a store. I went with fusing the
pointer masking in the WasmBoundsCheckValue since it should reduce
additional compiler overhead.

• b3/B3LowerToAir.cpp:
• b3/B3Validate.cpp:
• b3/B3WasmBoundsCheckValue.cpp:

(JSC::B3::WasmBoundsCheckValue::WasmBoundsCheckValue):
(JSC::B3::WasmBoundsCheckValue::dumpMeta const):

• b3/B3WasmBoundsCheckValue.h:

(JSC::B3::WasmBoundsCheckValue::pinnedIndexingMask const):

• b3/air/AirCustom.h:

(JSC::B3::Air::WasmBoundsCheckCustom::generate):

• b3/testb3.cpp:

(JSC::B3::testWasmBoundsCheck):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::loadFromIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithSize):

• dfg/DFGSpeculativeJIT.h:
• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::pointerIntoTypedArray):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::emitIntTypedArrayGetByVal):

• runtime/Butterfly.h:

(JSC::Butterfly::computeIndexingMask const):
(JSC::Butterfly::computeIndexingMaskForVectorLength): Deleted.

• runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::JSArrayBufferView):

• wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::B3IRGenerator):
(JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
(JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
(JSC::Wasm::B3IRGenerator::load):
(JSC::Wasm::B3IRGenerator::store):
(JSC::Wasm::B3IRGenerator::addCallIndirect):

• wasm/WasmBinding.cpp:

(JSC::Wasm::wasmToWasm):

• wasm/WasmMemory.cpp:

(JSC::Wasm::Memory::Memory):
(JSC::Wasm::Memory::grow):

• wasm/WasmMemory.h:

(JSC::Wasm::Memory::offsetOfIndexingMask):

• wasm/WasmMemoryInformation.cpp:

(JSC::Wasm::PinnedRegisterInfo::get):
(JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):

• wasm/WasmMemoryInformation.h:

(JSC::Wasm::PinnedRegisterInfo::toSave const):

• wasm/js/JSToWasm.cpp:

(JSC::Wasm::createJSToWasmWrapper):

Source/WTF:

• wtf/MathExtras.h:

(WTF::computeIndexingMask):

File:

• trunk/Source/JavaScriptCore/b3/testb3.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/b3/testb3.cpp

@@ -15866 +15866 @@
 }
 
-void testWasmBoundsCheck(unsigned offset)
+enum class UseIndexingMaskGPR { No, Yes };
+void testWasmBoundsCheck(unsigned offset, UseIndexingMaskGPR useIndexingMask)
 {
     Procedure proc;
     GPRReg pinned = GPRInfo::argumentGPR1;
+    GPRReg indexingMask = InvalidGPRReg;
     proc.pinRegister(pinned);
+
+    if (useIndexingMask == UseIndexingMaskGPR::Yes) {
+        indexingMask = GPRInfo::argumentGPR2;
+        proc.pinRegister(indexingMask);
+    }
 
     proc.setWasmBoundsCheckGenerator([=] (CCallHelpers& jit, GPRReg pinnedGPR) {
@@ -15886 +15893 @@
     if (pointerType() != Int32)
         left = root->appendNew<Value>(proc, Trunc, Origin(), left);
-    root->appendNew<WasmBoundsCheckValue>(proc, Origin(), pinned, left, offset);
+    root->appendNew<WasmBoundsCheckValue>(proc, Origin(), pinned, indexingMask, left, offset);
     Value* result = root->appendNew<Const32Value>(proc, Origin(), 0x42);
     root->appendNewControlValue(proc, Return, Origin(), result);
 
     auto code = compileProc(proc);
-    CHECK_EQ(invoke<int32_t>(*code, 1, 2 + offset), 0x42);
-    CHECK_EQ(invoke<int32_t>(*code, 3, 2 + offset), 42);
-    CHECK_EQ(invoke<int32_t>(*code, 2, 2 + offset), 42);
+    uint32_t bound = 2 + offset;
+    uint32_t mask = WTF::computeIndexingMask(bound);
+    auto computeResult = [&] (uint32_t input) {
+        return input + offset < bound ? 0x42 : 42;
+    };
+
+    CHECK_EQ(invoke<int32_t>(*code, 1, bound, mask), computeResult(1));
+    CHECK_EQ(invoke<int32_t>(*code, 3, bound, mask), computeResult(3));
+    CHECK_EQ(invoke<int32_t>(*code, 2, bound, mask), computeResult(2));
 }
 
@@ -17746 +17759 @@
     RUN(testDepend64());
 
-    RUN(testWasmBoundsCheck(0));
-    RUN(testWasmBoundsCheck(100));
-    RUN(testWasmBoundsCheck(10000));
-    RUN(testWasmBoundsCheck(std::numeric_limits<unsigned>::max() - 5));
+    RUN(testWasmBoundsCheck(0, UseIndexingMaskGPR::No));
+    RUN(testWasmBoundsCheck(100, UseIndexingMaskGPR::No));
+    RUN(testWasmBoundsCheck(10000, UseIndexingMaskGPR::No));
+    RUN(testWasmBoundsCheck(std::numeric_limits<unsigned>::max() - 5, UseIndexingMaskGPR::No));
+    RUN(testWasmBoundsCheck(0, UseIndexingMaskGPR::Yes));
+    RUN(testWasmBoundsCheck(100, UseIndexingMaskGPR::Yes));
+    RUN(testWasmBoundsCheck(10000, UseIndexingMaskGPR::Yes));
+    RUN(testWasmBoundsCheck(std::numeric_limits<unsigned>::max() - 5, UseIndexingMaskGPR::Yes));
+
     RUN(testWasmAddress());