T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cranelift: Do not optimize heap bounds checking comparison in legalization (#5272)

Browse Source 
That optimization is only for 12-bit immediates in Aarch64, which is now handled
in backend lowering, so we can simplify this code a bit now.
This commit is contained in:
Nick Fitzgerald
2022-11-15 11:54:52 -08:00
committed by GitHub
parent df1d679d2f
commit d335dc8d5a
1 changed files with 8 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
cranelift/codegen/src/legalizer/heap.rs
View File

@@ -189,37 +189,22 @@ fn static_addr(
let mut spectre_oob_comparison = None; let mut spectre_oob_comparison = None;
let index = cast_index_to_pointer_ty(index, index_ty, addr_ty, &mut pos); let index = cast_index_to_pointer_ty(index, index_ty, addr_ty, &mut pos);
if index_ty != ir::types::I32 || limit < 0xffff_ffff { if index_ty != ir::types::I32 || limit < 0xffff_ffff {
// Here we want to test the condition `index > limit` and if that's // Here we want to test the condition `index > limit` and if that's true
// true then this is an out-of-bounds access and needs to trap. For ARM // then this is an out-of-bounds access and needs to trap.
// and other RISC architectures it's easier to test against an immediate let oob = pos
// that's even instead of odd, so if `limit` is odd then we instead test .ins()
// for `index >= limit + 1`. .icmp_imm(IntCC::UnsignedGreaterThan, index, limit as i64);
//
// The thinking behind this is that:
//
// A >= B + 1 => A - 1 >= B => A > B
//
// where the last step here is true because A/B are integers, which
// should mean that `A >= B + 1` is an equivalent check for `A > B`
let (cc, lhs, limit_imm) = if limit & 1 == 1 {
let limit = limit as i64 + 1;
(IntCC::UnsignedGreaterThanOrEqual, index, limit)
} else {
let limit = limit as i64;
(IntCC::UnsignedGreaterThan, index, limit)
};
let oob = pos.ins().icmp_imm(cc, lhs, limit_imm);
trace!(" inserting: {}", pos.func.dfg.display_value_inst(oob)); trace!(" inserting: {}", pos.func.dfg.display_value_inst(oob));
let trapnz = pos.ins().trapnz(oob, ir::TrapCode::HeapOutOfBounds); let trapnz = pos.ins().trapnz(oob, ir::TrapCode::HeapOutOfBounds);
trace!(" inserting: {}", pos.func.dfg.display_inst(trapnz)); trace!(" inserting: {}", pos.func.dfg.display_inst(trapnz));
if isa.flags().enable_heap_access_spectre_mitigation() { if isa.flags().enable_heap_access_spectre_mitigation() {
let limit = pos.ins().iconst(addr_ty, limit_imm); let limit = pos.ins().iconst(addr_ty, limit as i64);
trace!(" inserting: {}", pos.func.dfg.display_value_inst(limit)); trace!(" inserting: {}", pos.func.dfg.display_value_inst(limit));
spectre_oob_comparison = Some(SpectreOobComparison { spectre_oob_comparison = Some(SpectreOobComparison {
cc, cc: IntCC::UnsignedGreaterThan,
lhs, lhs: index,
rhs: limit, rhs: limit,
}); });
} }