[wasm-gc] Add option to skip array bounds checks

Bug: v8:7748 Change-Id: Id09544a9f55843d2474b6114da9d42e1ec994cff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226322 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77417}
2021-10-15 13:35:26 +00:00 · 2021-10-15 13:35:26 +00:00 · 14dc357259
commit 14dc357259
parent 2f0447be7e
5 changed files with 21 additions and 5 deletions
--- a/src/builtins/wasm.tq
+++ b/src/builtins/wasm.tq
@ -370,6 +370,15 @@ builtin WasmArrayCopyWithChecks(
      SmiFromUint32(srcIndex), SmiFromUint32(length));
 }

+builtin WasmArrayCopy(
+    dstIndex: uint32, srcIndex: uint32, length: uint32, dstArray: WasmArray,
+    srcArray: WasmArray): JSAny {
+  if (length == 0) return Undefined;
+  tail runtime::WasmArrayCopy(
+      LoadContextFromFrame(), dstArray, SmiFromUint32(dstIndex), srcArray,
+      SmiFromUint32(srcIndex), SmiFromUint32(length));
+}
+
 // Redeclaration with different typing (value is an Object, not JSAny).
 extern transitioning runtime
 CreateDataProperty(implicit context: Context)(JSReceiver, JSAny, Object): void;
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@ -5960,6 +5960,7 @@ void WasmGraphBuilder::StructSet(Node* struct_object,

 void WasmGraphBuilder::BoundsCheckArray(Node* array, Node* index,
                                        wasm::WasmCodePosition position) {
+  if (V8_UNLIKELY(FLAG_experimental_wasm_skip_bounds_checks)) return;
  Node* length = gasm_->LoadWasmArrayLength(array);
  TrapIfFalse(wasm::kTrapArrayOutOfBounds, gasm_->Uint32LessThan(index, length),
              position);
@ -5968,6 +5969,7 @@ void WasmGraphBuilder::BoundsCheckArray(Node* array, Node* index,
 void WasmGraphBuilder::BoundsCheckArrayCopy(Node* array, Node* index,
                                            Node* length,
                                            wasm::WasmCodePosition position) {
+  if (V8_UNLIKELY(FLAG_experimental_wasm_skip_bounds_checks)) return;
  Node* array_length = gasm_->LoadWasmArrayLength(array);
  Node* range_end = gasm_->Int32Add(index, length);
  Node* range_valid = gasm_->Word32And(
--- a/src/wasm/baseline/liftoff-compiler.cc
+++ b/src/wasm/baseline/liftoff-compiler.cc
@ -5143,7 +5143,7 @@ class LiftoffCompiler {
    LiftoffRegister index = pinned.set(__ PopToModifiableRegister(pinned));
    LiftoffRegister array = pinned.set(__ PopToRegister(pinned));
    MaybeEmitNullCheck(decoder, array.gp(), pinned, array_obj.type);
-    BoundsCheck(decoder, array, index, pinned);
+    BoundsCheckArray(decoder, array, index, pinned);
    ValueKind elem_kind = imm.array_type->element_type().kind();
    if (!CheckSupportedType(decoder, elem_kind, "array load")) return;
    int elem_size_shift = element_size_log2(elem_kind);
@ -5168,7 +5168,7 @@ class LiftoffCompiler {
    LiftoffRegister index = pinned.set(__ PopToModifiableRegister(pinned));
    LiftoffRegister array = pinned.set(__ PopToRegister(pinned));
    MaybeEmitNullCheck(decoder, array.gp(), pinned, array_obj.type);
-    BoundsCheck(decoder, array, index, pinned);
+    BoundsCheckArray(decoder, array, index, pinned);
    ValueKind elem_kind = imm.array_type->element_type().kind();
    int elem_size_shift = element_size_log2(elem_kind);
    if (elem_size_shift != 0) {
@ -5194,7 +5194,9 @@ class LiftoffCompiler {
                 const Value& length) {
    // TODO(7748): Unify implementation with TF: Implement this with
    // GenerateCCall. Remove runtime function and builtin in wasm.tq.
-    CallRuntimeStub(WasmCode::kWasmArrayCopyWithChecks,
+    CallRuntimeStub(FLAG_experimental_wasm_skip_bounds_checks
+                        ? WasmCode::kWasmArrayCopy
+                        : WasmCode::kWasmArrayCopyWithChecks,
                    MakeSig::Params(kI32, kI32, kI32, kOptRef, kOptRef),
                    // Builtin parameter order:
                    // [dst_index, src_index, length, dst, src].
@ -6098,8 +6100,9 @@ class LiftoffCompiler {
                      null.gp());
  }

-  void BoundsCheck(FullDecoder* decoder, LiftoffRegister array,
-                   LiftoffRegister index, LiftoffRegList pinned) {
+  void BoundsCheckArray(FullDecoder* decoder, LiftoffRegister array,
+                        LiftoffRegister index, LiftoffRegList pinned) {
+    if (V8_UNLIKELY(FLAG_experimental_wasm_skip_bounds_checks)) return;
    Label* trap_label =
        AddOutOfLineTrap(decoder, WasmCode::kThrowWasmTrapArrayOutOfBounds);
    LiftoffRegister length = __ GetUnusedRegister(kGpReg, pinned);
--- a/src/wasm/wasm-code-manager.h
+++ b/src/wasm/wasm-code-manager.h
@ -118,6 +118,7 @@ struct WasmModule;
  V(WasmAllocateArray_Uninitialized)      \
  V(WasmAllocateArray_InitNull)           \
  V(WasmAllocateArray_InitZero)           \
+  V(WasmArrayCopy)                        \
  V(WasmArrayCopyWithChecks)              \
  V(WasmAllocateRtt)                      \
  V(WasmAllocateFreshRtt)                 \
--- a/src/wasm/wasm-feature-flags.h
+++ b/src/wasm/wasm-feature-flags.h
@ -39,6 +39,7 @@
  V(skip_null_checks,                                                          \
    "skip null checks for call.ref and array and struct operations (unsafe)",  \
    false)                                                                     \
+  V(skip_bounds_checks, "skip array bounds checks (unsafe)", false)            \
                                                                               \
  /* Typed function references proposal. */                                    \
  /* Official proposal: https://github.com/WebAssembly/function-references */  \