AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[wasm] Deprecate reachability tracking in SsaEnv

Browse Source 
Reachability is already being tracked in the function body decoder.
This CL adds a DCHECK that the reachability tracked in the SsaEnv
matches the reachability tracked in the function body decoder. Most of
our methods will only be called for reachable code anyway.
For exceptions, we still track reachability explicitly for now in the
wasm graph builder, this can be refactored in the future by improving
reachability tracking for catch blocks in the function body decoder.

If this DCHECK survives fuzzing for a few days, we can remove code that
handles unreachable code in graph-building-interface.cc.

R=herhut@chromium.org

Bug: v8:8423, v8:8611
Change-Id: I0fb375c99497352aad396816566883fe234ca0ac
Reviewed-on: https://chromium-review.googlesource.com/c/1384089
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58368}
This commit is contained in:
Clemens Hammacher 2018-12-19 16:15:51 +01:00 committed by Commit Bot
parent 27d1e9f22f
commit b534e00e38
1 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/wasm/graph-builder-interface.cc
View File

@ -36,7 +36,14 @@ struct SsaEnv {
compiler::WasmInstanceCacheNodes instance_cache;
TFNode** locals;
bool reached() const { return state >= kReached; }
bool reached() const {
// The function body decoder already keeps track of reached vs unreached
// code. Each SsaEnv we work with should be reached.
// TODO(clemensh): Remove this method (https://crbug.com/v8/8611).
DCHECK_LE(kReached, state);
return state >= kReached;
}
void Kill(State new_state = kControlEnd) {
state = new_state;
locals = nullptr;
@ -71,6 +78,8 @@ class WasmGraphBuildingInterface {
SsaEnv* catch_env;
TFNode* exception = nullptr;
bool might_throw() const { return exception != nullptr; }
explicit TryInfo(SsaEnv* c) : catch_env(c) {}
};
@ -438,20 +447,20 @@ class WasmGraphBuildingInterface {
const ExceptionIndexImmediate<validate>& imm,
Control* block, Vector<Value> values) {
DCHECK(block->is_try_catch());
TFNode* exception = block->try_info->exception;
current_catch_ = block->previous_catch; // Pop try scope.
SsaEnv* catch_env = block->try_info->catch_env;
SetEnv(catch_env);
// The catch block is unreachable if no possible throws in the try block
// exist. We only build a landing pad if some node in the try block can
// (possibly) throw. Otherwise the catch environments remain empty.
DCHECK_EQ(exception != nullptr, ssa_env_->reached());
if (exception == nullptr) {
if (!block->try_info->might_throw()) {
block->reachability = kSpecOnlyReachable;
return;
}
TFNode* exception = block->try_info->exception;
SetEnv(block->try_info->catch_env);
TFNode* if_catch = nullptr;
TFNode* if_no_catch = nullptr;
@ -483,19 +492,18 @@ class WasmGraphBuildingInterface {
void CatchAll(FullDecoder* decoder, Control* block) {
DCHECK(block->is_try_catchall() || block->is_try_catch());
TFNode* exception = block->try_info->exception;
current_catch_ = block->previous_catch; // Pop try scope.
SsaEnv* catch_env = block->try_info->catch_env;
SetEnv(catch_env);
// The catch block is unreachable if no possible throws in the try block
// exist. We only build a landing pad if some node in the try block can
// (possibly) throw. Otherwise the catch environments remain empty.
DCHECK_EQ(exception != nullptr, ssa_env_->reached());
if (exception == nullptr) {
if (!block->try_info->might_throw()) {
block->reachability = kSpecOnlyReachable;
return;
}
SetEnv(block->try_info->catch_env);
}
void AtomicOp(FullDecoder* decoder, WasmOpcode opcode, Vector<Value> args,