[wasm] Remove reachability checks from TF backend

The function body decoder already tracks reachability and only calls the backend for reachable code. Thus the checks in the TF backend can be skipped. Note that there was already a DCHECK in place that checks whether {SsaEnv::reached()} always returns true. This was to give fuzzers a chance to prove the reachability analysis in the function body decoder wrong. Since this did not happen, we can not remove the {reached()} method from SsaEnv, since it always returned true anyway. R=titzer@chromium.org Bug: v8:8423, v8:8611 Change-Id: I2336aa7a092e381e3d94d87051b6e14db0dbab99 Reviewed-on: https://chromium-review.googlesource.com/c/1415493Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58871}

[wasm] Remove reachability checks from TF backend
The function body decoder already tracks reachability and only calls the backend for reachable code. Thus the checks in the TF backend can be skipped. Note that there was already a DCHECK in place that checks whether {SsaEnv::reached()} always returns true. This was to give fuzzers a chance to prove the reachability analysis in the function body decoder wrong. Since this did not happen, we can not remove the {reached()} method from SsaEnv, since it always returned true anyway. R=titzer@chromium.org Bug: v8:8423, v8:8611 Change-Id: I2336aa7a092e381e3d94d87051b6e14db0dbab99 Reviewed-on: https://chromium-review.googlesource.com/c/1415493Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58871}
314da8ee · Clemens Hammacher · Commit Bot · 2f543fad · 314da8ee
Commit 314da8ee authored Jan 16, 2019 by Clemens Hammacher Committed by Commit Bot Jan 17, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 30 deletions

graph-builder-interface.cc src/wasm/graph-builder-interface.cc +8 -30

No files found.
--- a/src/wasm/graph-builder-interface.cc
+++ b/src/wasm/graph-builder-interface.cc
@@ -36,14 +36,6 @@ struct SsaEnv {
  compiler::WasmInstanceCacheNodes instance_cache;
  TFNode** locals;

-  bool reached() const {
-    // The function body decoder already keeps track of reached vs unreached
-    // code. Each SsaEnv we work with should be reached.
-    // TODO(clemensh): Remove this method (https://crbug.com/v8/8611).
-    DCHECK_LE(kReached, state);
-    return state >= kReached;
-  }
-
  void Kill(State new_state = kControlEnd) {
    state = new_state;
    locals = nullptr;
@@ -58,7 +50,6 @@ struct SsaEnv {

 #define BUILD(func, ...)                                            \
  ([&] {                                                            \
-    DCHECK(ssa_env_->reached());                                    \
    DCHECK(decoder->ok());                                          \
    return CheckForException(decoder, builder_->func(__VA_ARGS__)); \
  })()
@@ -148,8 +139,7 @@ class WasmGraphBuildingInterface {

  // Reload the instance cache entries into the Ssa Environment.
  void LoadContextIntoSsa(SsaEnv* ssa_env) {
-    if (!ssa_env || !ssa_env->reached()) return;
-    builder_->InitInstanceCache(&ssa_env->instance_cache);
+    if (ssa_env) builder_->InitInstanceCache(&ssa_env->instance_cache);
  }

  void StartFunctionBody(FullDecoder* decoder, Control* block) {}
@@ -198,9 +188,7 @@ class WasmGraphBuildingInterface {
  void If(FullDecoder* decoder, const Value& cond, Control* if_block) {
    TFNode* if_true = nullptr;
    TFNode* if_false = nullptr;
-    if (ssa_env_->reached()) {
-      BUILD(BranchNoHint, cond.node, &if_true, &if_false);
-    }
+    BUILD(BranchNoHint, cond.node, &if_true, &if_false);
    SsaEnv* end_env = ssa_env_;
    SsaEnv* false_env = Split(decoder, ssa_env_);
    false_env->control = if_false;
@@ -665,7 +653,6 @@ class WasmGraphBuildingInterface {

  void MergeValuesInto(FullDecoder* decoder, Control* c, Merge<Value>* merge) {
    DCHECK(merge == &c->start_merge || merge == &c->end_merge);
-    if (!ssa_env_->reached()) return;

    SsaEnv* target = c->end_env;
    const bool first = target->state == SsaEnv::kUnreachable;
@@ -692,7 +679,6 @@ class WasmGraphBuildingInterface {

  void Goto(FullDecoder* decoder, SsaEnv* from, SsaEnv* to) {
    DCHECK_NOT_NULL(to);
-    if (!from->reached()) return;
    switch (to->state) {
      case SsaEnv::kUnreachable: {  // Overwrite destination.
        to->state = SsaEnv::kReached;
@@ -753,7 +739,6 @@ class WasmGraphBuildingInterface {
  }

  SsaEnv* PrepareForLoop(FullDecoder* decoder, SsaEnv* env) {
-    if (!env->reached()) return Split(decoder, env);
    env->state = SsaEnv::kMerged;

    env->control = builder_->Loop(env->control);
@@ -807,18 +792,12 @@ class WasmGraphBuildingInterface {
    result->control = from->control;
    result->effect = from->effect;

-    if (from->reached()) {
-      result->state = SsaEnv::kReached;
-      result->locals =
-          size > 0 ? reinterpret_cast<TFNode**>(decoder->zone()->New(size))
-                   : nullptr;
-      memcpy(result->locals, from->locals, size);
-      result->instance_cache = from->instance_cache;
-    } else {
-      result->state = SsaEnv::kUnreachable;
-      result->locals = nullptr;
-      result->instance_cache = {};
-    }
+    result->state = SsaEnv::kReached;
+    result->locals =
+        size > 0 ? reinterpret_cast<TFNode**>(decoder->zone()->New(size))
+                 : nullptr;
+    memcpy(result->locals, from->locals, size);
+    result->instance_cache = from->instance_cache;

    return result;
  }
@@ -827,7 +806,6 @@ class WasmGraphBuildingInterface {
  // unreachable.
  SsaEnv* Steal(Zone* zone, SsaEnv* from) {
    DCHECK_NOT_NULL(from);
-    if (!from->reached()) return UnreachableEnv(zone);
    SsaEnv* result = reinterpret_cast<SsaEnv*>(zone->New(sizeof(SsaEnv)));
    result->state = SsaEnv::kReached;
    result->locals = from->locals;