OwnedByAddressingOperand should also allow uses by ProtectedLoad

ProtectedLoad/ProtectedStore opcodes are used in WebAssembly to represent memory accesses. Since they are not part of the allowed opcodes in OwnedByAddressingOperand it is not possible to take advantage of addressing modes to encode common patterns for the pointer input value. R=jarin@chromium.org Bug: v8:8508 Change-Id: Ic62bf13fed7b1d86afb112d9aa59cd7073a28e72 Reviewed-on: https://chromium-review.googlesource.com/c/1354458 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#58237}

OwnedByAddressingOperand should also allow uses by ProtectedLoad
ProtectedLoad/ProtectedStore opcodes are used in WebAssembly to represent memory accesses. Since they are not part of the allowed opcodes in OwnedByAddressingOperand it is not possible to take advantage of addressing modes to encode common patterns for the pointer input value. R=jarin@chromium.org Bug: v8:8508 Change-Id: Ic62bf13fed7b1d86afb112d9aa59cd7073a28e72 Reviewed-on: https://chromium-review.googlesource.com/c/1354458 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#58237}
5f6b7803 · Alessandro Pignotti · Commit Bot · 3dbb3749 · 5f6b7803 · 5f6b7803
Commit 5f6b7803 authored Dec 10, 2018 by Alessandro Pignotti Committed by Commit Bot Dec 14, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 0 deletions

AUTHORS AUTHORS +1 -0

node-matchers.h src/compiler/node-matchers.h +2 -0

bounds-check-turbofan.js test/mjsunit/wasm/bounds-check-turbofan.js +24 -0

No files found.
--- a/AUTHORS
+++ b/AUTHORS
@@ -39,6 +39,7 @@ Cloudflare, Inc. <*@cloudflare.com>
 Aaron Bieber <deftly@gmail.com>
 Abdulla Kamar <abdulla.kamar@gmail.com>
 Akinori MUSHA <knu@FreeBSD.org>
+Alessandro Pignotti <alessandro@leaningtech.com>
 Alex Kodat <akodat@rocketsoftware.com>
 Alexander Botero-Lowry <alexbl@FreeBSD.org>
 Alexander Karpinsky <homm86@gmail.com>

--- a/src/compiler/node-matchers.h
+++ b/src/compiler/node-matchers.h
@@ -678,11 +678,13 @@ struct BaseWithIndexAndDisplacementMatcher {
      switch (from->opcode()) {
        case IrOpcode::kLoad:
        case IrOpcode::kPoisonedLoad:
+        case IrOpcode::kProtectedLoad:
        case IrOpcode::kInt32Add:
        case IrOpcode::kInt64Add:
          // Skip addressing uses.
          break;
        case IrOpcode::kStore:
+        case IrOpcode::kProtectedStore:
          // If the stored value is this node, it is not an addressing use.
          if (from->InputAt(2) == node) return false;
          // Otherwise it is used as an address and skipped.

--- a/test/mjsunit/wasm/bounds-check-turbofan.js
+++ b/test/mjsunit/wasm/bounds-check-turbofan.js
+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// Flags: --allow-natives-syntax
+load("test/mjsunit/wasm/wasm-constants.js");
+load("test/mjsunit/wasm/wasm-module-builder.js");
+const builder = new WasmModuleBuilder();
+builder.addMemory(1, undefined, false);
+builder.addFunction('load', kSig_i_i)
+    .addBody([
+        kExprGetLocal, 0,
+    kExprI32LoadMem, 0, 100])
+    .exportFunc();
+const module = builder.instantiate();
+%WasmTierUpFunction(module, 0);
+// 100 is added as part of the load instruction above
+// Last valid address (64k - 100 - 4)
+assertEquals(0, module.exports.load(0x10000 - 100 - 4));
+// First invalid address (64k - 100)
+assertTraps(kTrapMemOutOfBounds, _ => { module.exports.load(0x10000 - 100);});