wasm2c: update memory/table operations to use u64 + harmonize checks #2506
Conversation
keithw
force-pushed
the
w2c-harmonize-types
branch
2 times, most recently
from
176ec50 to
7bea8ee
Compare
| return _addcarry_u64(0, a, b, resptr); | ||
| } | ||
| #endif | ||
|
|
||
| #define RANGE_CHECK(mem, offset, len) \ |
There was a problem hiding this comment.
While defaulting to the 64-bit RANGE check is fine for memcpy, tables, etc. (it's unlikely to affect performance), the concern is that the 64-bit RANGE_CHECK will slow down accesses to 32-bit linear memories for bounds-checked wasm2c. Firefox uses the bounds-checked wasm2c for Wasm on 32-bit devices, and so it is perf sensitive to this.
I don't know if this is addressed in a future PR, but this particular PR would be a perf problem from the Firefox use case.
-
If you believe future PRs you are landing will give us the property "bounds checks on 32-bit memories are not slowed down", then i don't have any concerns. (I'd prefer landing this PR and the PR that fixes it in quick succession though). I'll look through the other PRs next to see if this is resolved by them
-
If you believe this is not addressed in future PRs, we may need to specialize the bounds checked added depending on the type of memory, which may need specializingi32_loadetc. on the type of memory -
An alternate approach would be to make the current PR about changing the RANGE_CHECK on the memory_fill style operations only, but leaving the RANGE_CHECKs on memory ops as is, i.e., it checks depending onSUPPORT_MEMORY64
Edit: I see that this might possibly be addressed in the next PR. If yes, please disregard the concern
There was a problem hiding this comment.
Thanks for these thoughtful (and well-taken) comments. I believe #2507 will nail this for you (by preserving the current RANGE_CHECK on 32-bit, default-page-size memories), so, how about we wait to get alignment on both #2506 and #2507 and then land them at the same time.
I should say that even the current RANGE_CHECK uses 64-bit arithmetic:
#define RANGE_CHECK(mem, offset, len) \
if (UNLIKELY(offset + (uint64_t)len > mem->size)) \
TRAP(OOB);
... but the difference is that RANGE_CHECK64 does an explicit check for 64-bit overflow. I wish I had the benchmarking infrastructure to promise you it won't affect performance on 32-bit x86 but... safer to wait for #2507 which lets you keep the same code.
keithw
force-pushed
the
w2c-harmonize-types
branch
from
70556e4 to
d15bfb9
Compare
Is the concern that the test-suite may not run on small machines? One thought I had to run at least simple tests due to lazy memory allocation on Linux-like OSes? If tests are of the form such as below: this should end up allocating only two physical pages for the heap. So apart from the large virtual memory footprint, the test should run fine even on small machines? |
keithw
force-pushed
the
w2c-harmonize-types
branch
2 times, most recently
from
beb8809 to
64a616d
Compare
keithw
force-pushed
the
w2c-harmonize-types
branch
from
487cb8a to
326e3cb
Compare
Yeah, and also that a test could be really slow to run (e.g. memory.fill with an "n" greater than UINT32_MAX). |
(Sequenced behind #2506) This PR allows "software-bounds-checked" memories and "guard-page-checked" memories to coexist in the same module. It creates two versions of every memory operation: an unrestricted version (that works with any memory) and a `_default32` version (for memories with default page size and i32 indexing). The unrestricted version calls `MEMCHECK_GENERAL`, which does a 64-bit software `RANGE_CHECK` to check that the operation reads/writes within the bounds of the memory. The `_default32` version calls `MEMCHECK_DEFAULT32`, which is the same as the old `MEMCHECK`: if the runtime declares `WASM_RT_MEMCHECK_GUARD_PAGES`, it will do nothing. Otherwise it will do a 32-bit software `RANGE_CHECK` (which seems to be one less instruction than the 64-bit `RANGE_CHECK`). This is a stepping stone to supporting custom-page-sizes (which will need to be software bounds-checked) (#2508).
(Sequenced behind #2506) This PR allows "software-bounds-checked" memories and "guard-page-checked" memories to coexist in the same module. It creates two versions of every memory operation: an unrestricted version (that works with any memory) and a `_default32` version (for memories with default page size and i32 indexing). The unrestricted version calls `MEMCHECK_GENERAL`, which does a 64-bit software `RANGE_CHECK` to check that the operation reads/writes within the bounds of the memory. The `_default32` version calls `MEMCHECK_DEFAULT32`, which is the same as the old `MEMCHECK`: if the runtime declares `WASM_RT_MEMCHECK_GUARD_PAGES`, it will do nothing. Otherwise it will do a 32-bit software `RANGE_CHECK` (which seems to be one less instruction than the 64-bit `RANGE_CHECK`). This is a stepping stone to supporting custom-page-sizes (which will need to be software bounds-checked) (#2508).
keithw
force-pushed
the
w2c-harmonize-types
branch
from
6fd3383 to
89ba648
Compare
|
I merged this with #2507 per the requests to avoid a regression in between; please speak up if anybody wants to re-review. |
(Sequenced behind #2506) This PR allows "software-bounds-checked" memories and "guard-page-checked" memories to coexist in the same module. It creates two versions of every memory operation: an unrestricted version (that works with any memory) and a `_default32` version (for memories with default page size and i32 indexing). The unrestricted version calls `MEMCHECK_GENERAL`, which does a 64-bit software `RANGE_CHECK` to check that the operation reads/writes within the bounds of the memory. The `_default32` version calls `MEMCHECK_DEFAULT32`, which is the same as the old `MEMCHECK`: if the runtime declares `WASM_RT_MEMCHECK_GUARD_PAGES`, it will do nothing. Otherwise it will do a 32-bit software `RANGE_CHECK` (which seems to be one less instruction than the 64-bit `RANGE_CHECK`). This is a stepping stone to supporting custom-page-sizes (which will need to be software bounds-checked) (#2508).
keithw
force-pushed
the
w2c-harmonize-types
branch
from
89ba648 to
648efc8
Compare
|
@shravanrn Could you please release your "request changes" unless you still want something on this one? |
|
Okay, with nothing heard, will merge and move on to #2508. |
The PR updates the bulk memory operations (memory.fill, memory.copy, table.fill, etc.) to support 64-bit addresses and counts, and standardizes on a 64-bit version of RANGE_CHECK everywhere.
Previously we were only taking u32's for these arguments, even with memory64 enabled. (I don't think the memory64 tests check the ability to use memory.copy or the other operations beyond the first 4 GiB of a memory -- I wonder if there would be a way to add this as an "intensive" test if people don't mind having to allocate >4 GiB to run the test.)
This is a stepping-stone to being able to mix software-bounds-checked i64 memories and "guard-page-checked" i32 memories in the same module (#2507) and supporting custom-page-sizes (#2508).