<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - B3 needs a special WASMCheckBounds Opcode"
href="https://bugs.webkit.org/show_bug.cgi?id=163246">163246</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>B3 needs a special WASMCheckBounds Opcode
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>keith_miller@apple.com
</td>
</tr></table>
<p>
<div>
<pre>In order to make WASM as fast as possible we need to give B3 a through understanding of how WASM works. In particular, B3 needs to understand the memory model of WASM and what optimizations it can make within those constraints. To this end we should add a WASMCheckBounds opcode. This opcode should take the following bits of information: WASMCheckBounds(Value* ptr, Reg sizeRegister, size_t guardedBytes). When emitting a load WASM will first emit a WASMBoundsCheck value passing WASMCheckBounds(WASMUserPtrValue, pinnedSizeRegister, max(0, MMapedMemoryBeyondMaxRequested - WASMLoadOpOffsetImmediate - sizeOfLoadOpcode)). So if a module had a memory max of 1MB and we mapped 1088 KB (64 KB extra) and a WASM I32.Load operation with an offset immediate of 1024 bytes we could emit a WASMCheckBounds(@ptr, %r13, 64 * KB - 1024 - 4).</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>