Disable Web Assembly Memory Checks

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable Web Assembly Memory Checks

Abhinav Jangda
Hello Everyone,

I am looking for an option in SpiderMonkey to turn off the bounds check
emitted by JIT compiler while compiling Web Assembly code, something like
"wasm_no_bounds_check" and "wasm_no_stack_checks" in Google V8.
Unfortunately, I couldn't find any such options either using "js --help"
for SpiderMonkey JS Shell version JavaScript-C59.0a1 or "about:config"
options in Mozilla Firefox 57.0.4. Can anyone please help with turning the
checks off, this is required for a research project.

Thank You,

Abhinav Jangda
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|

Re: Disable Web Assembly Memory Checks

Benjamin Bouvier-2
Hi Abhinav,

Unfortunately there are no such options in our shell or browser.

Note there are a few kinds of bounds checks in our implementation of
WebAssembly: when accessing the linear segment of memory; when calling
a function in a function's table (callee index has to be checked
against the function table length).

Regarding memory bounds checks: on x64 (x86 64 bits), we use mprotect
optimizations with signal handling to remove all the bounds checks [1]
so none is emitted in the assembly code. On other platforms (ARM, x86
32 bits) they are always emitted; one way to disable those in your
local testing is to early `return` in
js::jit::CodeGenerator::visitWasmBoundsCheck [2] and to early `return`
in the wasm baseline compiler's prepareMemoryAccess function [3].

Function table bounds checks are always emitted on all platforms, and
can be disabled by removing the `if` body at [4] (for both ion and
baseline).

Curious to know what the research project is about (feel free to
answer in private if you prefer).

Cheers,
Benjamin

[1] https://jandemooij.nl/blog/2014/02/18/using-segfaults-to-interrupt-jit-code/
see Odin paragraph
[2] https://searchfox.org/mozilla-central/source/js/src/jit/CodeGenerator.cpp#12357
[3] https://searchfox.org/mozilla-central/source/js/src/wasm/WasmBaselineCompile.cpp#3972
[4] https://searchfox.org/mozilla-central/source/js/src/jit/MacroAssembler.cpp#3007

2018-01-08 21:41 GMT+01:00 Abhinav Jangda <[hidden email]>:

> Hello Everyone,
>
> I am looking for an option in SpiderMonkey to turn off the bounds check
> emitted by JIT compiler while compiling Web Assembly code, something like
> "wasm_no_bounds_check" and "wasm_no_stack_checks" in Google V8.
> Unfortunately, I couldn't find any such options either using "js --help"
> for SpiderMonkey JS Shell version JavaScript-C59.0a1 or "about:config"
> options in Mozilla Firefox 57.0.4. Can anyone please help with turning the
> checks off, this is required for a research project.
>
> Thank You,
>
> Abhinav Jangda
> _______________________________________________
> dev-tech-js-engine mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-js-engine
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine