summaryrefslogtreecommitdiffstats
path: root/js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js')
-rw-r--r--js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js54
1 files changed, 54 insertions, 0 deletions
diff --git a/js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js b/js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js
new file mode 100644
index 0000000000..82e8695963
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/bce-x86-ion-codegen.js
@@ -0,0 +1,54 @@
+// |jit-test| --wasm-compiler=optimizing; --spectre-mitigations=off; skip-if: !hasDisassembler() || wasmCompileMode() != "ion" || !getBuildConfiguration().x86 || getBuildConfiguration().simulator || getJitCompilerOptions()["ion.check-range-analysis"]; include:codegen-x86-test.js
+
+// Spectre mitigation is disabled above to make the generated code simpler to
+// match; ion.check-range-analysis makes a hash of the code and makes testing
+// pointless.
+
+// White-box testing of bounds check elimination on 32-bit systems.
+//
+// This is probably fairly brittle, but BCE (on 64-bit platforms) regressed (bug
+// 1735207) without us noticing, so it's not like we can do without these tests.
+//
+// See also bce-x64-ion-codegen.js.
+
+// Make sure the check for the second load is removed: the two load instructions
+// should appear back-to-back in the output.
+codegenTestX86_adhoc(
+`(module
+ (memory 1)
+ (func (export "f") (param i32) (result i32)
+ (local i32)
+ (local.set 1 (i32.add (local.get 0) (i32.const 4)))
+ (i32.load (local.get 1))
+ drop
+ (i32.load (local.get 1))))`,
+ 'f', `
+3b .. cmp %e.., %e..
+0f 83 .. 00 00 00 jnb 0x00000000000000..
+8b .. .. movl \\(%r..,%r..,1\\), %e..
+8b .. .. movl \\(%r..,%r..,1\\), %eax`,
+ {no_prefix:true});
+
+// Make sure constant indices below the heap minimum do not require a bounds check.
+// The first movl from *rsi below loads the heap base from Tls, an x86-ism.
+codegenTestX86_adhoc(
+`(module
+ (memory 1)
+ (func (export "f") (result i32)
+ (i32.load (i32.const 16))))`,
+ 'f', `
+8b .. movl \\(%rsi\\), %e..
+8b .. 10 movl 0x10\\(%r..\\), %eax`);
+
+// Ditto, even at the very limit of the known heap, extending into the guard
+// page. This is an OOB access, of course, but it needs no explicit bounds
+// check.
+codegenTestX86_adhoc(
+`(module
+ (memory 1)
+ (func (export "f") (result i32)
+ (i32.load (i32.const 65535))))`,
+ 'f',
+`
+8b .. movl \\(%rsi\\), %e..
+8b .. ff ff 00 00 movl 0xFFFF\\(%r..\\), %eax`);