Reland "[vm] Implement typed data view GetIndexed in flow graph builder"

This is a reland of commit a7e2dce

Fixes the crash during code generation when typed data view
LoadIndexed was used on an internal typed data array
(in the unreachable code path) without loading its payload.

TEST=runtime/tests/vm/dart/regress_b_334128316_test.dart
TEST=manually verified repro from b/334128316

Original change's description:
> [vm] Implement typed data view GetIndexed in flow graph builder
>
> Typed data view 'operator []' is now implemented in the flow
> graph builder. This unifies all typed data GetIndexed operations
> and removes unnecessary address calculations.
>
> TEST=ci
>
> Change-Id: I8d2ca6e7c7bf18b2590536a643f92cad5beb6d95
> Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/361283
> Reviewed-by: Tess Strickland <[email protected]>
> Commit-Queue: Alexander Markov <[email protected]>
> Reviewed-by: Slava Egorov <[email protected]>

Change-Id: I3786fa17e971f8ba6cd01a57f1a68504bf24bc47
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/362821
Reviewed-by: Tess Strickland <[email protected]>
Commit-Queue: Alexander Markov <[email protected]>
Reviewed-by: Slava Egorov <[email protected]>

Author: alexmarkov

runtime/tests/vm/dart/regress_b_334128316_test.dart

@@ -0,0 +1,46 @@
+// Copyright (c) 2024, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+// Regression test for b/334128316.
+//
+// Verifies that compiler doesn't crash when generating code
+// for typed data view LoadIndexed which takes an internal typed data
+// (in unreachable code path).
+
+// VMOptions=--deterministic
+
+import 'dart:typed_data';
+
+@pragma('vm:never-inline')
+int foo(Uint8List bytes, int n) {
+  int sum = 0;
+  for (int i = 0; i < n - 2; ++i) {
+    // Polymorphic call, 2 targets.
+    // One of the targets is incompatible with CheckClass,
+    // creating an impossible LoadIndexed in the unreachable code.
+    int b0 = bytes[i];
+    if (b0 == 1) {
+      // Monomorphic call to [].
+      // CheckClass from this inline is moved out of the loop.
+      int b1 = bytes[i + 1];
+      sum += b1;
+    }
+  }
+  return sum;
+}
+
+void main() {
+  Uint8List input1 = Uint8List.view(Uint8List(10).buffer, 2);
+  Uint8List input2 = Uint8List(10);
+  for (int i = 0; i < input2.length; ++i) {
+    input2[i] = 1;
+  }
+  for (int i = 0; i < 1000; ++i) {
+    // Ensure certain order during polymorphic inlining by
+    // using 2x more views than internal typed data.
+    foo(input1, input1.length);
+    foo(input1, input1.length);
+    foo(input2, input2.length);
+  }
+}

runtime/tests/vm/dart/typed_list_index_checkbound_il_test.dart

@@ -17,13 +17,13 @@ int retrieveFromView(Int8List src, int n) => src[n];
 
 @pragma('vm:never-inline')
 @pragma('vm:testing:print-flow-graph')
-int retrieveFromBase(Int8List src, int n) => src[n];
+int retrieveFromInternal(Int8List src, int n) => src[n];
 
 @pragma('vm:never-inline')
 @pragma('vm:testing:print-flow-graph')
 int retrieveFromExternal(Int8List src, int n) => src[n];
 
-void matchIL$retrieveFromView(FlowGraph graph) {
+void matchILRetrieveFromNonInternal(FlowGraph graph) {
   graph.match([
     match.block('Graph'),
     match.block('Function', [
@@ -37,49 +37,27 @@ void matchIL$retrieveFromView(FlowGraph graph) {
         'unboxed_len' << match.UnboxInt64('len'),
         match.GenericCheckBound('unboxed_len', 'n'),
       ],
-      'typed_data' << match.LoadField('src', slot: 'TypedDataView.typed_data'),
-      'boxed_offset' <<
-          match.LoadField('src', slot: 'TypedDataView.offset_in_bytes'),
-      'offset' << match.UnboxInt64('boxed_offset'),
-      'index' << match.BinaryInt64Op('offset', 'n', op_kind: '+'),
-      if (is32BitConfiguration) ...[
-        'boxed_index' << match.BoxInt64('index'),
-      ],
-      'data' << match.LoadField('typed_data', slot: 'PointerBase.data'),
+      'data' << match.LoadField('src', slot: 'PointerBase.data'),
       if (is32BitConfiguration) ...[
-        'retval32' << match.LoadIndexed('data', 'boxed_index'),
+        'retval32' << match.LoadIndexed('data', 'boxed_n'),
         'retval' << match.IntConverter('retval32', from: 'int32', to: 'int64'),
       ] else ...[
-        'retval' << match.LoadIndexed('data', 'index'),
+        'retval' << match.LoadIndexed('data', 'n'),
       ],
       match.DartReturn('retval'),
     ]),
   ]);
 }
 
-void matchIL$retrieveFromBase(FlowGraph graph) {
-  graph.match([
-    match.block('Graph'),
-    match.block('Function', [
-      'src' << match.Parameter(index: 0),
-      'n' << match.Parameter(index: 1),
-      'len' << match.LoadField('src', slot: 'TypedDataBase.length'),
-      if (is32BitConfiguration) ...[
-        'boxed_n' << match.BoxInt64('n'),
-        match.GenericCheckBound('len', 'boxed_n'),
-        'retval32' << match.LoadIndexed('src', 'boxed_n'),
-        'retval' << match.IntConverter('retval32', from: 'int32', to: 'int64'),
-      ] else ...[
-        'unboxed_len' << match.UnboxInt64('len'),
-        match.GenericCheckBound('unboxed_len', 'n'),
-        'retval' << match.LoadIndexed('src', 'n'),
-      ],
-      match.DartReturn('retval'),
-    ]),
-  ]);
+void matchIL$retrieveFromView(FlowGraph graph) {
+  matchILRetrieveFromNonInternal(graph);
 }
 
 void matchIL$retrieveFromExternal(FlowGraph graph) {
+  matchILRetrieveFromNonInternal(graph);
+}
+
+void matchIL$retrieveFromInternal(FlowGraph graph) {
   graph.match([
     match.block('Graph'),
     match.block('Function', [
@@ -89,16 +67,12 @@ void matchIL$retrieveFromExternal(FlowGraph graph) {
       if (is32BitConfiguration) ...[
         'boxed_n' << match.BoxInt64('n'),
         match.GenericCheckBound('len', 'boxed_n'),
+        'retval32' << match.LoadIndexed('src', 'boxed_n'),
+        'retval' << match.IntConverter('retval32', from: 'int32', to: 'int64'),
       ] else ...[
         'unboxed_len' << match.UnboxInt64('len'),
         match.GenericCheckBound('unboxed_len', 'n'),
-      ],
-      'data' << match.LoadField('src', slot: 'PointerBase.data'),
-      if (is32BitConfiguration) ...[
-        'retval32' << match.LoadIndexed('data', 'boxed_n'),
-        'retval' << match.IntConverter('retval32', from: 'int32', to: 'int64'),
-      ] else ...[
-        'retval' << match.LoadIndexed('data', 'n'),
+        'retval' << match.LoadIndexed('src', 'n'),
       ],
       match.DartReturn('retval'),
     ]),
@@ -108,7 +82,7 @@ void matchIL$retrieveFromExternal(FlowGraph graph) {
 void main(List<String> args) {
   final n = args.isEmpty ? 0 : int.parse(args.first);
   final list = Int8List.fromList([1, 2, 3, 4]);
-  print(retrieveFromBase(list, n));
+  print(retrieveFromInternal(list, n));
   print(retrieveFromView(Int8List.sublistView(list), n));
   if (!isSimulator) {
     using((arena) {

runtime/vm/compiler/backend/flow_graph.cc

@@ -2648,11 +2648,18 @@ void FlowGraph::ExtractNonInternalTypedDataPayload(Instruction* instr,
   auto const type_cid = array->Type()->ToCid();
   // For external PointerBase objects, the payload should have already been
   // extracted during canonicalization.
-  ASSERT(!IsExternalPayloadClassId(cid) || !IsExternalPayloadClassId(type_cid));
-  // Don't extract if the array is an internal typed data object.
-  if (IsTypedDataClassId(type_cid)) return;
-  ExtractUntaggedPayload(instr, array, Slot::PointerBase_data(),
-                         InnerPointerAccess::kMayBeInnerPointer);
+  ASSERT(!IsExternalPayloadClassId(cid) && !IsExternalPayloadClassId(type_cid));
+  // Extract payload for typed data view instructions even if array is
+  // an internal typed data (could happen in the unreachable code),
+  // as code generation handles direct accesses only for internal typed data.
+  //
+  // For internal typed data instructions (which are also used for
+  // non-internal typed data arrays), don't extract payload if the array is
+  // an internal typed data object.
+  if (IsTypedDataViewClassId(cid) || !IsTypedDataClassId(type_cid)) {
+    ExtractUntaggedPayload(instr, array, Slot::PointerBase_data(),
+                           InnerPointerAccess::kMayBeInnerPointer);
+  }
 }
 
 void FlowGraph::ExtractNonInternalTypedDataPayloads() {

runtime/vm/compiler/backend/redundancy_elimination.cc

@@ -1110,31 +1110,41 @@ class AliasedSet : public ZoneAllocated {
       } else if (UseIsARedefinition(use) &&
                  AnyUseCreatesAlias(instr->Cast<Definition>())) {
         return true;
-      } else if ((instr->IsStoreField() &&
-                  (use->use_index() != StoreFieldInstr::kInstancePos))) {
-        ASSERT(use->use_index() == StoreFieldInstr::kValuePos);
-        // If we store this value into an object that is not aliased itself
-        // and we never load again then the store does not create an alias.
+      } else if (instr->IsStoreField()) {
         StoreFieldInstr* store = instr->AsStoreField();
-        Definition* instance =
-            store->instance()->definition()->OriginalDefinition();
-        if (Place::IsAllocation(instance) &&
-            !instance->Identity().IsAliased()) {
-          bool is_load, is_store;
-          Place store_place(instr, &is_load, &is_store);
-
-          if (!HasLoadsFromPlace(instance, &store_place)) {
-            // No loads found that match this store. If it is yet unknown if
-            // the object is not aliased then optimistically assume this but
-            // add it to the worklist to check its uses transitively.
-            if (instance->Identity().IsUnknown()) {
-              instance->SetIdentity(AliasIdentity::NotAliased());
-              aliasing_worklist_.Add(instance);
+
+        if (store->slot().kind() == Slot::Kind::kTypedDataView_typed_data) {
+          // Initialization of TypedDataView.typed_data field creates
+          // aliasing between the view and original typed data,
+          // as the same data can now be accessed via both typed data
+          // view and the original typed data.
+          return true;
+        }
+
+        if (use->use_index() != StoreFieldInstr::kInstancePos) {
+          ASSERT(use->use_index() == StoreFieldInstr::kValuePos);
+          // If we store this value into an object that is not aliased itself
+          // and we never load again then the store does not create an alias.
+          Definition* instance =
+              store->instance()->definition()->OriginalDefinition();
+          if (Place::IsAllocation(instance) &&
+              !instance->Identity().IsAliased()) {
+            bool is_load, is_store;
+            Place store_place(instr, &is_load, &is_store);
+
+            if (!HasLoadsFromPlace(instance, &store_place)) {
+              // No loads found that match this store. If it is yet unknown if
+              // the object is not aliased then optimistically assume this but
+              // add it to the worklist to check its uses transitively.
+              if (instance->Identity().IsUnknown()) {
+                instance->SetIdentity(AliasIdentity::NotAliased());
+                aliasing_worklist_.Add(instance);
+              }
+              continue;
             }
-            continue;
           }
+          return true;
         }
-        return true;
       } else if (auto* const alloc = instr->AsAllocation()) {
         // Treat inputs to an allocation instruction exactly as if they were
         // manually stored using a StoreField instruction.

runtime/vm/compiler/frontend/kernel_to_il.cc

@@ -960,36 +960,17 @@ bool FlowGraphBuilder::IsRecognizedMethodForFlowGraph(
   const MethodRecognizer::Kind kind = function.recognized_kind();
 
   switch (kind) {
+#define TYPED_DATA_GET_INDEXED_CASES(clazz)                                    \
+  case MethodRecognizer::k##clazz##ArrayGetIndexed:                            \
+    FALL_THROUGH;                                                              \
+  case MethodRecognizer::kExternal##clazz##ArrayGetIndexed:                    \
+    FALL_THROUGH;                                                              \
+  case MethodRecognizer::k##clazz##ArrayViewGetIndexed:                        \
+    FALL_THROUGH;
+    DART_CLASS_LIST_TYPED_DATA(TYPED_DATA_GET_INDEXED_CASES)
+#undef TYPED_DATA_GET_INDEXED_CASES
     case MethodRecognizer::kObjectArrayGetIndexed:
     case MethodRecognizer::kGrowableArrayGetIndexed:
-    case MethodRecognizer::kInt8ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt8ArrayGetIndexed:
-    case MethodRecognizer::kUint8ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint8ArrayGetIndexed:
-    case MethodRecognizer::kUint8ClampedArrayGetIndexed:
-    case MethodRecognizer::kExternalUint8ClampedArrayGetIndexed:
-    case MethodRecognizer::kInt16ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt16ArrayGetIndexed:
-    case MethodRecognizer::kUint16ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint16ArrayGetIndexed:
-    case MethodRecognizer::kInt32ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt32ArrayGetIndexed:
-    case MethodRecognizer::kUint32ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint32ArrayGetIndexed:
-    case MethodRecognizer::kInt64ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt64ArrayGetIndexed:
-    case MethodRecognizer::kUint64ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint64ArrayGetIndexed:
-    case MethodRecognizer::kFloat32ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat32ArrayGetIndexed:
-    case MethodRecognizer::kFloat64ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat64ArrayGetIndexed:
-    case MethodRecognizer::kFloat32x4ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat32x4ArrayGetIndexed:
-    case MethodRecognizer::kFloat64x2ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat64x2ArrayGetIndexed:
-    case MethodRecognizer::kInt32x4ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt32x4ArrayGetIndexed:
     case MethodRecognizer::kRecord_fieldAt:
     case MethodRecognizer::kRecord_fieldNames:
     case MethodRecognizer::kRecord_numFields:
@@ -1214,36 +1195,17 @@ FlowGraph* FlowGraphBuilder::BuildGraphOfRecognizedMethod(
 
   const MethodRecognizer::Kind kind = function.recognized_kind();
   switch (kind) {
+#define TYPED_DATA_GET_INDEXED_CASES(clazz)                                    \
+  case MethodRecognizer::k##clazz##ArrayGetIndexed:                            \
+    FALL_THROUGH;                                                              \
+  case MethodRecognizer::kExternal##clazz##ArrayGetIndexed:                    \
+    FALL_THROUGH;                                                              \
+  case MethodRecognizer::k##clazz##ArrayViewGetIndexed:                        \
+    FALL_THROUGH;
+    DART_CLASS_LIST_TYPED_DATA(TYPED_DATA_GET_INDEXED_CASES)
+#undef TYPED_DATA_GET_INDEXED_CASES
     case MethodRecognizer::kObjectArrayGetIndexed:
-    case MethodRecognizer::kGrowableArrayGetIndexed:
-    case MethodRecognizer::kInt8ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt8ArrayGetIndexed:
-    case MethodRecognizer::kUint8ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint8ArrayGetIndexed:
-    case MethodRecognizer::kUint8ClampedArrayGetIndexed:
-    case MethodRecognizer::kExternalUint8ClampedArrayGetIndexed:
-    case MethodRecognizer::kInt16ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt16ArrayGetIndexed:
-    case MethodRecognizer::kUint16ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint16ArrayGetIndexed:
-    case MethodRecognizer::kInt32ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt32ArrayGetIndexed:
-    case MethodRecognizer::kUint32ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint32ArrayGetIndexed:
-    case MethodRecognizer::kInt64ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt64ArrayGetIndexed:
-    case MethodRecognizer::kUint64ArrayGetIndexed:
-    case MethodRecognizer::kExternalUint64ArrayGetIndexed:
-    case MethodRecognizer::kFloat32ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat32ArrayGetIndexed:
-    case MethodRecognizer::kFloat64ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat64ArrayGetIndexed:
-    case MethodRecognizer::kFloat32x4ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat32x4ArrayGetIndexed:
-    case MethodRecognizer::kFloat64x2ArrayGetIndexed:
-    case MethodRecognizer::kExternalFloat64x2ArrayGetIndexed:
-    case MethodRecognizer::kInt32x4ArrayGetIndexed:
-    case MethodRecognizer::kExternalInt32x4ArrayGetIndexed: {
+    case MethodRecognizer::kGrowableArrayGetIndexed: {
       ASSERT_EQUAL(function.NumParameters(), 2);
       intptr_t array_cid = MethodRecognizer::MethodKindToReceiverCid(kind);
       const Representation elem_rep =