[webkit-changes] [WebKit/WebKit] 03f594: run-jsc may kill the whole process group on some u...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 03f59460b1334611bbb47d83fd26e2910a6c151c https://github.com/WebKit/WebKit/commit/03f59460b1334611bbb47d83fd26e2910a6c151c Author: Asumu Takikawa Date: 2023-10-30 (Mon, 30 Oct 2023) Changed paths: M Tools/Scripts/run-jsc Log Message: --- run-jsc may kill the whole process group on some unix platforms https://bugs.webkit.org/show_bug.cgi?id=263792 Reviewed by Jonathan Bedard. Add `prohibitUnknownPort` for better UX for unix users. Also changes how the status result from running JSC is handled. When JSC fails to start at all, it should be handled separately to avoid sending bogus signals. Also use Perl `kill` to add an extra layer of checks to avoid sending a bogus signal. * Tools/Scripts/run-jsc: Canonical link: https://commits.webkit.org/269947@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] daaaec: [Wasm-GC] Remove toJSValue calls for struct operat...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: daaaece7a06eb42fd7c8ee873c908b5e344f https://github.com/WebKit/WebKit/commit/daaaece7a06eb42fd7c8ee873c908b5e344f Author: Asumu Takikawa Date: 2023-09-20 (Wed, 20 Sep 2023) Changed paths: M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h Log Message: --- [Wasm-GC] Remove toJSValue calls for struct operations https://bugs.webkit.org/show_bug.cgi?id=260910 Reviewed by Justin Michaud. This patch adjusts the JSWebAssemblyStruct::set() method so that it takes an EncodedJSValue instead of a JSValue. This saves unnecessary conversions between representations and eliminates potential exception throws. In the future the original functionality may be helpful for expanded JS API capabilities. This patch also makes a minor adjustment to JSWebAssemblyArray::set() to match the struct version. * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::arraySet): (JSC::Wasm::structNew): (JSC::Wasm::structSet): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h: Canonical link: https://commits.webkit.org/268211@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] afcea2: [Wasm-GC] Adopt final opcodes for proposal
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: afcea26699c7f4b151758a203f76cd4fb5ef68fe https://github.com/WebKit/WebKit/commit/afcea26699c7f4b151758a203f76cd4fb5ef68fe Author: Asumu Takikawa Date: 2023-10-18 (Wed, 18 Oct 2023) Changed paths: M JSTests/wasm/funcref-spec-harness/sync_index.js M JSTests/wasm/function-references-spec-tests/call_ref.wast.js M JSTests/wasm/function-references-spec-tests/local_init.wast.js M JSTests/wasm/function-references-spec-tests/ref_as_non_null.wast.js M JSTests/wasm/function-references-spec-tests/ref_null.wast.js M JSTests/wasm/function-references/bug243265.js M JSTests/wasm/function-references/local_init.js M JSTests/wasm/function-references/ref_as_non_null.js M JSTests/wasm/function-references/ref_types.js M JSTests/wasm/function-references/table.js M JSTests/wasm/gc-spec-tests/ref_cast.wast.js M JSTests/wasm/gc-spec-tests/type-canon.wast.js M JSTests/wasm/gc-spec-tests/type-equivalence.wast.js M JSTests/wasm/gc-spec-tests/type-rec.wast.js M JSTests/wasm/gc-spec-tests/type-subtyping.wast.js M JSTests/wasm/gc/array_new_fixed.js M JSTests/wasm/gc/bug250613.js M JSTests/wasm/gc/casts.js M JSTests/wasm/gc/eq.js M JSTests/wasm/gc/extern.js M JSTests/wasm/gc/i31.js M JSTests/wasm/gc/packed-arrays.js M JSTests/wasm/gc/rec.js M JSTests/wasm/gc/structs.js M JSTests/wasm/gc/sub.js M JSTests/wasm/gc/wast.js M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/llint/WebAssembly32_64.asm M Source/JavaScriptCore/llint/WebAssembly64.asm M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Adopt final opcodes for proposal https://bugs.webkit.org/show_bug.cgi?id=263026 Reviewed by Justin Michaud. Renumbers opcodes to match the final Wasm GC spec and updates all of the tests. The wast.js library and the GC spec tests are from commit 10de3ade72b4b2665f0741d542f5e42fa5f9bf41 of the upstream spec repo. The typed function reference spec tests are from commit 2eb52be6c975773e30773cf382853aec71682761 of the corresponding spec repo. * JSTests/wasm/funcref-spec-harness/sync_index.js: * JSTests/wasm/function-references-spec-tests/call_ref.wast.js: * JSTests/wasm/function-references-spec-tests/local_init.wast.js: * JSTests/wasm/function-references-spec-tests/ref_as_non_null.wast.js: * JSTests/wasm/function-references-spec-tests/ref_null.wast.js: * JSTests/wasm/function-references/bug243265.js: (async exportRefIndexResultFunc): (async refIndexArgToJS): * JSTests/wasm/function-references/local_init.js: (async testLocalInit): * JSTests/wasm/function-references/ref_as_non_null.js: (async ref_as_non_null): * JSTests/wasm/function-references/ref_types.js: (async testRefTypeLocal): (async testNonNullRefTypeLocal): (async testRefTypeInSignature): (async testRefTypeParamCheck): (async testRefGlobalCheck): (async testExternFuncrefNonNullCheck): (async testExternrefCompatibility): (async testNonNullExternrefIncompatible): (async testFuncrefCompatibility): (async testNonNullFuncrefIncompatible): * JSTests/wasm/function-references/table.js: (async testTypedFuncrefTable): * JSTests/wasm/gc-spec-tests/ref_cast.wast.js: * JSTests/wasm/gc-spec-tests/type-canon.wast.js: * JSTests/wasm/gc-spec-tests/type-equivalence.wast.js: * JSTests/wasm/gc-spec-tests/type-rec.wast.js: * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: * JSTests/wasm/gc/array_new_fixed.js: (testMissingArgumentCount): * JSTests/wasm/gc/bug250613.js: (testStructSet): * JSTests/wasm/gc/casts.js: (testI31Casts): (testFunctionCasts): (testArrayCasts): (testStructCasts): (testEqCasts): * JSTests/wasm/gc/eq.js: * JSTests/wasm/gc/extern.js: (testInternalize): (testRoundtrip): (testTable): * JSTests/wasm/gc/i31.js: (testI31New): (testI31Get): * JSTests/wasm/gc/packed-arrays.js: (testArrayGetUnreachable): * JSTests/wasm/gc/rec.js: (testRecDeclaration): * JSTests/wasm/gc/structs.js: * JSTests/wasm/gc/sub.js: (testSubDeclaration): * JSTests/wasm/gc/wast.js: (typeof.globalThis.string_appeared_here.this.get Object): (b): Deleted. (ac): Deleted. (gp): Deleted. (f4): Deleted. (cl): Deleted. (bZ): Deleted. (bt): Deleted. (h): Deleted. (adP): Deleted. (dy): Deleted. (dr): Deleted. (wr): Deleted. (jl): Deleted. (bB): Deleted. (bB.prototype.toString): Deleted
[webkit-changes] [WebKit/WebKit] 2b9318: [Wasm-GC] Add support for new constant expressions
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2b9318e65c51add3e3d798360a05960524b9fa92 https://github.com/WebKit/WebKit/commit/2b9318e65c51add3e3d798360a05960524b9fa92 Author: Asumu Takikawa Date: 2023-10-18 (Wed, 18 Oct 2023) Changed paths: M JSTests/wasm/gc-spec-harness.js M JSTests/wasm/gc-spec-harness/async_index.js M JSTests/wasm/gc-spec-harness/sync_index.js A JSTests/wasm/gc-spec-harness/wasm-constants.js A JSTests/wasm/gc-spec-tests/array.wast.js A JSTests/wasm/gc-spec-tests/i31.wast.js A JSTests/wasm/gc/const-exprs-flag-off.js A JSTests/wasm/gc/const-exprs.js M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Tools/Scripts/run-jsc-stress-tests Log Message: --- [Wasm-GC] Add support for new constant expressions https://bugs.webkit.org/show_bug.cgi?id=254696 Reviewed by Justin Michaud. Enables new constant expressions used in the GC proposal: array.new (normal, default, and fixed), struct.new (normal, default), extern.internalize/externalize, and i31.new. Both GC and extended constant expr flags need to be turned on to use these. The representation of ExpressionType used in the constant expression generator is changed to potentially hold a Strong reference in order to keep allocated objects live. This enables most GC array spec tests to run, so this patch also adds those tests to the suite. The remaining test failure is blocked on parsing element vector items. Running these spec tests also required updating part of the GC spec test harness to match the upstream JS test helpers. This patch also fixes a minor bug in parsing `array.new_data` that's exposed by these tests. * JSTests/wasm/gc-spec-harness.js: * JSTests/wasm/gc-spec-harness/async_index.js: (hostref): (eq_ref): (reinitializeRegistry.get promise_test): (reinitializeRegistry): (externref): Deleted. (is_externref): Deleted. (is_funcref): Deleted. (eq_externref): Deleted. (eq_funcref): Deleted. * JSTests/wasm/gc-spec-harness/sync_index.js: (hostref): (eq_ref): (externref): Deleted. (is_externref): Deleted. (is_funcref): Deleted. (eq_externref): Deleted. (eq_funcref): Deleted. * JSTests/wasm/gc-spec-harness/wasm-constants.js: Added. (bytes): (bytesWithHeader): (makeSig): (makeSig_v_x): (makeSig_v_xx): (makeSig_r_v): (makeSig_r_x): (makeSig_r_xx): (assertTraps): (assertWasmThrows): * JSTests/wasm/gc-spec-tests/array.wast.js: Added. * JSTests/wasm/gc-spec-tests/i31.wast.js: Added. * JSTests/wasm/gc/const-exprs-flag-off.js: Added. (async testInvalidGCConstExprs): * JSTests/wasm/gc/const-exprs.js: Added. (async testGCConstExprs): (async testInvalidConstExprs): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::ConstExprValue::ConstExprValue): (JSC::Wasm::ConstExprGenerator::ConstExprValue::getValue): (JSC::Wasm::ConstExprGenerator::ConstExprValue::type): (JSC::Wasm::ConstExprGenerator::ConstExprValue::operator+): (JSC::Wasm::ConstExprGenerator::ConstExprValue::operator-): (JSC::Wasm::ConstExprGenerator::ConstExprValue::operator*): (JSC::Wasm::ConstExprGenerator::result const): (JSC::Wasm::ConstExprGenerator::addConstant): (JSC::Wasm::ConstExprGenerator::getGlobal): (JSC::Wasm::ConstExprGenerator::addRefI31): (JSC::Wasm::ConstExprGenerator::createNewArray): (JSC::Wasm::ConstExprGenerator::addArrayNew): (JSC::Wasm::ConstExprGenerator::addArrayNewDefault): (JSC::Wasm::ConstExprGenerator::addArrayNewFixed): (JSC::Wasm::ConstExprGenerator::createNewStruct): (JSC::Wasm::ConstExprGenerator::addStructNewDefault): (JSC::Wasm::ConstExprGenerator::addStructNew): (JSC::Wasm::ConstExprGenerator::addAnyConvertExtern): (JSC::Wasm::ConstExprGenerator::addExternConvertAny): (JSC::Wasm::ConstExprGenerator::addRefFunc): (JSC::Wasm::evaluateExtendedConstExpr): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.h: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseInitExpr): * Tools/Scripts/run-jsc-stress-tests: Canonical link: https://commits.webkit.org/269484@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 42927f: [WASM-Function-References] Extend tables with init...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 42927fcd77eacfe0e121f8ec1519d22dc8344468 https://github.com/WebKit/WebKit/commit/42927fcd77eacfe0e121f8ec1519d22dc8344468 Author: Asumu Takikawa Date: 2023-10-19 (Thu, 19 Oct 2023) Changed paths: A JSTests/wasm/function-references-spec-tests/table.wast.js A JSTests/wasm/function-references/table_init.js A JSTests/wasm/gc/table_init.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [WASM-Function-References] Extend tables with initializer expressions https://bugs.webkit.org/show_bug.cgi?id=251123 Reviewed by Justin Michaud. Add support for tables with initializer expressions. This entails extending TableInformation with initialization information, just as there is for globals. The same fast paths for initializer expressions are used for tables, except restricted to the ones that make sense for reference types. * JSTests/wasm/funcref-spec-harness/sync_index.js: * JSTests/wasm/function-references-spec-tests/table.wast.js: Added. * JSTests/wasm/function-references/table_init.js: Added. (module): (async testTableInitParsing): (async testTableInitRuntime): * JSTests/wasm/gc/table_init.js: Added. (testTableValidation): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::TableInformation::TableInformation): (JSC::Wasm::TableInformation::initType const): (JSC::Wasm::TableInformation::initialBitsOrImportNumber const): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseTableHelper): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeExports): Canonical link: https://commits.webkit.org/269527@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b8f9d4: [Wasm-GC] Add support for final attribute
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b8f9d496f05d9cf92f752a5ffb208d015a26a794 https://github.com/WebKit/WebKit/commit/b8f9d496f05d9cf92f752a5ffb208d015a26a794 Author: Asumu Takikawa Date: 2023-08-14 (Mon, 14 Aug 2023) Changed paths: M JSTests/wasm/gc-spec-tests/ref_cast.wast.js M JSTests/wasm/gc-spec-tests/type-subtyping.wast.js M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/bug247874.js M JSTests/wasm/gc/casts.js M JSTests/wasm/gc/structs.js M JSTests/wasm/gc/sub.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add support for final attribute https://bugs.webkit.org/show_bug.cgi?id=250107 Reviewed by Justin Michaud. Adds support for `final` attribute on `sub` types. This enables types to be marked final, in which case they cannot be inherited from. This changes the default for shorthands like `struct` to be final. As a result, the representation of subtypes needs to change to allow 0 or 1 supertypes (previously, 0 supertype subs were normalized to not using a Subtype constructor). To accommodate this, the representation is changed to allow an arbitrary number of supertypes (though restricted to 0 or 1 in practice). This patch also fixes some additional bugs found in related code, such as a missing subtype check for certain kinds of `rec` types and fixing a case where type indices were resolved too early in array operation validation. In addition to tests for final attributes, this patch updates tests where the a new `sub` is needed due to changes in default finality. It also updates GC spec tests where needed to the version in commit c7de5a1c1e261808a0c7744177589f6eb25da145 of the GC proposal repo. * JSTests/wasm/gc-spec-tests/ref_cast.wast.js: * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: * JSTests/wasm/gc/arrays.js: (testArrayNewDefault): (testArrayGet): * JSTests/wasm/gc/bug247874.js: (i.instantiate.module.type.struct.type.sub.0.struct.field.i32.global.import.string_appeared_here.string_appeared_here): Deleted. * JSTests/wasm/gc/casts.js: (testSubtypeCasts): * JSTests/wasm/gc/structs.js: (testStructNewDefault): * JSTests/wasm/gc/sub.js: (testSubDeclaration): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::sizeOfType): (JSC::Wasm::BBQJIT::toValueKind): (JSC::Wasm::BBQJIT::getGlobal): (JSC::Wasm::BBQJIT::setGlobal): (JSC::Wasm::BBQJIT::addTopLevel): (JSC::Wasm::BBQJIT::emitCatchImpl): (JSC::Wasm::BBQJIT::emitCCall): * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::numberOfStackResults const): (JSC::Wasm::WasmCallingConvention::numberOfStackArguments const): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::arrayrefType): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseArrayTypeDefinition): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::callInformationForCaller): (JSC::Wasm::LLIntGenerator::callInformationForCallee): (JSC::Wasm::LLIntGenerator::addArguments): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): (JSC::Wasm::SectionParser::parseRecursionGroup): (JSC::Wasm::SectionParser::checkSubtypeValidity): (JSC::Wasm::SectionParser::parseSubtype): * Source/JavaScriptCore/wasm/WasmSectionParser.h: * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::Subtype::dump const): (JSC::Wasm::Subtype::cleanup): (JSC::Wasm::computeSubtypeHash): (JSC::Wasm::TypeDefinition::hash const): (JSC::Wasm::TypeDefinition::tryCreateSubtype): (JSC::Wasm::TypeDefinition::replacePlaceholders const): (JSC::Wasm::TypeDefinition::hasRecursiveReference const): (JSC::Wasm::TypeInformation::signatureForLLIntBuiltin): (JSC::Wasm::SubtypeParameterTypes::hash): (JSC::Wasm::SubtypeParameterTypes::equal): (JSC::Wasm::SubtypeParameterTypes::translate): (JSC::Wasm::TypeInformation::TypeInformation): (JSC::Wasm::TypeInformation::typeDefinitionForSubtype): (JSC::Wasm::TypeInformation::canonicalRTTForType): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): (JSC::Wasm::Subtype::Subtype): (JSC::Wasm::Subtype::supertypeCount const): (JSC::Wasm::Subtype::isFinal const): (JSC::Wasm::Subtype::firstSuperType const): (JSC::Wasm::Subtype::superType const): (JSC::Wasm
[webkit-changes] [WebKit/WebKit] 83c1c1: [WASM-Function-References] Add support for local i...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 83c1c1073f0f9d01b9bb573d3cf50aee14314d5a https://github.com/WebKit/WebKit/commit/83c1c1073f0f9d01b9bb573d3cf50aee14314d5a Author: Asumu Takikawa Date: 2023-08-25 (Fri, 25 Aug 2023) Changed paths: A JSTests/wasm/function-references-spec-tests/local_init.wast.js A JSTests/wasm/function-references/local_init.js M JSTests/wasm/function-references/ref_types.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [WASM-Function-References] Add support for local initialization tracking https://bugs.webkit.org/show_bug.cgi?id=247396 Reviewed by Justin Michaud. Add local initialization tracking as added by the typed function references proposal. This allows the use of non-defaultable locals (e.g., with types like (ref extern) that are non-nullable). Non-defaultable locals can only be read with local.get after an initialization by, e.g., local.set. To track the local state, an initialization stack (max height is the number of non-defaultable locals) is used that tracks initialized non-defaultable locals. The stack is popped to a previous state on exit from a block. A bitvector is used to map local indices to initialization state, to facilitate quick lookups. * JSTests/wasm/function-references-spec-tests/local_init.wast.js: Added. * JSTests/wasm/function-references/local_init.js: Added. (module): (async testLocalInit): * JSTests/wasm/function-references/ref_types.js: (async testNonNullRefTypeLocal): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::pushLocalInitialized): (JSC::Wasm::FunctionParser::getLocalInitStackHeight const): (JSC::Wasm::FunctionParser::resetLocalInitStackToHeight): (JSC::Wasm::FunctionParser::localIsInitialized): (JSC::Wasm::FunctionParser::parse): (JSC::Wasm::FunctionParser::parseBody): (JSC::Wasm::FunctionParser::checkLocalInitialized): (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): Canonical link: https://commits.webkit.org/267309@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c3c975: [wasm] Implement Extended Const Expressions
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c3c9754a47b03abd7bbada3d865d8842fbb618a2 https://github.com/WebKit/WebKit/commit/c3c9754a47b03abd7bbada3d865d8842fbb618a2 Author: Asumu Takikawa Date: 2023-08-28 (Mon, 28 Aug 2023) Changed paths: M JSTests/wasm.yaml A JSTests/wasm/extended-const-spec-tests/data.wast.js A JSTests/wasm/extended-const-spec-tests/elem.wast.js A JSTests/wasm/extended-const-spec-tests/global.wast.js A JSTests/wasm/extended-const/extended-const.js A JSTests/wasm/extended-const/flag-turned-off.js M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/runtime/OptionsList.h A Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp A Source/JavaScriptCore/wasm/WasmConstExprGenerator.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmModuleInformation.h M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.h M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.h M Tools/Scripts/run-jsc-stress-tests Log Message: --- [wasm] Implement Extended Const Expressions https://bugs.webkit.org/show_bug.cgi?id=252483 Reviewed by Justin Michaud and Yusuke Suzuki. Enables the extended const expressions proposal, which allows i32.add, i32.sub, i64.add, and i64.sub instructions in global, element, and data initialization expressions. Since these instructions take arguments, the init expressions have a tree structure and require a more complex evaluator with a stack. The existing code paths for simple, one-instruction init expressions are kept intact as fast paths. The general parsing case is only used if an `End` instruction does not follow the first opcode and the proposal flag is on. For extended expressions, a FunctionParser instance is used alongside a new generator class for init expressions. The generator class will error on any non-constant opcodes. The generator, when used in evaluation mode by module initialization code paths, can also evaluate the constant expression. At wasm module validation time, the extended expressions are only parsed and validated. The binary opcodes for the expressions are then stored in ModuleInformation, so that the module initialization step can evaluate them to a wasm value. This patch does not, however, generalize the parsing of element segment item vectors. This can be done but requires some additional restructuring of element segment representation. Tests imported from the proposal spec repo are from commit 7612271a72f00e2b385a98a7f79a031f94fb77e6 of https://github.com/WebAssembly/extended-const * JSTests/wasm.yaml: * JSTests/wasm/extended-const-spec-tests/data.wast.js: Added. * JSTests/wasm/extended-const-spec-tests/elem.wast.js: Added. * JSTests/wasm/extended-const-spec-tests/global.wast.js: Added. * JSTests/wasm/extended-const/extended-const.js: Added. (module): (async testConstExprFastPaths): (async testExtendedConstGlobal): (async testExtendedConstElement): (async testExtendedConstData): (async testInvalidConstExprs): * JSTests/wasm/extended-const/flag-turned-off.js: Added. (module): (async testConstExprErrorPaths): * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/runtime/OptionsList.h: * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: Added. (JSC::Wasm::ConstExprGenerator::ControlData::isIf): (JSC::Wasm::ConstExprGenerator::ControlData::isTry): (JSC::Wasm::ConstExprGenerator::ControlData::isAnyCatch): (JSC::Wasm::ConstExprGenerator::ControlData::isCatch): (JSC::Wasm::ConstExprGenerator::ControlData::isTopLevel): (JSC::Wasm::ConstExprGenerator::ControlData::isLoop): (JSC::Wasm::ConstExprGenerator::ControlData::isBlock): (JSC::Wasm::ConstExprGenerator::ControlData::ControlData): (JSC::Wasm::ConstExprGenerator::ControlData::signature const): (JSC::Wasm::ConstExprGenerator::ControlData::branchTargetArity const): (JSC::Wasm::ConstExprGenerator::ControlData::branchTargetType const): (JSC::Wasm::ConstExprGenerator::emptyExpression): (JSC::Wasm::ConstExprGenerator::fail const): (JSC::Wasm::ConstExprGenerator::ConstExprGenerator): (JSC::Wasm::ConstExprGenerator::result const): (JSC::Wasm::ConstExprGenerator::setParser): (JSC::Wasm::ConstExprGenerator::addArguments): (JSC::Wasm::ConstExprGenerator::addConstant): (JSC::Wasm::ConstExprGenerator::addLocal): (JSC::Wasm::ConstExprGenerator::getGlobal): (JSC::Wasm::ConstExprGenerator::addI32Add): (JSC::Wasm::ConstExprGenerator::addI64Add): (JSC::Wasm::ConstExprGenerator::addI32Sub): (JSC::Wasm::ConstExprGenerator::addI64Sub): (JSC::Wasm::ConstExprGenerator::addI32Mul): (JSC::Wasm::ConstExprGenerator
[webkit-changes] [WebKit/WebKit] de08c2: [Wasm-GC] Implement packed types in struct fields
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: de08c24870816d242dc7d5daa9a2d24677384515 https://github.com/WebKit/WebKit/commit/de08c24870816d242dc7d5daa9a2d24677384515 Author: Asumu Takikawa Date: 2023-11-10 (Fri, 10 Nov 2023) Changed paths: A JSTests/wasm/gc-spec-tests/struct.wast.js M JSTests/wasm/gc/structs.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Implement packed types in struct fields https://bugs.webkit.org/show_bug.cgi?id=246981 Reviewed by Justin Michaud. Adds support for packed types (i8, i16) to Wasm GC struct types. The implementation is similar to packed array support. This enables struct.js tests from the GC proposal spec testsuite to run (from commit e5d10bafbbeec8227de40314edd8f26f0bb69130). Also updates the test version of wasm.json, which was overlooked in previous patches. * JSTests/wasm/gc-spec-tests/struct.wast.js: Added. * JSTests/wasm/gc/structs.js: (testStructPacked): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitStructSet): (JSC::Wasm::B3IRGenerator::addStructGet): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::emitStructSet): (JSC::Wasm::BBQJIT::addStructGet): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::addStructGet): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addStructGet): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::structNew): (JSC::Wasm::structSet): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseStructType): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::get const): (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/270520@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5aa61e: [Wasm-GC] Implement casts at Wasm-JS function call...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5aa61e8c766a711e9f030173339991f19f5e5d6f https://github.com/WebKit/WebKit/commit/5aa61e8c766a711e9f030173339991f19f5e5d6f Author: Asumu Takikawa Date: 2023-11-09 (Thu, 09 Nov 2023) Changed paths: M JSTests/wasm/gc-spec-harness/sync_index.js A JSTests/wasm/gc-spec-tests/extern.wast.js M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/const-exprs.js M JSTests/wasm/gc/i31.js M JSTests/wasm/gc/js-api.js M JSTests/wasm/gc/structs.js M LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/exception/basic.tentative.any.js A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/casts.tentative.any-expected.txt A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/casts.tentative.any.html A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/casts.tentative.any.js A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/exported-object.tentative.any-expected.txt A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/exported-object.tentative.any.html A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/exported-object.tentative.any.js A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/i31.tentative.any-expected.txt A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/i31.tentative.any.html A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/i31.tentative.any.js M LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/instanceTestFactory.js M LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/module/exports.any.js M LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/wasm-module-builder.js M Source/JavaScriptCore/llint/WebAssembly32_64.asm M Source/JavaScriptCore/llint/WebAssembly64.asm M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmGlobal.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp Log Message: --- [Wasm-GC] Implement casts at Wasm-JS function call boundaries https://bugs.webkit.org/show_bug.cgi?id=254693 Reviewed by Justin Michaud. Allows Wasm GC values to be passed in from JS to Wasm with the appropriate casts used at the boundary for safety. These casts are added for setting globals and for function calls between JS and Wasm. Casts for table mutation were added in a previous patch. Also adds the WPT tests for the JS API, which are set to run using the experimental GC flags. This requires modifying some existing tests as well, due to the test helper changing. Upstream WPT tests are from commit 5c087e6ad3cfaa1dc38dd93edb3b05e3a9efe5f1 of the GC proposal repo. Some additional fixes were needed to pass all the JS API tests: * ref.i31 was modified to create the i31 canonically in signed format, so that it can be passed to JS without changes. * when GC is off and typed funcrefs are on, we need to use a different code path to check types at the boundary because functions will not have an RTT without GC on. * JSTests/wasm/gc-spec-harness/sync_index.js: * JSTests/wasm/gc-spec-tests/extern.wast.js: Added. * JSTests/wasm/gc/arrays.js: * JSTests/wasm/gc/const-exprs.js: (async testGCConstExprs): * JSTests/wasm/gc/i31.js: * JSTests/wasm/gc/js-api.js: (testI31): (testCastFailure): (testTable): (testImport): * JSTests/wasm/gc/structs.js: * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/exception/basic.tentative.any.js: (promise_test.async const): (promise_test): * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/casts.tentative.any-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/casts.tentative.any.html: Added. * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/casts.tentative.any.js: Added. (setup): (test): * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/exported-object.tentative.any-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/exported-object.tentative.any.html: Added. * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/exported-object.tentative.any.js: Added. (setup): (test): (set string_appeared_here): * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/i31.tentative.any-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/i31.tentative.any.html: Added. * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/i31.tentative.any.js: Added. (setup): (test): * LayoutTests/imported/w3c/web
[webkit-changes] [WebKit/WebKit] cc59ec: [Wasm-GC] Fix handling of recursive types using sh...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cc59ec0dd950292d1b23faf10bae59b03ae20967 https://github.com/WebKit/WebKit/commit/cc59ec0dd950292d1b23faf10bae59b03ae20967 Author: Asumu Takikawa Date: 2022-10-12 (Wed, 12 Oct 2022) Changed paths: M JSTests/wasm/gc/rec.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- [Wasm-GC] Fix handling of recursive types using shorthand encoding https://bugs.webkit.org/show_bug.cgi?id=246049 Reviewed by Justin Michaud. In the Wasm GC proposal, recursive types can be encoded in different ways. For example, an explicit `rec` operator may appear in the binary format (required for recursion groups with multiple types). A single type (e.g., a struct type) is treated implicitly as a recursion group (the `rec` is implicit and elided in the binary format). This patch adds support for the latter shorthand, and includes the following additional fixes/changes: - Removes the hacky use of the `rec` type opcode to encode an unresolved recursive reference. Instead, it is now a standard `ref` type where the type index points to a Projection with an invalid recursion group type index. These are resolved in `expand()`. - Fixes bounds checking for recursive references into a recursion group. - Adds missing `expand()` calls in subtyping checks. - Adds a boolean field indicating if a type definition has any type fields with a recursive reference. This is used to detect if a single-type recursion group should be constructed for a structural type. The intent is to also use this in a follow-up patch to optimize `expand()` to avoid expansion steps for types known to be non-recursive. * JSTests/wasm/gc/rec.js: (testRecDeclaration): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isValueType): (JSC::Wasm::isRefWithRecursiveReference): (JSC::Wasm::isSubtype): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser::parseHeapType): (JSC::Wasm::Parser::parseValueType): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeDefinition::substitute): (JSC::Wasm::FunctionParameterTypes::translate): (JSC::Wasm::StructParameterTypes::translate): (JSC::Wasm::ArrayParameterTypes::translate): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::FunctionSignature::FunctionSignature): (JSC::Wasm::FunctionSignature::hasRecursiveReference const): (JSC::Wasm::FunctionSignature::setHasRecursiveReference): (JSC::Wasm::StructType::StructType): (JSC::Wasm::StructType::hasRecursiveReference const): (JSC::Wasm::StructType::setHasRecursiveReference): (JSC::Wasm::ArrayType::ArrayType): (JSC::Wasm::ArrayType::hasRecursiveReference const): (JSC::Wasm::ArrayType::setHasRecursiveReference): (JSC::Wasm::Projection::isPlaceholder const): Canonical link: https://commits.webkit.org/255460@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f24380: [Wasm-GC] Add struct.new_canon_default
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f24380d9972ce239d198c6eb8535c82cad282e9c https://github.com/WebKit/WebKit/commit/f24380d9972ce239d198c6eb8535c82cad282e9c Author: Asumu Takikawa Date: 2023-01-09 (Mon, 09 Jan 2023) Changed paths: M JSTests/wasm/gc/structs.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.h M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add struct.new_canon_default https://bugs.webkit.org/show_bug.cgi?id=249197 Reviewed by Justin Michaud. Adds support for the struct.new_canon_default instruction, which initializes struct fields to the default (if no non-defaultable fields exist). This instruction is currently supported with two opcodes 0xfb02 and 0xfb08. Once opcode refactoring in the GC proposal is done, we can consolidate these. * JSTests/wasm/gc/structs.js: (testStructNewDefault): (testStructGet): Deleted. * JSTests/wasm/wasm.json: * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addStructNewDefault): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitStructSet): (JSC::Wasm::B3IRGenerator::addStructNew): (JSC::Wasm::B3IRGenerator::addStructNewDefault): (JSC::Wasm::B3IRGenerator::addStructSet): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addArrayNew): (JSC::Wasm::LLIntGenerator::addArrayNewDefault): (JSC::Wasm::LLIntGenerator::addStructNew): (JSC::Wasm::LLIntGenerator::addStructNewDefault): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.h: * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperations.h: * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/258689@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4a8000: Update Asumu Takikawa's status to committer
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4a8000a952ee2647b5ee3df11e106d26780f60cb https://github.com/WebKit/WebKit/commit/4a8000a952ee2647b5ee3df11e106d26780f60cb Author: Asumu Takikawa Date: 2022-12-07 (Wed, 07 Dec 2022) Changed paths: M metadata/contributors.json Log Message: --- Update Asumu Takikawa's status to committer https://bugs.webkit.org/show_bug.cgi?id=248907 Reviewed by Jonathan Bedard. * metadata/contributors.json: Canonical link: https://commits.webkit.org/257510@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0d8721: [Wasm-GC] Fix some interactions between subtyping ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0d872184b6e17f15c34fe5f5c8ddd50a3269a129 https://github.com/WebKit/WebKit/commit/0d872184b6e17f15c34fe5f5c8ddd50a3269a129 Author: Asumu Takikawa Date: 2022-12-15 (Thu, 15 Dec 2022) Changed paths: M JSTests/wasm/gc-spec-tests/type-subtyping.wast.js M JSTests/wasm/gc/sub.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- [Wasm-GC] Fix some interactions between subtyping and recursion https://bugs.webkit.org/show_bug.cgi?id=247536 Reviewed by Justin Michaud. Interactions between recursive types and subtyping can be tricky, because a `sub` clause can refer to another member of the same recursion group as a supertype. How this supertype is dereferenced can affect whether subtyping/type equality holds correctly. This patch makes a few fixes to the representation of subtypes to accommodate recursion. The supertype index of a Subtype should be a recursive placeholder when pointing to another member of the same recursion group (i.e., it should resolve to the projection). And the structural subtype check needs to be deferred until after projections are constructed. In addition, reference subtype checking via displays is abstracted out of the Subtype and put into a new RTT data structure. Every type in the type section has a canonical RTT. This RTT is looked up to check subtyping between references. Splitting out the RTT provides a better logical separation between subtype declaration and checking, and makes Subtype construction cleaner (as RTT creation can happen after recursive references can be fully resolved). The RTT can be used in the future to implement subtype-aware runtime casts. * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: * JSTests/wasm/gc/sub.js: (testSubDeclaration): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isSubtypeIndex): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): (JSC::Wasm::SectionParser::parseRecursionGroup): (JSC::Wasm::SectionParser::checkSubtypeValidity): (JSC::Wasm::SectionParser::parseSubtype): * Source/JavaScriptCore/wasm/WasmSectionParser.h: * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::Projection::dump const): (JSC::Wasm::TypeDefinition::tryCreateSubtype): (JSC::Wasm::substituteParent): (JSC::Wasm::TypeDefinition::replacePlaceholders const): (JSC::Wasm::TypeDefinition::hasRecursiveReference const): (JSC::Wasm::RTT::tryCreateRTT): (JSC::Wasm::RTT::isSubRTT const): (JSC::Wasm::SubtypeParameterTypes::translate): (JSC::Wasm::TypeInformation::registerCanonicalRTTForType): (JSC::Wasm::TypeInformation::canonicalRTTForType): (JSC::Wasm::TypeInformation::tryCleanup): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::RecursionGroup::getType): (JSC::Wasm::Subtype::Subtype): (JSC::Wasm::Subtype::underlyingType const): (JSC::Wasm::Subtype::getUnderlyingType): (JSC::Wasm::RTT::RTT): (JSC::Wasm::RTT::displaySize const): (JSC::Wasm::RTT::displayEntry const): (JSC::Wasm::RTT::setDisplayEntry): (JSC::Wasm::RTT::allocatedRTTSize): (JSC::Wasm::RTT::payload): (JSC::Wasm::TypeDefinition::allocatedSubtypeSize): (JSC::Wasm::Subtype::displayType const): Deleted. (JSC::Wasm::Subtype::displaySize const): Deleted. (JSC::Wasm::Subtype::getDisplayType): Deleted. Canonical link: https://commits.webkit.org/257945@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c0a796: [Wasm-GC] Free several LLInt opcodes for GC instru...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c0a7961838627e01f8bd571b69459fde002a3159 https://github.com/WebKit/WebKit/commit/c0a7961838627e01f8bd571b69459fde002a3159 Author: Asumu Takikawa Date: 2022-12-17 (Sat, 17 Dec 2022) Changed paths: M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/llint/WebAssembly.asm M Source/JavaScriptCore/llint/WebAssembly32_64.asm M Source/JavaScriptCore/llint/WebAssembly64.asm M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.h Log Message: --- [Wasm-GC] Free several LLInt opcodes for GC instructions https://bugs.webkit.org/show_bug.cgi?id=249503 Reviewed by Yusuke Suzuki and Justin Michaud. This patch frees some space in the Wasm LLInt opcode space by merging opcodes for related instructions in the Wasm GC proposal. * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/llint/WebAssembly.asm: * Source/JavaScriptCore/llint/WebAssembly32_64.asm: * Source/JavaScriptCore/llint/WebAssembly64.asm: * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addI31GetS): (JSC::Wasm::LLIntGenerator::addI31GetU): (JSC::Wasm::LLIntGenerator::addArrayNew): (JSC::Wasm::LLIntGenerator::addArrayNewDefault): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmSlowPaths.h: Canonical link: https://commits.webkit.org/258048@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 67cbb3: [Wasm-GC] Adjust struct.new opcode
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 67cbb39ef6cc0150cd0a8571ffba8d790dada721 https://github.com/WebKit/WebKit/commit/67cbb39ef6cc0150cd0a8571ffba8d790dada721 Author: Asumu Takikawa Date: 2022-12-13 (Tue, 13 Dec 2022) Changed paths: M JSTests/wasm/gc/structs.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Adjust struct.new opcode https://bugs.webkit.org/show_bug.cgi?id=249149 Reviewed by Yusuke Suzuki and Justin Michaud. This patch adds an extra opcode for struct.new that allows it to be used as either 0xfb01 or 0xfb07. The current draft spec uses 0xfb01 and implementations currently use 0xfb07. This allows the use of the spec's decoder in tests and also will allow running GC spec tests. * JSTests/wasm/gc/structs.js: * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/257821@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] febd68: [Wasm-GC] Fix refcounts for compound type definitions
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: febd6818b5b7c349cdf7dcd04c387eedbba87fde https://github.com/WebKit/WebKit/commit/febd6818b5b7c349cdf7dcd04c387eedbba87fde Author: Asumu Takikawa Date: 2022-11-17 (Thu, 17 Nov 2022) Changed paths: A JSTests/wasm/gc/bug247874.js M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- [Wasm-GC] Fix refcounts for compound type definitions https://bugs.webkit.org/show_bug.cgi?id=247874 Reviewed by Yusuke Suzuki. Compound type definitions that use type indices to refer to other types need to ref/deref the referred type definitions in order to keep them live (since the module's type signature list will not necessarily hold these types). Type definitions that only hold value types such as functions or arrays are fine as-is. * JSTests/wasm/gc/bug247874.js: Added. (i.instantiate.module.type.struct.type.sub.0.struct.field.i32.global.import.string_appeared_here.string_appeared_here): (i.instantiate.module.rec.type.struct.type.func.global.import.string_appeared_here.string_appeared_here): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::Subtype::cleanup): (JSC::Wasm::Projection::cleanup): (JSC::Wasm::RecursionGroup::cleanup): (JSC::Wasm::TypeDefinition::cleanup): (JSC::Wasm::RecursionGroupParameterTypes::translate): (JSC::Wasm::ProjectionParameterTypes::translate): (JSC::Wasm::SubtypeParameterTypes::translate): (JSC::Wasm::TypeInformation::tryCleanup): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: Canonical link: https://commits.webkit.org/256800@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 013719: [Wasm-GC] Add structref type
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 013719c7ab1e309409a20f9dba77c3ab56af5867 https://github.com/WebKit/WebKit/commit/013719c7ab1e309409a20f9dba77c3ab56af5867 Author: Asumu Takikawa Date: 2023-01-17 (Tue, 17 Jan 2023) Changed paths: M JSTests/wasm/gc/structs.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add structref type https://bugs.webkit.org/show_bug.cgi?id=250474 Reviewed by Justin Michaud. Adds a `structref` type that is analogous to `arrayref` but for structs. This patch also fixes some error messages in struct operations. * JSTests/wasm/gc/structs.js: (testStructDeclaration): (testStructGet): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::numberOfStackResults const): (JSC::Wasm::WasmCallingConvention::numberOfStackArguments const): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isStructref): (JSC::Wasm::isRefWithTypeIndex): (JSC::Wasm::isSubtype): (JSC::Wasm::isValidHeapTypeKind): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseStructTypeIndex): (JSC::Wasm::FunctionParser::parseStructFieldManipulation): (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::callInformationForCaller): (JSC::Wasm::LLIntGenerator::callInformationForCallee): (JSC::Wasm::LLIntGenerator::addArguments): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser::parseValueType): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/259002@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] cdfc2f: [WASM-Function-References] Add ref.as_non_null ins...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cdfc2fb66572f0e4c0ff4172438c6baf97ea662a https://github.com/WebKit/WebKit/commit/cdfc2fb66572f0e4c0ff4172438c6baf97ea662a Author: Asumu Takikawa Date: 2023-01-26 (Thu, 26 Jan 2023) Changed paths: M JSTests/wasm.yaml A JSTests/wasm/function-references-spec-tests/ref_as_non_null.wast.js A JSTests/wasm/function-references/ref_as_non_null.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/llint/WebAssembly32_64.asm M Source/JavaScriptCore/llint/WebAssembly64.asm M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [WASM-Function-References] Add ref.as_non_null instruction https://bugs.webkit.org/show_bug.cgi?id=251037 Reviewed by Justin Michaud. Adds the ref.as_non_null instruction, which checks for non-null (and traps if null) and returns a non-null reference. * JSTests/wasm.yaml: * JSTests/wasm/function-references-spec-tests/ref_as_non_null.wast.js: Added. * JSTests/wasm/function-references/ref_as_non_null.js: Added. (module): (async ref_as_non_null): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/llint/WebAssembly32_64.asm: * Source/JavaScriptCore/llint/WebAssembly64.asm: * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addRefAsNonNull): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addRefAsNonNull): * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addRefAsNonNull): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/259420@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3e28bd: [WASM-Function-References] Fix block signature par...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3e28bdb07aa262a34c5c9becfee6f9d36d0a1cf9 https://github.com/WebKit/WebKit/commit/3e28bdb07aa262a34c5c9becfee6f9d36d0a1cf9 Author: Asumu Takikawa Date: 2023-01-26 (Thu, 26 Jan 2023) Changed paths: A JSTests/wasm/function-references/block_signature.js M JSTests/wasm/gc-spec-tests/type-equivalence.wast.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmParser.h Log Message: --- [WASM-Function-References] Fix block signature parsing for reftypes https://bugs.webkit.org/show_bug.cgi?id=247383 Reviewed by Justin Michaud. With the typed function reference proposal, block signatures can also have indexed reference types (and non-externref/funcref signatures in general). This patch adds support for parsing these cases. While for reftypes with non-index heap types it is possible to pre-populate the block signatures in TypeInformation, for indexed types the block signatures have to be created after the type section is read. This patch also makes BlockSignature a RefPtr type so that the type signature is kept live while the block signatures are in use in the validator (even if the signature is not in the ModuleInformation's type signature list). * JSTests/wasm/function-references/block_signature.js: Added. (module): (async blockSignatureTest): * JSTests/wasm/gc-spec-tests/type-equivalence.wast.js: * Source/JavaScriptCore/wasm/WasmFormat.h: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::unify): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser::parseBlockSignature): Canonical link: https://commits.webkit.org/259421@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a5a876: [Wasm-GC] Fix null checks for struct operations
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a5a87681d68f0e9b9def72c33858a176b45d2248 https://github.com/WebKit/WebKit/commit/a5a87681d68f0e9b9def72c33858a176b45d2248 Author: Asumu Takikawa Date: 2023-01-26 (Thu, 26 Jan 2023) Changed paths: M JSTests/wasm/gc/structs.js M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp Log Message: --- [Wasm-GC] Fix null checks for struct operations https://bugs.webkit.org/show_bug.cgi?id=251133 Reviewed by Justin Michaud. Adds in missing null checks for struct instructions. * JSTests/wasm/gc/structs.js: * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addStructGet): (JSC::Wasm::ExpressionType>::addStructSet): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addStructGet): (JSC::Wasm::B3IRGenerator::addStructSet): * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): Canonical link: https://commits.webkit.org/259449@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3304a1: [Wasm-GC] Add missing type expansion for arrays, s...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3304a1879844f73735f3109b2a3f71a75d6ee9a0 https://github.com/WebKit/WebKit/commit/3304a1879844f73735f3109b2a3f71a75d6ee9a0 Author: Asumu Takikawa Date: 2023-01-18 (Wed, 18 Jan 2023) Changed paths: M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/structs.js M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h Log Message: --- [Wasm-GC] Add missing type expansion for arrays, structs https://bugs.webkit.org/show_bug.cgi?id=250489 Reviewed by Justin Michaud. Adds `expand()` calls where necessary to ensure that recursive/subtype types work with array and struct operations. Also add tests to exercise these cases. * JSTests/wasm/gc/arrays.js: (testArrayNewDefault): (testArrayGet): * JSTests/wasm/gc/structs.js: (testStructNewDefault): * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addArrayNew): (JSC::Wasm::ExpressionType>::addArrayNewDefault): (JSC::Wasm::ExpressionType>::addArrayGet): (JSC::Wasm::ExpressionType>::addStructNew): (JSC::Wasm::ExpressionType>::addStructNewDefault): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addArrayNew): (JSC::Wasm::B3IRGenerator::addArrayNewDefault): (JSC::Wasm::B3IRGenerator::addArrayGet): (JSC::Wasm::B3IRGenerator::addArraySet): (JSC::Wasm::B3IRGenerator::addStructNew): (JSC::Wasm::B3IRGenerator::addStructNewDefault): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseStructTypeIndex): (JSC::Wasm::FunctionParser::parseStructTypeIndexAndFieldIndex): (JSC::Wasm::FunctionParser::parseStructFieldManipulation): (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::arrayNew): (JSC::Wasm::arrayGet): (JSC::Wasm::arraySet): (JSC::Wasm::structNew): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::JSWebAssemblyStruct): (JSC::JSWebAssemblyStruct::tryCreate): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h: Canonical link: https://commits.webkit.org/259042@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6b2451: [WASM-Function-References] Fix error strings in tests
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6b2451da78569db766f20eb0a887311aa2e28d14 https://github.com/WebKit/WebKit/commit/6b2451da78569db766f20eb0a887311aa2e28d14 Author: Asumu Takikawa Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M JSTests/wasm/function-references/ref_types.js Log Message: --- [WASM-Function-References] Fix error strings in tests https://bugs.webkit.org/show_bug.cgi?id=247743 Reviewed by Yusuke Suzuki. * JSTests/wasm/function-references/ref_types.js: (async testRefGlobalCheck): (async testNonNullExternrefIncompatible): (async testNonNullFuncrefIncompatible): Canonical link: https://commits.webkit.org/256540@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8ac634: [Wasm-GC] Begin importing GC spec tests
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8ac6345449d9d019f2c37b8b722bdeabe6a4cbe0 https://github.com/WebKit/WebKit/commit/8ac6345449d9d019f2c37b8b722bdeabe6a4cbe0 Author: Asumu Takikawa Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M JSTests/wasm.yaml A JSTests/wasm/gc-spec-harness.js A JSTests/wasm/gc-spec-harness/async_index.js A JSTests/wasm/gc-spec-harness/sync_index.js A JSTests/wasm/gc-spec-tests/type-canon.wast.js A JSTests/wasm/gc-spec-tests/type-equivalence.wast.js A JSTests/wasm/gc-spec-tests/type-rec.wast.js A JSTests/wasm/gc-spec-tests/type-subtyping.wast.js M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp M Tools/Scripts/run-jsc-stress-tests Log Message: --- [Wasm-GC] Begin importing GC spec tests https://bugs.webkit.org/show_bug.cgi?id=247336 Reviewed by Justin Michaud. This patch creates a Wasm GC proposal spec test harness and test suite from the upstream repository at https://github.com/WebAssembly/gc (commit 5404857b61a42b4d9fdd99f6b78d8febb266f1fc) The tests contain a subset of the upstream tests that are currently runnable in JSC. Some of the tests are commented out due to open bugs that block them. In addition, this patch fixes a small bug (a missing type expansion use) revealed by the tests. * JSTests/wasm.yaml: * JSTests/wasm/gc-spec-harness.js: Added. (import.string_appeared_here.then): (test): (promise_test): (let.assert_unreached): (let.console.log): * JSTests/wasm/gc-spec-harness/async_index.js: Added. (let.testNum): (uniqueTest): (assertThrows): (externref): (is_externref): (is_funcref): (eq_externref): (eq_funcref): (binary): (module): (assert_invalid): (instance): (exports): (then.): (reinitializeRegistry.get promise_test): (reinitializeRegistry): (catch): (assert_exhaustion): (get const): * JSTests/wasm/gc-spec-harness/sync_index.js: Added. (let.testNum): (assertThrows): (_assert): (ValueResult): (ErrorResult): (Result.prototype.isError): (externref): (is_externref): (is_funcref): (eq_externref): (eq_funcref): (reinitializeRegistry.let.handler.get return): (binary): (module): * JSTests/wasm/gc-spec-tests/type-canon.wast.js: Added. * JSTests/wasm/gc-spec-tests/type-equivalence.wast.js: Added. * JSTests/wasm/gc-spec-tests/type-rec.wast.js: Added. * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: Added. * Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::jsCallEntrypointSlow): * Tools/Scripts/run-jsc-stress-tests: Canonical link: https://commits.webkit.org/256417@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e8dd2e: [WASM-Function-References] Change call_ref to take...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e8dd2e444f29da26e5f7d05b6bc5c59b70845471 https://github.com/WebKit/WebKit/commit/e8dd2e444f29da26e5f7d05b6bc5c59b70845471 Author: Asumu Takikawa Date: 2022-11-03 (Thu, 03 Nov 2022) Changed paths: A JSTests/wasm/funcref-spec-harness.js A JSTests/wasm/funcref-spec-harness/async_index.js A JSTests/wasm/funcref-spec-harness/sync_index.js M JSTests/wasm/function-references-spec-tests/call-null-ref.wast.js M JSTests/wasm/function-references-spec-tests/call_ref.wast.js M JSTests/wasm/function-references/call_ref.js M JSTests/wasm/gc/rec.js M JSTests/wasm/gc/wast.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Tools/Scripts/run-jsc-stress-tests Log Message: --- [WASM-Function-References] Change call_ref to take a type index https://bugs.webkit.org/show_bug.cgi?id=246235 Reviewed by Justin Michaud. Adds a type index to call_ref to match the spec change here: https://github.com/WebAssembly/function-references/pull/76 In addition, the spec tests for function references are updated (and a new harness is added for them). The decoding helper library for the GC proposal tests also needed to be updated to match this change. * JSTests/wasm/funcref-spec-harness.js: Added. (import.string_appeared_here.then): (test): (promise_test): (let.assert_unreached): (let.console.log): * JSTests/wasm/funcref-spec-harness/async_index.js: Added. (let.testNum): (uniqueTest): (assertThrows): (externref): (is_externref): (is_funcref): (eq_externref): (eq_funcref): (binary): (module): (assert_invalid): (instance): (exports): (then.): (reinitializeRegistry.get promise_test): (reinitializeRegistry): (catch): (assert_exhaustion): (get const): * JSTests/wasm/funcref-spec-harness/sync_index.js: Added. (let.testNum): (assertThrows): (_assert): (ValueResult): (ErrorResult): (Result.prototype.isError): (externref): (is_externref): (is_funcref): (eq_externref): (eq_funcref): (reinitializeRegistry.let.handler.get return): (binary): (module): * JSTests/wasm/function-references-spec-tests/call-null-ref.wast.js: * JSTests/wasm/function-references-spec-tests/call_ref.wast.js: * JSTests/wasm/function-references/call_ref.js: (async callFunctionFromTheSameInstance): (async callFunctionFromTheDifferentInstance): (async callFunctionFromJS): (async invalidTypeIndex): * JSTests/wasm/gc/rec.js: (testRecDeclaration): * JSTests/wasm/gc/wast.js: (b): (adA): (gj): (f0): (cl): (b2): (bx): (ael): (dw): (cI): (wK): (jk): (bH): (bH.prototype.toString): (bH.prototype.toUtf16): (bH.prototype.slice): (wq): (a): (ji): (az): (cG): (wp): (wE): (gh): (z): (z.prototype.copy): (z.prototype.ucompare): (z.prototype.compare): (z.prototype.neg): (z.prototype.add): (z.prototype.sub): (z.prototype.mul): (z.prototype.isZero): (z.prototype.isNeg): (z.prototype.and): (z.prototype.or): (z.prototype.xor): (z.prototype.shift_left): (z.prototype.shift_right_unsigned): (z.prototype.shift_right): (z.prototype.lsl1): (z.prototype.lsr1): (z.prototype.udivmod): (z.prototype.div): (z.prototype.mod): (z.prototype.toInt): (z.prototype.toFloat): (z.prototype.toArray): (z.prototype.lo32): (z.prototype.hi32): (ds): (adH): (X): (b3): (adK): (h7): (du): (i7): (b4): (eu): (bj): (adL): (by): (aev): (f3): (P): (cJ): (wn): (wl): (adD): (f4): (cK): (i6): (ad2): (jb): (jc): (ck): (ck.prototype.offset): (ck.prototype): (ck.prototype.fill): (ck.prototype.compare): (dp): (dp.prototype.offset): (dp.prototype): (dp.prototype.fill): (wj): (aL): (wk): (wi): (b7): (aM): (adX): (i): (wm): (ad0): (aeg): (ad_): (ad6): (ad1): (ad3): (get b): (ew.string_appeared_here.deserialize): (i8): (wr): (ey): (f7): (ws): (jg): (wo): (t): (cH): (adM): (adN): (al): (dq): (O): (adP): (adQ): (jh): (i9): (c.j): (i_): (ex): (ay): (eA): (aex.a): (aex.b): (aex): (wI): (aea): (aer): (adJ): (a4): (cQ): (cP): (adI): (Y): (aej): (adG): (wh): (aB): (aB.prototype.truncate): (aB.prototype.length): (aB.prototype.write): (aB.prototype.read): (aB.prototype.read_one): (aB.prototype.close): (aS.prototype.create_dir_if_needed): (aS.prototype.slash): (aS.prototype.lookup): (aS.prototype.exists): (aS.prototype.mkdir): (aS.prototype.rmdir): (aS.prototype.readdir): (aS.prototype.unlink): (aS.prototype.open): (aS.prototype.register): (v): (aT): (adC): (adB): (bI): (bI.prototype.truncate): (bI.prototype.length): (bI.prototype.write): (bI.prototype.read): (bI.prototype.read_one): (bI.prototype.close): (aC): (aC.prototype.nm): (aC.prototype.exists): (aC.prototype.mkdir): (aC.prototype.rmdir): (aC.prototype.readdir): (aC.prototype.is_dir): (aC.prototype.unlink): (aC.prototype.open): (aC.prototype.rename): (aC.prototype.stat): (aC.prototype.lstat): (aC.prototype.symlink): (aC.prototype.readlink): (aC.prototype.raise_nodejs_error): (aC.prototype.stats_from_js): (wu): (wL): (adO): (wJ): (adS): (f1): (b5): (f2): (ja): (adY): (adV): (aeb): (adU): (adW): (adT): (adZ): (dr): (a_): (wv): (ad5): (aN): (a3
[webkit-changes] [WebKit/WebKit] 431164: [Wasm-GC] Add support for subtyping declarations
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 431164ca6a4b101688188966ce5384a7f8c68681 https://github.com/WebKit/WebKit/commit/431164ca6a4b101688188966ce5384a7f8c68681 Author: Asumu Takikawa Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: A JSTests/wasm/gc/sub.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLimits.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add support for subtyping declarations https://bugs.webkit.org/show_bug.cgi?id=239668 Reviewed by Justin Michaud. Adds support for `sub` type section forms. These introduce subtyping declarations that can specify parent types for a `func`, `struct`, etc. type (the MVP GC proposal only allows a single parent type). Adding `sub` forms changes type expansion slightly, and requires that checking `isSubtype` look at the type hierarchy if the LHS type is a `sub` type. This patch also memoizes type expansion to avoid repeated unrolling of recursive types. With the addition of `sub`, a bare `func`, `struct`, etc declaration is treated as implicitly having a `sub` with zero/empty supertypes. To avoid `(sub () (func))` and `(func)` being represented differently, we normalize empty-supertype `sub` to be represented as just the underlying type. Subtype checking for indexed reference types is done using a display data structure. Each `sub` declaration has an associated display that records an array of supertype indices. This allows subtype checking in constant-time by checking if the supertype index is present in the subtype at the correct display offset, rather than with a linear traversal of the hierarchy. If multiple parent types are allowed in the future, this algorithm will need to change. * JSTests/wasm/gc/sub.js: Added. (module): (testSubDeclaration): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isSubtypeIndex): (JSC::Wasm::isSubtype): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::callInformationForCaller): (JSC::Wasm::LLIntGenerator::callInformationForCallee): (JSC::Wasm::LLIntGenerator::addArguments): * Source/JavaScriptCore/wasm/WasmLimits.h: * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): (JSC::Wasm::SectionParser::parseRecursionGroup): (JSC::Wasm::SectionParser::checkStructuralSubtype): (JSC::Wasm::SectionParser::checkSubtypeValidity): (JSC::Wasm::SectionParser::parseSubtype): * Source/JavaScriptCore/wasm/WasmSectionParser.h: * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeDefinition::dump const): (JSC::Wasm::Subtype::toString const): (JSC::Wasm::Subtype::dump const): (JSC::Wasm::computeSubtypeHash): (JSC::Wasm::TypeDefinition::hash const): (JSC::Wasm::TypeDefinition::tryCreateSubtype): (JSC::Wasm::TypeDefinition::replacePlaceholders const): (JSC::Wasm::TypeDefinition::unroll const): (JSC::Wasm::TypeDefinition::expand const): (JSC::Wasm::TypeDefinition::hasRecursiveReference const): (JSC::Wasm::SubtypeParameterTypes::hash): (JSC::Wasm::SubtypeParameterTypes::equal): (JSC::Wasm::SubtypeParameterTypes::translate): (JSC::Wasm::TypeInformation::typeDefinitionForSubtype): (JSC::Wasm::TypeInformation::addCachedUnrolling): (JSC::Wasm::TypeInformation::tryGetCachedUnrolling): (JSC::Wasm::TypeInformation::tryCleanup): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): (JSC::Wasm::Subtype::Subtype): (JSC::Wasm::Subtype::superType const): (JSC::Wasm::Subtype::underlyingType const): (JSC::Wasm::Subtype::displayType const): (JSC::Wasm::Subtype::displaySize const): (JSC::Wasm::Subtype::getSuperType): (JSC::Wasm::Subtype::getUnderlyingType): (JSC::Wasm::Subtype::getDisplayType): (JSC::Wasm::Subtype::storage): (JSC::Wasm::Subtype::storage const): (JSC::Wasm::TypeDefinition::allocatedSubtypeSize): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/256243@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8591dc: [Wasm-GC] Implement initial minimal JS API for Was...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8591dc430ab945fcfe29a044871e9ec7bca53195 https://github.com/WebKit/WebKit/commit/8591dc430ab945fcfe29a044871e9ec7bca53195 Author: Asumu Takikawa Date: 2023-03-11 (Sat, 11 Mar 2023) Changed paths: M JSTests/wasm/gc/arrays.js A JSTests/wasm/gc/js-api.js M JSTests/wasm/gc/structs.js M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/js/JSToWasm.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h Log Message: --- [Wasm-GC] Implement initial minimal JS API for Wasm GC https://bugs.webkit.org/show_bug.cgi?id=246769 Reviewed by Yusuke Suzuki. Implements the Wasm GC draft JS API described in: https://docs.google.com/document/d/17hCQXOyeSgogpJ0I0wir4LRmdvu4l7Oca6e1NkbVN8M/ https://github.com/WebAssembly/gc/pull/352 This specifies that GC structs and arrays are opaque objects with internal methods (on WebAssemblyGCObjectBase) that either lead to throwing exceptions or returning some kind of null result. This patch doesn't yet implement the ToWebAssemblyValue changes needed to roundtrip these values back to Wasm or to access globals and tables with these values from JS. The patch also eliminates some of the restrictions on passing GC values that were added before the JS API was specified. * JSTests/wasm/gc/arrays.js: * JSTests/wasm/gc/js-api.js: Added. (runWasmGCObjectTests): (testStruct): * JSTests/wasm/gc/structs.js: * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::callInformationFor const): * Source/JavaScriptCore/wasm/js/JSToWasm.cpp: (JSC::Wasm::marshallJSResult): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp: (JSC::JSWebAssemblyArray::finishCreation): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): * Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp: (JSC::WebAssemblyGCObjectBase::getOwnPropertySlot): (JSC::WebAssemblyGCObjectBase::getOwnPropertySlotByIndex): (JSC::WebAssemblyGCObjectBase::put): (JSC::WebAssemblyGCObjectBase::putByIndex): (JSC::WebAssemblyGCObjectBase::deleteProperty): (JSC::WebAssemblyGCObjectBase::deletePropertyByIndex): (JSC::WebAssemblyGCObjectBase::getOwnPropertyNames): (JSC::WebAssemblyGCObjectBase::defineOwnProperty): (JSC::WebAssemblyGCObjectBase::getPrototype): (JSC::WebAssemblyGCObjectBase::setPrototype): (JSC::WebAssemblyGCObjectBase::isExtensible): (JSC::WebAssemblyGCObjectBase::preventExtensions): * Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h: Canonical link: https://commits.webkit.org/261544@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 312a44: [Wasm-GC] Add support for anyref
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 312a4496c00892aaa39421e2e42486c2a40ed1af https://github.com/WebKit/WebKit/commit/312a4496c00892aaa39421e2e42486c2a40ed1af Author: Asumu Takikawa Date: 2023-03-15 (Wed, 15 Mar 2023) Changed paths: A JSTests/wasm/gc/any.js M JSTests/wasm/gc/casts.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add support for anyref https://bugs.webkit.org/show_bug.cgi?id=247403 Reviewed by Justin Michaud. Adds the anyref type that is the top type of the internal reference hierarchy. Also adds nullref, which is the bottom type of the reference hierarchy and has no inhabitants except null. There is also a bottom type for externrefs and funcrefs with different type codes, which should be added in a separate patch. Anyref becomes more useful once the `extern.internalize` and `extern.externalize` instructions are added, which enable hostrefs that inhabit anyref but are not eqref. * JSTests/wasm/gc/any.js: Added. (testValidation): (testNullref): * JSTests/wasm/gc/casts.js: * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::emitRefTestOrCast): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitRefTestOrCast): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::sizeOfType): (JSC::Wasm::BBQJIT::addConstant): (JSC::Wasm::BBQJIT::getGlobal): (JSC::Wasm::BBQJIT::setGlobal): (JSC::Wasm::BBQJIT::addTopLevel): (JSC::Wasm::BBQJIT::toB3Type): (JSC::Wasm::BBQJIT::emitCatchImpl): (JSC::Wasm::BBQJIT::emitCCall): (JSC::Wasm::BBQJIT::emitStoreConst): (JSC::Wasm::BBQJIT::emitMoveConst): (JSC::Wasm::BBQJIT::emitStore): (JSC::Wasm::BBQJIT::emitMoveMemory): (JSC::Wasm::BBQJIT::emitMoveRegister): (JSC::Wasm::BBQJIT::emitLoad): * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::numberOfStackResults const): (JSC::Wasm::WasmCallingConvention::numberOfStackArguments const): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isAnyref): (JSC::Wasm::isNullref): (JSC::Wasm::isInternalref): (JSC::Wasm::anyrefType): (JSC::Wasm::isSubtype): (JSC::Wasm::isValidHeapTypeKind): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::callInformationForCaller): (JSC::Wasm::LLIntGenerator::callInformationForCallee): (JSC::Wasm::LLIntGenerator::addArguments): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::refCast): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/261711@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0fe804: [Wasm-GC] Implement eqref and ref.eq
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0fe8046298bfa55e1bee68a844d5033e181f5ada https://github.com/WebKit/WebKit/commit/0fe8046298bfa55e1bee68a844d5033e181f5ada Author: Asumu Takikawa Date: 2023-03-14 (Tue, 14 Mar 2023) Changed paths: M JSTests/wasm/gc/casts.js A JSTests/wasm/gc/eq.js M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Implement eqref and ref.eq https://bugs.webkit.org/show_bug.cgi?id=247401 Reviewed by Justin Michaud. Add support for eqrefs, which support the ref.eq operation to check equality. For JSC this is the same as I64 equality. The eq type is effectively the top of the internal type hierarchy until hostrefs (internalized references to external JS values) are added with the extern.internalize instruction. This patch also has a minor change to BBQJIT to fix an oversight in 361c5fba483c9c157cf689d4e60acaccc45d74c5 for a switch case. * JSTests/wasm/gc/casts.js: (testEqCasts): * JSTests/wasm/gc/eq.js: Added. (testValidation): * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addRefEq): (JSC::Wasm::ExpressionType>::emitRefTestOrCast): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addRefEq): (JSC::Wasm::B3IRGenerator::emitRefTestOrCast): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::sizeOfType): (JSC::Wasm::BBQJIT::addConstant): (JSC::Wasm::BBQJIT::getGlobal): (JSC::Wasm::BBQJIT::setGlobal): (JSC::Wasm::BBQJIT::addRefEq): (JSC::Wasm::BBQJIT::addTopLevel): (JSC::Wasm::BBQJIT::toB3Type): (JSC::Wasm::BBQJIT::emitCatchImpl): (JSC::Wasm::BBQJIT::emitCCall): (JSC::Wasm::BBQJIT::emitStoreConst): (JSC::Wasm::BBQJIT::emitMoveConst): (JSC::Wasm::BBQJIT::emitStore): (JSC::Wasm::BBQJIT::emitMoveMemory): (JSC::Wasm::BBQJIT::emitMoveRegister): (JSC::Wasm::BBQJIT::emitLoad): * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::numberOfStackResults const): (JSC::Wasm::WasmCallingConvention::numberOfStackArguments const): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isEqref): (JSC::Wasm::eqrefType): (JSC::Wasm::isSubtype): (JSC::Wasm::isValidHeapTypeKind): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::callInformationForCaller): (JSC::Wasm::LLIntGenerator::callInformationForCallee): (JSC::Wasm::LLIntGenerator::addArguments): (JSC::Wasm::LLIntGenerator::addRefEq): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::refCast): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/261663@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 361c5f: [WebAssembly] Fix tests and build on x86-64 Linux ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 361c5fba483c9c157cf689d4e60acaccc45d74c5 https://github.com/WebKit/WebKit/commit/361c5fba483c9c157cf689d4e60acaccc45d74c5 Author: Asumu Takikawa Date: 2023-03-09 (Thu, 09 Mar 2023) Changed paths: M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/cmake/WebKitFeatures.cmake Log Message: --- [WebAssembly] Fix tests and build on x86-64 Linux with BBQJIT https://bugs.webkit.org/show_bug.cgi?id=253618 Reviewed by Yusuke Suzuki. This patch first enables building of the BBQJIT on x86-64 Linux platforms by adding a line in WebKitFeatures.cmake. The rest of the patch fixes build issues with GCC. - GCC doesn't support std::fabsf so use std::fabs instead. (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79700) - GCC doesn't support explicit specialization in class scope so this patch uses a `if constexpr` workaround. (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85282) - Add RELEASE_ASSERT_NOT_REACHED to suppress warnings. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::Location::fromArgumentLocation): (JSC::Wasm::BBQJIT::loadOpForTypeKind): (JSC::Wasm::BBQJIT::storeOpForTypeKind): (JSC::Wasm::BBQJIT::addF32Copysign): (JSC::Wasm::BBQJIT::fromJSCReg): (JSC::Wasm::BBQJIT::fromJSCReg): Deleted. (JSC::Wasm::BBQJIT::fromJSCReg): Deleted. * Source/cmake/WebKitFeatures.cmake: Canonical link: https://commits.webkit.org/261417@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0e2cbf: [Wasm-GC] Implement cast operations
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0e2cbf8c3d8ee53e2840c3b87aa7b0adaf410865 https://github.com/WebKit/WebKit/commit/0e2cbf8c3d8ee53e2840c3b87aa7b0adaf410865 Author: Asumu Takikawa Date: 2023-03-09 (Thu, 09 Mar 2023) Changed paths: A JSTests/wasm/gc/casts.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmInstance.cpp M Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmModuleInformation.h M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/WasmTypeDefinitionInlines.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h A Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp A Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Implement cast operations https://bugs.webkit.org/show_bug.cgi?id=247399 Reviewed by Yusuke Suzuki. Implements the `ref.cast` and `ref.test` instructions. Casts are supported by associating an RTT with Wasm objects. For functions, this is done by adding a field in the base function object. For arrays and structs, a new WebAsseblyGCObjectBase class is used as the base class for both arrays and structs. The base class contains an RTT with a consistent offset for the JIT. This patch does not yet support `br_on_cast/on_cast_fail`. * JSTests/wasm/gc/casts.js: Added. (testBasicCasts): (testI31Casts): (testFunctionCasts): (testArrayCasts): (testStructCasts): (testSubtypeCasts): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp: (JSC::Wasm::AirIRGenerator32::emitBranchForNullReference): (JSC::Wasm::AirIRGenerator32::makeBranchNotInt32): (JSC::Wasm::AirIRGenerator32::makeBranchNotCell): * Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp: (JSC::Wasm::AirIRGenerator64::emitBranchForNullReference): (JSC::Wasm::AirIRGenerator64::makeBranchNotInt32): (JSC::Wasm::AirIRGenerator64::makeBranchNotCell): * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addRefCast): (JSC::Wasm::ExpressionType>::addRefTest): (JSC::Wasm::ExpressionType>::emitRefTestOrCast): (JSC::Wasm::ExpressionType>::emitCheckOrBranchForCast): (JSC::Wasm::ExpressionType>::emitLoadRTTFromFuncref): (JSC::Wasm::ExpressionType>::emitLoadRTTFromObject): (JSC::Wasm::ExpressionType>::makeBranchNotRTTKind): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addRefTest): (JSC::Wasm::B3IRGenerator::addRefCast): (JSC::Wasm::B3IRGenerator::emitRefTestOrCast): (JSC::Wasm::B3IRGenerator::emitCheckOrBranchForCast): (JSC::Wasm::B3IRGenerator::emitLoadRTTFromFuncref): (JSC::Wasm::B3IRGenerator::emitLoadRTTFromObject): (JSC::Wasm::B3IRGenerator::emitNotRTTKind): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmInstance.cpp: (JSC::Wasm::Instance::initElementSegment): * Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h: * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addRefTest): (JSC::Wasm::LLIntGenerator::
[webkit-changes] [WebKit/WebKit] dda771: [Wasm-GC] Implement basic support in tables for GC...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dda771352e63f963e07d78df75adfbc1826598c8 https://github.com/WebKit/WebKit/commit/dda771352e63f963e07d78df75adfbc1826598c8 Author: Asumu Takikawa Date: 2023-03-31 (Fri, 31 Mar 2023) Changed paths: A JSTests/wasm/function-references/table.js M JSTests/wasm/gc-spec-harness.js A JSTests/wasm/gc-spec-tests/ref_cast.wast.js M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/i31.js M JSTests/wasm/gc/structs.js M JSTests/wasm/js-api/table.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTable.cpp M Source/JavaScriptCore/wasm/WasmTable.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyTableConstructor.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp Log Message: --- [Wasm-GC] Implement basic support in tables for GC types https://bugs.webkit.org/show_bug.cgi?id=251041 Reviewed by Justin Michaud. Updates Wasm table type parsing so that defaultable ref types other than externref and funcref are allowed. Also stores the Wasm element type in TableInformation, as the element type cannot be deduced from other information when other ref types are allowed. The internal implementations of the ref.cast and extern.internalize operations are also moved so that they can be used from table prototype methods. This also implements the part of the JS API for tables, which specifies that when JS tries to store a value into a table with a GC type, it is internalized and then cast to the appropriate type. The typed function reference proposal also extends tables to allow non-defaultable ref types as long as a table initializer expression is provided. This is not yet supported in this patch. * JSTests/wasm/function-references/table.js: Added. (module): (async testTypedFuncrefTable): * JSTests/wasm/gc-spec-harness.js: * JSTests/wasm/gc-spec-tests/ref_cast.wast.js: Added. * JSTests/wasm/gc/arrays.js: * JSTests/wasm/gc/i31.js: * JSTests/wasm/gc/structs.js: * JSTests/wasm/js-api/table.js: (assert.throws): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::internalizeExternref): (JSC::Wasm::TableInformation::TableInformation): (JSC::Wasm::TableInformation::wasmType const): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::refCast): (JSC::Wasm::externInternalize): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseTableHelper): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmTable.cpp: (JSC::Wasm::Table::Table): (JSC::Wasm::Table::tryCreate): (JSC::Wasm::ExternRefTable::ExternRefTable): (JSC::Wasm::FuncRefTable::FuncRefTable): (JSC::Wasm::FuncRefTable::createFixedSized): (JSC::Wasm::Table::wasmType const): Deleted. * Source/JavaScriptCore/wasm/WasmTable.h: (JSC::Wasm::Table::wasmType const): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::castReference): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeExports): * Source/JavaScriptCore/wasm/js/WebAssemblyTableConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/262459@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e537d9: [Wasm-GC] Add extern.internalize/externalize
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e537d9e945bcca2099c45ab6faa837f0488e8300 https://github.com/WebKit/WebKit/commit/e537d9e945bcca2099c45ab6faa837f0488e8300 Author: Asumu Takikawa Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: A JSTests/wasm/gc/extern.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/llint/WebAssembly32_64.asm M Source/JavaScriptCore/llint/WebAssembly64.asm M Source/JavaScriptCore/runtime/JSType.cpp M Source/JavaScriptCore/runtime/JSType.h M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add extern.internalize/externalize https://bugs.webkit.org/show_bug.cgi?id=251039 Reviewed by Justin Michaud. Adds extern conversion instructions to convert between anyref (internal references) and externref. The any to extern direction is currently a no-op. The extern to any direction requires checking for Numbers in the i31 range and converting them to i31ref representation. The any to extern is a no-op because JSC's value representation allows i31s to just be JSC 32-bit exact integers, and structs and arrays are represented as objects. This would need to change if the representation were to change, so that, e.g., structs and arrays have an optimized non-object wasm representation and a wrapper object is used to interop with JS. The addition of internalize means non-Wasm values (JS objects, strings, etc) can be converted into an internal reference as "host references" that are opaque to Wasm. These need to be distinguishable from true Wasm values, including in JIT code, which requires adding a WasmGCObjectType JSType. * JSTests/wasm/gc/extern.js: Added. (testInternalize): (testRoundtrip): (testTable): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/llint/WebAssembly32_64.asm: * Source/JavaScriptCore/llint/WebAssembly64.asm: * Source/JavaScriptCore/runtime/JSType.cpp: (WTF::printInternal): * Source/JavaScriptCore/runtime/JSType.h: * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::emitRefTestOrCast): (JSC::Wasm::ExpressionType>::makeBranchNotWasmGCObject): (JSC::Wasm::ExpressionType>::addExternInternalize): (JSC::Wasm::ExpressionType>::addExternExternalize): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitRefTestOrCast): (JSC::Wasm::B3IRGenerator::addExternInternalize): (JSC::Wasm::B3IRGenerator::addExternExternalize): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addExternInternalize): (JSC::Wasm::BBQJIT::addExternExternalize): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::externrefType): (JSC::Wasm::anyrefType): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h: * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addExternInternalize): (JSC::Wasm::LLIntGenerator::addExternExternalize): * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperations.h: * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::refCast): (JSC::Wasm::externInternalize): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::signatureForLLIntBuiltin): (JSC::Wasm::TypeInformation::TypeInformation): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h: * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/262282@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 046a8f: [WebAssembly] wasm-cli.js JetStream2 tests aren't ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 046a8f31ca7307b771146340a6e3bd66b1265292 https://github.com/WebKit/WebKit/commit/046a8f31ca7307b771146340a6e3bd66b1265292 Author: Asumu Takikawa Date: 2023-07-18 (Tue, 18 Jul 2023) Changed paths: M PerformanceTests/JetStream2/wasm-cli.js Log Message: --- [WebAssembly] wasm-cli.js JetStream2 tests aren't run in test suite https://bugs.webkit.org/show_bug.cgi?id=259289 Reviewed by Yusuke Suzuki. Fixes wasm-cli.js JetStream2 test script, which is run as part of wasm.yaml in the JSC stress test suite. Since this script was checked in, JetStreamDriver.js has changed (requires additional variables to be defined) and has broken the script. * PerformanceTests/JetStream2/wasm-cli.js: Canonical link: https://commits.webkit.org/266140@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 697f8d: [Wasm-GC] Add nullexternref and nullfuncref types
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 697f8d5c0fddfb7924fae64cd1dafe572dd2ee0a https://github.com/WebKit/WebKit/commit/697f8d5c0fddfb7924fae64cd1dafe572dd2ee0a Author: Asumu Takikawa Date: 2023-08-10 (Thu, 10 Aug 2023) Changed paths: M JSTests/wasm/gc/any.js M JSTests/wasm/gc/casts.js M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Add nullexternref and nullfuncref types https://bugs.webkit.org/show_bug.cgi?id=254695 Reviewed by Yusuke Suzuki. * JSTests/wasm/gc/any.js: (testNullfuncref): (testNullexternref): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::sizeOfType): (JSC::Wasm::BBQJIT::toValueKind): (JSC::Wasm::BBQJIT::addConstant): (JSC::Wasm::BBQJIT::getGlobal): (JSC::Wasm::BBQJIT::setGlobal): (JSC::Wasm::BBQJIT::addTopLevel): (JSC::Wasm::BBQJIT::toB3Type): (JSC::Wasm::BBQJIT::emitCatchImpl): (JSC::Wasm::BBQJIT::emitCCall): (JSC::Wasm::BBQJIT::emitStoreConst): (JSC::Wasm::BBQJIT::emitMoveConst): (JSC::Wasm::BBQJIT::emitStore): (JSC::Wasm::BBQJIT::emitMoveMemory): (JSC::Wasm::BBQJIT::emitMoveRegister): (JSC::Wasm::BBQJIT::emitLoad): * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::numberOfStackResults const): (JSC::Wasm::WasmCallingConvention::numberOfStackArguments const): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isNullfuncref): (JSC::Wasm::isNullexternref): (JSC::Wasm::isSubtype): (JSC::Wasm::isValidHeapTypeKind): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::callInformationForCaller): (JSC::Wasm::LLIntGenerator::callInformationForCallee): (JSC::Wasm::LLIntGenerator::addArguments): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::castReference): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/266766@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5ff67f: Re-land [WASM-Function-References] Fix block signa...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5ff67f8945d70fcb2787d304b7e0a12e1e4ae7f4 https://github.com/WebKit/WebKit/commit/5ff67f8945d70fcb2787d304b7e0a12e1e4ae7f4 Author: Asumu Takikawa Date: 2023-08-12 (Sat, 12 Aug 2023) Changed paths: A JSTests/wasm/function-references/block_signature.js M JSTests/wasm/gc-spec-tests/type-equivalence.wast.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmParser.h Log Message: --- Re-land [WASM-Function-References] Fix block signature parsing for reftypes https://bugs.webkit.org/show_bug.cgi?id=247383 Reviewed by Justin Michaud. This is a re-land of this patch, with some adjustment to hopefully improve performance in benchmarks (previous attempt backed out due to JetStream2 regression). * JSTests/wasm/function-references/block_signature.js: Added. (module): (async blockSignatureTest): * JSTests/wasm/gc-spec-tests/type-equivalence.wast.js: * Source/JavaScriptCore/wasm/WasmFormat.h: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::unify): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser::parseBlockSignature): (JSC::Wasm::Parser::parseReftypeSignature): Canonical link: https://commits.webkit.org/266847@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 076997: [Wasm-GC] Update wast.js test helper for GC
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0769977d7b44f4a0f997db38cc1803e521adc523 https://github.com/WebKit/WebKit/commit/0769977d7b44f4a0f997db38cc1803e521adc523 Author: Asumu Takikawa Date: 2023-08-08 (Tue, 08 Aug 2023) Changed paths: M JSTests/wasm/gc/any.js M JSTests/wasm/gc/array_new_data.js M JSTests/wasm/gc/array_new_elem.js M JSTests/wasm/gc/array_new_fixed.js M JSTests/wasm/gc/array_new_fixed_long.js M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/bug252538.js M JSTests/wasm/gc/bug252719.js M JSTests/wasm/gc/bug254226.js M JSTests/wasm/gc/casts.js M JSTests/wasm/gc/eq.js M JSTests/wasm/gc/extern.js M JSTests/wasm/gc/i31.js M JSTests/wasm/gc/js-api.js M JSTests/wasm/gc/packed-arrays.js M JSTests/wasm/gc/rec.js M JSTests/wasm/gc/structs.js M JSTests/wasm/gc/wast.js Log Message: --- [Wasm-GC] Update wast.js test helper for GC https://bugs.webkit.org/show_bug.cgi?id=259894 Reviewed by Yusuke Suzuki. Updates the Wasm GC reference interpreter library to commit c7de5a1c1e261808a0c7744177589f6eb25da145 of the Wasm GC proposal repo. Also updates tests to match new syntax changes. * JSTests/wasm/gc/any.js: (testValidation): * JSTests/wasm/gc/array_new_data.js: (testBadDataSegment): (testBadOffset): (testReadOutOfBounds): (testInt32Overflow): (testTypeErrors): (testBadOperands): * JSTests/wasm/gc/array_new_elem.js: (testArrayNewCanonElem): (testArrayNewCanonElemExternref): (testBadTypeIndex): (testNonArrayType): (testImmutableArrayType): (testWrongTypeOffset): (testWrongTypeSize): (testNoElementSegments): (testOutOfBoundsElementSegmentIndex): (testTypeMismatch): (testWrongNumberOfArguments): (testInt32Overflow): (testRefCallNullary): (testRefCall): (testIndirectCallNullary): (testIndirectCall): (testAllElementSegmentKinds): (testNullFunctionIndex): (testImportFunctions): (testJSFunctions): * JSTests/wasm/gc/array_new_fixed.js: (testArrayFuncrefs): (testArrayExternrefs): (testArrayRefNull): (testTypeMismatch): (testInvalidArrayType): (testNestedArrays): (testStructs): (testMissingArgumentCount): * JSTests/wasm/gc/array_new_fixed_long.js: * JSTests/wasm/gc/arrays.js: (testArrayNewDefault): (testArrayGet): * JSTests/wasm/gc/bug252538.js: (testStructOfInts): (testStructDeclaration): * JSTests/wasm/gc/bug252719.js: (testIntFields): * JSTests/wasm/gc/bug254226.js: (testNestedStruct): (testNestedStructWithLocal): * JSTests/wasm/gc/casts.js: (testBasicCasts): (testI31Casts): (testFunctionCasts): (testArrayCasts): (testStructCasts): (testSubtypeCasts): (testEqCasts): * JSTests/wasm/gc/eq.js: * JSTests/wasm/gc/extern.js: (testInternalize): (testRoundtrip): (testTable): * JSTests/wasm/gc/i31.js: * JSTests/wasm/gc/js-api.js: (testStruct): * JSTests/wasm/gc/packed-arrays.js: (testArrayGetPacked): (testArrayGetUWithNewCanonPacked): (testArrayGetSWithNewCanonPacked): (testTypeMismatch64): (testTypeMismatchArrayGet): (testSetGetTruncate): (testArrayGetUnreachable): * JSTests/wasm/gc/rec.js: (testRecDeclaration): * JSTests/wasm/gc/structs.js: (testStructNewDefault): * JSTests/wasm/gc/wast.js: (b): (ac): (gp): (f4): (cl): (bZ): (bt): (adP): (dy): (dr): (wr): (jl): (bB): (bB.prototype.toString): (bB.prototype.toUtf16): (bB.prototype.slice): (v6): (a): (jj): (az): (cD): (v5): (wk): (gn): (z): (z.prototype.copy): (z.prototype.mul): (z.prototype.shift_right): (z.prototype.lsl1): (z.prototype.lsr1): (z.prototype.udivmod): (z.prototype.div): (z.prototype.mod): (z.prototype.toInt): (z.prototype.toFloat): (z.prototype.toArray): (z.prototype.lo32): (z.prototype.hi32): (du): (adg): (Y): (b0): (adj): (id): (dw): (i9): (b1): (eu): (bi): (adk): (adl): (ak): (ds): (bD): (adZ): (f7): (R): (cE): (v3): (v1): (adc): (f8): (cF): (i8): (adv): (ck): (ck.prototype.offset): (ck.prototype): (vZ): (aL): (v0): (vY): (cJ): (b3): (adr): (wa): (v2): (adt): (adK): (adD): (adz): (adu): (adw): (get b): (v9.string_appeared_here.deserialize): (i_): (v7): (f): (jh): (v8): (v4): (t): (dq): (O): (adn): (ado): (ji): (i): (c.j): (ja): (ew): (aG): (ga): (ey): (ad1.a): (ad1.b): (ad1): (wp): (adF): (adV): (adi): (a5): (cM): (cL): (adh): (Z): (adN): (adf): (ba): (vX): (aB.prototype.truncate): (aB.prototype.length): (aB.prototype.write): (aB.prototype.read): (aB.prototype.read_one): (aB.prototype.close): (aT): (aT.prototype.nm): (aT.prototype.create_dir_if_needed): (aT.prototype.slash): (aT.prototype.lookup): (aT.prototype.exists): (aT.prototype.mkdir): (aT.prototype.rmdir): (aT.prototype.readdir): (aT.prototype.is_dir): (aT.prototype.unlink): (aT.prototype.open): (aT.prototype.register): (w): (aU): (adb): (ada): (bC): (bC.prototype.truncate): (bC.prototype.length): (bC.prototype.write): (bC.prototype.read): (bC.prototype.read_one): (bC.prototype.close): (aC): (aC.prototype.nm): (aC.prototype.exists): (aC.prototype.mkdir): (aC.prototype.rmdir): (aC.prototype.readdir): (aC.prototype.is_dir): (aC.prototype.unlink
[webkit-changes] [WebKit/WebKit] c76ab2: [Wasm-GC] Add test for bug 258796
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c76ab28ce98e8d89e58919ce4e0c7a2963ed4f5a https://github.com/WebKit/WebKit/commit/c76ab28ce98e8d89e58919ce4e0c7a2963ed4f5a Author: Asumu Takikawa Date: 2024-02-14 (Wed, 14 Feb 2024) Changed paths: A JSTests/wasm/gc/bug258796.js Log Message: --- [Wasm-GC] Add test for bug 258796 https://bugs.webkit.org/show_bug.cgi?id=258796 Reviewed by Justin Michaud. Add test for already fixed bug. * JSTests/wasm/gc/bug258796.js: Added. (module): Canonical link: https://commits.webkit.org/274635@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 803d30: [Wasm-GC] Fix assertions for global init import case
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 803d3064cdeb810bbf07b64288b06b5493b7d68d https://github.com/WebKit/WebKit/commit/803d3064cdeb810bbf07b64288b06b5493b7d68d Author: Asumu Takikawa Date: 2024-02-14 (Wed, 14 Feb 2024) Changed paths: M JSTests/wasm/gc/const-exprs.js M JSTests/wasm/gc/simd.js M JSTests/wasm/gc/table_init.js M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [Wasm-GC] Fix assertions for global init import case https://bugs.webkit.org/show_bug.cgi?id=269123 Reviewed by Justin Michaud. Fixes assertions for the "import" (referring to previous globals) case of global init expressions. Also adds tests for various cases (including for tables) to cover these cases better. * JSTests/wasm/gc/const-exprs.js: (async testConstExprGlobalOrdering): * JSTests/wasm/gc/simd.js: (testSIMDGlobal): * JSTests/wasm/gc/table_init.js: * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeExports): Canonical link: https://commits.webkit.org/274637@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b1b24f: [Wasm-GC] call_indirect should take subtyping into...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b1b24f76c39f334914eaaf7b29191a414d904e99 https://github.com/WebKit/WebKit/commit/b1b24f76c39f334914eaaf7b29191a414d904e99 Author: Asumu Takikawa Date: 2024-02-13 (Tue, 13 Feb 2024) Changed paths: M JSTests/wasm/gc-spec-tests/type-subtyping.wast.js A JSTests/wasm/gc/call_indirect.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h Log Message: --- [Wasm-GC] call_indirect should take subtyping into account https://bugs.webkit.org/show_bug.cgi?id=260820 Reviewed by Justin Michaud. Changes call_indirect to use subtype checks instead of type equality. The fast path is still the type equality check, which means most existing code will still do a quick check. The slow path is used only if type equality fails and the GC proposal is enabled. On BBQJIT, the slow path is emitted out-of-line in the same fashion as exception throw sites. On both BBQ and OMG, the check is JIT-inlined. TODOs for the future: * The RTT subtype check JIT code can be reused to make ref.cast and ref.test faster in both BBQ and OMG (and for JS API). * It may be possible to avoid storing the type index in function metadata and instead store just the RTT pointer to save space. * JSTests/wasm/gc/call_indirect.js: Added. (testCallIndirect): * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addCallIndirect): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::endTopLevel): (JSC::Wasm::BBQJITImpl::BBQJIT::addRTTSlowPathJump): (JSC::Wasm::BBQJITImpl::BBQJIT::emitSlowPathRTTCheck): (JSC::Wasm::BBQJITImpl::BBQJIT::addCallIndirect): * Source/JavaScriptCore/wasm/WasmBBQJIT.h: * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::WasmToWasmImportableFunction::offsetOfRTT): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::doWasmCallIndirect): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::castReference): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: * Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::WebAssemblyFunction): * Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.cpp: (JSC::WebAssemblyFunctionBase::WebAssemblyFunctionBase): * Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h: (JSC::WebAssemblyFunctionBase::rtt const): (JSC::WebAssemblyFunctionBase::offsetOfRTT): * Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp: (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction): (JSC::WebAssemblyWrapperFunction::create): * Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h: Canonical link: https://commits.webkit.org/274558@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d27f9e: [Wasm-GC] Fix handling of bottom type in struct ops
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d27f9e79585db8efbc87fb4832a1f2a3c15021ff https://github.com/WebKit/WebKit/commit/d27f9e79585db8efbc87fb4832a1f2a3c15021ff Author: Asumu Takikawa Date: 2024-02-13 (Tue, 13 Feb 2024) Changed paths: M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/structs.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [Wasm-GC] Fix handling of bottom type in struct ops https://bugs.webkit.org/show_bug.cgi?id=268870 Reviewed by Justin Michaud. The parsing of struct types for the reference argument of various struct operations relied on checking for a type index in the type to check validity. This is too conservative, as the bottom type exists and values of bottom inhabit all types in the hiearchy. This patch corrects the validation check to accommodate bottom. * JSTests/wasm/gc/arrays.js: (testArrayGet): * JSTests/wasm/gc/structs.js: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseStructFieldManipulation): Canonical link: https://commits.webkit.org/274556@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e588a9: [Wasm-GC] Fix subtype hashing
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e588a9dece40ae7e3df122b4a863823fd69b2cc2 https://github.com/WebKit/WebKit/commit/e588a9dece40ae7e3df122b4a863823fd69b2cc2 Author: Asumu Takikawa Date: 2024-02-13 (Tue, 13 Feb 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp Log Message: --- [Wasm-GC] Fix subtype hashing https://bugs.webkit.org/show_bug.cgi?id=269024 Reviewed by Justin Michaud. The main fix is to the hashing+equality calculation for sub types. This fixes a test case derived from failures in real programs. There are also some smaller cleanups/refactorings of the subtype checking code as well. * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): (JSC::Wasm::SectionParser::parseRecursionGroup): (JSC::Wasm::SectionParser::checkSubtypeValidity): (JSC::Wasm::SectionParser::parseSubtype): * Source/JavaScriptCore/wasm/WasmSectionParser.h: * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::computeSubtypeHash): (JSC::Wasm::SubtypeParameterTypes::equal): Canonical link: https://commits.webkit.org/274555@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e4308d: [Wasm-GC] Fix error cases in Table.set/grow in JS API
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e4308dcc1bbede74e9defcd8ae815ca98ab6a969 https://github.com/WebKit/WebKit/commit/e4308dcc1bbede74e9defcd8ae815ca98ab6a969 Author: Asumu Takikawa Date: 2024-02-19 (Mon, 19 Feb 2024) Changed paths: M JSTests/wasm/gc/js-api.js M Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h M Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp Log Message: --- [Wasm-GC] Fix error cases in Table.set/grow in JS API https://bugs.webkit.org/show_bug.cgi?id=269578 Reviewed by Justin Michaud. Fixes error cases for these JS API operations to match the latest GC proposal JS API spec. Also ensure assertions are accurate. * JSTests/wasm/gc/js-api.js: (testTable): * Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h: (JSC::defaultValueForReferenceType): * Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/275014@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6b7295: [Wasm-GC] Handle OOM for allocations consistently
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6b7295ed661f0827a0e1a58c7abb7bc361dd5754 https://github.com/WebKit/WebKit/commit/6b7295ed661f0827a0e1a58c7abb7bc361dd5754 Author: Asumu Takikawa Date: 2024-02-20 (Tue, 20 Feb 2024) Changed paths: M JSTests/wasm/gc/array_new_data.js M JSTests/wasm/gc/array_new_elem.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h Log Message: --- [Wasm-GC] Handle OOM for allocations consistently https://bugs.webkit.org/show_bug.cgi?id=264454 Reviewed by Justin Michaud. Check for OOM and raise an exception consistently for all Wasm GC allocation points. Refactors some function names to match. * JSTests/wasm/gc/array_new_data.js: (testBadOffset): (testReadOutOfBounds): (testInt32Overflow): * JSTests/wasm/gc/array_new_elem.js: (testInt32Overflow): (testAllElementSegmentKinds): Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addArrayNew): (JSC::Wasm::B3IRGenerator::pushArrayNewFromSegment): (JSC::Wasm::B3IRGenerator::addArrayNewDefault): (JSC::Wasm::B3IRGenerator::addArrayNewData): (JSC::Wasm::B3IRGenerator::addArrayNewElem): (JSC::Wasm::B3IRGenerator::addArrayNewFixed): (JSC::Wasm::B3IRGenerator::addStructNew): (JSC::Wasm::B3IRGenerator::addStructNewDefault): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewData): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewElem): * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::ConstExprValue::ConstExprValue): (JSC::Wasm::ConstExprGenerator::ConstExprValue::isInvalid): (JSC::Wasm::ConstExprGenerator::createNewArray): (JSC::Wasm::ConstExprGenerator::addArrayNew): (JSC::Wasm::ConstExprGenerator::addArrayNewDefault): (JSC::Wasm::ConstExprGenerator::addArrayNewFixed): (JSC::Wasm::ConstExprGenerator::createNewStruct): (JSC::Wasm::ConstExprGenerator::addStructNewDefault): (JSC::Wasm::ConstExprGenerator::addStructNew): * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::fillArray): (JSC::Wasm::arrayNew): (JSC::Wasm::copyElementsInReverse): (JSC::Wasm::arrayNewFixed): (JSC::Wasm::createArrayValue): (JSC::Wasm::structNew): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::tryCreate): (JSC::JSWebAssemblyStruct::create): Deleted. * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h: Canonical link: https://commits.webkit.org/275059@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] dafde6: [Wasm-GC] Make type reflection throw correctly in ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dafde6a4c8f54052136cbe85d228007ebabcc353 https://github.com/WebKit/WebKit/commit/dafde6a4c8f54052136cbe85d228007ebabcc353 Author: Asumu Takikawa Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M JSTests/wasm/gc/js-api.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyGlobal.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyGlobalPrototype.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyTagPrototype.cpp Log Message: --- [Wasm-GC] Make type reflection throw correctly in JS API https://bugs.webkit.org/show_bug.cgi?id=265722 Reviewed by Justin Michaud. Ensure that type reflection functions throw an exception appropriately when ref types are unrepresentable (yet) in the JS API. This behavior may change (to return a string for some cases instead of erroring) depending on spec changes, but in any case there should be a defined code path for them. * JSTests/wasm/gc/js-api.js: (module): (testTag): (testTable): Deleted. (testImport): Deleted. * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::typeToJSAPIString): (JSC::Wasm::typeToString): Deleted. * Source/JavaScriptCore/wasm/js/JSWebAssemblyGlobal.cpp: (JSC::JSWebAssemblyGlobal::type): * Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp: (JSC::JSWebAssemblyTable::type): * Source/JavaScriptCore/wasm/js/WebAssemblyGlobalPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/wasm/js/WebAssemblyTagPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/274900@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] be53e5: [Wasm-GC] select operation should subtype check it...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: be53e5fb7d969d9c062114ce9b472afc870a869e https://github.com/WebKit/WebKit/commit/be53e5fb7d969d9c062114ce9b472afc870a869e Author: Asumu Takikawa Date: 2023-12-13 (Wed, 13 Dec 2023) Changed paths: A JSTests/wasm/gc/bug266056.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [Wasm-GC] select operation should subtype check its arguments https://bugs.webkit.org/show_bug.cgi?id=266056 Reviewed by Justin Michaud. Use subtyping instead of type equality for annotated select arguments. * JSTests/wasm/gc/bug266056.js: Added. * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): Canonical link: https://commits.webkit.org/272017@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 456ffa: [Wasm-GC] Typedef unrolling cache should hold valu...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 456ffae07aa82edcd3063baea83d87a83f75df2e https://github.com/WebKit/WebKit/commit/456ffae07aa82edcd3063baea83d87a83f75df2e Author: Asumu Takikawa Date: 2023-12-13 (Wed, 13 Dec 2023) Changed paths: A JSTests/wasm/gc/bug265721.js M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- [Wasm-GC] Typedef unrolling cache should hold values strongly https://bugs.webkit.org/show_bug.cgi?id=265721 Reviewed by Justin Michaud. This patch fixes two related issues. The main issue is that there is a cache for type definition unrollings that didn't hold the values strongly, and since these values are not held by the Wasm instance they could get de-allocated. This could cause correctness issues or crashes. That bug was in practice hard to trigger (though it did trigger on some large compiled-to-wasm examples), because it was hidden by a second bug. The placeholders in recursive types (used to delay type expansion to cut off infinite expansion of recursive types) were also not held strongly by the TypeInformation store, so they could also get de-allocated when an instance gets collected. This bug makes memoization less effective but didn't affect correctness. This patch makes the placeholders held by the TypeInformation store itself, similar to how special type signatures are held by the store. They are also only allocated via a helper function now, which ensures the store holds the typedef. It also fixes the cache by using RefPtr for the value type. * JSTests/wasm/gc/typedef.js: * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser::parseValueType): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseSubtype): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::getPlaceholderProjection): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: Canonical link: https://commits.webkit.org/272016@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3015bb: [Wasm-GC] Module linking should take subtyping int...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3015bbe0e8abf05249481775c75b494e3548fd74 https://github.com/WebKit/WebKit/commit/3015bbe0e8abf05249481775c75b494e3548fd74 Author: Asumu Takikawa Date: 2023-12-18 (Mon, 18 Dec 2023) Changed paths: M JSTests/wasm/gc-spec-tests/type-subtyping.wast.js A JSTests/wasm/gc/linking.js M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [Wasm-GC] Module linking should take subtyping into account https://bugs.webkit.org/show_bug.cgi?id=260039 Reviewed by Justin Michaud. Use subtyping for module linking in general. Also add and re-enable more tests about linking. Note: we don't add subtyping for exception tags for now, because the exception proposal is in flux. * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: * JSTests/wasm/gc/linking.js: Added. (testLinking): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): Canonical link: https://commits.webkit.org/272226@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 06ddd6: [WASM] SEGV in JSC::Wasm::FunctionParser
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 06ddd6593c2d8c55ebbb70ff1433eba574b81bb7 https://github.com/WebKit/WebKit/commit/06ddd6593c2d8c55ebbb70ff1433eba574b81bb7 Author: Asumu Takikawa Date: 2023-12-14 (Thu, 14 Dec 2023) Changed paths: A JSTests/wasm/gc/bug260516.js Log Message: --- [WASM] SEGV in JSC::Wasm::FunctionParser::parseExpression https://bugs.webkit.org/show_bug.cgi?id=260516 Reviewed by Justin Michaud. Adds test for already-fixed bug. * JSTests/wasm/gc/bug260516.js: Added. (module): Canonical link: https://commits.webkit.org/272049@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7e71e7: [Wasm-GC] Update element segments to account for t...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7e71e7282468d89fdab477163369d6df25e9101b https://github.com/WebKit/WebKit/commit/7e71e7282468d89fdab477163369d6df25e9101b Author: Asumu Takikawa Date: 2023-12-12 (Tue, 12 Dec 2023) Changed paths: A JSTests/wasm/function-references-spec-tests/br_table.wast.js A JSTests/wasm/function-references-spec-tests/ref.wast.js A JSTests/wasm/function-references-spec-tests/ref_is_null.wast.js A JSTests/wasm/function-references-spec-tests/table-sub.wast.js A JSTests/wasm/function-references-spec-tests/unreached-valid.wast.js M JSTests/wasm/gc-spec-tests/array.wast.js A JSTests/wasm/gc-spec-tests/binary-gc.wast.js A JSTests/wasm/gc-spec-tests/ref_eq.wast.js A JSTests/wasm/gc-spec-tests/ref_test.wast.js M JSTests/wasm/gc/array_new_elem.js M JSTests/wasm/gc/const-exprs.js M JSTests/wasm/gc/wast-wrapper.js M JSTests/wasm/references/element_active_mod.js M JSTests/wasm/v8/regress/regress-1046472.js M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.h M Source/JavaScriptCore/wasm/WasmEntryPlan.cpp M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmInstance.cpp M Source/JavaScriptCore/wasm/WasmInstance.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.h M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [Wasm-GC] Update element segments to account for typed funcrefs and GC types https://bugs.webkit.org/show_bug.cgi?id=251874 Reviewed by Justin Michaud. Fix element segment parsing to allow more kinds of ref types (this is actually a requirement of the reference types proposal, predating both typed funcref and GC). Also add support for general const expr initialization for elements. For now, initialization steps for element segments are done each time on table init or array.new_elem. This could be done earlier in module init instead (to avoid duplciated work for shared elements), but that requires a larger change to create a runtime representation of elements that can strongly hold references. Add missing spec tests and re-enable tests that now succeed as well. A small validation fix was needed for the br_table test. * JSTests/wasm/function-references-spec-tests/br_table.wast.js: Added. * JSTests/wasm/function-references-spec-tests/ref.wast.js: Added. * JSTests/wasm/function-references-spec-tests/ref_is_null.wast.js: Added. * JSTests/wasm/function-references-spec-tests/table-sub.wast.js: Added. * JSTests/wasm/function-references-spec-tests/unreached-valid.wast.js: Added. * JSTests/wasm/gc-spec-tests/array.wast.js: * JSTests/wasm/gc-spec-tests/binary-gc.wast.js: Added. * JSTests/wasm/gc-spec-tests/ref_eq.wast.js: Added. * JSTests/wasm/gc-spec-tests/ref_test.wast.js: Added. * JSTests/wasm/gc/array_new_elem.js: (testTypeMismatch): (testAllElementSegmentKinds): (testNullFunctionIndex): * JSTests/wasm/gc/const-exprs.js: (async testElementConstExprs): * JSTests/wasm/gc/wast-wrapper.js: * JSTests/wasm/references/element_active_mod.js: (refNullExternInElemsSection): * JSTests/wasm/v8/regress/regress-1046472.js: * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::evaluateExtendedConstExpr): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.h: * Source/JavaScriptCore/wasm/WasmEntryPlan.cpp: (JSC::Wasm::EntryPlan::prepare): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::Element::Element): (JSC::Wasm::Element::length const): (JSC::Wasm::Element::isNullFuncIndex): Deleted. * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::addReferencedFunctions): (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmInstance.cpp: (JSC::Wasm::Instance::initElementSegment): (JSC::Wasm::Instance::copyElementSegment): (JSC::Wasm::Instance::evaluateConstantExpression): * Source/JavaScriptCore/wasm/WasmInstance.h: * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseTableHelper): (JSC::Wasm::SectionParser::parseElement): (JSC::Wasm::SectionParser::validateElementTableIdx): (JSC::Wasm::SectionParser::parseElementSegmentVectorOfExpressions): (JSC::Wasm::SectionParser::parseElementSegmentVectorOfIndexes): * Source/JavaScriptCore/wasm/WasmSectionParser.h: * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::evaluateConstantExpression): (JSC::WebAssemblyModuleRecord::evaluate): Canonical link: https://commits.webkit.org/271952@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3c1e13: Test for "segmentation fault in Source/JavaScriptC...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3c1e139e1cd3b7137433e8f2df8fc42655a5d64d https://github.com/WebKit/WebKit/commit/3c1e139e1cd3b7137433e8f2df8fc42655a5d64d Author: Asumu Takikawa Date: 2023-12-12 (Tue, 12 Dec 2023) Changed paths: A JSTests/wasm/gc/bug258801.js Log Message: --- Test for "segmentation fault in Source/JavaScriptCore/wasm/WasmTypeDefinition.h:324" https://bugs.webkit.org/show_bug.cgi?id=258801 Reviewed by Justin Michaud. Adds test for fixed bug. * JSTests/wasm/gc/bug258801.js: Added. (module): Canonical link: https://commits.webkit.org/271951@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 99f4cb: [Wasm-GC] Add test for bug258795
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 99f4cb87b46223e88cfac46dc467d8b10125e846 https://github.com/WebKit/WebKit/commit/99f4cb87b46223e88cfac46dc467d8b10125e846 Author: Asumu Takikawa Date: 2023-12-12 (Tue, 12 Dec 2023) Changed paths: A JSTests/wasm/gc/bug258795.js Log Message: --- [Wasm-GC] Add test for bug258795 https://bugs.webkit.org/show_bug.cgi?id=258795 Reviewed by Justin Michaud. Add test for already fixed bug. Needs SIMD. * JSTests/wasm/gc/bug258795.js: Added. (module): Canonical link: https://commits.webkit.org/271955@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4c0631: [Wasm-GC] Fix returned reference in br_on_null in ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4c063193fca3705d586896fdc2eb11b9d4fc24b9 https://github.com/WebKit/WebKit/commit/4c063193fca3705d586896fdc2eb11b9d4fc24b9 Author: Asumu Takikawa Date: 2023-12-12 (Tue, 12 Dec 2023) Changed paths: A JSTests/wasm/gc/bug266167.js M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp Log Message: --- [Wasm-GC] Fix returned reference in br_on_null in LLInt/B3 https://bugs.webkit.org/show_bug.cgi?id=266167 Reviewed by Justin Michaud. Fix the LLInt implementation of br_on_null to avoid ovewriting the virtual register of the reference that should stay on the stack on a non-branch. * JSTests/wasm/gc/bug266167.js: Added. (instantiate.module.type.struct.field.i32.func.export.string_appeared_here.block.struct.new.0.i32.const.42.br_on_null.0.struct.0.0.drop.exports.f): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addBranchNull): Canonical link: https://commits.webkit.org/271964@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 62e8e4: [Wasm-GC] Update "read the imports" part of JS API...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 62e8e45c7ec28d76b723e476b5ab7978a3f82b7b https://github.com/WebKit/WebKit/commit/62e8e45c7ec28d76b723e476b5ab7978a3f82b7b Author: Asumu Takikawa Date: 2023-12-20 (Wed, 20 Dec 2023) Changed paths: M JSTests/wasm/gc/js-api.js A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/global-import.tentative.any-expected.txt A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/global-import.tentative.any.html A LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/global-import.tentative.any.js M Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [Wasm-GC] Update "read the imports" part of JS API for globals https://bugs.webkit.org/show_bug.cgi?id=264655 Reviewed by Justin Michaud. The GC proposal JS API was recently updated (https://github.com/WebAssembly/gc/pull/467) to allow direct import of reftype globals in more cases. This patch also includes a version of the pending WPT tests for this case (tracked upstream here: https://github.com/WebAssembly/gc/pull/498) which should be updated later if there are any changes in the accepted upstream version. * JSTests/wasm/gc/js-api.js: (testImport.): (testImport): * LayoutTests/imported/w3c/web-platform-tests/wasm/jsapi/gc/global-import.tentative.any.js: Added. (setup.doLink): (setup): (test): * Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h: (JSC::fromJSValue): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): Canonical link: https://commits.webkit.org/272367@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c64fed: [WASM-Function-References] call_ref should subtype...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c64fed2494abb9199b84adc5d5c81ae504b08037 https://github.com/WebKit/WebKit/commit/c64fed2494abb9199b84adc5d5c81ae504b08037 Author: Asumu Takikawa Date: 2023-12-08 (Fri, 08 Dec 2023) Changed paths: M JSTests/wasm/function-references/call_ref.js A JSTests/wasm/gc/call_ref.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp Log Message: --- [WASM-Function-References] call_ref should subtype-check its arguments https://bugs.webkit.org/show_bug.cgi?id=264649 Reviewed by Justin Michaud. Fixes a few issues with call_ref, mainly that it should subtype check its arguments. Also fixes other GC-related issues with call_ref such as needing to check that the target typedef is a function type, and using subtyping for the funcref argument itself. Also adds FIXME comments for a related bug for the runtime part. * JSTests/wasm/function-references/call_ref.js: (async invalidTypeIndex): * JSTests/wasm/gc/call_ref.js: Added. (testRefSubtyping): (testArgSubtyping): (testTypeDefCheck): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isSubtypeIndex): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::doWasmCallIndirect): (JSC::LLInt::doWasmCallRef): Canonical link: https://commits.webkit.org/271780@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] fc9e1f: [Wasm-GC] Fix initialization of portable reftype g...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: fc9e1f45e692511bdf47f9a49102cdeadcc6e707 https://github.com/WebKit/WebKit/commit/fc9e1f45e692511bdf47f9a49102cdeadcc6e707 Author: Asumu Takikawa Date: 2023-12-08 (Fri, 08 Dec 2023) Changed paths: M JSTests/wasm/gc/js-api.js M Source/JavaScriptCore/wasm/WasmGlobal.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [Wasm-GC] Fix initialization of portable reftype globals https://bugs.webkit.org/show_bug.cgi?id=265693 Reviewed by Justin Michaud. Ref-typed globals need to be initialized using the JSValue init path rather than the "as bits" init path. This is less a problem for functions, as they are held strongly by the instance, but for other GC types is a bigger problem. For portable globals, the marking method also needs to check for all reftypes, not just extern/func. This is mostly tested by the existing gc/js-api.js test, one test was added for the marking issue. * JSTests/wasm/gc/js-api.js: * Source/JavaScriptCore/wasm/WasmGlobal.cpp: (JSC::Wasm::Global::visitAggregateImpl): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeExports): Canonical link: https://commits.webkit.org/271777@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 92e8b1: [Wasm-GC] Implement br_on_cast and br_on_cast_fail
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 92e8b1300f34bcb5dcc7c17ebb1b8c49a39633d2 https://github.com/WebKit/WebKit/commit/92e8b1300f34bcb5dcc7c17ebb1b8c49a39633d2 Author: Asumu Takikawa Date: 2023-12-09 (Sat, 09 Dec 2023) Changed paths: A JSTests/wasm/gc-spec-tests/br_on_cast.wast.js A JSTests/wasm/gc-spec-tests/br_on_cast_fail.wast.js A JSTests/wasm/gc/br_on_cast.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Implement br_on_cast and br_on_cast_fail https://bugs.webkit.org/show_bug.cgi?id=254694 Reviewed by Justin Michaud. Implements the br_on_cast and br_on_cast_fail instructions. These instructions are compiled via a new addBranchCast method in the Wasm generators. To accommodate the fail case, the emit functions and operations for RefTest are given flags whether to negate the operation. This patch also fixes some missing subtype checks for block parameters. * JSTests/wasm/gc-spec-tests/br_on_cast.wast.js: Added. * JSTests/wasm/gc-spec-tests/br_on_cast_fail.wast.js: Added. * JSTests/wasm/gc/br_on_cast.js: Added. (testBrOnCastValidation): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addRefTest): (JSC::Wasm::B3IRGenerator::addRefCast): (JSC::Wasm::B3IRGenerator::emitRefTestOrCast): (JSC::Wasm::B3IRGenerator::addBranchCast): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addRefTest): (JSC::Wasm::BBQJIT::addBranchNull): (JSC::Wasm::BBQJIT::addBranchCast): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::addRefTest): (JSC::Wasm::IPIntGenerator::addBranchCast): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addBranchCast): (JSC::Wasm::LLIntGenerator::addRefTest): * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperations.h: * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::signatureForLLIntBuiltin): (JSC::Wasm::TypeInformation::TypeInformation): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/271810@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 025c31: [Wasm-GC] Local init tracking should track unreach...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 025c31d1220e4111fa28bf0934b8d3f072c336ff https://github.com/WebKit/WebKit/commit/025c31d1220e4111fa28bf0934b8d3f072c336ff Author: Asumu Takikawa Date: 2023-12-11 (Mon, 11 Dec 2023) Changed paths: A JSTests/wasm/gc/bug266127.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [Wasm-GC] Local init tracking should track unreachable local.set too https://bugs.webkit.org/show_bug.cgi?id=266127 Reviewed by Justin Michaud. Unreachable local.set instructions still need to set init flags for local init tracking purposes. While these aren't very useful, it avoids spurious validation errors from subsequent local.get in unreachable code. * JSTests/wasm/gc/bug266127.js: Added. (testUnreachable): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseUnreachableExpression): Canonical link: https://commits.webkit.org/271910@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2e312e: Test for "[WASM] ASSERTION FAILED: subRTT.has_valu...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2e312e1da48b80ea7a9da2539d556c3aecd015cf https://github.com/WebKit/WebKit/commit/2e312e1da48b80ea7a9da2539d556c3aecd015cf Author: Asumu Takikawa Date: 2023-12-13 (Wed, 13 Dec 2023) Changed paths: A JSTests/wasm/gc/bug258128.js Log Message: --- Test for "[WASM] ASSERTION FAILED: subRTT.has_value() && parentRTT.has_value() in JSC::Wasm::isSubtypeIndex(TypeIndex, TypeIndex)" https://bugs.webkit.org/show_bug.cgi?id=258128 Reviewed by Justin Michaud. Adds test for fixed bug. * JSTests/wasm/gc/bug258128.js: Added. (module): Canonical link: https://commits.webkit.org/271997@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ea71f9: [Wasm-GC] Support bulk array instructions
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ea71f9290dfa4441fc1f5908e5bc41f189acfc35 https://github.com/WebKit/WebKit/commit/ea71f9290dfa4441fc1f5908e5bc41f189acfc35 Author: Asumu Takikawa Date: 2024-01-04 (Thu, 04 Jan 2024) Changed paths: A JSTests/wasm/gc-spec-tests/array_copy.wast.js A JSTests/wasm/gc-spec-tests/array_fill.wast.js A JSTests/wasm/gc-spec-tests/array_init_data.wast.js A JSTests/wasm/gc-spec-tests/array_init_elem.wast.js M JSTests/wasm/gc/array_new_elem.js M JSTests/wasm/gc/arrays.js A JSTests/wasm/gc/bulk-array.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/llint/WebAssembly.asm M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.h M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmInstance.cpp M Source/JavaScriptCore/wasm/WasmInstance.h M Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [Wasm-GC] Support bulk array instructions https://bugs.webkit.org/show_bug.cgi?id=264057 Reviewed by Justin Michaud. Add support for bulk array operations from the Wasm GC proposal. These allow bulk operations into GC arrays. Adds spec tests from commit ff856bef3b717609e9b6854a1c78da80068322e9 of the GC proposal repo. Also fixes a number of other related issues: * Fix incorrect element segment copying ranges for array.new_elem. * Fix handling of dropped segments in array.new_elem. * Minor fix to exception cases in B3 backend. * Fix registration of declared functions in the constant expression parser. * Adjust error messages * Fixed global import for i31refs. * JSTests/wasm/gc-spec-tests/array_copy.wast.js: Added. * JSTests/wasm/gc-spec-tests/array_fill.wast.js: Added. * JSTests/wasm/gc-spec-tests/array_init_data.wast.js: Added. * JSTests/wasm/gc-spec-tests/array_init_elem.wast.js: Added. * JSTests/wasm/gc/array_new_elem.js: (testAllElementSegmentKinds): * JSTests/wasm/gc/arrays.js: * JSTests/wasm/gc/bulk-array.js: Added. (testArrayFill.doTest): (testArrayFill): (testArrayCopy.doTest): (testArrayCopy): (testArrayInitElem): (testArrayInitData): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/llint/WebAssembly.asm: * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addArrayNewFixed): (JSC::Wasm::B3IRGenerator::emitArrayNullCheck): (JSC::Wasm::B3IRGenerator::addArraySet): (JSC::Wasm::B3IRGenerator::addArrayFill): (JSC::Wasm::B3IRGenerator::addArrayCopy): (JSC::Wasm::B3IRGenerator::addArrayInitElem): (JSC::Wasm::B3IRGenerator::addArrayInitData): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addArrayFill): (JSC::Wasm::BBQJIT::addArrayCopy): (JSC::Wasm::BBQJIT::addArrayInitElem): (JSC::Wasm::BBQJIT::addArrayInitData): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::declaredFunctions const): (JSC::Wasm::ConstExprGenerator::addRefFunc): (JSC::Wasm::parseExtendedConstExpr): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.h: * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::addArrayFill): (JSC::Wasm::IPIntGenerator::addArrayCopy): (JSC::Wasm::IPIntGenerator::addArrayInitElem): (JSC::Wasm::IPIntGenerator::addArrayInitData): * Source/JavaScriptCore/wasm/WasmInstance.cpp: (JSC::Wasm::Instance::copyDataSegment): (JSC::Wasm::Instance::copyElementSegment): * Source/JavaScriptCore/wasm/WasmInstance.h: * Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h: * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addArrayFill): (JSC::Wasm::LLIntGenerator::addArrayCopy): (JSC::Wasm::LLIntGenerator::addArrayInitElem): (JSC::Wasm::LLIntGenerator
[webkit-changes] [WebKit/WebKit] dcb4e4: [Wasm-GC] Inline Wasm array operations & allocation
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dcb4e4846eeaf91edfb9a06f791f5920ab4a3e8c https://github.com/WebKit/WebKit/commit/dcb4e4846eeaf91edfb9a06f791f5920ab4a3e8c Author: Asumu Takikawa Date: 2024-01-03 (Wed, 03 Jan 2024) Changed paths: M JSTests/wasm/gc/arrays.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmLimits.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h Log Message: --- [Wasm-GC] Inline Wasm array operations & allocation https://bugs.webkit.org/show_bug.cgi?id=245405 Reviewed by Justin Michaud. Adds JIT inlining for array.get/set operations in both BBQ and B3 tiers. Allocation inlining is not done yet as it's more complex. Sets an arbitrary limit on max array length to avoid boundary conditions on the array index type. Also simplify some code for struct.get/set as well. * JSTests/wasm/gc/arrays.js: (testArrayLimit): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitStructSet): (JSC::Wasm::B3IRGenerator::pushArrayNew): (JSC::Wasm::B3IRGenerator::addArrayGet): (JSC::Wasm::B3IRGenerator::emitArraySetUnchecked): (JSC::Wasm::B3IRGenerator::addStructGet): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addArrayNew): (JSC::Wasm::BBQJIT::addArrayNewDefault): (JSC::Wasm::BBQJIT::emitArraySetUnchecked): (JSC::Wasm::BBQJIT::addArrayNewFixed): (JSC::Wasm::BBQJIT::addArrayGet): (JSC::Wasm::BBQJIT::addStructGet): * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmLimits.h: * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::arrayNew): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h: Canonical link: https://commits.webkit.org/272642@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 936310: [Wasm-GC] Align limits with final values
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 936310fbceb1f58b4182e481df2116a7a52ed15c https://github.com/WebKit/WebKit/commit/936310fbceb1f58b4182e481df2116a7a52ed15c Author: Asumu Takikawa Date: 2024-01-11 (Thu, 11 Jan 2024) Changed paths: A JSTests/wasm/gc/limits.js M JSTests/wasm/gc/rec.js M Source/JavaScriptCore/wasm/WasmLimits.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp Log Message: --- [Wasm-GC] Align limits with final values https://bugs.webkit.org/show_bug.cgi?id=267245 Reviewed by Justin Michaud. Adds several implementation limits that were missing or added recently (max number of rec groups, max recgroup size, and max subtyping depth). Also fix an issue with zero length recursion groups uncovered by the tests. * JSTests/wasm/gc/limits.js: Added. (module): (testLimits): * JSTests/wasm/gc/rec.js: (testRecDeclaration): * Source/JavaScriptCore/wasm/WasmLimits.h: * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): (JSC::Wasm::SectionParser::parseRecursionGroup): Canonical link: https://commits.webkit.org/272921@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 161954: [Wasm-GC] Fix recursive return type index for stru...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1619546caa4017f3b25fcfdcc860c7e6ce6394df https://github.com/WebKit/WebKit/commit/1619546caa4017f3b25fcfdcc860c7e6ce6394df Author: Asumu Takikawa Date: 2024-01-11 (Thu, 11 Jan 2024) Changed paths: M JSTests/wasm/gc/structs.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [Wasm-GC] Fix recursive return type index for struct.new_default https://bugs.webkit.org/show_bug.cgi?id=267357 Reviewed by Justin Michaud. Expands the type in the correct place now in validating struct.new_default. * JSTests/wasm/gc/structs.js: (testStructNewDefault): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): Canonical link: https://commits.webkit.org/272941@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6decd8: [Wasm-GC] Fix write barrier bug in BBQ array.set
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6decd847ff1762e7bc2a269e3a264192ed704c24 https://github.com/WebKit/WebKit/commit/6decd847ff1762e7bc2a269e3a264192ed704c24 Author: Asumu Takikawa Date: 2024-01-11 (Thu, 11 Jan 2024) Changed paths: A JSTests/wasm/gc/bug267381.js M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp Log Message: --- [Wasm-GC] Fix write barrier bug in BBQ array.set https://bugs.webkit.org/show_bug.cgi?id=267381 Reviewed by Justin Michaud. Fixes a bug in the patch for bug245405. The write barriers in these cases were in the right place, but the condition to check for them was wrong (because BBQ values use I64 type kind for Ref types). The condition now uses the type index to look up the type. * JSTests/wasm/gc/bug267381.js: Added. (i.assert.eq.m2.exports): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addArrayNewFixed): (JSC::Wasm::BBQJIT::addArraySet): Canonical link: https://commits.webkit.org/272923@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1e4c23: [Wasm-GC] Avoid spurious assertion in JSWebAssembl...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1e4c23e67107054c015e3e846d8ee804ad934953 https://github.com/WebKit/WebKit/commit/1e4c23e67107054c015e3e846d8ee804ad934953 Author: Asumu Takikawa Date: 2024-01-05 (Fri, 05 Jan 2024) Changed paths: A JSTests/wasm/gc/bug266249.js M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h Log Message: --- [Wasm-GC] Avoid spurious assertion in JSWebAssemblyArray::set https://bugs.webkit.org/show_bug.cgi?id=266249 Reviewed by Justin Michaud. Avoid an assertion that isn't necessary. The reason is sometimes triggers is due to the LLInt slow path code reading a uint64_t value from the VirtualRegister instead of a uint32_t. While we could dispatch on the type in the slow path code, this would require more overhead to extract the type from the object or more space in the bytecode to pass the type through. Also change some uses of EncodedJSValue to uint64_t for better clarity. * JSTests/wasm/gc/bug266249.js: Added. * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h: Canonical link: https://commits.webkit.org/272719@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f546b9: Wasm element segment vector items should allow mor...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f546b9fda023108f0f5c5f85c737a8994da9930e https://github.com/WebKit/WebKit/commit/f546b9fda023108f0f5c5f85c737a8994da9930e Author: Asumu Takikawa Date: 2024-01-12 (Fri, 12 Jan 2024) Changed paths: M JSTests/wasm/extended-const-spec-tests/elem.wast.js M Source/JavaScriptCore/wasm/WasmInstance.cpp Log Message: --- Wasm element segment vector items should allow more constant expressions https://bugs.webkit.org/show_bug.cgi?id=260542 Reviewed by Justin Michaud. This patch enables the test cases in the extended constant expression proposal spec tests that were blocked by the item limitation. It also fixes a bug uncovered by these tests, which is that the function table initialization path for global/constant expression cases needs to be handled explicitly. The spec test tests the global.get case. The constant expression case is difficult to test in practice, because currently you can only get a function result from a constant expression via ref.null, ref.func, and global.get which are all fast-path special cases and avoid the full constant expression parsing. * JSTests/wasm/extended-const-spec-tests/elem.wast.js: * Source/JavaScriptCore/wasm/WasmInstance.cpp: (JSC::Wasm::Instance::initElementSegment): Canonical link: https://commits.webkit.org/273002@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 9a518a: Re-land [WASM-Function-References] Fix block signa...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 9a518a5530263ef6ccdce8706fccd4ae5e4c9f2e https://github.com/WebKit/WebKit/commit/9a518a5530263ef6ccdce8706fccd4ae5e4c9f2e Author: Asumu Takikawa Date: 2023-11-28 (Tue, 28 Nov 2023) Changed paths: A JSTests/wasm/function-references/block_signature.js M JSTests/wasm/gc-spec-tests/type-equivalence.wast.js M JSTests/wasm/gc-spec-tests/type-subtyping.wast.js A JSTests/wasm/gc/block.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- Re-land [WASM-Function-References] Fix block signature parsing for reftypes https://bugs.webkit.org/show_bug.cgi?id=247383 Reviewed by Justin Michaud. This is a re-land of this patch that removes a perf issue introduced in the previous attempts. Adds a fast path for parsing potentially nested blocks with simple (one byte) type signatures. Also changes BlockSignature definition in order to avoid redundant calls to as(). Also fixes the error case when a block signature refers to a non-function type. * JSTests/wasm/function-references/block_signature.js: Added. (module): (async blockSignatureTest): * JSTests/wasm/gc-spec-tests/type-equivalence.wast.js: * JSTests/wasm/gc-spec-tests/type-subtyping.wast.js: * JSTests/wasm/gc/block.js: Added. (testBlockType): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::ControlData::ControlData): (JSC::Wasm::B3IRGenerator::ControlData::hasNonVoidresult const): (JSC::Wasm::B3IRGenerator::ControlData::branchTargetArity const): (JSC::Wasm::B3IRGenerator::ControlData::branchTargetType const): (JSC::Wasm::B3IRGenerator::toB3ResultType): (JSC::Wasm::B3IRGenerator::addLoop): (JSC::Wasm::B3IRGenerator::addElseToUnreachable): (JSC::Wasm::B3IRGenerator::endBlock): (JSC::Wasm::B3IRGenerator::addEndToUnreachable): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::ControlData::ControlData): (JSC::Wasm::BBQJIT::ControlData::branchTargetArity const): (JSC::Wasm::BBQJIT::ControlData::branchTargetType const): (JSC::Wasm::BBQJIT::ControlData::argumentType const): (JSC::Wasm::BBQJIT::addBlock): (JSC::Wasm::BBQJIT::addLoop): (JSC::Wasm::BBQJIT::addIf): (JSC::Wasm::BBQJIT::addElse): (JSC::Wasm::BBQJIT::addElseToUnreachable): (JSC::Wasm::BBQJIT::addTry): (JSC::Wasm::BBQJIT::addEndToUnreachable): * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::callInformationFor const): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isValueType): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::splitStack): (JSC::Wasm::FunctionParser::parseBody): (JSC::Wasm::FunctionParser::unify): (JSC::Wasm::FunctionParser::parseNestedBlocksEagerly): (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::switchToBlock): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntControlType::branchTargetType const): (JSC::Wasm::IPIntControlType::branchTargetArity const): (JSC::Wasm::IPIntGenerator::addElse): (JSC::Wasm::IPIntGenerator::addEndToUnreachable): (JSC::Wasm::IPIntGenerator::endTopLevel): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::ControlType::loop): (JSC::Wasm::LLIntGenerator::ControlType::block): (JSC::Wasm::LLIntGenerator::ControlType::if_): (JSC::Wasm::LLIntGenerator::ControlType::createTry): (JSC::Wasm::LLIntGenerator::ControlType::branchTargetArity const): (JSC::Wasm::LLIntGenerator::ControlType::branchTargetType const): (JSC::Wasm::LLIntGenerator::addElseToUnreachable): (JSC::Wasm::LLIntGenerator::addReturn): (JSC::Wasm::LLIntGenerator::addEndToUnreachable): (JSC::Wasm::LLIntGenerator::endTopLevel): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser::parseBlockSignature): (JSC::Wasm::Parser::parseReftypeSignature): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::TypeInformation): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::TypeInformation::thunkFor const): Canonical link: https://commits.webkit.org/271262@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 992f87: [Wasm-GC] Fix array.new_data & array.new_elem for ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 992f87e27f7f214ec2e85607449dd5da87a39f1c https://github.com/WebKit/WebKit/commit/992f87e27f7f214ec2e85607449dd5da87a39f1c Author: Asumu Takikawa Date: 2023-12-01 (Fri, 01 Dec 2023) Changed paths: M JSTests/wasm/gc/array_new_data.js M JSTests/wasm/gc/array_new_elem.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h Log Message: --- [Wasm-GC] Fix array.new_data & array.new_elem for recursive array types https://bugs.webkit.org/show_bug.cgi?id=265677 Reviewed by Justin Michaud. Use helper functions to correctly handle recursive type cases in array.new_data & new_elem. * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::arrayNewData): (JSC::Wasm::arrayNewElem): Canonical link: https://commits.webkit.org/271421@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b02c88: [Wasm-GC] Add tests for 262863
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b02c88c35d2f810359826473149956b30ea9b225 https://github.com/WebKit/WebKit/commit/b02c88c35d2f810359826473149956b30ea9b225 Author: Asumu Takikawa Date: 2023-12-01 (Fri, 01 Dec 2023) Changed paths: A JSTests/wasm/gc/bug262863.js Log Message: --- [Wasm-GC] Add tests for 262863 https://bugs.webkit.org/show_bug.cgi?id=262863 Reviewed by Justin Michaud. The originally reported crash is no longer reproducible. This commit just adds a test for it, updated for the latest opcodes. * JSTests/wasm/gc/bug262863.js: Added. (module): Canonical link: https://commits.webkit.org/271420@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e6d0f6: [Wasm-GC] Add test for bug262862
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e6d0f6bebe1c4c55a7e8818eeb1aeb2ee19aadc0 https://github.com/WebKit/WebKit/commit/e6d0f6bebe1c4c55a7e8818eeb1aeb2ee19aadc0 Author: Asumu Takikawa Date: 2023-12-05 (Tue, 05 Dec 2023) Changed paths: A JSTests/wasm/gc/bug262862.js Log Message: --- [Wasm-GC] Add test for bug262862 https://bugs.webkit.org/show_bug.cgi?id=262862 Reviewed by Justin Michaud. Adds test for already fixed bug. * JSTests/wasm/gc/bug262862.js: Added. (module): Canonical link: https://commits.webkit.org/271570@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b151ff: [Wasm-GC] Fix casts on larger type indices
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b151ff2597f06f8bf46945a2db052db6a634b8b6 https://github.com/WebKit/WebKit/commit/b151ff2597f06f8bf46945a2db052db6a634b8b6 Author: Asumu Takikawa Date: 2023-12-05 (Tue, 05 Dec 2023) Changed paths: M JSTests/wasm/gc/casts.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [Wasm-GC] Fix casts on larger type indices https://bugs.webkit.org/show_bug.cgi?id=265720 Reviewed by Justin Michaud. Fix some bad C++ casts in the implementation of ref.cast that were causing casts with larger type indices to fail to validate. Also fixes another issue with cast validation, for the null-ness of the output type. * JSTests/wasm/gc/casts.js: (testValidation): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitRefTestOrCast): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): Canonical link: https://commits.webkit.org/271571@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 26cb4d: [WASM-Function-References] Add br_on_null/on_non_n...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 26cb4d1f6cc3c3d343f81c21c427b92d753cdefb https://github.com/WebKit/WebKit/commit/26cb4d1f6cc3c3d343f81c21c427b92d753cdefb Author: Asumu Takikawa Date: 2023-12-01 (Fri, 01 Dec 2023) Changed paths: A JSTests/wasm/function-references-spec-tests/br_on_non_null.wast.js A JSTests/wasm/function-references-spec-tests/br_on_null.wast.js A JSTests/wasm/function-references/br_on_null.js M JSTests/wasm/wasm.json M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [WASM-Function-References] Add br_on_null/on_non_null instructions https://bugs.webkit.org/show_bug.cgi?id=251038 Reviewed by Justin Michaud. Add br_on_null/non-null instructions from the typed funcref proposal. The underlying operation added to generators is `addBranchNull`. While it's tempting to try to call `addRefIsNull` and `addBranch` to implement this, it doesn't work well due to the requirements of data gets left on the stack or thrown via the branch. Also fixes an existing typo in `checkBranchTarget`. * JSTests/wasm/function-references-spec-tests/br_on_non_null.wast.js: Added. * JSTests/wasm/function-references-spec-tests/br_on_null.wast.js: Added. * JSTests/wasm/function-references/br_on_null.js: Added. (module): (async br_on_null): (async br_on_non_null): * JSTests/wasm/wasm.json: * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addBranchNull): (JSC::Wasm::B3IRGenerator::addExternConvertAny): Deleted. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addBranchNull): (JSC::Wasm::BBQJIT::addSwitch): (JSC::Wasm::BBQJIT::addExternConvertAny): Deleted. * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::addExternConvertAny): Deleted. * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::checkBranchTarget): (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::addBranch): (JSC::Wasm::IPIntGenerator::addExternConvertAny): Deleted. * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addBranch): (JSC::Wasm::LLIntGenerator::addBranchNull): (JSC::Wasm::LLIntGenerator::addExternConvertAny): Deleted. * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/271399@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] eaa3fc: [Wasm-GC] Fix subtyping for nullref
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: eaa3fcf1d383d5c6bc58c2502b5d6fcd7e28b62f https://github.com/WebKit/WebKit/commit/eaa3fcf1d383d5c6bc58c2502b5d6fcd7e28b62f Author: Asumu Takikawa Date: 2023-12-01 (Fri, 01 Dec 2023) Changed paths: A JSTests/wasm/gc/subtyping.js M Source/JavaScriptCore/wasm/WasmFormat.h Log Message: --- [Wasm-GC] Fix subtyping for nullref https://bugs.webkit.org/show_bug.cgi?id=265628 Reviewed by Justin Michaud. * JSTests/wasm/gc/subtyping.js: Added. (module): (testNone): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isInternalref): Canonical link: https://commits.webkit.org/271395@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 34288c: [Wasm-GC] Fix exception validation when using GC
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 34288ce1365e496e4fb45fdd8919917413d660f1 https://github.com/WebKit/WebKit/commit/34288ce1365e496e4fb45fdd8919917413d660f1 Author: Asumu Takikawa Date: 2023-12-04 (Mon, 04 Dec 2023) Changed paths: A JSTests/wasm/gc/exception.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp Log Message: --- [Wasm-GC] Fix exception validation when using GC https://bugs.webkit.org/show_bug.cgi?id=265678 Reviewed by Justin Michaud. Adjusts checking of throw arguments and also LLInt catch generation to work in the presence of GC types. * JSTests/wasm/gc/exception.js: Added. (module): (testExceptionsWithGC): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isSubtype): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addCatchToUnreachable): Canonical link: https://commits.webkit.org/271527@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 50def5: [Wasm-GC] Fix missing write barrier in BBQJIT stru...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 50def56d35577644e656719dba0e81bee8f571ac https://github.com/WebKit/WebKit/commit/50def56d35577644e656719dba0e81bee8f571ac Author: Asumu Takikawa Date: 2023-12-08 (Fri, 08 Dec 2023) Changed paths: A JSTests/wasm/gc/bug266043.js M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp Log Message: --- [Wasm-GC] Fix missing write barrier in BBQJIT struct.set https://bugs.webkit.org/show_bug.cgi?id=266043 Reviewed by Yusuke Suzuki. Adds a missing write barrier for struct.set in BBQJIT. Also optimize how struct mutation is done for initialization (e.g., struct.new), because the old approach was compiling duplicate loads for the payload pointer. * JSTests/wasm/gc/bug266043.js: Added. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::emitStructSet): (JSC::Wasm::BBQJIT::emitStructPayloadSet): (JSC::Wasm::BBQJIT::addStructNewDefault): (JSC::Wasm::BBQJIT::addStructNew): Canonical link: https://commits.webkit.org/271740@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 36791c: [Wasm-GC] Allow sequential global use in constexprs
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 36791c2dd454d42383079aeefb3587d623a19e85 https://github.com/WebKit/WebKit/commit/36791c2dd454d42383079aeefb3587d623a19e85 Author: Asumu Takikawa Date: 2023-11-27 (Mon, 27 Nov 2023) Changed paths: M JSTests/wasm/gc/const-exprs.js M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmSectionParser.cpp Log Message: --- [Wasm-GC] Allow sequential global use in constexprs https://bugs.webkit.org/show_bug.cgi?id=264616 Reviewed by Yusuke Suzuki. The GC proposal allows constant expressions in globals to be read sequentially (previously defined globals are ok). For tables, only imported globals. For other contexts, any globals are fine. See https://github.com/WebAssembly/gc/pull/481 * JSTests/wasm/gc/const-exprs.js: (async testConstExprGlobalOrdering): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::getGlobal): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseInitExpr): Canonical link: https://commits.webkit.org/271183@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7489f1: [Wasm-GC] BBQJIT crashes compiling Wasm GC program...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7489f1848c5327a916b95b34c967d41950c03a89 https://github.com/WebKit/WebKit/commit/7489f1848c5327a916b95b34c967d41950c03a89 Author: Asumu Takikawa Date: 2023-12-06 (Wed, 06 Dec 2023) Changed paths: A JSTests/wasm/gc/bug265742.js M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp Log Message: --- [Wasm-GC] BBQJIT crashes compiling Wasm GC program with ASSERTION FAILED: !currentLocation.isRegister() https://bugs.webkit.org/show_bug.cgi?id=265742 Reviewed by Justin Michaud. There was a missing `consume` for struct.set, resulting in a bad state for the register allocator. Also switches an `allocate` to `loadIfNecessary` (don't have a minimal test case for this, but it caused a crash in Kotlin code). * JSTests/wasm/gc/bug265742.js: Added. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJIT::addStructSet): Canonical link: https://commits.webkit.org/271633@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 475040: [Wasm-GC] Support arrays of vectors
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4750403b1e468379440c41dc48db2a82648ca23e https://github.com/WebKit/WebKit/commit/4750403b1e468379440c41dc48db2a82648ca23e Author: Asumu Takikawa Date: 2024-01-29 (Mon, 29 Jan 2024) Changed paths: M JSTests/wasm/gc/array_new_data.js A JSTests/wasm/gc/simd.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperations.h M Source/JavaScriptCore/wasm/WasmOperationsInlines.h M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h Log Message: --- [Wasm-GC] Support arrays of vectors https://bugs.webkit.org/show_bug.cgi?id=251330 Reviewed by Justin Michaud. Adds support for V128 types in structs/arrays. Adds new C++ runtime operations for the v128_t value case as they cannot be passed as uint64_t. Most GC operations now also need to check if SIMD is supported by the compile context during validation. * JSTests/wasm/gc/array_new_data.js: (testTypeErrors): * JSTests/wasm/gc/simd.js: Added. (testSIMDStruct): (testSIMDArray): (testJSAPI): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::pushArrayNew): (JSC::Wasm::B3IRGenerator::addArrayNewDefault): (JSC::Wasm::B3IRGenerator::addArrayFill): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewDefault): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewElem): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNew): Deleted. (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayFill): Deleted. * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNew): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayFill): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNew): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayGet): (JSC::Wasm::BBQJITImpl::BBQJIT::emitArraySetUnchecked): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayFill): (JSC::Wasm::BBQJITImpl::BBQJIT::emitStructPayloadSet): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructGet): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::ConstExprValue::ConstExprValue): (JSC::Wasm::ConstExprGenerator::ConstExprValue::getValue): (JSC::Wasm::ConstExprGenerator::ConstExprValue::getVector): (JSC::Wasm::ConstExprGenerator::ConstExprValue::operator+): (JSC::Wasm::ConstExprGenerator::ConstExprValue::operator-): (JSC::Wasm::ConstExprGenerator::ConstExprValue::operator*): (JSC::Wasm::ConstExprGenerator::createNewArray): (JSC::Wasm::ConstExprGenerator::addArrayNewDefault): (JSC::Wasm::ConstExprGenerator::addArrayNewFixed): (JSC::Wasm::ConstExprGenerator::addStructNew): (JSC::Wasm::ConstExprGenerator::addAnyConvertExtern): (JSC::Wasm::ConstExprGenerator::addConstant): (JSC::Wasm::evaluateExtendedConstExpr): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.h: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperations.h: * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::arrayNew): (JSC::Wasm::arrayNewData): (JSC::Wasm::doArrayFill): (JSC::Wasm::arrayFill): (JSC::Wasm::structNew): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::typeKindSizeInBytes): (JSC::Wasm::StorageType::elementSize const): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp: (JSC::JSWebAssemblyArray::JSWebAssemblyArray): (JSC::JSWebAssemblyArray::~JSWebAssemblyArray): (JSC::JSWebAssemblyArray::fill): (JSC::JSWebAssemblyArray::copy): * Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp: (JSC::JSWebAssemblyStruct::get const): (JSC::JSWebAssemblyStruct::set): * Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h: Canonical link: https://commits.webkit.org/273663@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a7470b: [Wasm-GC] Add test for bug 254414
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a7470b0dc92e4f6290a4dcc2c212098b31a5653e https://github.com/WebKit/WebKit/commit/a7470b0dc92e4f6290a4dcc2c212098b31a5653e Author: Asumu Takikawa Date: 2024-02-01 (Thu, 01 Feb 2024) Changed paths: A JSTests/wasm/gc/bug254414.js Log Message: --- [Wasm-GC] Add test for bug 254414 https://bugs.webkit.org/show_bug.cgi?id=254414 Reviewed by Yusuke Suzuki. Add test for already fixed bug. * JSTests/wasm/gc/bug254414.js: Added. (module): Canonical link: https://commits.webkit.org/273945@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 15a216: [Wasm-GC] Add test for bug 254413
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 15a216e460c401079ceeaaa1c524c1fea1fda0a8 https://github.com/WebKit/WebKit/commit/15a216e460c401079ceeaaa1c524c1fea1fda0a8 Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug254413.js Log Message: --- [Wasm-GC] Add test for bug 254413 https://bugs.webkit.org/show_bug.cgi?id=254413 Reviewed by Justin Michaud. Add test for already fixed bug * JSTests/wasm/gc/bug254413.js: Added. (module): Canonical link: https://commits.webkit.org/273793@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] cb06d5: [Wasm-GC] Add test for bug 258804
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cb06d55fdea9a7453a4c6f3b365df5e49debb5ea https://github.com/WebKit/WebKit/commit/cb06d55fdea9a7453a4c6f3b365df5e49debb5ea Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug258804.js Log Message: --- [Wasm-GC] Add test for bug 258804 https://bugs.webkit.org/show_bug.cgi?id=258804 Reviewed by Justin Michaud. Adds test for already fixed bug. * JSTests/wasm/gc/bug258804.js: Added. (module): Canonical link: https://commits.webkit.org/273795@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7b11aa: [Wasm-GC] Add test for bug 254412
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7b11aad047b2bb0f22e31b1fcb29324e365e5bc9 https://github.com/WebKit/WebKit/commit/7b11aad047b2bb0f22e31b1fcb29324e365e5bc9 Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug254412.js Log Message: --- [Wasm-GC] Add test for bug 254412 https://bugs.webkit.org/show_bug.cgi?id=254412 Reviewed by Justin Michaud. Add test for already fixed bug. * JSTests/wasm/gc/bug254412.js: Added. (module): Canonical link: https://commits.webkit.org/273794@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bc55ef: [Wasm-GC] Add test for bug 258499
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bc55ef669592d73dab7d38c26f8a03a14db2576b https://github.com/WebKit/WebKit/commit/bc55ef669592d73dab7d38c26f8a03a14db2576b Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug258499.js Log Message: --- [Wasm-GC] Add test for bug 258499 https://bugs.webkit.org/show_bug.cgi?id=258499 Reviewed by Justin Michaud. Add test for already fixed bug * JSTests/wasm/gc/bug258499.js: Added. (module): Canonical link: https://commits.webkit.org/273812@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 54c72c: JSC fails to build using --jsc-only on Linux
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 54c72ceeb7d7e8ea549af9d7c89913e7ab28208e https://github.com/WebKit/WebKit/commit/54c72ceeb7d7e8ea549af9d7c89913e7ab28208e Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: M Source/WTF/wtf/SentinelLinkedList.h Log Message: --- JSC fails to build using --jsc-only on Linux https://bugs.webkit.org/show_bug.cgi?id=268402 Reviewed by Yusuke Suzuki. Fix JSC build on Linux by disabling warnings about dangling pointers in the method below. * Source/WTF/wtf/SentinelLinkedList.h: (WTF::RawNode>::takeFrom): Canonical link: https://commits.webkit.org/273815@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 167dc0: [Wasm-GC] Add test for bug 258805
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 167dc00a1f290d68bb41767b8faa8cc217a27cdb https://github.com/WebKit/WebKit/commit/167dc00a1f290d68bb41767b8faa8cc217a27cdb Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug258805.js Log Message: --- [Wasm-GC] Add test for bug 258805 https://bugs.webkit.org/show_bug.cgi?id=258805 Reviewed by Justin Michaud. Adds test for already fixed bug. * JSTests/wasm/gc/bug258805.js: Added. (module): Canonical link: https://commits.webkit.org/273813@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c90b5e: [Wasm-GC] Add test for bug 258127
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c90b5e7e935e8ce65c5a10d3f148c15f25abdfb6 https://github.com/WebKit/WebKit/commit/c90b5e7e935e8ce65c5a10d3f148c15f25abdfb6 Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug258127.js Log Message: --- [Wasm-GC] Add test for bug 258127 https://bugs.webkit.org/show_bug.cgi?id=258127 Reviewed by Yusuke Suzuki. Adds test for already fixed bug * JSTests/wasm/gc/bug258127.js: Added. (module): Canonical link: https://commits.webkit.org/273811@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8d40b3: [Wasm-GC] Add test for bug 265927
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8d40b312efa87f0fd3d270ddeb11e4d14c113f28 https://github.com/WebKit/WebKit/commit/8d40b312efa87f0fd3d270ddeb11e4d14c113f28 Author: Asumu Takikawa Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: A JSTests/wasm/gc/bug265927.js Log Message: --- [Wasm-GC] Add test for bug 265927 https://bugs.webkit.org/show_bug.cgi?id=265927 Reviewed by Justin Michaud. Add test for already fixed bug. * JSTests/wasm/gc/bug265927.js: Added. (module): Canonical link: https://commits.webkit.org/273774@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e7f7e5: wasm-omg test mode in stress tests should tier up ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e7f7e511899e908e88c155024ac037f671948c05 https://github.com/WebKit/WebKit/commit/e7f7e511899e908e88c155024ac037f671948c05 Author: Asumu Takikawa Date: 2023-11-13 (Mon, 13 Nov 2023) Changed paths: M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Tools/Scripts/run-jsc-stress-tests Log Message: --- wasm-omg test mode in stress tests should tier up to OMG immediately https://bugs.webkit.org/show_bug.cgi?id=264766 Reviewed by Justin Michaud. The wasm-omg test mode is intended to immediately tier up to OMG in order to test the tier on all wasm test code. Due to recent tier reconfigurations, this behavior got lost. To restore it, we add flags to set tier up thresholds to 0 in order to force the tier up. This patch also contains some OMG tier bug fixes for issues uncovered by the tests being run in the intended configuration. * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addRefI31): (JSC::Wasm::B3IRGenerator::addStructGet): * Tools/Scripts/run-jsc-stress-tests: Canonical link: https://commits.webkit.org/270685@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] fd1248: [WASM-Function-References] Improve type printing f...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: fd124818fa58bc8e5a9be06c03c1e29ad2564ddd https://github.com/WebKit/WebKit/commit/fd124818fa58bc8e5a9be06c03c1e29ad2564ddd Author: Asumu Takikawa Date: 2023-11-20 (Mon, 20 Nov 2023) Changed paths: M JSTests/wasm/function-references/local_init.js M JSTests/wasm/function-references/ref_types.js M JSTests/wasm/gc/any.js M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/casts.js M JSTests/wasm/gc/const-exprs.js M JSTests/wasm/gc/i31.js M JSTests/wasm/gc/rec.js M JSTests/wasm/gc/structs.js M JSTests/wasm/gc/sub.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [WASM-Function-References] Improve type printing for reference types https://bugs.webkit.org/show_bug.cgi?id=247746 Reviewed by Justin Michaud. Print reftypes when typed funcrefs are enabled in (ref null? kind) format where `kind` is either a heap type (e.g., `i31`, `struct`) or a concrete type index (e.g., ``, ``). This printing is only used for validation errors for now, as it relies on being able to access the ModuleInformation. * JSTests/wasm/function-references/local_init.js: (async testLocalInit): * JSTests/wasm/function-references/ref_types.js: (async testNonNullExternrefIncompatible): (async testNonNullFuncrefIncompatible): * JSTests/wasm/gc/any.js: (testValidation): (testNullfuncref): (testNullexternref): * JSTests/wasm/gc/arrays.js: (testArrayDeclaration): * JSTests/wasm/gc/casts.js: (testFunctionCasts): (testEqCasts): * JSTests/wasm/gc/const-exprs.js: (async testInvalidConstExprs): * JSTests/wasm/gc/i31.js: (testI31Get): * JSTests/wasm/gc/rec.js: (testRecDeclaration): * JSTests/wasm/gc/structs.js: (testStructDeclaration): * JSTests/wasm/gc/sub.js: (testSubDeclaration): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::heapTypeKindAsString): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::validationFail const): (JSC::Wasm::FunctionParser::validationFailHelper const): (JSC::Wasm::FunctionParser::typeToStringModuleRelative const): Canonical link: https://commits.webkit.org/270988@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 23f72b: [WASM-Function-References] Enable typed funcrefs b...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 23f72b45f4ed9f04fa7c64c846d850fce90f0732 https://github.com/WebKit/WebKit/commit/23f72b45f4ed9f04fa7c64c846d850fce90f0732 Author: Asumu Takikawa Date: 2024-04-19 (Fri, 19 Apr 2024) Changed paths: M JSTests/wasm/references/element_active_mod.js M JSTests/wasm/references/func_ref.js M JSTests/wasm/references/is_null.js M JSTests/wasm/references/multitable.js M JSTests/wasm/references/table_misc.js M JSTests/wasm/references/validation.js M Source/JavaScriptCore/runtime/OptionsList.h M Source/JavaScriptCore/wasm/js/WebAssemblyTagConstructor.cpp Log Message: --- [WASM-Function-References] Enable typed funcrefs by default https://bugs.webkit.org/show_bug.cgi?id=272003 Reviewed by Yusuke Suzuki. Enables typed funcref flag by default, also fixes tests that were broken by this: * Error messages are different for reference type tests. For most of them, disable typed funcrefs (so this path is actually tested) and change error messages in a few cases. * V8 exceptions tests found a bug in the tag constructor with typed funcref, fix that as well. * JSTests/wasm/references/element_active_mod.js: * JSTests/wasm/references/func_ref.js: * JSTests/wasm/references/is_null.js: * JSTests/wasm/references/multitable.js: * JSTests/wasm/references/table_misc.js: * JSTests/wasm/references/validation.js: * Source/JavaScriptCore/runtime/OptionsList.h: * Source/JavaScriptCore/wasm/js/WebAssemblyTagConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/23@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d8ada2: [Wasm-GC] Fix br_on_cast issue on BBQ
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d8ada2256e9ea1791dd26c1673bb27ae97eb4711 https://github.com/WebKit/WebKit/commit/d8ada2256e9ea1791dd26c1673bb27ae97eb4711 Author: Asumu Takikawa Date: 2024-03-11 (Mon, 11 Mar 2024) Changed paths: M JSTests/wasm/gc/br_on_cast.js M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp Log Message: --- [Wasm-GC] Fix br_on_cast issue on BBQ https://bugs.webkit.org/show_bug.cgi?id=268848 Reviewed by Justin Michaud. While this error occurs in sample code using br_on_cast, it appears the bug is actually in struct.get. Instead of `loadIfNecessary`, an `allocate` was used for the struct ref. This doesn't work in the case that the ref gets spilled to the stack due to, e.g., a runtime call. This is just easy to trigger with br_on_cast, which currently always does a runtime call for the cast part on BBQJIT and will likely spill the ref. * JSTests/wasm/gc/br_on_cast.js: * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addStructGet): * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addStructGet): Canonical link: https://commits.webkit.org/275920@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a2bcc4: [Wasm-GC] Fix JS API casts for some top types
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a2bcc4921f7ca88a4480806eee8c2eaa63611ea0 https://github.com/WebKit/WebKit/commit/a2bcc4921f7ca88a4480806eee8c2eaa63611ea0 Author: Asumu Takikawa Date: 2024-03-22 (Fri, 22 Mar 2024) Changed paths: M JSTests/wasm/gc/js-api.js M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp Log Message: --- [Wasm-GC] Fix JS API casts for some top types https://bugs.webkit.org/show_bug.cgi?id=270374 Reviewed by Justin Michaud. Fixes too-optimistic assumption about static validation for top type casts. * JSTests/wasm/gc/js-api.js: (testCastFailure): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeInformation::castReference): Canonical link: https://commits.webkit.org/276580@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
