Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6b7295ed661f0827a0e1a58c7abb7bc361dd5754
https://github.com/WebKit/WebKit/commit/6b7295ed661f0827a0e1a58c7abb7bc361dd5754
Author: Asumu Takikawa <as...@igalia.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M JSTests/wasm/gc/array_new_data.js
M JSTests/wasm/gc/array_new_elem.js
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp
M Source/JavaScriptCore/wasm/WasmExceptionType.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperationsInlines.h
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h
Log Message:
-----------
[Wasm-GC] Handle OOM for allocations consistently
https://bugs.webkit.org/show_bug.cgi?id=264454
Reviewed by Justin Michaud.
Check for OOM and raise an exception consistently for all Wasm GC allocation
points. Refactors some function names to match.
* JSTests/wasm/gc/array_new_data.js:
(testBadOffset):
(testReadOutOfBounds):
(testInt32Overflow):
* JSTests/wasm/gc/array_new_elem.js:
(testInt32Overflow):
(testAllElementSegmentKinds):
Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addArrayNew):
(JSC::Wasm::B3IRGenerator::pushArrayNewFromSegment):
(JSC::Wasm::B3IRGenerator::addArrayNewDefault):
(JSC::Wasm::B3IRGenerator::addArrayNewData):
(JSC::Wasm::B3IRGenerator::addArrayNewElem):
(JSC::Wasm::B3IRGenerator::addArrayNewFixed):
(JSC::Wasm::B3IRGenerator::addStructNew):
(JSC::Wasm::B3IRGenerator::addStructNewDefault):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewData):
(JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewElem):
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew):
* Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp:
(JSC::Wasm::ConstExprGenerator::ConstExprValue::ConstExprValue):
(JSC::Wasm::ConstExprGenerator::ConstExprValue::isInvalid):
(JSC::Wasm::ConstExprGenerator::createNewArray):
(JSC::Wasm::ConstExprGenerator::addArrayNew):
(JSC::Wasm::ConstExprGenerator::addArrayNewDefault):
(JSC::Wasm::ConstExprGenerator::addArrayNewFixed):
(JSC::Wasm::ConstExprGenerator::createNewStruct):
(JSC::Wasm::ConstExprGenerator::addStructNewDefault):
(JSC::Wasm::ConstExprGenerator::addStructNew):
* Source/JavaScriptCore/wasm/WasmExceptionType.h:
(JSC::Wasm::isTypeErrorExceptionType):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h:
(JSC::Wasm::fillArray):
(JSC::Wasm::arrayNew):
(JSC::Wasm::copyElementsInReverse):
(JSC::Wasm::arrayNewFixed):
(JSC::Wasm::createArrayValue):
(JSC::Wasm::structNew):
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp:
(JSC::JSWebAssemblyStruct::tryCreate):
(JSC::JSWebAssemblyStruct::create): Deleted.
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h:
Canonical link: https://commits.webkit.org/275059@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
