Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cc59ec0dd950292d1b23faf10bae59b03ae20967 https://github.com/WebKit/WebKit/commit/cc59ec0dd950292d1b23faf10bae59b03ae20967 Author: Asumu Takikawa <as...@igalia.com> Date: 2022-10-12 (Wed, 12 Oct 2022)
Changed paths: M JSTests/wasm/gc/rec.js M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: ----------- [Wasm-GC] Fix handling of recursive types using shorthand encoding https://bugs.webkit.org/show_bug.cgi?id=246049 Reviewed by Justin Michaud. In the Wasm GC proposal, recursive types can be encoded in different ways. For example, an explicit `rec` operator may appear in the binary format (required for recursion groups with multiple types). A single type (e.g., a struct type) is treated implicitly as a recursion group (the `rec` is implicit and elided in the binary format). This patch adds support for the latter shorthand, and includes the following additional fixes/changes: - Removes the hacky use of the `rec` type opcode to encode an unresolved recursive reference. Instead, it is now a standard `ref` type where the type index points to a Projection with an invalid recursion group type index. These are resolved in `expand()`. - Fixes bounds checking for recursive references into a recursion group. - Adds missing `expand()` calls in subtyping checks. - Adds a boolean field indicating if a type definition has any type fields with a recursive reference. This is used to detect if a single-type recursion group should be constructed for a structural type. The intent is to also use this in a follow-up patch to optimize `expand()` to avoid expansion steps for types known to be non-recursive. * JSTests/wasm/gc/rec.js: (testRecDeclaration): * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::isValueType): (JSC::Wasm::isRefWithRecursiveReference): (JSC::Wasm::isSubtype): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::Parser<SuccessType>::parseHeapType): (JSC::Wasm::Parser<SuccessType>::parseValueType): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseType): * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::TypeDefinition::substitute): (JSC::Wasm::FunctionParameterTypes::translate): (JSC::Wasm::StructParameterTypes::translate): (JSC::Wasm::ArrayParameterTypes::translate): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::FunctionSignature::FunctionSignature): (JSC::Wasm::FunctionSignature::hasRecursiveReference const): (JSC::Wasm::FunctionSignature::setHasRecursiveReference): (JSC::Wasm::StructType::StructType): (JSC::Wasm::StructType::hasRecursiveReference const): (JSC::Wasm::StructType::setHasRecursiveReference): (JSC::Wasm::ArrayType::ArrayType): (JSC::Wasm::ArrayType::hasRecursiveReference const): (JSC::Wasm::ArrayType::setHasRecursiveReference): (JSC::Wasm::Projection::isPlaceholder const): Canonical link: https://commits.webkit.org/255460@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes