[webkit-changes] [259487] branches/safari-609.2.1.2-branch

Fri, 03 Apr 2020 12:58:14 -0700

Title: [259487] branches/safari-609.2.1.2-branch
Revision
259487
Author
[email protected]
Date
2020-04-03 12:57:34 -0700 (Fri, 03 Apr 2020)

Log Message

Cherry-pick r256766. rdar://problem/61231942

    [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
    https://bugs.webkit.org/show_bug.cgi?id=207849

    Reviewed by Mark Lam.

    JSTests:

    * wasm/regress/regress-256665.js: Added.
    (f):

    Source/_javascript_Core:

    When generating the call IC, we should select the callee saves using BoundsChecking mode in order
    to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
    register when calling the Wasm LLInt through the call IC.

    * wasm/js/WebAssemblyFunction.cpp:
    (JSC::WebAssemblyFunction::calleeSaves const):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256766 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Added Paths

Diff

Modified: branches/safari-609.2.1.2-branch/JSTests/ChangeLog (259486 => 259487)


--- branches/safari-609.2.1.2-branch/JSTests/ChangeLog	2020-04-03 19:57:31 UTC (rev 259486)
+++ branches/safari-609.2.1.2-branch/JSTests/ChangeLog	2020-04-03 19:57:34 UTC (rev 259487)
@@ -1,5 +1,41 @@
 2020-04-03  Alan Coon  <[email protected]>
 
+        Cherry-pick r256766. rdar://problem/61231942
+
+    [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+    https://bugs.webkit.org/show_bug.cgi?id=207849
+    
+    Reviewed by Mark Lam.
+    
+    JSTests:
+    
+    * wasm/regress/regress-256665.js: Added.
+    (f):
+    
+    Source/_javascript_Core:
+    
+    When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+    to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+    register when calling the Wasm LLInt through the call IC.
+    
+    * wasm/js/WebAssemblyFunction.cpp:
+    (JSC::WebAssemblyFunction::calleeSaves const):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256766 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-02-17  Tadeu Zagallo  <[email protected]>
+
+            [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+            https://bugs.webkit.org/show_bug.cgi?id=207849
+
+            Reviewed by Mark Lam.
+
+            * wasm/regress/regress-256665.js: Added.
+            (f):
+
+2020-04-03  Alan Coon  <[email protected]>
+
         Cherry-pick r256698. rdar://problem/61231902
 
     Unreviewed: fix broken tests added in r256665

Added: branches/safari-609.2.1.2-branch/JSTests/wasm/regress/regress-256665.js (0 => 259487)


--- branches/safari-609.2.1.2-branch/JSTests/wasm/regress/regress-256665.js	                        (rev 0)
+++ branches/safari-609.2.1.2-branch/JSTests/wasm/regress/regress-256665.js	2020-04-03 19:57:34 UTC (rev 259487)
@@ -0,0 +1,12 @@
+//@ requireOptions("--useConcurrentJIT=false", "--jitPolicyScale=0")
+
+function f() {
+    var buffer = new Uint8Array([0, 97, 115, 109, 1, 0, 0, 0, 1, 6, 1, 96, 1, 127, 1, 127, 3, 2, 1, 0, 5, 3, 1, 0, 0, 7, 8, 1, 4, 108, 111, 97, 100, 0, 0, 10, 9, 1, 7, 0, 32, 0, 40, 0, 100, 11]);
+    var module = new WebAssembly.Module(buffer);
+    var instance = new WebAssembly.Instance(module);
+    try { instance.exports.load(0x10000 - 100 - 4); } catch (e) {}
+    (555)[0];
+}
+
+f();
+f();

Modified: branches/safari-609.2.1.2-branch/Source/_javascript_Core/ChangeLog (259486 => 259487)


--- branches/safari-609.2.1.2-branch/Source/_javascript_Core/ChangeLog	2020-04-03 19:57:31 UTC (rev 259486)
+++ branches/safari-609.2.1.2-branch/Source/_javascript_Core/ChangeLog	2020-04-03 19:57:34 UTC (rev 259487)
@@ -1,5 +1,45 @@
 2020-04-03  Alan Coon  <[email protected]>
 
+        Cherry-pick r256766. rdar://problem/61231942
+
+    [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+    https://bugs.webkit.org/show_bug.cgi?id=207849
+    
+    Reviewed by Mark Lam.
+    
+    JSTests:
+    
+    * wasm/regress/regress-256665.js: Added.
+    (f):
+    
+    Source/_javascript_Core:
+    
+    When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+    to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+    register when calling the Wasm LLInt through the call IC.
+    
+    * wasm/js/WebAssemblyFunction.cpp:
+    (JSC::WebAssemblyFunction::calleeSaves const):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256766 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-02-17  Tadeu Zagallo  <[email protected]>
+
+            [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+            https://bugs.webkit.org/show_bug.cgi?id=207849
+
+            Reviewed by Mark Lam.
+
+            When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+            to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+            register when calling the Wasm LLInt through the call IC.
+
+            * wasm/js/WebAssemblyFunction.cpp:
+            (JSC::WebAssemblyFunction::calleeSaves const):
+
+2020-04-03  Alan Coon  <[email protected]>
+
         Cherry-pick r256665. rdar://problem/61231902
 
     [WASM] Wasm interpreter's calling convention doesn't match Wasm JIT's convention.

Modified: branches/safari-609.2.1.2-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp (259486 => 259487)


--- branches/safari-609.2.1.2-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2020-04-03 19:57:31 UTC (rev 259486)
+++ branches/safari-609.2.1.2-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2020-04-03 19:57:34 UTC (rev 259487)
@@ -161,7 +161,8 @@
 
 RegisterSet WebAssemblyFunction::calleeSaves() const
 {
-    return Wasm::PinnedRegisterInfo::get().toSave(instance()->memoryMode());
+    // Pessimistically save callee saves in BoundsChecking mode since the LLInt always bounds checks
+    return Wasm::PinnedRegisterInfo::get().toSave(Wasm::MemoryMode::BoundsChecking);
 }
 
 RegisterAtOffsetList WebAssemblyFunction::usedCalleeSaveRegisters() const

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to