[webkit-changes] [260634] releases/WebKitGTK/webkit-2.28

Fri, 24 Apr 2020 02:22:39 -0700

Title: [260634] releases/WebKitGTK/webkit-2.28
Revision
260634
Author
[email protected]
Date
2020-04-24 02:21:06 -0700 (Fri, 24 Apr 2020)

Log Message

Merge r256766 - [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
https://bugs.webkit.org/show_bug.cgi?id=207849

Reviewed by Mark Lam.

JSTests:

* wasm/regress/regress-256665.js: Added.
(f):

Source/_javascript_Core:

When generating the call IC, we should select the callee saves using BoundsChecking mode in order
to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
register when calling the Wasm LLInt through the call IC.

* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::calleeSaves const):

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.28/JSTests/ChangeLog (260633 => 260634)


--- releases/WebKitGTK/webkit-2.28/JSTests/ChangeLog	2020-04-24 09:21:02 UTC (rev 260633)
+++ releases/WebKitGTK/webkit-2.28/JSTests/ChangeLog	2020-04-24 09:21:06 UTC (rev 260634)
@@ -1,3 +1,13 @@
+2020-02-17  Tadeu Zagallo  <[email protected]>
+
+        [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+        https://bugs.webkit.org/show_bug.cgi?id=207849
+
+        Reviewed by Mark Lam.
+
+        * wasm/regress/regress-256665.js: Added.
+        (f):
+
 2020-02-14  Tadeu Zagallo  <[email protected]>
 
         Unreviewed: fix broken tests added in r256665

Added: releases/WebKitGTK/webkit-2.28/JSTests/wasm/regress/regress-256665.js (0 => 260634)


--- releases/WebKitGTK/webkit-2.28/JSTests/wasm/regress/regress-256665.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.28/JSTests/wasm/regress/regress-256665.js	2020-04-24 09:21:06 UTC (rev 260634)
@@ -0,0 +1,12 @@
+//@ requireOptions("--useConcurrentJIT=false", "--jitPolicyScale=0")
+
+function f() {
+    var buffer = new Uint8Array([0, 97, 115, 109, 1, 0, 0, 0, 1, 6, 1, 96, 1, 127, 1, 127, 3, 2, 1, 0, 5, 3, 1, 0, 0, 7, 8, 1, 4, 108, 111, 97, 100, 0, 0, 10, 9, 1, 7, 0, 32, 0, 40, 0, 100, 11]);
+    var module = new WebAssembly.Module(buffer);
+    var instance = new WebAssembly.Instance(module);
+    try { instance.exports.load(0x10000 - 100 - 4); } catch (e) {}
+    (555)[0];
+}
+
+f();
+f();

Modified: releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/ChangeLog (260633 => 260634)


--- releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/ChangeLog	2020-04-24 09:21:02 UTC (rev 260633)
+++ releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/ChangeLog	2020-04-24 09:21:06 UTC (rev 260634)
@@ -1,3 +1,17 @@
+2020-02-17  Tadeu Zagallo  <[email protected]>
+
+        [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+        https://bugs.webkit.org/show_bug.cgi?id=207849
+
+        Reviewed by Mark Lam.
+
+        When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+        to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+        register when calling the Wasm LLInt through the call IC.
+
+        * wasm/js/WebAssemblyFunction.cpp:
+        (JSC::WebAssemblyFunction::calleeSaves const):
+
 2020-02-14  Tadeu Zagallo  <[email protected]> and Michael Saboff  <[email protected]>
 
         [WASM] Wasm interpreter's calling convention doesn't match Wasm JIT's convention.

Modified: releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp (260633 => 260634)


--- releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2020-04-24 09:21:02 UTC (rev 260633)
+++ releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2020-04-24 09:21:06 UTC (rev 260634)
@@ -161,7 +161,8 @@
 
 RegisterSet WebAssemblyFunction::calleeSaves() const
 {
-    return Wasm::PinnedRegisterInfo::get().toSave(instance()->memoryMode());
+    // Pessimistically save callee saves in BoundsChecking mode since the LLInt always bounds checks
+    return Wasm::PinnedRegisterInfo::get().toSave(Wasm::MemoryMode::BoundsChecking);
 }
 
 RegisterAtOffsetList WebAssemblyFunction::usedCalleeSaveRegisters() const

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to