[webkit-changes] [WebKit/WebKit] 0eced4: [WASM][ARM64] Type confused of StackVisitor in JSC...

Tue, 10 Jan 2023 08:40:42 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0eced4e498035fcb071db046e3dedf5823ad68ca
      
https://github.com/WebKit/WebKit/commit/0eced4e498035fcb071db046e3dedf5823ad68ca
  Author: Yusuke Suzuki <[email protected]>
  Date:   2023-01-10 (Tue, 10 Jan 2023)

  Changed paths:
    A JSTests/wasm/stress/tail-call-should-not-clobber-caller-origin.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

  Log Message:
  -----------
  [WASM][ARM64] Type confused of StackVisitor in JSC::StackVisitor::visit
https://bugs.webkit.org/show_bug.cgi?id=250024
rdar://103834422

Reviewed by Mark Lam.

Tail-call should not emit CallSiteIndex when jumping since it is clobbering the 
upper caller's stack.
This CallSiteIndex is used to check what part of the caller is calling this 
function. But in tail-call
case, this is not necessary since the current function will go away due to 
tail-call.
This patch fixes exception handle generation for tail-calls so that we do not 
clobber CallSiteIndex slot.

* JSTests/wasm/stress/tail-call-should-not-clobber-caller-origin.js: Added.
* Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp:
(JSC::Wasm::AirIRGenerator32::preparePatchpointForExceptions):
(JSC::Wasm::AirIRGenerator32::addThrow):
(JSC::Wasm::AirIRGenerator32::addRethrow):
(JSC::Wasm::AirIRGenerator32::emitCallPatchpoint):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addThrow):
(JSC::Wasm::AirIRGenerator64::addRethrow):
(JSC::Wasm::AirIRGenerator64::emitCallPatchpoint):
(JSC::Wasm::AirIRGenerator64::emitTailCallPatchpoint):
(JSC::Wasm::AirIRGenerator64::preparePatchpointForExceptions):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::ExpressionType>::addCall):
(JSC::Wasm::ExpressionType>::emitIndirectCall):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::emitIndirectCall):
(JSC::Wasm::B3IRGenerator::createTailCallPatchpoint):
(JSC::Wasm::B3IRGenerator::addCall):

Canonical link: https://commits.webkit.org/258725@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to