[webkit-changes] [WebKit/WebKit] 3a62d3: [merge-back]OMG should pop try arguments

Thu, 25 May 2023 19:40:58 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3a62d3df302dbce15ff8235c45c8f3b40a43d21d
      
https://github.com/WebKit/WebKit/commit/3a62d3df302dbce15ff8235c45c8f3b40a43d21d
  Author: Justin Michaud <[email protected]>
  Date:   2023-05-25 (Thu, 25 May 2023)

  Changed paths:
    A JSTests/wasm/stress/block_end_aliasing.js
    A JSTests/wasm/stress/block_end_aliasing.wasm
    A JSTests/wasm/stress/block_end_aliasing_2.js
    A JSTests/wasm/stress/block_end_aliasing_2.wasm
    A JSTests/wasm/stress/block_end_aliasing_2.wat
    A JSTests/wasm/stress/if-block-arguments-2.js
    A JSTests/wasm/stress/if-block-arguments.js
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

  Log Message:
  -----------
  [merge-back]OMG should pop try arguments
rdar://109857225

Reviewed by Yusuke Suzuki.

The parser and the B3 generator both maintain their own separate wasm stacks.
When we end a block, these two stacks can get out of sync because we forgot
to pop on the b3 side. This can cause type confusion.

The real fix for this is to fix the underlying design flaw.

In the future, we should only store one copy of the stack state in the parser,
including the wasm type, and refer exclusively to that. This is what the new 
BBQ tier does.

For now, we just pop as needed.

* JSTests/wasm/stress/block_end_aliasing.js: Added.
(instantiate):
(async let):
* JSTests/wasm/stress/block_end_aliasing.wasm: Added.
* JSTests/wasm/stress/block_end_aliasing_2.js: Added.
(instantiate):
(async let):
(async let.i4.await.instantiate):
* JSTests/wasm/stress/block_end_aliasing_2.wasm: Added.
* JSTests/wasm/stress/block_end_aliasing_2.wat: Added.
* JSTests/wasm/stress/loop-end-aliasing.js: Added.
(from.string_appeared_here.import.as.assert.from.string_appeared_here.let.wat.module.import.string_appeared_here.string_appeared_here.memory.mem.1.func.export.string_appeared_here.result.i64.funcref.i64.const.14.block.param.i64.end.ref.func.0.return.async
 test):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::didPopValueFromStack):
(JSC::Wasm::B3IRGenerator::makePushVariable):
(JSC::Wasm::B3IRGenerator::addEndToUnreachable):

Originally-landed-as: 259548.624@safari-7615-branch (c9d960b1956a). 
rdar://109857225
Canonical link: https://commits.webkit.org/264551@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to