Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 62b8ca06ed1d0453e9dc4f2eaa58aac9ed26a8a9
https://github.com/WebKit/WebKit/commit/62b8ca06ed1d0453e9dc4f2eaa58aac9ed26a8a9
Author: Keith Miller <[email protected]>
Date: 2025-05-01 (Thu, 01 May 2025)
Changed paths:
A JSTests/wasm/stress/js-to-wasm-calls-wrong-memory-mode.js
M Source/JavaScriptCore/interpreter/CalleeBits.h
M Source/JavaScriptCore/jit/CCallHelpers.h
M Source/JavaScriptCore/jsc.cpp
M Source/JavaScriptCore/llint/WebAssembly.asm
M Source/JavaScriptCore/offlineasm/arm64.rb
M Source/JavaScriptCore/offlineasm/cloop.rb
M Source/JavaScriptCore/offlineasm/instructions.rb
M Source/JavaScriptCore/offlineasm/x86.rb
M Source/JavaScriptCore/runtime/NativeCallee.h
M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
M Source/JavaScriptCore/wasm/WasmCallee.cpp
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp
M Source/JavaScriptCore/wasm/WasmFormat.cpp
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmMemory.cpp
M Source/JavaScriptCore/wasm/WasmMemory.h
M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h
M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h
M Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.h
M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
Log Message:
-----------
JSToWasm non-IC entrypoints should load the entry point the same way as the
IC.
https://bugs.webkit.org/show_bug.cgi?id=286946
rdar://143456523
Reviewed by Yusuke Suzuki.
Right now when we tier up a function to BBQ/OMG we set the JSEntrypointCallee's
entrypoint
to the prologue of the newly compiled code. This is wrong because we share
JSEntrypointCallee
between BoundsChecking and Signaling instances. This means if tier up a
Signaling instance to
we could inadvertently call the Signaling code from a BoundsChecking instance.
To fix this the interpreted/shared JIT JSToWasm entrypoints now do the same
logic as the
inline cache entrypoint and load the callee's entrypoint from the indirect
location. This
means we need to keep the JS WebAssemblyFunction until we're basically ready to
call the
into wasm.
Finally, since there's basically no scratches left I added a
BoxedNativeCalleePtrTraits
so the Ref<> of the target Callee can be saved as a boxed pointer rather than
as a raw
pointer. So now we no longer need to box the callee at runtime.
Merge-back additional changes:
Use CalleeBits when passing around the boxed callee rather than EncodedJSValue.
This
made little sense as Wasm::Callee is not a GC pointer. When I first wrote this
patch
we were still using a `uintptr_t` for the boxed callee.
Originally-landed-as: 289651.47@safari-7621-branch (8f74b8980eba).
rdar://148059830
Canonical link: https://commits.webkit.org/294376@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
