[webkit-changes] [WebKit/WebKit] 597e00: REGRESSION (299880@main): WASM memory size cache m...

Tue, 09 Dec 2025 21:22:05 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 597e00851c7198c8da1efa0f8f756295d9d098ad
      
https://github.com/WebKit/WebKit/commit/597e00851c7198c8da1efa0f8f756295d9d098ad
  Author: Yusuke Suzuki <[email protected]>
  Date:   2025-12-09 (Tue, 09 Dec 2025)

  Changed paths:
    M Source/JavaScriptCore/jsc.cpp
    M Source/JavaScriptCore/runtime/ArrayBuffer.cpp
    M Source/JavaScriptCore/runtime/BufferMemoryHandle.cpp
    M Source/JavaScriptCore/runtime/BufferMemoryHandle.h
    M Source/JavaScriptCore/wasm/WasmMemory.cpp
    M Source/JavaScriptCore/wasm/WasmMemory.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  REGRESSION (299880@main): WASM memory size cache makes bulk memory operations 
across threads fail
https://bugs.webkit.org/show_bug.cgi?id=303387
rdar://165913114

Reviewed by Keith Miller.

The issue is Wasm::Memory is only remembering Wasm instances in the
current thread, and not updating the other Worker's Wasm instances.

This patch stops using JSWebAssemblyInstanceWeakCGSet in Wasm::Memory.
And instead we introduce ThreadSafeWeakHashSet<Wasm::InstanceAnchor> to
BufferMemoryHandle. And whenever BufferMemoryHandle gets grown, we
update all thread's cached instance fields.

* Source/JavaScriptCore/jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/ArrayBuffer.cpp:
(JSC::SharedArrayBufferContents::grow):
* Source/JavaScriptCore/runtime/BufferMemoryHandle.cpp:
(JSC::BufferMemoryHandle::transferAnchors):
(JSC::BufferMemoryHandle::registerInstance):
* Source/JavaScriptCore/runtime/BufferMemoryHandle.h:
* Source/JavaScriptCore/wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::Memory):
(JSC::Wasm::Memory::create):
(JSC::Wasm::Memory::createZeroSized):
(JSC::Wasm::Memory::tryCreate):
(JSC::Wasm::Memory::growShared):
(JSC::Wasm::Memory::grow):
(JSC::Wasm::Memory::registerInstance):
* Source/JavaScriptCore/wasm/WasmMemory.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::tryCreate):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):

Canonical link: https://commits.webkit.org/304204@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to