[webkit-changes] [WebKit/WebKit] 9d453e: [LOL] Add support for resolve/put_to_scope

Thu, 08 Jan 2026 08:25:39 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9d453e3d623cbed559e7d31195b5c7840b9b679b
      
https://github.com/WebKit/WebKit/commit/9d453e3d623cbed559e7d31195b5c7840b9b679b
  Author: Keith Miller <[email protected]>
  Date:   2026-01-08 (Thu, 08 Jan 2026)

  Changed paths:
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/Sources.txt
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/BaselineJITRegisters.h
    M Source/JavaScriptCore/jit/CCallHelpers.h
    M Source/JavaScriptCore/jit/GPRInfo.h
    M Source/JavaScriptCore/jit/JIT.h
    M Source/JavaScriptCore/jit/JITArithmetic.cpp
    M Source/JavaScriptCore/jit/JITPropertyAccess.cpp
    M Source/JavaScriptCore/jit/RegisterSet.h
    M Source/JavaScriptCore/lol/LOLJIT.cpp
    M Source/JavaScriptCore/lol/LOLJIT.h
    A Source/JavaScriptCore/lol/LOLJITOperations.cpp
    A Source/JavaScriptCore/lol/LOLJITOperations.h
    M Source/JavaScriptCore/lol/LOLRegisterAllocator.h

  Log Message:
  -----------
  [LOL] Add support for resolve/put_to_scope
https://bugs.webkit.org/show_bug.cgi?id=305063
rdar://167709636

Reviewed by Yusuke Suzuki.

This patch is somewhat complicated since the scope resolution/access
bytecodes go through multiple thunks, which makes generating the
correct fast paths tricky.

I also had to make new operations for scope slow paths. The existing
slow paths were reading values from the stack directly which we want to
avoid. Although, after bug 1 below maybe that's less of an issue since
we'll essentially have to flush the operands for exceptions anyway.

Additionally there were a number of bugs that were uncovered now that
we support enough bytecodes to trigger some interesting edge cases:

1) We have to silentSpill a def's GPR when it aliases a use. This is
   because the slow path could throw. This is not normally a problem but
   we could catch that exception in the same frame we threw from. In
   that case the use wouldn't have been flushed properly and we would
   see a stale value.

2) emitLoadCharacterString was clobbering the source and used regT1
   without taking it as a parameter. I copied it and changed the behavior
   to avoid allocating an extra scratch register in every other case.

3) I had written the comparison operators incorrectly as for some of the
   constant cases they would compare backwards.

4) get_from_scope would end up clobbering the scope before jumping to
   the slow path, which would result in using the globalObject as the
   scope when it should've been a different object.

Canonical link: https://commits.webkit.org/305289@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to