Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5ad2efd177db6dfc90d1a80602ee05cf0b25730a
https://github.com/WebKit/WebKit/commit/5ad2efd177db6dfc90d1a80602ee05cf0b25730a
Author: Yusuke Suzuki <[email protected]>
Date: 2026-01-15 (Thu, 15 Jan 2026)
Changed paths:
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.h
M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp
M Source/JavaScriptCore/wasm/WasmFormat.cpp
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmFunctionParser.h
M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp
Log Message:
-----------
[JSC] Do not use FunctionSignature for BlockSignature in Wasm
https://bugs.webkit.org/show_bug.cgi?id=305527
rdar://168186070
Reviewed by Dan Hecht.
We are observing costly lock contention between multiple Wasm function
parsing due to BlockSignature lookup for parseReftypeSignature. But it
has a problem: BlockSignature does not exist in Wasm type section, so we
are effectively create a new type for that. This is the reason why
BlockSignature needs to hold underlying Ref<TypeDefinition>, and this is
not ideal. Given that BlockSignature is super simple in 99% of cases,
we should avoid using FunctionSignature* for that.
This patch introduces BlockSignature abstraction which is Variant of
const FunctionSignature* and Type (result type). This covers all cases
we see as a BlockSignature. And when const FunctionSignature* is not
specified in the wasm module, we should avoid using it and use Type
variant.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::ControlData::ControlData):
(JSC::Wasm::BBQJITImpl::ControlData::signature const):
(JSC::Wasm::BBQJITImpl::ControlData::branchTargetArity const):
(JSC::Wasm::BBQJITImpl::ControlData::branchTargetType const):
(JSC::Wasm::BBQJITImpl::ControlData::argumentType const):
(JSC::Wasm::BBQJITImpl::BBQJIT::addTopLevel):
(JSC::Wasm::BBQJITImpl::BBQJIT::addBlock):
(JSC::Wasm::BBQJITImpl::BBQJIT::addLoop):
(JSC::Wasm::BBQJITImpl::BBQJIT::addIf):
(JSC::Wasm::BBQJITImpl::BBQJIT::addElse):
(JSC::Wasm::BBQJITImpl::BBQJIT::addElseToUnreachable):
(JSC::Wasm::BBQJITImpl::BBQJIT::addTry):
(JSC::Wasm::BBQJITImpl::BBQJIT::addTryTable):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCatch):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCatchToUnreachable):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCatchAll):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCatchAllToUnreachable):
(JSC::Wasm::BBQJITImpl::BBQJIT::addReturn):
(JSC::Wasm::BBQJITImpl::BBQJIT::addEndToUnreachable):
(JSC::Wasm::BBQJITImpl::BBQJIT::endTopLevel):
(JSC::Wasm::BBQJITImpl::BBQJIT::addFusedIfCompare):
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp:
(JSC::Wasm::ConstExprGenerator::ControlData::ControlData):
(JSC::Wasm::ConstExprGenerator::ControlData::signature const):
(JSC::Wasm::ConstExprGenerator::addTopLevel):
(JSC::Wasm::ConstExprGenerator::endTopLevel):
* Source/JavaScriptCore/wasm/WasmFormat.cpp:
(JSC::Wasm::BlockSignature::dump const):
* Source/JavaScriptCore/wasm/WasmFormat.h:
(JSC::Wasm::BlockSignature::BlockSignature):
(JSC::Wasm::BlockSignature::argumentCount const):
(JSC::Wasm::BlockSignature::returnCount const):
(JSC::Wasm::BlockSignature::argumentType const):
(JSC::Wasm::BlockSignature::returnType const):
(JSC::Wasm::BlockSignature::hasReturnVector const):
* Source/JavaScriptCore/wasm/WasmFunctionParser.h:
(JSC::Wasm::splitStack):
(JSC::Wasm::FunctionParser<Context>::parseBlockSignatureAndNotifySIMDUseIfNeeded):
(JSC::Wasm::FunctionParser<Context>::parseBody):
(JSC::Wasm::FunctionParser<Context>::binaryCompareCase):
(JSC::Wasm::FunctionParser<Context>::unaryCompareCase):
(JSC::Wasm::FunctionParser<Context>::checkBranchTarget):
(JSC::Wasm::FunctionParser<Context>::checkExpressionStack):
(JSC::Wasm::FunctionParser<Context>::parseNestedBlocksEagerly):
(JSC::Wasm::FunctionParser<Context>::parseBlockSignature):
(JSC::Wasm::FunctionParser<Context>::parseReftypeSignature):
(JSC::Wasm::FunctionParser<Context>::parseExpression):
* Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp:
(JSC::Wasm::IPIntControlType::IPIntControlType):
(JSC::Wasm::IPIntControlType::signature const):
(JSC::Wasm::IPIntControlType::branchTargetType const):
(JSC::Wasm::IPIntControlType::branchTargetArity const):
(JSC::Wasm::IPIntGenerator::addFusedIfCompare):
(JSC::Wasm::IPIntGenerator::addTopLevel):
(JSC::Wasm::IPIntGenerator::addBlock):
(JSC::Wasm::IPIntGenerator::addLoop):
(JSC::Wasm::IPIntGenerator::addIf):
(JSC::Wasm::IPIntGenerator::addElseToUnreachable):
(JSC::Wasm::IPIntGenerator::addTry):
(JSC::Wasm::IPIntGenerator::addTryTable):
(JSC::Wasm::IPIntGenerator::convertTryToCatch):
(JSC::Wasm::IPIntGenerator::endTryTable):
(JSC::Wasm::IPIntGenerator::addEndToUnreachable):
(JSC::Wasm::IPIntGenerator::endTopLevel):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::ControlData::ControlData):
(JSC::Wasm::OMGIRGenerator::ControlData::signature const):
(JSC::Wasm::OMGIRGenerator::ControlData::hasNonVoidresult const):
(JSC::Wasm::OMGIRGenerator::ControlData::branchTargetArity const):
(JSC::Wasm::OMGIRGenerator::ControlData::branchTargetType const):
(JSC::Wasm::OMGIRGenerator::endTopLevel):
(JSC::Wasm::OMGIRGenerator::addFusedIfCompare):
(JSC::Wasm::OMGIRGenerator::addLoop):
(JSC::Wasm::OMGIRGenerator::addTopLevel):
(JSC::Wasm::OMGIRGenerator::addBlock):
(JSC::Wasm::OMGIRGenerator::addIf):
(JSC::Wasm::OMGIRGenerator::addTry):
(JSC::Wasm::OMGIRGenerator::addTryTable):
(JSC::Wasm::OMGIRGenerator::addReturn):
(JSC::Wasm::OMGIRGenerator::endBlock):
(JSC::Wasm::OMGIRGenerator::addEndToUnreachable):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::OMGIRGenerator::ControlData::ControlData):
(JSC::Wasm::OMGIRGenerator::ControlData::signature const):
(JSC::Wasm::OMGIRGenerator::ControlData::hasNonVoidresult const):
(JSC::Wasm::OMGIRGenerator::ControlData::branchTargetArity const):
(JSC::Wasm::OMGIRGenerator::ControlData::branchTargetType const):
(JSC::Wasm::OMGIRGenerator::endTopLevel):
(JSC::Wasm::OMGIRGenerator::addFusedIfCompare):
(JSC::Wasm::OMGIRGenerator::addLoop):
(JSC::Wasm::OMGIRGenerator::addTopLevel):
(JSC::Wasm::OMGIRGenerator::addBlock):
(JSC::Wasm::OMGIRGenerator::addIf):
(JSC::Wasm::OMGIRGenerator::addElseToUnreachable):
(JSC::Wasm::OMGIRGenerator::addTry):
(JSC::Wasm::OMGIRGenerator::addTryTable):
(JSC::Wasm::OMGIRGenerator::addReturn):
(JSC::Wasm::OMGIRGenerator::endBlock):
(JSC::Wasm::OMGIRGenerator::addEndToUnreachable):
Canonical link: https://commits.webkit.org/305678@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
