Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4a278cefb952b2a2d9c29d752a5a5aeb05243576
https://github.com/WebKit/WebKit/commit/4a278cefb952b2a2d9c29d752a5a5aeb05243576
Author: Yusuke Suzuki <[email protected]>
Date: 2026-01-21 (Wed, 21 Jan 2026)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/b3/B3AbstractHeapRepository.cpp
M Source/JavaScriptCore/b3/B3AbstractHeapRepository.h
M Source/JavaScriptCore/b3/B3EliminateCommonSubexpressions.cpp
M Source/JavaScriptCore/b3/B3Kind.h
M Source/JavaScriptCore/b3/B3LowerMacros.cpp
M Source/JavaScriptCore/b3/B3Opcode.h
M Source/JavaScriptCore/b3/B3ReduceStrength.cpp
M Source/JavaScriptCore/b3/B3SlotBaseValue.h
M Source/JavaScriptCore/b3/B3Validate.cpp
M Source/JavaScriptCore/b3/B3Value.cpp
M Source/JavaScriptCore/b3/B3Value.h
M Source/JavaScriptCore/b3/B3ValueInlines.h
M Source/JavaScriptCore/b3/B3ValueKey.cpp
A Source/JavaScriptCore/b3/B3WasmStructFieldValue.cpp
A Source/JavaScriptCore/b3/B3WasmStructFieldValue.h
A Source/JavaScriptCore/b3/B3WasmStructGetValue.cpp
A Source/JavaScriptCore/b3/B3WasmStructGetValue.h
A Source/JavaScriptCore/b3/B3WasmStructNewValue.cpp
A Source/JavaScriptCore/b3/B3WasmStructNewValue.h
A Source/JavaScriptCore/b3/B3WasmStructSetValue.cpp
A Source/JavaScriptCore/b3/B3WasmStructSetValue.h
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmTypeDefinition.h
Log Message:
-----------
[JSC] Add WasmStruct related B3 Values
https://bugs.webkit.org/show_bug.cgi?id=305735
rdar://168415672
Reviewed by Yijia Huang.
This patch introduces high-level wasm struct B3 values: WasmStructNew,
WasmStructNew, WasmStructSet. This saves high-level semantics through B3
optimization pipeline, and we can apply data flow analysis onto Wasm GC
related operations. We lower them to the original B3 values in
B3LowerMacros phase, so after that phase, nothing changes.
Critically important thing is keeping WasmStructGet / WasmStructSet CSE
active. Previously it was achieved by memory decoration. But now we
achieve it by handling these wasm struct values in
B3EliminateCommonSubexpressions as the same way to what MemoryValue is
doing.
This is the first step torward optimizing Wasm GC in B3 significantly.
Our plans are,
1. Adding WasmRefCast / WasmRefTest values next. And then data flow
analysis can filter wasm GC types and potentially remove many of
these type test operations. This is effective if the source program
is having many of them because of generics, and B3 successfully
inlined these functions.
2. Adding scalar replacement with escape analysis. Now WasmStructNew,
WasmStructGet, and WasmStructSet (and other type cast / test operations)
semantics are kept in B3. We can easily construct escape analysis for
them and we can perform scalar replacement (and this eliminates allocations).
3. We are working on B3 sparse conditional constant propagation right now.
That lattice can start including the current flow-sensitive Wasm Ref
types. And we can further remove many unnecessary type test
operations. Basically saying we will do DFG CheckStructure-like things in B3
for wasm GC types.
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/b3/B3AbstractHeapRepository.cpp:
(JSC::B3::AbstractHeapRepository::decorateWasmStructGet):
(JSC::B3::AbstractHeapRepository::decorateWasmStructSet):
(JSC::B3::AbstractHeapRepository::computeRangesAndDecorateInstructions):
* Source/JavaScriptCore/b3/B3AbstractHeapRepository.h:
* Source/JavaScriptCore/b3/B3EliminateCommonSubexpressions.cpp:
* Source/JavaScriptCore/b3/B3Kind.h:
(JSC::B3::Kind::hasTraps const):
* Source/JavaScriptCore/b3/B3LowerMacros.cpp:
* Source/JavaScriptCore/b3/B3Opcode.h:
* Source/JavaScriptCore/b3/B3ReduceStrength.cpp:
* Source/JavaScriptCore/b3/B3SlotBaseValue.h:
* Source/JavaScriptCore/b3/B3Validate.cpp:
* Source/JavaScriptCore/b3/B3Value.cpp:
(JSC::B3::Value::effects const):
(JSC::B3::Value::key const):
* Source/JavaScriptCore/b3/B3Value.h:
* Source/JavaScriptCore/b3/B3ValueInlines.h:
* Source/JavaScriptCore/b3/B3ValueKey.cpp:
(JSC::B3::ValueKey::materialize const):
* Source/JavaScriptCore/b3/B3WasmStructFieldValue.cpp: Copied from
Source/JavaScriptCore/b3/B3SlotBaseValue.h.
* Source/JavaScriptCore/b3/B3WasmStructFieldValue.h: Added.
(JSC::B3::WasmStructFieldValue::accepts):
(JSC::B3::WasmStructFieldValue::rtt const):
(JSC::B3::WasmStructFieldValue::structType const):
(JSC::B3::WasmStructFieldValue::fieldIndex const):
(JSC::B3::WasmStructFieldValue::fieldHeapKey const):
(JSC::B3::WasmStructFieldValue::range const):
(JSC::B3::WasmStructFieldValue::setRange):
(JSC::B3::WasmStructFieldValue::mutability const):
(JSC::B3::WasmStructFieldValue::WasmStructFieldValue):
* Source/JavaScriptCore/b3/B3WasmStructGetValue.cpp: Copied from
Source/JavaScriptCore/b3/B3SlotBaseValue.h.
(JSC::B3::WasmStructGetValue::WasmStructGetValue):
(JSC::B3::WasmStructGetValue::dumpMeta const):
* Source/JavaScriptCore/b3/B3WasmStructGetValue.h: Copied from
Source/JavaScriptCore/b3/B3SlotBaseValue.h.
* Source/JavaScriptCore/b3/B3WasmStructNewValue.cpp: Copied from
Source/JavaScriptCore/b3/B3SlotBaseValue.h.
(JSC::B3::WasmStructNewValue::dumpMeta const):
* Source/JavaScriptCore/b3/B3WasmStructNewValue.h: Added.
* Source/JavaScriptCore/b3/B3WasmStructSetValue.cpp: Copied from
Source/JavaScriptCore/b3/B3SlotBaseValue.h.
(JSC::B3::WasmStructSetValue::WasmStructSetValue):
(JSC::B3::WasmStructSetValue::dumpMeta const):
* Source/JavaScriptCore/b3/B3WasmStructSetValue.h: Copied from
Source/JavaScriptCore/b3/B3SlotBaseValue.h.
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::emitStructSet):
(JSC::Wasm::OMGIRGenerator::addStructNew):
(JSC::Wasm::OMGIRGenerator::addStructNewDefault):
(JSC::Wasm::OMGIRGenerator::addStructGet):
(JSC::Wasm::OMGIRGenerator::addStructSet):
(JSC::Wasm::OMGIRGenerator::allocatorForWasmGCHeapCellSize):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCStructUninitialized): Deleted.
* Source/JavaScriptCore/wasm/WasmTypeDefinition.h:
Canonical link: https://commits.webkit.org/305925@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
