Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 65324979850101adf0104d72890ffc4c70121513
https://github.com/WebKit/WebKit/commit/65324979850101adf0104d72890ffc4c70121513
Author: Cole Carley <[email protected]>
Date: 2026-02-27 (Fri, 27 Feb 2026)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/jsc.cpp
A Source/JavaScriptCore/wasm/WasmAddressType.cpp
A Source/JavaScriptCore/wasm/WasmAddressType.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT64.h
M Source/JavaScriptCore/wasm/WasmMemory.cpp
M Source/JavaScriptCore/wasm/WasmMemory.h
M Source/JavaScriptCore/wasm/WasmMemoryInformation.cpp
M Source/JavaScriptCore/wasm/WasmMemoryInformation.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Bounds checking does not work in Memory64 in BBQ and introduce AddressType
https://bugs.webkit.org/show_bug.cgi?id=308684
rdar://171218345
Reviewed by Keith Miller.
Currently, signalling still works in BBQ while using Memory64, which will
fail. I disallowed this by setting bounds checking as the memory mode when
the address type is i64 during memory creation.
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/wasm/WasmAddressType.cpp: Copied from
Source/JavaScriptCore/wasm/WasmMemoryInformation.cpp.
(JSC::Wasm::AddressType::AddressType):
(JSC::Wasm::AddressType::asTypeKind const):
(JSC::Wasm::operator==):
(JSC::Wasm::operator!=):
* Source/JavaScriptCore/wasm/WasmAddressType.h: Copied from
Source/JavaScriptCore/wasm/WasmMemoryInformation.cpp.
(JSC::Wasm::AddressType::type const):
(JSC::Wasm::AddressType::is64Bit const):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addGrowMemory):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.h:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitCheckAndPrepareAndMaterializePointerApply):
* Source/JavaScriptCore/wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::Memory):
(JSC::Wasm::Memory::create):
(JSC::Wasm::Memory::createZeroSized):
(JSC::Wasm::Memory::tryCreate):
* Source/JavaScriptCore/wasm/WasmMemory.h:
* Source/JavaScriptCore/wasm/WasmMemoryInformation.cpp:
(JSC::Wasm::MemoryInformation::MemoryInformation):
(JSC::Wasm::MemoryInformation::addressType const):
(JSC::Wasm::MemoryInformation::isMemory64 const):
* Source/JavaScriptCore/wasm/WasmMemoryInformation.h:
(JSC::Wasm::MemoryInformation::isMemory64 const): Deleted.
(JSC::Wasm::MemoryInformation::addressType const): Deleted.
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::tryCreate):
* Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::WebAssemblyMemoryConstructor::createMemoryFromDescriptor):
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):
Canonical link: https://commits.webkit.org/308379@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
