Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 67ef3c5d8bb6f44864d1612edd999cc3f2269a9f
https://github.com/WebKit/WebKit/commit/67ef3c5d8bb6f44864d1612edd999cc3f2269a9f
Author: Vassili Bykov <[email protected]>
Date: 2026-05-13 (Wed, 13 May 2026)
Changed paths:
A JSTests/wasm/stress/jspi-multivalue-return.js
M Source/JavaScriptCore/runtime/EvacuatedStack.cpp
M Source/JavaScriptCore/runtime/EvacuatedStack.h
Log Message:
-----------
[JSC][JSPI] Include everything above the suspending frame record into the
evacuated stack
https://bugs.webkit.org/show_bug.cgi?id=314586
rdar://176472734
Reviewed by Keith Miller.
The bottom of stack evacuated for JSPI contains a WasmToJS frame. Arguments for
the JS
function it calls are allocated within that frame. The arguments space is
effectively
shared between the frames, and WasmToJS stub may use it for marshalling
multiple return
values. When capturing the stack for evacuation, we should start the bottom of
the
evacuated slice right above the frame record of the suspending frame, matching
the
position of sp in WasmToJS stub before the suspending function was called.
Key change:
- Changed the computation of m_futureSliceBottom in the Initial state of
SlabSlicer and FragSlicer.
Other changes:
- Added a new SlabSlicer state, ExpectingWasmToJS, to better check that stack
structure matches
our expectations.
- The new state is very similar to the existing FragSlicer state
ScannedSuspending.
Renamed ScannedSuspending to ExpectingWasmToJS to make the correspondence clear.
- Factored out the boilerplate of m_errorMessage to an error message containing
the
unexpected slicer state into a method.
Testing:
JSTests/wasm/stress/jspi-multivalue-return.js
Canonical link: https://commits.webkit.org/313172@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
