Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8abf5256fdcb4497f2d77a65739784d270507c8b
https://github.com/WebKit/WebKit/commit/8abf5256fdcb4497f2d77a65739784d270507c8b
Author: Keith Miller <[email protected]>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M Source/JavaScriptCore/b3/B3AbstractHeapRepository.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmTable.cpp
M Source/JavaScriptCore/wasm/WasmTable.h
Log Message:
-----------
[Wasm] Reduce FuncRefTable entry size
https://bugs.webkit.org/show_bug.cgi?id=316305
rdar://178727001
Reviewed by Yusuke Suzuki.
Previously, Wasm::FuncRefTable entries were 64 bytes:
┌───────────────────────────────────┬─────────────────────────────────────┬───────┐
│ Field │ Type │
Bytes │
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_function.boxedCallee │ CalleeBits │ 8
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_function.targetInstance │ WriteBarrier<JSWebAssemblyInstance> │ 8
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_function.entrypointLoadLocation │ raw ptr │ 8
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_function.rtt │ raw ptr │ 8
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_function.importFunctionStub │ CodePtr<> │ 8
│
│ │ │
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ │ │
│
│ m_function.importFunction │ WriteBarrier<JSObject> │ 8
│
│ │ │
│
│ │ │
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_value │ WriteBarrier<Unknown> │ 8
│
├───────────────────────────────────┼─────────────────────────────────────┼───────┤
│ m_padding │ void* │ 8
│
└───────────────────────────────────┴─────────────────────────────────────┴───────┘
However, only the first four entries were used by the JITs, which
correspond to a WasmToWasmImportableFunction. The importFunction and
m_value were actually the same thing and the importFunctionStub was unused.
Originally, I tried to have FuncRefTable::Function contain the m_value
inline but this meant the table entries were no longer a power of 2.
Using a multiply rather than a left shift appears to be a regression.
Instead this patch has two buffers. One for the WasmToWasmImportableFunction
contents and a second for the m_values (now called m_wrappers), which is
still needed for JS callbacks. Overall, this reduces each table entry
from 64-bytes to 40-bytes, a ~37% reduction.
No new tests, no behavior change. Covered by existing tests.
Canonical link: https://commits.webkit.org/314555@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
