Title: [279076] trunk
- Revision
- 279076
- Author
- ysuz...@apple.com
- Date
- 2021-06-21 12:09:04 -0700 (Mon, 21 Jun 2021)
Log Message
Release assert memory in JSC::Wasm::Memory::growShared(JSC::Wasm::PageCount)::<lambda()>
https://bugs.webkit.org/show_bug.cgi?id=227180
Reviewed by Keith Miller.
JSTests:
* stress/shared-wasm-memory-with-zero-byte.js: Added.
Source/_javascript_Core:
When Wasm.Memory is shared, we should allocate bound growable memory even if initial size is 0 bytes,
since this range can be later extended by mprotect. If maximum size is also 0 byte, we already have
a path that does not allocate anything.
* wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::tryCreate):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (279075 => 279076)
--- trunk/JSTests/ChangeLog 2021-06-21 18:55:59 UTC (rev 279075)
+++ trunk/JSTests/ChangeLog 2021-06-21 19:09:04 UTC (rev 279076)
@@ -1,3 +1,12 @@
+2021-06-21 Yusuke Suzuki <ysuz...@apple.com>
+
+ Release assert memory in JSC::Wasm::Memory::growShared(JSC::Wasm::PageCount)::<lambda()>
+ https://bugs.webkit.org/show_bug.cgi?id=227180
+
+ Reviewed by Keith Miller.
+
+ * stress/shared-wasm-memory-with-zero-byte.js: Added.
+
2021-06-21 Xan Lopez <x...@igalia.com>
[JSC] Reenable ChakraCore/test/Math/max.js on ARMv7 and MIPS
Added: trunk/JSTests/stress/shared-wasm-memory-with-zero-byte.js (0 => 279076)
--- trunk/JSTests/stress/shared-wasm-memory-with-zero-byte.js (rev 0)
+++ trunk/JSTests/stress/shared-wasm-memory-with-zero-byte.js 2021-06-21 19:09:04 UTC (rev 279076)
@@ -0,0 +1,2 @@
+if (typeof WebAssembly !== 'undefined')
+ (new WebAssembly.Memory({initial: 0, maximum: 1, shared: true})).grow(1)
Modified: trunk/Source/_javascript_Core/ChangeLog (279075 => 279076)
--- trunk/Source/_javascript_Core/ChangeLog 2021-06-21 18:55:59 UTC (rev 279075)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-06-21 19:09:04 UTC (rev 279076)
@@ -1,3 +1,17 @@
+2021-06-21 Yusuke Suzuki <ysuz...@apple.com>
+
+ Release assert memory in JSC::Wasm::Memory::growShared(JSC::Wasm::PageCount)::<lambda()>
+ https://bugs.webkit.org/show_bug.cgi?id=227180
+
+ Reviewed by Keith Miller.
+
+ When Wasm.Memory is shared, we should allocate bound growable memory even if initial size is 0 bytes,
+ since this range can be later extended by mprotect. If maximum size is also 0 byte, we already have
+ a path that does not allocate anything.
+
+ * wasm/WasmMemory.cpp:
+ (JSC::Wasm::Memory::tryCreate):
+
2021-06-21 Yijia Huang <yijia_hu...@apple.com>
Add a new pattern to instruction selector to utilize SMSUBL supported by ARM64
Modified: trunk/Source/_javascript_Core/wasm/WasmMemory.cpp (279075 => 279076)
--- trunk/Source/_javascript_Core/wasm/WasmMemory.cpp 2021-06-21 18:55:59 UTC (rev 279075)
+++ trunk/Source/_javascript_Core/wasm/WasmMemory.cpp 2021-06-21 19:09:04 UTC (rev 279076)
@@ -416,11 +416,11 @@
if (UNLIKELY(Options::crashIfWebAssemblyCantFastMemory()))
webAssemblyCouldntGetFastMemory();
- if (!initialBytes)
- return adoptRef(new Memory(initial, maximum, sharingMode, WTFMove(notifyMemoryPressure), WTFMove(syncTryToReclaimMemory), WTFMove(growSuccessCallback)));
-
switch (sharingMode) {
case MemorySharingMode::Default: {
+ if (!initialBytes)
+ return adoptRef(new Memory(initial, maximum, sharingMode, WTFMove(notifyMemoryPressure), WTFMove(syncTryToReclaimMemory), WTFMove(growSuccessCallback)));
+
void* slowMemory = Gigacage::tryAllocateZeroedVirtualPages(Gigacage::Primitive, initialBytes);
if (!slowMemory) {
memoryManager().freePhysicalBytes(initialBytes);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
