Skip to site navigation (Press enter)

[webkit-changes] [256887] branches/safari-609-branch

repstein Tue, 18 Feb 2020 16:49:06 -0800

Title: [256887] branches/safari-609-branch

Revision: 256887
Author: repst...@apple.com
Date: 2020-02-18 16:48:00 -0800 (Tue, 18 Feb 2020)

Log Message

Cherry-pick r256766. rdar://problem/59551706


    [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
    https://bugs.webkit.org/show_bug.cgi?id=207849

    Reviewed by Mark Lam.

    JSTests:

    * wasm/regress/regress-256665.js: Added.
    (f):

    Source/_javascript_Core:

    When generating the call IC, we should select the callee saves using BoundsChecking mode in order
    to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
    register when calling the Wasm LLInt through the call IC.

    * wasm/js/WebAssemblyFunction.cpp:
    (JSC::WebAssemblyFunction::calleeSaves const):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256766 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-609-branch/JSTests/ChangeLog
branches/safari-609-branch/Source/_javascript_Core/ChangeLog
branches/safari-609-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp

Added Paths

branches/safari-609-branch/JSTests/wasm/regress/regress-256665.js

Diff

Modified: branches/safari-609-branch/JSTests/ChangeLog (256886 => 256887)


--- branches/safari-609-branch/JSTests/ChangeLog	2020-02-19 00:47:57 UTC (rev 256886)
+++ branches/safari-609-branch/JSTests/ChangeLog	2020-02-19 00:48:00 UTC (rev 256887)
@@ -1,5 +1,41 @@
 2020-02-18  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r256766. rdar://problem/59551706
+
+    [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+    https://bugs.webkit.org/show_bug.cgi?id=207849
+    
+    Reviewed by Mark Lam.
+    
+    JSTests:
+    
+    * wasm/regress/regress-256665.js: Added.
+    (f):
+    
+    Source/_javascript_Core:
+    
+    When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+    to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+    register when calling the Wasm LLInt through the call IC.
+    
+    * wasm/js/WebAssemblyFunction.cpp:
+    (JSC::WebAssemblyFunction::calleeSaves const):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256766 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-02-17  Tadeu Zagallo  <tzaga...@apple.com>
+
+            [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+            https://bugs.webkit.org/show_bug.cgi?id=207849
+
+            Reviewed by Mark Lam.
+
+            * wasm/regress/regress-256665.js: Added.
+            (f):
+
+2020-02-18  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r256698. rdar://problem/59551715
 
     Unreviewed: fix broken tests added in r256665

Added: branches/safari-609-branch/JSTests/wasm/regress/regress-256665.js (0 => 256887)


--- branches/safari-609-branch/JSTests/wasm/regress/regress-256665.js	                        (rev 0)
+++ branches/safari-609-branch/JSTests/wasm/regress/regress-256665.js	2020-02-19 00:48:00 UTC (rev 256887)
@@ -0,0 +1,12 @@
+//@ requireOptions("--useConcurrentJIT=false", "--jitPolicyScale=0")
+
+function f() {
+    var buffer = new Uint8Array([0, 97, 115, 109, 1, 0, 0, 0, 1, 6, 1, 96, 1, 127, 1, 127, 3, 2, 1, 0, 5, 3, 1, 0, 0, 7, 8, 1, 4, 108, 111, 97, 100, 0, 0, 10, 9, 1, 7, 0, 32, 0, 40, 0, 100, 11]);
+    var module = new WebAssembly.Module(buffer);
+    var instance = new WebAssembly.Instance(module);
+    try { instance.exports.load(0x10000 - 100 - 4); } catch (e) {}
+    (555)[0];
+}
+
+f();
+f();

Modified: branches/safari-609-branch/Source/_javascript_Core/ChangeLog (256886 => 256887)


--- branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-02-19 00:47:57 UTC (rev 256886)
+++ branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-02-19 00:48:00 UTC (rev 256887)
@@ -1,5 +1,45 @@
 2020-02-18  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r256766. rdar://problem/59551706
+
+    [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+    https://bugs.webkit.org/show_bug.cgi?id=207849
+    
+    Reviewed by Mark Lam.
+    
+    JSTests:
+    
+    * wasm/regress/regress-256665.js: Added.
+    (f):
+    
+    Source/_javascript_Core:
+    
+    When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+    to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+    register when calling the Wasm LLInt through the call IC.
+    
+    * wasm/js/WebAssemblyFunction.cpp:
+    (JSC::WebAssemblyFunction::calleeSaves const):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256766 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-02-17  Tadeu Zagallo  <tzaga...@apple.com>
+
+            [Wasm] REGRESSION(r256665): Wasm->JS call IC needs to save memory size register
+            https://bugs.webkit.org/show_bug.cgi?id=207849
+
+            Reviewed by Mark Lam.
+
+            When generating the call IC, we should select the callee saves using BoundsChecking mode in order
+            to obey to the calling conventions described in r256665. Currently, we won't restore the memory size
+            register when calling the Wasm LLInt through the call IC.
+
+            * wasm/js/WebAssemblyFunction.cpp:
+            (JSC::WebAssemblyFunction::calleeSaves const):
+
+2020-02-18  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r256665. rdar://problem/59551715
 
     [WASM] Wasm interpreter's calling convention doesn't match Wasm JIT's convention.

Modified: branches/safari-609-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp (256886 => 256887)


--- branches/safari-609-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2020-02-19 00:47:57 UTC (rev 256886)
+++ branches/safari-609-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2020-02-19 00:48:00 UTC (rev 256887)
@@ -161,7 +161,8 @@
 
 RegisterSet WebAssemblyFunction::calleeSaves() const
 {
-    return Wasm::PinnedRegisterInfo::get().toSave(instance()->memoryMode());
+    // Pessimistically save callee saves in BoundsChecking mode since the LLInt always bounds checks
+    return Wasm::PinnedRegisterInfo::get().toSave(Wasm::MemoryMode::BoundsChecking);
 }
 
 RegisterAtOffsetList WebAssemblyFunction::usedCalleeSaveRegisters() const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes