[webkit-changes] [295770] trunk/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp

Thu, 23 Jun 2022 00:46:38 -0700

Title: [295770] trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp
Revision
295770
Author
ysuz...@apple.com
Date
2022-06-23 00:45:56 -0700 (Thu, 23 Jun 2022)

Log Message

[JSC] Set up wasm stack |this| first
https://bugs.webkit.org/show_bug.cgi?id=241907
rdar://problem/94397072

Reviewed by Mark Lam.

We should set up the stack's |thisValue| first.

* Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::AirIRGenerator):

Canonical link: https://commits.webkit.org/251775@main

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp (295769 => 295770)


--- trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp	2022-06-23 06:35:37 UTC (rev 295769)
+++ trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp	2022-06-23 07:45:56 UTC (rev 295770)
@@ -1014,14 +1014,20 @@
             bool needUnderflowCheck = static_cast<unsigned>(checkSize) > Options::reservedZoneSize();
             bool needsOverflowCheck = m_makesCalls || wasmFrameSize >= static_cast<int32_t>(minimumParentCheckSize) || needUnderflowCheck;
 
+            if ((needsOverflowCheck || m_usesInstanceValue) && Context::useFastTLS())
+                jit.loadWasmContextInstance(m_prologueWasmContextGPR);
+
+            // We need to setup JSWebAssemblyInstance in |this| slot first.
+            if (m_catchEntrypoints.size()) {
+                GPRReg scratch = wasmCallingConvention().prologueScratchGPRs[0];
+                jit.loadPtr(CCallHelpers::Address(m_prologueWasmContextGPR, Instance::offsetOfOwner()), scratch);
+                jit.store64(scratch, CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::thisArgument * sizeof(Register)));
+            }
+
             // This allows leaf functions to not do stack checks if their frame size is within
             // certain limits since their caller would have already done the check.
             if (needsOverflowCheck) {
                 GPRReg scratch = wasmCallingConvention().prologueScratchGPRs[0];
-
-                if (Context::useFastTLS())
-                    jit.loadWasmContextInstance(m_prologueWasmContextGPR);
-
                 jit.addPtr(CCallHelpers::TrustedImm32(-checkSize), GPRInfo::callFrameRegister, scratch);
                 MacroAssembler::JumpList overflow;
                 if (UNLIKELY(needUnderflowCheck))
@@ -1030,16 +1036,8 @@
                 jit.addLinkTask([overflow] (LinkBuffer& linkBuffer) {
                     linkBuffer.link(overflow, CodeLocationLabel<JITThunkPtrTag>(Thunks::singleton().stub(throwStackOverflowFromWasmThunkGenerator).code()));
                 });
-            } else if (m_usesInstanceValue && Context::useFastTLS()) {
-                // No overflow check is needed, but the instance values still needs to be correct.
-                jit.loadWasmContextInstance(m_prologueWasmContextGPR);
             }
 
-            if (m_catchEntrypoints.size()) {
-                GPRReg scratch = wasmCallingConvention().prologueScratchGPRs[0];
-                jit.loadPtr(CCallHelpers::Address(m_prologueWasmContextGPR, Instance::offsetOfOwner()), scratch);
-                jit.store64(scratch, CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::thisArgument * sizeof(Register)));
-            }
         }
     });
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to