Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6c5c02f67319468964e66627084bc783f650a611
https://github.com/WebKit/WebKit/commit/6c5c02f67319468964e66627084bc783f650a611
Author: Yusuke Suzuki <[email protected]>
Date: 2025-10-23 (Thu, 23 Oct 2025)
Changed paths:
A JSTests/wasm/stress/operation-exception.js
M Source/JavaScriptCore/jit/CCallHelpers.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
M Source/JavaScriptCore/wasm/js/WasmToJS.cpp
Log Message:
-----------
[JSC] Use error-throwing operations for wasm error-throwing operations
https://bugs.webkit.org/show_bug.cgi?id=301374
rdar://162587506
Reviewed by Sosuke Suzuki.
The bug itself is that `bool` returned value is not zero-extend to a
register-width, and we get some garbage value in upper bits. This causes
that we wrongly think that exception is thrown, but it is not actually.
This becomes safe explicit crash right now via RELEASE_ASSERT.
This patch fixes it by making them actually error-throwing operations.
And using returned register which is indicating whether error is thrown
instead of returning adhoc bool. We also apply this clean-up to the
other error-throwing operations as well.
Test: JSTests/wasm/stress/operation-exception.js
* JSTests/wasm/stress/operation-exception.js: Added.
(instantiate):
(async let.fn0):
(let.fn1):
(let.fn2):
(let.fn3):
(let.fn4):
(let.fn5):
(let.fn6):
(let.fn7):
(let.fn8):
(async let):
* Source/JavaScriptCore/jit/CCallHelpers.h:
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::marshallJSResult):
(JSC::Wasm::createJSToWasmJITShared):
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
Canonical link: https://commits.webkit.org/302073@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
