[webkit-changes] [WebKit/WebKit] e07d18: BBQ JIT should get its stack size from IPInt

Thu, 23 Apr 2026 06:46:19 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e07d187aa4ddcc2d846ec713da9433f2961d693c
      
https://github.com/WebKit/WebKit/commit/e07d187aa4ddcc2d846ec713da9433f2961d693c
  Author: Keith Miller <[email protected]>
  Date:   2026-04-23 (Thu, 23 Apr 2026)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.h
    M Source/JavaScriptCore/wasm/WasmCallee.cpp
    M Source/JavaScriptCore/wasm/WasmCallee.h
    M Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.h
    M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp

  Log Message:
  -----------
  BBQ JIT should get its stack size from IPInt
https://bugs.webkit.org/show_bug.cgi?id=313090
rdar://175386218

Reviewed by Yusuke Suzuki.

BBQ previously computed its frame size incrementally during compilation
and emitted moveWithPatch(nullptr) at every site that needed the frame
size, patching them all in a link task at the end. Since IPInt already
computes a per-function frame size (m_maxFrameSizeInV128) during metadata
generation, BBQ can use this pre-computed value to know the frame size
at the start of compilation.

The IPInt frame size accounts for locals (one V128 slot each), rethrow
slots, and max operand stack depth. On top of that, BBQ adds callee-save
register space, the calling convention header (for internal C calls),
the max callee stack size tracked by IPInt across all call/call_indirect/
call_ref/tail-call sites, and a scratch spill margin proportional to the
number of allocatable registers.

This also fixes a pre-existing bug in IPInt's m_maxFrameSizeInV128
calculation: it was halving the local and rethrow slot counts
(dividing by 2) even though each local and rethrow slot occupies a full
V128 (16-byte) slot at runtime, not half. This didn't affect IPInt
execution (which uses m_localSizeToAlloc for actual allocation) but
made the stack overflow check less conservative than intended.

With the frame size known upfront, the post-call SP restore sites can
emit a single instruction instead of loading the frame size into a
scratch register and subtracting with platform-specific code.

No new tests. Covered by existing tests.

Canonical link: https://commits.webkit.org/311855@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to