[webkit-changes] [WebKit/WebKit] c3893a: Reland memory64 bulk memory operations in OMG tier

Mon, 04 May 2026 10:59:13 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c3893af655596c2fd06b0450cb01f10d5ee1bced
      
https://github.com/WebKit/WebKit/commit/c3893af655596c2fd06b0450cb01f10d5ee1bced
  Author: Cole Carley <[email protected]>
  Date:   2026-05-04 (Mon, 04 May 2026)

  Changed paths:
    M JSTests/wasm/stress/memory64-bulk-memory.js
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp
    M Source/JavaScriptCore/wasm/WasmMemory.cpp
    M Source/JavaScriptCore/wasm/WasmMemory.h
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    M Source/JavaScriptCore/wasm/WasmOperationsInlines.h

  Log Message:
  -----------
  Reland memory64 bulk memory operations in OMG tier
https://bugs.webkit.org/show_bug.cgi?id=313267
rdar://175539058

Reviewed by Keith Miller.

The original patch: https://commits.webkit.org/311796@main caused some
failures in JetStream. The original patch widened some arguments from
uint32_t to uint64_t that were called from jitted and interpreted code.

Any 32 bit value passed to these functions will be treated as a 64 bit
value, meaning there will be garbage in the upper 32 bits. To address
this issue, I zero extended the 32 bit arguments to a 64 bit in the
memory32 case.

The JetStream benchmark is passing now.

* JSTests/wasm/stress/memory64-bulk-memory.js:
(testOverflow):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addMemoryFill):
(JSC::Wasm::BBQJITImpl::BBQJIT::addMemoryCopy):
(JSC::Wasm::BBQJITImpl::BBQJIT::addMemoryInit):
* Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp:
(JSC::IPInt::WASM_IPINT_EXTERN_CPP_DECL):
* Source/JavaScriptCore/wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::fill):
(JSC::Wasm::Memory::copy):
* Source/JavaScriptCore/wasm/WasmMemory.h:
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::addMemoryFill):
(JSC::Wasm::OMGIRGenerator::addMemoryInit):
(JSC::Wasm::OMGIRGenerator::addMemoryCopy):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h:
(JSC::Wasm::memoryFill):
(JSC::Wasm::memoryCopy):

Canonical link: https://commits.webkit.org/312534@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to