[webkit-changes] [WebKit/WebKit] 00b20c: [JSC] Simplify wasm call context switching

Fri Dec 23 21:52:34 PST 2022

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 00b20c2bd695948417db90b57485cdc7b8ebfba5
      https://github.com/WebKit/WebKit/commit/00b20c2bd695948417db90b57485cdc7b8ebfba5
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-12-23 (Fri, 23 Dec 2022)

  Changed paths:
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/llint/WebAssembly.asm
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmBinding.cpp
    M Source/JavaScriptCore/wasm/WasmContext.h
    M Source/JavaScriptCore/wasm/WasmContextInlines.h
    M Source/JavaScriptCore/wasm/WasmInstance.cpp
    M Source/JavaScriptCore/wasm/WasmInstance.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
    M Source/JavaScriptCore/wasm/WasmThunks.cpp
    M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
    M Source/JavaScriptCore/wasm/js/WasmToJS.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

  Log Message:
  -----------
  [JSC] Simplify wasm call context switching
https://bugs.webkit.org/show_bug.cgi?id=249833
rdar://103659484

Reviewed by Mark Lam.

This patch start simplifying our wasm call's context switching.

1. Let's just look into VM's softStackLimit directly. Previously, Wasm::Context etc. is separated from VM.
   So, we have some indirection for this value, and we are repeatedly caching this value in Wasm::Instance.
   But we no longer have such an indirection. Let's just look into VM's one from Wasm::Instance, which is
   what JS is doing. (Keep in mind that we cannot encode VM's pointer since Wasm code can be shared between
   multiple VMs. But Instance is tied to VM, so we can just get VM from Instance).
   The same thing can be said for VM::topEntryFrame.
2. Simplify cageWithoutUntagging for Wasm memory. It was designed for ArrayBuffer, but wasm memory never
   gets nullptr. So we do not need to be tolerant for nullptr.
3. Load memory and size via loadPairPtr.

* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::operator() const):
* Source/JavaScriptCore/llint/WebAssembly.asm:
* Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp:
(JSC::Wasm::AirIRGenerator32::emitCatchImpl):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::emitCatchImpl):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::ExpressionType>::AirIRGeneratorBase):
(JSC::Wasm::ExpressionType>::restoreWebAssemblyGlobalState):
(JSC::Wasm::ExpressionType>::addGrowMemory):
(JSC::Wasm::ExpressionType>::addCall):
(JSC::Wasm::ExpressionType>::emitIndirectCall):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::B3IRGenerator):
(JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
(JSC::Wasm::B3IRGenerator::emitIndirectCall):
(JSC::Wasm::B3IRGenerator::addGrowMemory):
(JSC::Wasm::B3IRGenerator::emitCatchImpl):
(JSC::Wasm::B3IRGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* Source/JavaScriptCore/wasm/WasmCallingConvention.cpp:
(JSC::Wasm::wasmCallingConvention):
* Source/JavaScriptCore/wasm/WasmContext.h:
* Source/JavaScriptCore/wasm/WasmContextInlines.h:
(JSC::Wasm::Context::store):
* Source/JavaScriptCore/wasm/WasmInstance.cpp:
(JSC::Wasm::Instance::Instance):
(JSC::Wasm::Instance::setGlobal):
(JSC::Wasm::Instance::setFunctionWrapper):
* Source/JavaScriptCore/wasm/WasmInstance.h:
(JSC::Wasm::Instance::offsetOfVM):
(JSC::Wasm::Instance::vm const):
(JSC::Wasm::Instance::offsetOfCachedBoundsCheckingSize):
(JSC::Wasm::Instance::storeTopCallFrame):
(JSC::Wasm::Instance::offsetOfPointerToTopEntryFrame): Deleted.
(JSC::Wasm::Instance::offsetOfPointerToActualStackLimit): Deleted.
(JSC::Wasm::Instance::offsetOfCachedStackLimit): Deleted.
(JSC::Wasm::Instance::cachedStackLimit const): Deleted.
(JSC::Wasm::Instance::setCachedStackLimit): Deleted.
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::doWasmCallIndirect):
(JSC::LLInt::doWasmCallRef):
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::throwExceptionFromWasmThunkGenerator):
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::emitThrowWasmToJSException):
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

Canonical link: https://commits.webkit.org/258316@main