[webkit-changes] [WebKit/WebKit] 44fc07: Remove operationAllocateResultsArray assert

Justin Michaud noreply at github.com
Tue Nov 1 19:07:12 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 44fc0790939c6c19503d64497f1c4af907b77fff
      https://github.com/WebKit/WebKit/commit/44fc0790939c6c19503d64497f1c4af907b77fff
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    A JSTests/wasm/stress/f32-tuple-jsapi-exported.js
    A JSTests/wasm/stress/f32-tuple-jsapi.js
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

  Log Message:
  -----------
  Remove operationAllocateResultsArray assert
https://bugs.webkit.org/show_bug.cgi?id=247338

Reviewed by Yusuke Suzuki.

Suppose we are inside a WASM function that returns a tuple to JS. At the
boundary (in marshallJSResult), we call operationAllocateResultsArray to
allocate the JSArray that represents this WASM tuple. When we put a NaN
in the result tuple array, our indexing type changes from Double to Contiguous
because NaN is used to store holes in Double mode.

This assertion checked that our indexing mode did not change from our initially
chosen one, but this assumption is not used by later jit code. Hence, this was
probably just added to make sure we picked the optimal indexing type first.

We remove the assertion and add a test.

* JSTests/wasm/stress/f32-tuple-jsapi-exported.js: Added.
(from.string_appeared_here.import.as.assert.from.string_appeared_here.let.wat.module.func.export.string_appeared_here.result.f32.f32.return.f32.const.nan.0x100000.f32.const.nan.0x100000.async test):
* JSTests/wasm/stress/f32-tuple-jsapi.js: Added.
(from.string_appeared_here.import.as.assert.from.string_appeared_here.let.wat.module.func.f.result.f32.f32.return.f32.const.nan.0x100000.f32.const.nan.0x100000.func.export.string_appeared_here.result.f32.f32.return.call.f.async test):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::marshallJSResult):
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

Canonical link: https://commits.webkit.org/256210@main

More information about the webkit-changes mailing list