[webkit-changes] [WebKit/WebKit] cc59ec: [Wasm-GC] Fix handling of recursive types using sh...

Asumu Takikawa noreply at github.com
Wed Oct 12 17:43:55 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cc59ec0dd950292d1b23faf10bae59b03ae20967
      https://github.com/WebKit/WebKit/commit/cc59ec0dd950292d1b23faf10bae59b03ae20967
  Author: Asumu Takikawa <asumu at igalia.com>
  Date:   2022-10-12 (Wed, 12 Oct 2022)

  Changed paths:
    M JSTests/wasm/gc/rec.js
    M Source/JavaScriptCore/wasm/WasmFormat.h
    M Source/JavaScriptCore/wasm/WasmParser.h
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.h

  Log Message:
  -----------
  [Wasm-GC] Fix handling of recursive types using shorthand encoding
https://bugs.webkit.org/show_bug.cgi?id=246049

Reviewed by Justin Michaud.

In the Wasm GC proposal, recursive types can be encoded in different
ways. For example, an explicit `rec` operator may appear in the binary
format (required for recursion groups with multiple types).

A single type (e.g., a struct type) is treated implicitly as a recursion
group (the `rec` is implicit and elided in the binary format).

This patch adds support for the latter shorthand, and includes the
following additional fixes/changes:

  - Removes the hacky use of the `rec` type opcode to encode an
    unresolved recursive reference. Instead, it is now a standard `ref`
    type where the type index points to a Projection with an invalid
    recursion group type index. These are resolved in `expand()`.
  - Fixes bounds checking for recursive references into a recursion
    group.
  - Adds missing `expand()` calls in subtyping checks.
  - Adds a boolean field indicating if a type definition has any type
    fields with a recursive reference. This is used to detect if a
    single-type recursion group should be constructed for a structural
    type. The intent is to also use this in a follow-up patch to
    optimize `expand()` to avoid expansion steps for types known to be
    non-recursive.

* JSTests/wasm/gc/rec.js:
(testRecDeclaration):
* Source/JavaScriptCore/wasm/WasmFormat.h:
(JSC::Wasm::isValueType):
(JSC::Wasm::isRefWithRecursiveReference):
(JSC::Wasm::isSubtype):
* Source/JavaScriptCore/wasm/WasmParser.h:
(JSC::Wasm::Parser<SuccessType>::parseHeapType):
(JSC::Wasm::Parser<SuccessType>::parseValueType):
* Source/JavaScriptCore/wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseType):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp:
(JSC::Wasm::TypeDefinition::substitute):
(JSC::Wasm::FunctionParameterTypes::translate):
(JSC::Wasm::StructParameterTypes::translate):
(JSC::Wasm::ArrayParameterTypes::translate):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.h:
(JSC::Wasm::FunctionSignature::FunctionSignature):
(JSC::Wasm::FunctionSignature::hasRecursiveReference const):
(JSC::Wasm::FunctionSignature::setHasRecursiveReference):
(JSC::Wasm::StructType::StructType):
(JSC::Wasm::StructType::hasRecursiveReference const):
(JSC::Wasm::StructType::setHasRecursiveReference):
(JSC::Wasm::ArrayType::ArrayType):
(JSC::Wasm::ArrayType::hasRecursiveReference const):
(JSC::Wasm::ArrayType::setHasRecursiveReference):
(JSC::Wasm::Projection::isPlaceholder const):

Canonical link: https://commits.webkit.org/255460@main

More information about the webkit-changes mailing list