[webkit-changes] [WebKit/WebKit] 6055ee: [JSC][armv7] Fix wasm ref.as_non_null
jjgriego
noreply at github.com
Tue Feb 7 07:17:47 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6055ee6392589ea77765c0a3d4d8b8898a6534ff
https://github.com/WebKit/WebKit/commit/6055ee6392589ea77765c0a3d4d8b8898a6534ff
Author: Joseph Griego <jgriego at igalia.com>
Date: 2023-02-07 (Tue, 07 Feb 2023)
Changed paths:
M Source/JavaScriptCore/llint/WebAssembly32_64.asm
M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
Log Message:
-----------
[JSC][armv7] Fix wasm ref.as_non_null
https://bugs.webkit.org/show_bug.cgi?id=251606
Reviewed by Yusuke Suzuki.
Right now, the implementation of this instruction triggers assertion failures in
both LLInt and the BBQ/Air backends on 32-bit ARM.
For LLInt, the incorrect `return` instruction is used, use `return2i` since refs
are two-word values.
For the Air backend, we need to use `emitMove` (again, because refs are two-word
values); here, we also need a version that doesn't assert in the JIT that the
dest is a supertype of the source TypedTmp--since the whole point of
ref.as_non_null is that it works as a checked coercion... So, I've added that as
`emitMoveWithoutTypeCheck`
* Source/JavaScriptCore/llint/WebAssembly32_64.asm:
* Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp:
(JSC::Wasm::AirIRGenerator32::emitMoveWithoutTypeCheck):
(JSC::Wasm::AirIRGenerator32::emitMove):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::emitMoveWithoutTypeCheck):
(JSC::Wasm::AirIRGenerator64::emitMove):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::ExpressionType>::addRefAsNonNull):
Canonical link: https://commits.webkit.org/259958@main
More information about the webkit-changes
mailing list