[webkit-changes] [WebKit/WebKit] 50c7aa: Fixup air pointer args if they are not valid in BBQ

[Justin Michaud]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 50c7aaec2f53ab3b960f1b299aad5009df6f1967
      https://github.com/WebKit/WebKit/commit/50c7aaec2f53ab3b960f1b299aad5009df6f1967
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2023-02-08 (Wed, 08 Feb 2023)

  Changed paths:
    A JSTests/wasm/stress/big-try-simd.js
    A JSTests/wasm/stress/big-try.js
    A JSTests/wasm/stress/big-tuple-args.js
    A JSTests/wasm/stress/big-tuple.js
    A JSTests/wasm/stress/simd-big-tuple.js
    A JSTests/wasm/stress/tag-return.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp

  Log Message:
  -----------
  Fixup air pointer args if they are not valid in BBQ
https://bugs.webkit.org/show_bug.cgi?id=251890
rdar://105079565

Reviewed by Mark Lam and Yusuke Suzuki.

We are not fixing up air args if their offsets don't fit into the instruction
in a few cases.

Here are some examples:

MoveDouble 28480(%sp), %q16 ; too big
MoveVector 248(%sp), %q16 ; not 16-byte aligned

Let's fix up these arguments. We also fix a missing validation check
when parsing exception tags exposed by this test.

* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addReturn):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::AirIRGeneratorBase::emitPatchpoint):

oops

Canonical link: https://commits.webkit.org/260038@main