[webkit-changes] [WebKit/WebKit] ab3a72: [JSC] Fix new BBQ's address materialization

[Yusuke Suzuki]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ab3a72163b82dabbc3028b877d3e95cdca29739f
      https://github.com/WebKit/WebKit/commit/ab3a72163b82dabbc3028b877d3e95cdca29739f
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-02-20 (Mon, 20 Feb 2023)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp

  Log Message:
  -----------
  [JSC] Fix new BBQ's address materialization
https://bugs.webkit.org/show_bug.cgi?id=252614
rdar://105697274

Reviewed by Mark Lam and Justin Michaud.

New BBQ's materializePointer is wrong since it is not handling uint32_t offset which can be larger than INT32_MAX.
On the other hand, normal Address' offset is designed to be int32_t. So we need to have a path using `add64` etc.
to materialize address if the offset is larger than INT32_MAX. Fix wasm/v8/memory_1gb_oob.js and wasm/v8/memory_2gb_oob.js
failures with new BBQ.

* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::emitCheckAndPreparePointer):
(JSC::Wasm::BBQJIT::materializePointer):
(JSC::Wasm::BBQJIT::emitLoadOp):
(JSC::Wasm::BBQJIT::load):
(JSC::Wasm::BBQJIT::emitStoreOp):
(JSC::Wasm::BBQJIT::store):
(JSC::Wasm::BBQJIT::emitAtomicLoadOp):
(JSC::Wasm::BBQJIT::atomicLoad):
(JSC::Wasm::BBQJIT::emitAtomicStoreOp):
(JSC::Wasm::BBQJIT::atomicStore):
(JSC::Wasm::BBQJIT::emitAtomicBinaryRMWOp):
(JSC::Wasm::BBQJIT::atomicBinaryRMW):
(JSC::Wasm::BBQJIT::emitAtomicCompareExchange):
(JSC::Wasm::BBQJIT::atomicCompareExchange):
(JSC::Wasm::BBQJIT::atomicWait):
(JSC::Wasm::BBQJIT::atomicNotify):
(JSC::Wasm::BBQJIT::addSIMDLoad):
(JSC::Wasm::BBQJIT::addSIMDStore):
(JSC::Wasm::BBQJIT::addSIMDLoadSplat):
(JSC::Wasm::BBQJIT::addSIMDLoadLane):
(JSC::Wasm::BBQJIT::addSIMDStoreLane):
(JSC::Wasm::BBQJIT::addSIMDLoadExtend):
(JSC::Wasm::BBQJIT::addSIMDLoadPad):

Canonical link: https://commits.webkit.org/260572@main