[webkit-changes] [WebKit/WebKit] e2672d: [JSC] Implement wasm exception in new BBQ

Yusuke Suzuki noreply at github.com
Mon Feb 27 13:37:40 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e2672d2623ed17421641e2827515bd6b02c893ea
      https://github.com/WebKit/WebKit/commit/e2672d2623ed17421641e2827515bd6b02c893ea
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-02-27 (Mon, 27 Feb 2023)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h

  Log Message:
  -----------
  [JSC] Implement wasm exception in new BBQ
https://bugs.webkit.org/show_bug.cgi?id=252959
rdar://105692614

Reviewed by Tadeu Zagallo.

This patch implements wasm exception in new BBQ. The implementation is just following
to how exception is implemented in the other tiers (LLInt, old BBQ Air), so not introducing a new concept.

1. Catch / CatchAll blocks should have implicit stack slot to hold exception (as the same to old Air and LLInt).
   This is represented as implicitSlots.
2. When catch / catch-all is running, we already flush everything in endBlock. Thus, we do not need to have stackmap
   at all: every wasm temps are on stack. So only thing we need is just spreading wasm exception parameters to the
   block's parameters (this is the same to what wasm LLInt exception handling is doing).
3. Each try-block and exception-throwing operations incremenets m_callSiteIndex. And emit it to
   CCallHelpers::tagFor(CallFrameSlot::argumentCountIncludingThis) slot. This number is used as a range of covering of
   the exception handler. (This is exactly the same design to DFG / FTL exception handling). And this is the same to
   old BBQ Air exception handling.
4. Entrance of exception handler is represented as a label inside code. And these labels are extracted for exception handlers.

* Source/JavaScriptCore/wasm/WasmB3IRGenerator.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::ControlData::ControlData):
(JSC::Wasm::BBQJIT::ControlData::endBlock):
(JSC::Wasm::BBQJIT::ControlData::startBlock):
(JSC::Wasm::BBQJIT::ControlData::resumeBlock):
(JSC::Wasm::BBQJIT::ControlData::releaseJumps):
(JSC::Wasm::BBQJIT::ControlData::implicitSlots const):
(JSC::Wasm::BBQJIT::ControlData::argumentLocations const):
(JSC::Wasm::BBQJIT::ControlData::resultLocations const):
(JSC::Wasm::BBQJIT::ControlData::setCatchKind):
(JSC::Wasm::BBQJIT::ControlData::tryStart const):
(JSC::Wasm::BBQJIT::ControlData::tryEnd const):
(JSC::Wasm::BBQJIT::ControlData::tryCatchDepth const):
(JSC::Wasm::BBQJIT::ControlData::setTryInfo):
(JSC::Wasm::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJIT::topValue):
(JSC::Wasm::BBQJIT::exception):
(JSC::Wasm::BBQJIT::emitEntryTierUpCheck):
(JSC::Wasm::BBQJIT::addTopLevel):
(JSC::Wasm::BBQJIT::addBlock):
(JSC::Wasm::BBQJIT::addLoop):
(JSC::Wasm::BBQJIT::addIf):
(JSC::Wasm::BBQJIT::addElse):
(JSC::Wasm::BBQJIT::addElseToUnreachable):
(JSC::Wasm::BBQJIT::addTry):
(JSC::Wasm::BBQJIT::emitCatchPrologue):
(JSC::Wasm::BBQJIT::emitCatchAllImpl):
(JSC::Wasm::BBQJIT::emitCatchImpl):
(JSC::Wasm::BBQJIT::addCatch):
(JSC::Wasm::BBQJIT::addCatchToUnreachable):
(JSC::Wasm::BBQJIT::addCatchAll):
(JSC::Wasm::BBQJIT::addCatchAllToUnreachable):
(JSC::Wasm::BBQJIT::addDelegate):
(JSC::Wasm::BBQJIT::addDelegateToUnreachable):
(JSC::Wasm::BBQJIT::addThrow):
(JSC::Wasm::BBQJIT::addRethrow):
(JSC::Wasm::BBQJIT::prepareForExceptions):
(JSC::Wasm::BBQJIT::addReturn):
(JSC::Wasm::BBQJIT::endBlock):
(JSC::Wasm::BBQJIT::addEndToUnreachable):
(JSC::Wasm::BBQJIT::endTopLevel):
(JSC::Wasm::BBQJIT::flushRegistersForException):
(JSC::Wasm::BBQJIT::returnValuesFromCall):
(JSC::Wasm::BBQJIT::emitCCall):
(JSC::Wasm::BBQJIT::addCall):
(JSC::Wasm::BBQJIT::emitIndirectCall):
(JSC::Wasm::BBQJIT::notifyFunctionUsesSIMD):
(JSC::Wasm::BBQJIT::takeExceptionHandlers):
(JSC::Wasm::BBQJIT::takeCatchEntrypoints):
(JSC::Wasm::BBQJIT::emitShuffle):
(JSC::Wasm::parseAndCompileBBQ):
(JSC::Wasm::BBQJIT::ControlData::allocateArgumentOrResult): Deleted.
* Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h:
(JSC::Wasm::computeExceptionHandlerAndLoopEntrypointLocations):

Canonical link: https://commits.webkit.org/260905@main

More information about the webkit-changes mailing list