[webkit-changes] [WebKit/WebKit] 0eced4: [WASM][ARM64] Type confused of StackVisitor in JSC...

Yusuke Suzuki noreply at github.com
Tue Jan 10 08:40:27 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0eced4e498035fcb071db046e3dedf5823ad68ca
      https://github.com/WebKit/WebKit/commit/0eced4e498035fcb071db046e3dedf5823ad68ca
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-01-10 (Tue, 10 Jan 2023)

  Changed paths:
    A JSTests/wasm/stress/tail-call-should-not-clobber-caller-origin.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

  Log Message:
  -----------
  [WASM][ARM64] Type confused of StackVisitor in JSC::StackVisitor::visit
https://bugs.webkit.org/show_bug.cgi?id=250024
rdar://103834422

Reviewed by Mark Lam.

Tail-call should not emit CallSiteIndex when jumping since it is clobbering the upper caller's stack.
This CallSiteIndex is used to check what part of the caller is calling this function. But in tail-call
case, this is not necessary since the current function will go away due to tail-call.
This patch fixes exception handle generation for tail-calls so that we do not clobber CallSiteIndex slot.

* JSTests/wasm/stress/tail-call-should-not-clobber-caller-origin.js: Added.
* Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp:
(JSC::Wasm::AirIRGenerator32::preparePatchpointForExceptions):
(JSC::Wasm::AirIRGenerator32::addThrow):
(JSC::Wasm::AirIRGenerator32::addRethrow):
(JSC::Wasm::AirIRGenerator32::emitCallPatchpoint):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addThrow):
(JSC::Wasm::AirIRGenerator64::addRethrow):
(JSC::Wasm::AirIRGenerator64::emitCallPatchpoint):
(JSC::Wasm::AirIRGenerator64::emitTailCallPatchpoint):
(JSC::Wasm::AirIRGenerator64::preparePatchpointForExceptions):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::ExpressionType>::addCall):
(JSC::Wasm::ExpressionType>::emitIndirectCall):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::emitIndirectCall):
(JSC::Wasm::B3IRGenerator::createTailCallPatchpoint):
(JSC::Wasm::B3IRGenerator::addCall):

Canonical link: https://commits.webkit.org/258725@main

More information about the webkit-changes mailing list