[webkit-changes] [WebKit/WebKit] e0e924: Throwing a v128 should not clobber other stack slots.

[Justin Michaud]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e0e9244ff3e75eec3323507e98f435e780bd0264
      https://github.com/WebKit/WebKit/commit/e0e9244ff3e75eec3323507e98f435e780bd0264
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2023-01-11 (Wed, 11 Jan 2023)

  Changed paths:
    A JSTests/wasm/stress/simd-exception-throwing-v128-clobbers-fp.js
    A JSTests/wasm/stress/simd-exception-throwing-v128-clobbers-fp.wasm
    A JSTests/wasm/stress/simd-exception-throwing-v128-clobbers-fp.wat
    A JSTests/wasm/stress/simd-tail-calls-throw.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

  Log Message:
  -----------
  Throwing a v128 should not clobber other stack slots.
https://bugs.webkit.org/show_bug.cgi?id=250312

Reviewed by Yusuke Suzuki.

Throwing a v128 is not currently supported, so we only allocate jsvalue-sized
stack slots. This is bad, because we still MoveVector, and this can cause
us to clobber important things. We should not clobber important things.

* JSTests/wasm/stress/simd-exception-throwing-v128-clobbers-fp.js: Added.
(catch):
* JSTests/wasm/stress/simd-exception-throwing-v128-clobbers-fp.wasm: Added.
* JSTests/wasm/stress/simd-exception-throwing-v128-clobbers-fp.wat: Added.
* JSTests/wasm/stress/simd-tail-calls-throw.js: Added.
(from.string_appeared_here.import.as.assert.from.string_appeared_here.let.wat.module.func.start.export.string_appeared_here.call.f1.func.f1.local.v128.try.catch_all.return_call.f2.func.f2.async test):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addThrow):
(JSC::Wasm::AirIRGenerator64::emitTailCallPatchpoint):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addThrow):
(JSC::Wasm::B3IRGenerator::createTailCallPatchpoint):

Canonical link: https://commits.webkit.org/258789@main