[webkit-changes] [WebKit/WebKit] 0e2cbf: [Wasm-GC] Implement cast operations

Thu Mar 9 09:25:56 PST 2023

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0e2cbf8c3d8ee53e2840c3b87aa7b0adaf410865
      https://github.com/WebKit/WebKit/commit/0e2cbf8c3d8ee53e2840c3b87aa7b0adaf410865
  Author: Asumu Takikawa <asumu at igalia.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    A JSTests/wasm/gc/casts.js
    M JSTests/wasm/wasm.json
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/Sources.txt
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmExceptionType.h
    M Source/JavaScriptCore/wasm/WasmFunctionParser.h
    M Source/JavaScriptCore/wasm/WasmInstance.cpp
    M Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h
    M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmModuleInformation.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    M Source/JavaScriptCore/wasm/WasmOperationsInlines.h
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.h
    M Source/JavaScriptCore/wasm/WasmTypeDefinitionInlines.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h
    A Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp
    A Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h
    M Source/JavaScriptCore/wasm/wasm.json

  Log Message:
  -----------
  [Wasm-GC] Implement cast operations
https://bugs.webkit.org/show_bug.cgi?id=247399

Reviewed by Yusuke Suzuki.

Implements the `ref.cast` and `ref.test` instructions. Casts are
supported by associating an RTT with Wasm objects.

For functions, this is done by adding a field in the base function
object.  For arrays and structs, a new WebAsseblyGCObjectBase class is
used as the base class for both arrays and structs. The base class
contains an RTT with a consistent offset for the JIT.

This patch does not yet support `br_on_cast/on_cast_fail`.

* JSTests/wasm/gc/casts.js: Added.
(testBasicCasts):
(testI31Casts):
(testFunctionCasts):
(testArrayCasts):
(testStructCasts):
(testSubtypeCasts):
* JSTests/wasm/wasm.json:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp:
(JSC::Wasm::AirIRGenerator32::emitBranchForNullReference):
(JSC::Wasm::AirIRGenerator32::makeBranchNotInt32):
(JSC::Wasm::AirIRGenerator32::makeBranchNotCell):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::emitBranchForNullReference):
(JSC::Wasm::AirIRGenerator64::makeBranchNotInt32):
(JSC::Wasm::AirIRGenerator64::makeBranchNotCell):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::ExpressionType>::addRefCast):
(JSC::Wasm::ExpressionType>::addRefTest):
(JSC::Wasm::ExpressionType>::emitRefTestOrCast):
(JSC::Wasm::ExpressionType>::emitCheckOrBranchForCast):
(JSC::Wasm::ExpressionType>::emitLoadRTTFromFuncref):
(JSC::Wasm::ExpressionType>::emitLoadRTTFromObject):
(JSC::Wasm::ExpressionType>::makeBranchNotRTTKind):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addRefTest):
(JSC::Wasm::B3IRGenerator::addRefCast):
(JSC::Wasm::B3IRGenerator::emitRefTestOrCast):
(JSC::Wasm::B3IRGenerator::emitCheckOrBranchForCast):
(JSC::Wasm::B3IRGenerator::emitLoadRTTFromFuncref):
(JSC::Wasm::B3IRGenerator::emitLoadRTTFromObject):
(JSC::Wasm::B3IRGenerator::emitNotRTTKind):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
* Source/JavaScriptCore/wasm/WasmExceptionType.h:
(JSC::Wasm::isTypeErrorExceptionType):
* Source/JavaScriptCore/wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* Source/JavaScriptCore/wasm/WasmInstance.cpp:
(JSC::Wasm::Instance::initElementSegment):
* Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h:
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addRefTest):
(JSC::Wasm::LLIntGenerator::addRefCast):
* Source/JavaScriptCore/wasm/WasmModuleInformation.h:
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h:
(JSC::Wasm::arrayNew):
(JSC::Wasm::structNew):
(JSC::Wasm::refCast):
* Source/JavaScriptCore/wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseRecursionGroup):
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp:
(JSC::Wasm::RTT::tryCreateRTT):
(JSC::Wasm::TypeInformation::signatureForLLIntBuiltin):
(JSC::Wasm::TypeInformation::TypeInformation):
(JSC::Wasm::TypeInformation::canonicalRTTForType):
(JSC::Wasm::TypeInformation::tryGetCanonicalRTT):
(JSC::Wasm::TypeInformation::getCanonicalRTT):
(): Deleted.
* Source/JavaScriptCore/wasm/WasmTypeDefinition.h:
(JSC::Wasm::RTT::RTT): Deleted.
(JSC::Wasm::RTT::displaySize const): Deleted.
(JSC::Wasm::RTT::displayEntry const): Deleted.
(JSC::Wasm::RTT::setDisplayEntry): Deleted.
(JSC::Wasm::RTT::allocatedRTTSize): Deleted.
(JSC::Wasm::RTT::payload): Deleted.
* Source/JavaScriptCore/wasm/WasmTypeDefinitionInlines.h:
(JSC::Wasm::TypeInformation::getFunctionSignature):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp:
(JSC::JSWebAssemblyArray::JSWebAssemblyArray):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp:
(JSC::JSWebAssemblyStruct::JSWebAssemblyStruct):
(JSC::JSWebAssemblyStruct::tryCreate):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h:
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::create):
(JSC::WebAssemblyFunction::WebAssemblyFunction):
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h:
* Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.cpp:
(JSC::WebAssemblyFunctionBase::WebAssemblyFunctionBase):
* Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h:
(JSC::WebAssemblyFunctionBase::rtt const):
(JSC::WebAssemblyFunctionBase::offsetOfRTT):
* Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp: Copied from Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h.
(JSC::WebAssemblyGCObjectBase::WebAssemblyGCObjectBase):
(JSC::WebAssemblyGCObjectBase::visitChildrenImpl):
(JSC::WebAssemblyGCObjectBase::finishCreation):
* Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h: Copied from Source/JavaScriptCore/wasm/WasmLLIntBuiltin.h.
(JSC::WebAssemblyGCObjectBase::rtt):
(JSC::WebAssemblyGCObjectBase::offsetOfRTT):
* Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::initializeExports):
* Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
(JSC::WebAssemblyWrapperFunction::create):
* Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h:
* Source/JavaScriptCore/wasm/wasm.json:

Canonical link: https://commits.webkit.org/261445@main