[webkit-changes] [WebKit/WebKit] 5911aa: Cherry-pick 260572 at main (ab3a72163b82). https://bu...
Philippe Normand
noreply at github.com
Wed Mar 22 13:01:22 PDT 2023
Branch: refs/heads/webkitglib/2.40
Home: https://github.com/WebKit/WebKit
Commit: 5911aa71cf05da5e3cb45600027792be91c1eec2
https://github.com/WebKit/WebKit/commit/5911aa71cf05da5e3cb45600027792be91c1eec2
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
Cherry-pick 260572 at main (ab3a72163b82). https://bugs.webkit.org/show_bug.cgi?id=252614
[JSC] Fix new BBQ's address materialization
https://bugs.webkit.org/show_bug.cgi?id=252614
rdar://105697274
Reviewed by Mark Lam and Justin Michaud.
New BBQ's materializePointer is wrong since it is not handling uint32_t offset which can be larger than INT32_MAX.
On the other hand, normal Address' offset is designed to be int32_t. So we need to have a path using `add64` etc.
to materialize address if the offset is larger than INT32_MAX. Fix wasm/v8/memory_1gb_oob.js and wasm/v8/memory_2gb_oob.js
failures with new BBQ.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::emitCheckAndPreparePointer):
(JSC::Wasm::BBQJIT::materializePointer):
(JSC::Wasm::BBQJIT::emitLoadOp):
(JSC::Wasm::BBQJIT::load):
(JSC::Wasm::BBQJIT::emitStoreOp):
(JSC::Wasm::BBQJIT::store):
(JSC::Wasm::BBQJIT::emitAtomicLoadOp):
(JSC::Wasm::BBQJIT::atomicLoad):
(JSC::Wasm::BBQJIT::emitAtomicStoreOp):
(JSC::Wasm::BBQJIT::atomicStore):
(JSC::Wasm::BBQJIT::emitAtomicBinaryRMWOp):
(JSC::Wasm::BBQJIT::atomicBinaryRMW):
(JSC::Wasm::BBQJIT::emitAtomicCompareExchange):
(JSC::Wasm::BBQJIT::atomicCompareExchange):
(JSC::Wasm::BBQJIT::atomicWait):
(JSC::Wasm::BBQJIT::atomicNotify):
(JSC::Wasm::BBQJIT::addSIMDLoad):
(JSC::Wasm::BBQJIT::addSIMDStore):
(JSC::Wasm::BBQJIT::addSIMDLoadSplat):
(JSC::Wasm::BBQJIT::addSIMDLoadLane):
(JSC::Wasm::BBQJIT::addSIMDStoreLane):
(JSC::Wasm::BBQJIT::addSIMDLoadExtend):
(JSC::Wasm::BBQJIT::addSIMDLoadPad):
Canonical link: https://commits.webkit.org/260572@main
Commit: d292e7f52e313684c4483de7ad8b492cc74d59c8
https://github.com/WebKit/WebKit/commit/d292e7f52e313684c4483de7ad8b492cc74d59c8
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
M Source/JavaScriptCore/jit/FPRInfo.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmExceptionType.h
Log Message:
-----------
Cherry-pick 260597 at main (2a0f7a05e87b). https://bugs.webkit.org/show_bug.cgi?id=252654
[JSC] Some misc cleanup in new BBQ
https://bugs.webkit.org/show_bug.cgi?id=252654
rdar://105714823
Reviewed by Mark Lam.
This patch does some cleanups in new BBQ.
1. Dedup exception throwing code.
2. Define FPRInfo::nonPreservedNonArgumentFPR0 and use it for m_scratchFPR.
3. Add boundary offset only when boundary is non-zero.
* Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:
* Source/JavaScriptCore/jit/FPRInfo.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJIT::addTableGet):
(JSC::Wasm::BBQJIT::addTableSet):
(JSC::Wasm::BBQJIT::addTableInit):
(JSC::Wasm::BBQJIT::addTableFill):
(JSC::Wasm::BBQJIT::addTableCopy):
(JSC::Wasm::BBQJIT::emitCheckAndPreparePointer):
(JSC::Wasm::BBQJIT::addMemoryFill):
(JSC::Wasm::BBQJIT::addMemoryCopy):
(JSC::Wasm::BBQJIT::addMemoryInit):
(JSC::Wasm::BBQJIT::emitAtomicLoadOp):
(JSC::Wasm::BBQJIT::emitAtomicStoreOp):
(JSC::Wasm::BBQJIT::emitAtomicBinaryRMWOp):
(JSC::Wasm::BBQJIT::emitAtomicCompareExchange):
(JSC::Wasm::BBQJIT::atomicWait):
(JSC::Wasm::BBQJIT::atomicNotify):
(JSC::Wasm::BBQJIT::truncTrapping):
(JSC::Wasm::BBQJIT::throwExceptionIf):
(JSC::Wasm::BBQJIT::emitModOrDiv):
(JSC::Wasm::BBQJIT::addRefAsNonNull):
(JSC::Wasm::BBQJIT::endTopLevel):
(JSC::Wasm::BBQJIT::addCallIndirect):
(JSC::Wasm::BBQJIT::addExceptionLateLinkTask): Deleted.
* Source/JavaScriptCore/wasm/WasmExceptionType.h:
Canonical link: https://commits.webkit.org/260597@main
Commit: 2a3474ff2ee1015f2efd00629bb9192a1d1572d4
https://github.com/WebKit/WebKit/commit/2a3474ff2ee1015f2efd00629bb9192a1d1572d4
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/JavaScriptCore/b3/air/AirLowerMacros.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
Cherry-pick 260700 at main (672628fb19da). https://bugs.webkit.org/show_bug.cgi?id=252736
[JSC] Fix SIMD in new BBQ
https://bugs.webkit.org/show_bug.cgi?id=252736
rdar://105769837
Reviewed by Mark Lam.
Fix SIMD ops in new BBQ.
1. Some ops uses possibly-overwritten FPR registers. Fixed with scratch registers.
2. Clean up AirLowerMacros's generation.
3. SIMD splat can take Int constants. Thus we should check and load constants.
* Source/JavaScriptCore/b3/air/AirLowerMacros.cpp:
(JSC::B3::Air::lowerMacros):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::addSIMDSplat):
(JSC::Wasm::BBQJIT::addSIMDI_V):
(JSC::Wasm::BBQJIT::addSIMDV_V):
(JSC::Wasm::BBQJIT::addSIMDRelOp):
(JSC::Wasm::BBQJIT::emitVectorMul):
Canonical link: https://commits.webkit.org/260700@main
Commit: 448a9c544b088a9a6d98ef5113e9f945a8255e5e
https://github.com/WebKit/WebKit/commit/448a9c544b088a9a6d98ef5113e9f945a8255e5e
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
Cherry-pick 261048 at main (adae6f119127). https://bugs.webkit.org/show_bug.cgi?id=253227
[JSC] x64 CCall returnValueGPR is not in m_validGPRs
https://bugs.webkit.org/show_bug.cgi?id=253227
rdar://106127760
Reviewed by Mark Lam.
x64's returnValueGPR is not in m_validGPRs. So we cannot bind it to Location.
We should move it to argumentGPR0 if returnValueGPR is not argumentGPR0, this is kind of a hack and we should
change emitCCall in the future to make it more barebone like DFG's callOperation.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::emitCCall):
Canonical link: https://commits.webkit.org/261048@main
Commit: 05fbadd951b9d0e2f7c3c92c999269ec14881f97
https://github.com/WebKit/WebKit/commit/05fbadd951b9d0e2f7c3c92c999269ec14881f97
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssembler.h
M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
Cherry-pick 261060 at main (5725527e969e). https://bugs.webkit.org/show_bug.cgi?id=253230
[JSC] Remove m_dataScratch register in WasmBBQJIT
https://bugs.webkit.org/show_bug.cgi?id=253230
rdar://106129794
Reviewed by Mark Lam.
Using m_dataScratch caused *so* many problems. It is rax in x64, which causes the
problem that returnValueGPR is not usable as a scratch. And our calling convension
needs a hack to avoid this problem.
Also, we do not need m_dataScratch much. MacroAssembler itself has a scratch register
for normal use (non B3 / Air use), so that we can implement a lot of operations in
MacroAssembler without using m_dataScratch.
* Source/JavaScriptCore/assembler/MacroAssembler.h:
(JSC::MacroAssembler::moveFloat):
(JSC::MacroAssembler::moveDouble):
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::transfer32):
(JSC::MacroAssemblerARM64::materializeVector):
* Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::transfer32):
(JSC::MacroAssemblerX86_64::materializeVector):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJIT::addF32ConvertUI32):
(JSC::Wasm::BBQJIT::addF32ConvertUI64):
(JSC::Wasm::BBQJIT::addF64ConvertUI32):
(JSC::Wasm::BBQJIT::addF64ConvertUI64):
(JSC::Wasm::BBQJIT::addF32Copysign):
(JSC::Wasm::BBQJIT::addF64Copysign):
(JSC::Wasm::BBQJIT::addF32Abs):
(JSC::Wasm::BBQJIT::addF64Abs):
(JSC::Wasm::BBQJIT::restoreWebAssemblyGlobalState):
(JSC::Wasm::BBQJIT::emitIndirectCall):
(JSC::Wasm::BBQJIT::materializeVectorConstant):
(JSC::Wasm::BBQJIT::addSIMDV_V):
(JSC::Wasm::BBQJIT::emitVectorMul):
(JSC::Wasm::BBQJIT::addSIMDV_VV):
(JSC::Wasm::BBQJIT::isScratch):
(JSC::Wasm::BBQJIT::emitMoveConst):
(JSC::Wasm::BBQJIT::emitMoveMemory):
Canonical link: https://commits.webkit.org/261060@main
Commit: fca6b50503f4954c6eac7ab0cccdbbb10eadb9aa
https://github.com/WebKit/WebKit/commit/fca6b50503f4954c6eac7ab0cccdbbb10eadb9aa
Author: Žan Doberšek <zdobersek at igalia.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssembler.h
M Source/JavaScriptCore/offlineasm/riscv64.rb
M Source/WTF/wtf/PlatformEnable.h
Log Message:
-----------
Cherry-pick 261498 at main (c07cdb6ae80b). https://bugs.webkit.org/show_bug.cgi?id=253700
Unreviewed build fixes for RISCV64
https://bugs.webkit.org/show_bug.cgi?id=253700
Unreviewed build fixes for RISCV64 builds of JavaScriptCore.
* Source/JavaScriptCore/assembler/MacroAssembler.h: Enable the moveFloat and
moveDouble methods that work with immediate values, sharing the scratch register
variant with x86-64.
* Source/JavaScriptCore/offlineasm/riscv64.rb: Also generate WASM placeholders
for the loadv and storev opcodes, used in WebAssembly.asm.
* Source/WTF/wtf/PlatformEnable.h: Avoid further compilation issues by enabling
ENABLE_WEBASSEMBLY_B3JIT alongside ENABLE_WEBASSEMBLY.
Canonical link: https://commits.webkit.org/261498@main
Commit: fba210d0321cff5cc1be9e84ee1a72996d9dd8dd
https://github.com/WebKit/WebKit/commit/fba210d0321cff5cc1be9e84ee1a72996d9dd8dd
Author: Philippe Normand <philn at igalia.com>
Date: 2023-03-22 (Wed, 22 Mar 2023)
Changed paths:
M Source/WebCore/platform/UserAgentQuirks.cpp
M Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp
Log Message:
-----------
Cherry-pick 261839 at main (4ad4b2d3a795). https://bugs.webkit.org/show_bug.cgi?id=253877
[GLib] No render update when seeking outside of network buffer in fullscreen
https://bugs.webkit.org/show_bug.cgi?id=253877
Reviewed by Michael Catanzaro.
Advertize us as a Chrome UA when browsing Youtube in order to workaround broken seek handling when
playing videos in full-screen.
* Source/WebCore/platform/UserAgentQuirks.cpp:
(WebCore::urlRequiresChromeBrowser):
* Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/261839@main
Compare: https://github.com/WebKit/WebKit/compare/257bd721df9b...fba210d0321c
More information about the webkit-changes
mailing list