[webkit-changes] [WebKit/WebKit] 5911aa: Cherry-pick 260572 at main (ab3a72163b82). https://bu...

Philippe Normand noreply at github.com
Wed Mar 22 13:01:22 PDT 2023 

  Branch: refs/heads/webkitglib/2.40
  Home:   https://github.com/WebKit/WebKit
  Commit: 5911aa71cf05da5e3cb45600027792be91c1eec2
      https://github.com/WebKit/WebKit/commit/5911aa71cf05da5e3cb45600027792be91c1eec2
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp

  Log Message:
  -----------
  Cherry-pick 260572 at main (ab3a72163b82). https://bugs.webkit.org/show_bug.cgi?id=252614

    [JSC] Fix new BBQ's address materialization
    https://bugs.webkit.org/show_bug.cgi?id=252614
    rdar://105697274

    Reviewed by Mark Lam and Justin Michaud.

    New BBQ's materializePointer is wrong since it is not handling uint32_t offset which can be larger than INT32_MAX.
    On the other hand, normal Address' offset is designed to be int32_t. So we need to have a path using `add64` etc.
    to materialize address if the offset is larger than INT32_MAX. Fix wasm/v8/memory_1gb_oob.js and wasm/v8/memory_2gb_oob.js
    failures with new BBQ.

    * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
    (JSC::Wasm::BBQJIT::emitCheckAndPreparePointer):
    (JSC::Wasm::BBQJIT::materializePointer):
    (JSC::Wasm::BBQJIT::emitLoadOp):
    (JSC::Wasm::BBQJIT::load):
    (JSC::Wasm::BBQJIT::emitStoreOp):
    (JSC::Wasm::BBQJIT::store):
    (JSC::Wasm::BBQJIT::emitAtomicLoadOp):
    (JSC::Wasm::BBQJIT::atomicLoad):
    (JSC::Wasm::BBQJIT::emitAtomicStoreOp):
    (JSC::Wasm::BBQJIT::atomicStore):
    (JSC::Wasm::BBQJIT::emitAtomicBinaryRMWOp):
    (JSC::Wasm::BBQJIT::atomicBinaryRMW):
    (JSC::Wasm::BBQJIT::emitAtomicCompareExchange):
    (JSC::Wasm::BBQJIT::atomicCompareExchange):
    (JSC::Wasm::BBQJIT::atomicWait):
    (JSC::Wasm::BBQJIT::atomicNotify):
    (JSC::Wasm::BBQJIT::addSIMDLoad):
    (JSC::Wasm::BBQJIT::addSIMDStore):
    (JSC::Wasm::BBQJIT::addSIMDLoadSplat):
    (JSC::Wasm::BBQJIT::addSIMDLoadLane):
    (JSC::Wasm::BBQJIT::addSIMDStoreLane):
    (JSC::Wasm::BBQJIT::addSIMDLoadExtend):
    (JSC::Wasm::BBQJIT::addSIMDLoadPad):

    Canonical link: https://commits.webkit.org/260572@main


  Commit: d292e7f52e313684c4483de7ad8b492cc74d59c8
      https://github.com/WebKit/WebKit/commit/d292e7f52e313684c4483de7ad8b492cc74d59c8
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
    M Source/JavaScriptCore/jit/FPRInfo.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmExceptionType.h

  Log Message:
  -----------
  Cherry-pick 260597 at main (2a0f7a05e87b). https://bugs.webkit.org/show_bug.cgi?id=252654

    [JSC] Some misc cleanup in new BBQ
    https://bugs.webkit.org/show_bug.cgi?id=252654
    rdar://105714823

    Reviewed by Mark Lam.

    This patch does some cleanups in new BBQ.

    1. Dedup exception throwing code.
    2. Define FPRInfo::nonPreservedNonArgumentFPR0 and use it for m_scratchFPR.
    3. Add boundary offset only when boundary is non-zero.

    * Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:
    * Source/JavaScriptCore/jit/FPRInfo.h:
    * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
    (JSC::Wasm::BBQJIT::BBQJIT):
    (JSC::Wasm::BBQJIT::addTableGet):
    (JSC::Wasm::BBQJIT::addTableSet):
    (JSC::Wasm::BBQJIT::addTableInit):
    (JSC::Wasm::BBQJIT::addTableFill):
    (JSC::Wasm::BBQJIT::addTableCopy):
    (JSC::Wasm::BBQJIT::emitCheckAndPreparePointer):
    (JSC::Wasm::BBQJIT::addMemoryFill):
    (JSC::Wasm::BBQJIT::addMemoryCopy):
    (JSC::Wasm::BBQJIT::addMemoryInit):
    (JSC::Wasm::BBQJIT::emitAtomicLoadOp):
    (JSC::Wasm::BBQJIT::emitAtomicStoreOp):
    (JSC::Wasm::BBQJIT::emitAtomicBinaryRMWOp):
    (JSC::Wasm::BBQJIT::emitAtomicCompareExchange):
    (JSC::Wasm::BBQJIT::atomicWait):
    (JSC::Wasm::BBQJIT::atomicNotify):
    (JSC::Wasm::BBQJIT::truncTrapping):
    (JSC::Wasm::BBQJIT::throwExceptionIf):
    (JSC::Wasm::BBQJIT::emitModOrDiv):
    (JSC::Wasm::BBQJIT::addRefAsNonNull):
    (JSC::Wasm::BBQJIT::endTopLevel):
    (JSC::Wasm::BBQJIT::addCallIndirect):
    (JSC::Wasm::BBQJIT::addExceptionLateLinkTask): Deleted.
    * Source/JavaScriptCore/wasm/WasmExceptionType.h:

    Canonical link: https://commits.webkit.org/260597@main


  Commit: 2a3474ff2ee1015f2efd00629bb9192a1d1572d4
      https://github.com/WebKit/WebKit/commit/2a3474ff2ee1015f2efd00629bb9192a1d1572d4
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/b3/air/AirLowerMacros.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp

  Log Message:
  -----------
  Cherry-pick 260700 at main (672628fb19da). https://bugs.webkit.org/show_bug.cgi?id=252736

    [JSC] Fix SIMD in new BBQ
    https://bugs.webkit.org/show_bug.cgi?id=252736
    rdar://105769837

    Reviewed by Mark Lam.

    Fix SIMD ops in new BBQ.

    1. Some ops uses possibly-overwritten FPR registers. Fixed with scratch registers.
    2. Clean up AirLowerMacros's generation.
    3. SIMD splat can take Int constants. Thus we should check and load constants.

    * Source/JavaScriptCore/b3/air/AirLowerMacros.cpp:
    (JSC::B3::Air::lowerMacros):
    * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
    (JSC::Wasm::BBQJIT::addSIMDSplat):
    (JSC::Wasm::BBQJIT::addSIMDI_V):
    (JSC::Wasm::BBQJIT::addSIMDV_V):
    (JSC::Wasm::BBQJIT::addSIMDRelOp):
    (JSC::Wasm::BBQJIT::emitVectorMul):

    Canonical link: https://commits.webkit.org/260700@main


  Commit: 448a9c544b088a9a6d98ef5113e9f945a8255e5e
      https://github.com/WebKit/WebKit/commit/448a9c544b088a9a6d98ef5113e9f945a8255e5e
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp

  Log Message:
  -----------
  Cherry-pick 261048 at main (adae6f119127). https://bugs.webkit.org/show_bug.cgi?id=253227

    [JSC] x64 CCall returnValueGPR is not in m_validGPRs
    https://bugs.webkit.org/show_bug.cgi?id=253227
    rdar://106127760

    Reviewed by Mark Lam.

    x64's returnValueGPR is not in m_validGPRs. So we cannot bind it to Location.
    We should move it to argumentGPR0 if returnValueGPR is not argumentGPR0, this is kind of a hack and we should
    change emitCCall in the future to make it more barebone like DFG's callOperation.

    * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
    (JSC::Wasm::BBQJIT::emitCCall):

    Canonical link: https://commits.webkit.org/261048@main


  Commit: 05fbadd951b9d0e2f7c3c92c999269ec14881f97
      https://github.com/WebKit/WebKit/commit/05fbadd951b9d0e2f7c3c92c999269ec14881f97
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/assembler/MacroAssembler.h
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
    M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp

  Log Message:
  -----------
  Cherry-pick 261060 at main (5725527e969e). https://bugs.webkit.org/show_bug.cgi?id=253230

    [JSC] Remove m_dataScratch register in WasmBBQJIT
    https://bugs.webkit.org/show_bug.cgi?id=253230
    rdar://106129794

    Reviewed by Mark Lam.

    Using m_dataScratch caused *so* many problems. It is rax in x64, which causes the
    problem that returnValueGPR is not usable as a scratch. And our calling convension
    needs a hack to avoid this problem.

    Also, we do not need m_dataScratch much. MacroAssembler itself has a scratch register
    for normal use (non B3 / Air use), so that we can implement a lot of operations in
    MacroAssembler without using m_dataScratch.

    * Source/JavaScriptCore/assembler/MacroAssembler.h:
    (JSC::MacroAssembler::moveFloat):
    (JSC::MacroAssembler::moveDouble):
    * Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
    (JSC::MacroAssemblerARM64::transfer32):
    (JSC::MacroAssemblerARM64::materializeVector):
    * Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:
    (JSC::MacroAssemblerX86_64::transfer32):
    (JSC::MacroAssemblerX86_64::materializeVector):
    * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
    (JSC::Wasm::BBQJIT::BBQJIT):
    (JSC::Wasm::BBQJIT::addF32ConvertUI32):
    (JSC::Wasm::BBQJIT::addF32ConvertUI64):
    (JSC::Wasm::BBQJIT::addF64ConvertUI32):
    (JSC::Wasm::BBQJIT::addF64ConvertUI64):
    (JSC::Wasm::BBQJIT::addF32Copysign):
    (JSC::Wasm::BBQJIT::addF64Copysign):
    (JSC::Wasm::BBQJIT::addF32Abs):
    (JSC::Wasm::BBQJIT::addF64Abs):
    (JSC::Wasm::BBQJIT::restoreWebAssemblyGlobalState):
    (JSC::Wasm::BBQJIT::emitIndirectCall):
    (JSC::Wasm::BBQJIT::materializeVectorConstant):
    (JSC::Wasm::BBQJIT::addSIMDV_V):
    (JSC::Wasm::BBQJIT::emitVectorMul):
    (JSC::Wasm::BBQJIT::addSIMDV_VV):
    (JSC::Wasm::BBQJIT::isScratch):
    (JSC::Wasm::BBQJIT::emitMoveConst):
    (JSC::Wasm::BBQJIT::emitMoveMemory):

    Canonical link: https://commits.webkit.org/261060@main


  Commit: fca6b50503f4954c6eac7ab0cccdbbb10eadb9aa
      https://github.com/WebKit/WebKit/commit/fca6b50503f4954c6eac7ab0cccdbbb10eadb9aa
  Author: Žan Doberšek <zdobersek at igalia.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/assembler/MacroAssembler.h
    M Source/JavaScriptCore/offlineasm/riscv64.rb
    M Source/WTF/wtf/PlatformEnable.h

  Log Message:
  -----------
  Cherry-pick 261498 at main (c07cdb6ae80b). https://bugs.webkit.org/show_bug.cgi?id=253700

    Unreviewed build fixes for RISCV64
    https://bugs.webkit.org/show_bug.cgi?id=253700

    Unreviewed build fixes for RISCV64 builds of JavaScriptCore.

    * Source/JavaScriptCore/assembler/MacroAssembler.h: Enable the moveFloat and
    moveDouble methods that work with immediate values, sharing the scratch register
    variant with x86-64.
    * Source/JavaScriptCore/offlineasm/riscv64.rb: Also generate WASM placeholders
    for the loadv and storev opcodes, used in WebAssembly.asm.
    * Source/WTF/wtf/PlatformEnable.h: Avoid further compilation issues by enabling
    ENABLE_WEBASSEMBLY_B3JIT alongside ENABLE_WEBASSEMBLY.

    Canonical link: https://commits.webkit.org/261498@main


  Commit: fba210d0321cff5cc1be9e84ee1a72996d9dd8dd
      https://github.com/WebKit/WebKit/commit/fba210d0321cff5cc1be9e84ee1a72996d9dd8dd
  Author: Philippe Normand <philn at igalia.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/WebCore/platform/UserAgentQuirks.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp

  Log Message:
  -----------
  Cherry-pick 261839 at main (4ad4b2d3a795). https://bugs.webkit.org/show_bug.cgi?id=253877

    [GLib] No render update when seeking outside of network buffer in fullscreen
    https://bugs.webkit.org/show_bug.cgi?id=253877

    Reviewed by Michael Catanzaro.

    Advertize us as a Chrome UA when browsing Youtube in order to workaround broken seek handling when
    playing videos in full-screen.

    * Source/WebCore/platform/UserAgentQuirks.cpp:
    (WebCore::urlRequiresChromeBrowser):
    * Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp:
    (TestWebKitAPI::TEST):

    Canonical link: https://commits.webkit.org/261839@main


Compare: https://github.com/WebKit/WebKit/compare/257bd721df9b...fba210d0321c

More information about the webkit-changes mailing list