[webkit-changes] [WebKit/WebKit] dcb4e4: [Wasm-GC] Inline Wasm array operations & allocation

Wed Jan 3 20:24:45 PST 2024

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: dcb4e4846eeaf91edfb9a06f791f5920ab4a3e8c
      https://github.com/WebKit/WebKit/commit/dcb4e4846eeaf91edfb9a06f791f5920ab4a3e8c
  Author: Asumu Takikawa <asumu at igalia.com>
  Date:   2024-01-03 (Wed, 03 Jan 2024)

  Changed paths:
    M JSTests/wasm/gc/arrays.js
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmExceptionType.h
    M Source/JavaScriptCore/wasm/WasmLimits.h
    M Source/JavaScriptCore/wasm/WasmOperationsInlines.h
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h

  Log Message:
  -----------
  [Wasm-GC] Inline Wasm array operations & allocation
https://bugs.webkit.org/show_bug.cgi?id=245405

Reviewed by Justin Michaud.

Adds JIT inlining for array.get/set operations in both BBQ and B3 tiers.
Allocation inlining is not done yet as it's more complex.

Sets an arbitrary limit on max array length to avoid boundary conditions on the
array index type.

Also simplify some code for struct.get/set as well.

* JSTests/wasm/gc/arrays.js:
(testArrayLimit):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::emitStructSet):
(JSC::Wasm::B3IRGenerator::pushArrayNew):
(JSC::Wasm::B3IRGenerator::addArrayGet):
(JSC::Wasm::B3IRGenerator::emitArraySetUnchecked):
(JSC::Wasm::B3IRGenerator::addStructGet):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::addArrayNew):
(JSC::Wasm::BBQJIT::addArrayNewDefault):
(JSC::Wasm::BBQJIT::emitArraySetUnchecked):
(JSC::Wasm::BBQJIT::addArrayNewFixed):
(JSC::Wasm::BBQJIT::addArrayGet):
(JSC::Wasm::BBQJIT::addStructGet):
* Source/JavaScriptCore/wasm/WasmExceptionType.h:
(JSC::Wasm::isTypeErrorExceptionType):
* Source/JavaScriptCore/wasm/WasmLimits.h:
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h:
(JSC::Wasm::arrayNew):
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h:

Canonical link: https://commits.webkit.org/272642@main