[webkit-changes] [WebKit/WebKit] 1e4c23: [Wasm-GC] Avoid spurious assertion in JSWebAssembl...
Asumu Takikawa
noreply at github.com
Fri Jan 5 18:13:27 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1e4c23e67107054c015e3e846d8ee804ad934953
https://github.com/WebKit/WebKit/commit/1e4c23e67107054c015e3e846d8ee804ad934953
Author: Asumu Takikawa <asumu at igalia.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
A JSTests/wasm/gc/bug266249.js
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h
Log Message:
-----------
[Wasm-GC] Avoid spurious assertion in JSWebAssemblyArray::set
https://bugs.webkit.org/show_bug.cgi?id=266249
Reviewed by Justin Michaud.
Avoid an assertion that isn't necessary. The reason is sometimes triggers is
due to the LLInt slow path code reading a uint64_t value from the
VirtualRegister instead of a uint32_t. While we could dispatch on the type
in the slow path code, this would require more overhead to extract the type
from the object or more space in the bytecode to pass the type through.
Also change some uses of EncodedJSValue to uint64_t for better clarity.
* JSTests/wasm/gc/bug266249.js: Added.
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp:
(JSC::JSWebAssemblyStruct::set):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h:
Canonical link: https://commits.webkit.org/272719@main
More information about the webkit-changes
mailing list