[webkit-changes] [WebKit/WebKit] 464329: [WASM] Fix consistency check in addBranchNull

[Yijia Huang]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4643296068e547af9ad3d133f93d863affeb09f8
      https://github.com/WebKit/WebKit/commit/4643296068e547af9ad3d133f93d863affeb09f8
  Author: Yijia Huang <yijia_huang at apple.com>
  Date:   2024-10-25 (Fri, 25 Oct 2024)

  Changed paths:
    A JSTests/wasm/gc/bug138038945.js
    M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp

  Log Message:
  -----------
  [WASM] Fix consistency check in addBranchNull
https://bugs.webkit.org/show_bug.cgi?id=281934
rdar://138038945

Reviewed by David Degazio.

In addBranchNull, when branching on null, the first push is used
to reserve a slot for the reference to avoid overwriting it with
the condition. Since this slot reservation is deliberate and the
expression-stack slot relationship doesn’t need to be preserved,
there’s no need for a consistency check after the first push in
this case.

The second push, used for the condition, is temporary and only
needed to perform the null check. It’s not part of WebAssembly's
core semantics, so no additional consistency checks are required.

This fix ensures that consistency checks are only applied where
necessary, avoiding redundant checks when pushing temporary
values or reserving slots.

* JSTests/wasm/gc/bug138038945.js: Added.
(catch):
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addBranchNull):

Canonical link: https://commits.webkit.org/285705@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications