[webkit-changes] [WebKit/WebKit] 197236: Don't unset m_tailCallClobbersInstance if it was p...

Daniel Liu noreply at github.com
Thu Oct 31 14:59:55 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1972367d6b5a00b9312d261ebcf97721d235bd17
      https://github.com/WebKit/WebKit/commit/1972367d6b5a00b9312d261ebcf97721d235bd17
  Author: Daniel Liu <danlliu at umich.edu>
  Date:   2024-10-31 (Thu, 31 Oct 2024)

  Changed paths:
    A JSTests/wasm/stress/tail-call-across-modules.js
    M Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.h
    M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp

  Log Message:
  -----------
  Don't unset m_tailCallClobbersInstance if it was previously set
https://bugs.webkit.org/show_bug.cgi?id=282273
rdar://138177426

Reviewed by Yusuke Suzuki.

When we determine what functions may transitively call across instances, we
utilize `setTailCallClobbersInstance`. However, this sets the value, without
checking if it was set previously. Thus, a later function that does not call
across instances may reset this flag, and lead to the callee's instance being
used.

* Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.cpp:
(JSC::Wasm::FunctionCodeBlockGenerator::setTailCall):
* Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.h:
(JSC::Wasm::FunctionCodeBlockGenerator::setTailCallClobbersInstance):
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addCallIndirect):
(JSC::Wasm::LLIntGenerator::addCallRef):

Canonical link: https://commits.webkit.org/285981@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list