[Webkit-unassigned] [Bug 221260] [JSC] Enable WasmLLInt on ARMv7

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 7 14:50:30 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=221260

Mark Lam <mark.lam at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #460061|review?                     |review-
              Flags|                            |

--- Comment #29 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 460061
  --> https://bugs.webkit.org/attachment.cgi?id=460061
v13 - ARM64E fix

View in context: https://bugs.webkit.org/attachment.cgi?id=460061&action=review

>> Source/JavaScriptCore/wasm/WasmInstance.h:113
>>          }
> 
> This is the only diff from the original reverted patch. (Now we tag m_cachedMemory with the same key as we use for untagging it)

OK, I've looked into the issue.  The root cause of this issue is because you changed m_cachedBoundsCheckingSize to be set to memory()->size() previously, bit did not tag m_cachedMemory with the same.  Your current fix changes m_cachedMemory to be tagged with memory()->size() also.

However, looking through the code, I see that m_cachedBoundsCheckingSize is only used for this untagging m_cachedMemory.  Why did you change it to memory()->size() in the first place?  Can you not leave it as it was originally? 

In this patch, you also renamed boundsCheckingSize() to mappedCapacity(), and mappedCapacity() isn't used anywhere currently.  I can see how the name boundsCheckingSize() can be misleading if we don't use it for bounds checking in the non-signaling case.  However, I think it's appropriate to use mappedCapacity() as the tag value here instead of memory()->size().  mappedCapacity() never changes, but memory()->size() can change.  Let's stick with using mappedCapacity() because we want the tag to be "constant"-ish.  Can you change this code back to the way it was before and use mappedCapacity() as the tag value instead?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220607/5dc13b5b/attachment-0001.htm>

More information about the webkit-unassigned mailing list