[webkit-changes] [WebKit/WebKit] ce0c25: Profile allocations and track allocation mode in l...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ce0c25336f5320048b444ac8300efec568b437d5 https://github.com/WebKit/WebKit/commit/ce0c25336f5320048b444ac8300efec568b437d5 Author: David Degazio Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: M Source/WTF/wtf/FastMalloc.cpp M Source/WTF/wtf/Gigacage.cpp M Source/WTF/wtf/JSValueMalloc.cpp M Source/WTF/wtf/TZoneMalloc.h M Source/WTF/wtf/TZoneMallocInlines.h M Source/bmalloc/CMakeLists.txt M Source/bmalloc/bmalloc.xcodeproj/project.pbxproj M Source/bmalloc/bmalloc/BMalloced.h A Source/bmalloc/bmalloc/CompactAllocationMode.h M Source/bmalloc/bmalloc/IsoHeap.cpp M Source/bmalloc/bmalloc/IsoHeap.h M Source/bmalloc/bmalloc/IsoMallocFallback.cpp M Source/bmalloc/bmalloc/IsoMallocFallback.h M Source/bmalloc/bmalloc/IsoTLSInlines.h M Source/bmalloc/bmalloc/TZoneHeap.cpp M Source/bmalloc/bmalloc/TZoneHeap.h M Source/bmalloc/bmalloc/TZoneHeapInlines.h M Source/bmalloc/bmalloc/TZoneHeapManager.cpp M Source/bmalloc/bmalloc/bmalloc.cpp M Source/bmalloc/bmalloc/bmalloc.h M Source/bmalloc/bmalloc/mbmalloc.cpp M Source/bmalloc/libpas/src/libpas/bmalloc_heap.c M Source/bmalloc/libpas/src/libpas/bmalloc_heap.h M Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h M Source/bmalloc/libpas/src/libpas/jit_heap.c A Source/bmalloc/libpas/src/libpas/pas_allocation_mode.h M Source/bmalloc/libpas/src/libpas/pas_bitfit_allocator_inlines.h M Source/bmalloc/libpas/src/libpas/pas_bitfit_page_config.h M Source/bmalloc/libpas/src/libpas/pas_bitfit_page_config_inlines.h M Source/bmalloc/libpas/src/libpas/pas_bitfit_page_inlines.h M Source/bmalloc/libpas/src/libpas/pas_compact_bootstrap_free_heap.c M Source/bmalloc/libpas/src/libpas/pas_compact_heap_reservation.c M Source/bmalloc/libpas/src/libpas/pas_config.h M Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c M Source/bmalloc/libpas/src/libpas/pas_debug_heap.h M Source/bmalloc/libpas/src/libpas/pas_heap_config.h M Source/bmalloc/libpas/src/libpas/pas_heap_config_inlines.h M Source/bmalloc/libpas/src/libpas/pas_immortal_heap.c M Source/bmalloc/libpas/src/libpas/pas_large_heap.c M Source/bmalloc/libpas/src/libpas/pas_large_heap.h M Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h M Source/bmalloc/libpas/src/libpas/pas_page_header_table.c M Source/bmalloc/libpas/src/libpas/pas_page_header_table.h M Source/bmalloc/libpas/src/libpas/pas_probabilistic_guard_malloc_allocator.c M Source/bmalloc/libpas/src/libpas/pas_probabilistic_guard_malloc_allocator.h M Source/bmalloc/libpas/src/libpas/pas_segregated_heap.c M Source/bmalloc/libpas/src/libpas/pas_segregated_page_config.h M Source/bmalloc/libpas/src/libpas/pas_segregated_page_config_inlines.h M Source/bmalloc/libpas/src/libpas/pas_segregated_size_directory.c M Source/bmalloc/libpas/src/libpas/pas_try_allocate.h M Source/bmalloc/libpas/src/libpas/pas_try_allocate_array.h M Source/bmalloc/libpas/src/libpas/pas_try_allocate_common.h M Source/bmalloc/libpas/src/libpas/pas_try_allocate_intrinsic.h M Source/bmalloc/libpas/src/libpas/pas_try_allocate_primitive.h M Source/bmalloc/libpas/src/libpas/pas_try_reallocate.h M Source/bmalloc/libpas/src/libpas/pas_utility_heap.c M Source/bmalloc/libpas/src/libpas/pas_utils.h Log Message: --- Profile allocations and track allocation mode in libPAS https://bugs.webkit.org/show_bug.cgi?id=270592 rdar://122419407 Reviewed by Michael Saboff. Adds more invocations of PAS_PROFILE to different allocation pathways in libPAS, and passes them a new pas_allocation_mode discriminator that threads through whether or not the allocation is for a compactible type from the bmalloc/WTF layer. * Source/WTF/wtf/FastMalloc.cpp: * Source/WTF/wtf/Gigacage.cpp: * Source/WTF/wtf/JSValueMalloc.cpp: * Source/bmalloc/bmalloc.xcodeproj/project.pbxproj: * Source/bmalloc/bmalloc/CompactAllocationMode.h: * Source/bmalloc/bmalloc/IsoHeap.cpp: * Source/bmalloc/bmalloc/IsoHeap.h: * Source/bmalloc/bmalloc/IsoMallocFallback.cpp: * Source/bmalloc/bmalloc/IsoMallocFallback.h: * Source/bmalloc/bmalloc/bmalloc.cpp: * Source/bmalloc/bmalloc/bmalloc.h: * Source/bmalloc/libpas/src/libpas/bmalloc_heap.c: * Source/bmalloc/libpas/src/libpas/bmalloc_heap.h: * Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h: * Source/bmalloc/libpas/src/libpas/jit_heap.c: * Source/bmalloc/libpas/src/libpas/pas_allocation_mode.h: * Source/bmalloc/libpas/src/libpas/pas_bitfit_allocator_inlines.h: * Source/bmalloc/libpas/src/libpas/pas_bitfit_page_config.h: * Source/bmalloc/libpas/src/libpas/pas_bitfit_page_config_inlines.h: * Source/bmalloc/libpas/src/libpas/pas_bitfit_page_inlines.h: * Source/bmalloc/libpas/src/libpas/pas_compact_bootstrap_free_heap.c: * Source/bmalloc
[webkit-changes] [WebKit/WebKit] bfe017: [JSC] Decode local indices at runtime in WASM in-p...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bfe0170022760b1772ed3378d20af384ca44b23d https://github.com/WebKit/WebKit/commit/bfe0170022760b1772ed3378d20af384ca44b23d Author: David Degazio Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: A JSTests/microbenchmarks/local-get-set-tee.wasm M Source/JavaScriptCore/llint/InPlaceInterpreter.asm M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp Log Message: --- [JSC] Decode local indices at runtime in WASM in-place interpreter https://bugs.webkit.org/show_bug.cgi?id=270376 rdar://123720682 Reviewed by Justin Michaud and Yusuke Suzuki. Removes metadata generation for local.get, local.set, and local.tee from the WASM in-place interpreter. Instead, local indices for these instructions are decoded at runtime. Since most local indices are small, this actually saves us time - the added microbenchmark runs 3% faster with this change. More importantly, this saves on memory, eliminating metadata for the most common WASM instructions. * JSTests/microbenchmarks/local-get-set-tee.wasm: Added. * Source/JavaScriptCore/llint/InPlaceInterpreter.asm: * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::getLocal): (JSC::Wasm::IPIntGenerator::setLocal): Canonical link: https://commits.webkit.org/275815@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5aa139: Fix assertion failure in pas_enumerator_create due...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5aa139649dd7649acd4451228d56cc0ea8b0e8c9 https://github.com/WebKit/WebKit/commit/5aa139649dd7649acd4451228d56cc0ea8b0e8c9 Author: David Degazio Date: 2024-03-15 (Fri, 15 Mar 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_enumerator_region.h Log Message: --- Fix assertion failure in pas_enumerator_create due to wrong alignment https://bugs.webkit.org/show_bug.cgi?id=270993 rdar://124562475 Reviewed by Yusuke Suzuki. In pas_enumerator_create, we assert that the payload of a pas_enumerator_region is aligned to PAS_INTERNAL_MIN_ALIGN. This patch adds that alignment requirement to the type definition of pas_enumerator_region so we always respect this requirement. * Source/bmalloc/libpas/src/libpas/pas_enumerator_region.h: Canonical link: https://commits.webkit.org/276187@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 20cd6e: JSExecState::loadModule can dereference null result
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 20cd6e8fdcc8f08de41531fbcdded308bfd03426 https://github.com/WebKit/WebKit/commit/20cd6e8fdcc8f08de41531fbcdded308bfd03426 Author: David Degazio Date: 2024-03-15 (Fri, 15 Mar 2024) Changed paths: M Source/WebCore/bindings/js/JSExecState.h M Source/WebCore/bindings/js/ScriptController.cpp M Source/WebCore/workers/WorkerOrWorkletScriptController.cpp Log Message: --- JSExecState::loadModule can dereference null result https://bugs.webkit.org/show_bug.cgi?id=270934 rdar://121268593 Reviewed by Yusuke Suzuki. Fixes a bug where JSExecState::loadModule always dereferenced the result of JSC::loadModule, even though JSC::loadModule will return null if there is an exception. This patch changes the return type of JSExecState::loadModule to a raw pointer, so callers of it can detect and handle null results returned from deeper calls. * Source/WebCore/bindings/js/JSExecState.h: (WebCore::JSExecState::loadModule): * Source/WebCore/bindings/js/ScriptController.cpp: (WebCore::ScriptController::loadModuleScriptInWorld): * Source/WebCore/workers/WorkerOrWorkletScriptController.cpp: (WebCore::WorkerOrWorkletScriptController::loadModuleSynchronously): (WebCore::WorkerOrWorkletScriptController::loadAndEvaluateModule): Canonical link: https://commits.webkit.org/276190@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ed9c79: Undo increase of libPAS internal minimum alignment...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ed9c798aa81ee81d11e0dadcdcea6d4bd0fab411 https://github.com/WebKit/WebKit/commit/ed9c798aa81ee81d11e0dadcdcea6d4bd0fab411 Author: David Degazio Date: 2024-03-25 (Mon, 25 Mar 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_config.h Log Message: --- Undo increase of libPAS internal minimum alignment from 8 to 16 bytes https://bugs.webkit.org/show_bug.cgi?id=271487 rdar://124708602 Reviewed by Yusuke Suzuki and Justin Michaud. Reverts previous increase of PAS_INTERNAL_MIN_ALIGN, bumping it back down to 8 bytes. * Source/bmalloc/libpas/src/libpas/pas_config.h: Canonical link: https://commits.webkit.org/276643@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f62faa: [JSC] Redefinitions of RELEASE_ASSERT should be re...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f62faaf4e133012e836c428bf8f651535dce05d9 https://github.com/WebKit/WebKit/commit/f62faaf4e133012e836c428bf8f651535dce05d9 Author: David Degazio Date: 2024-04-01 (Mon, 01 Apr 2024) Changed paths: M Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackByLinearScan.cpp M Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp Log Message: --- [JSC] Redefinitions of RELEASE_ASSERT should be removed https://bugs.webkit.org/show_bug.cgi?id=271728 rdar://problem/125439450 Reviewed by Yusuke Suzuki. Removes several redefinitions of the RELEASE_ASSERT macro in JavaScriptCore, since they don't seem to serve any purpose other than duplicating code needlessly. * Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackByLinearScan.cpp: * Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp: * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: Canonical link: https://commits.webkit.org/276882@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b4bbe4: Unreviewed, skip including pas_utils additions for...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b4bbe428220f863dd196d97a9a1ff37bee7c0b67 https://github.com/WebKit/WebKit/commit/b4bbe428220f863dd196d97a9a1ff37bee7c0b67 Author: David Degazio Date: 2024-06-26 (Wed, 26 Jun 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_utils.h Log Message: --- Unreviewed, skip including pas_utils additions for libpas test builds https://bugs.webkit.org/show_bug.cgi?id=275929 rdar://130628744 * Source/bmalloc/libpas/src/libpas/pas_utils.h: Canonical link: https://commits.webkit.org/280404@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 34b0b0: [JSC] Use immediate bit-vectors for character clas...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 34b0b047bb64f93ccd1b003d410e0f8b4c9d681b https://github.com/WebKit/WebKit/commit/34b0b047bb64f93ccd1b003d410e0f8b4c9d681b Author: David Degazio Date: 2024-06-27 (Thu, 27 Jun 2024) Changed paths: A JSTests/microbenchmarks/regexp-match-alphanumeric.js A JSTests/microbenchmarks/regexp-match-multiple-single-chars.js A JSTests/microbenchmarks/regexp-match-separators.js M Source/JavaScriptCore/assembler/MacroAssembler.h M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h M Source/JavaScriptCore/yarr/YarrJIT.cpp Log Message: --- [JSC] Use immediate bit-vectors for character class matching in YarrJIT https://bugs.webkit.org/show_bug.cgi?id=275279 rdar://129419939 Reviewed by Michael Saboff. Changes how YarrJIT handles character class matches via the following: 1. Optimize single-range checks from two branches into subtract + branch. 2. Use a bit-vector test to quickly match a set of individual characters, as opposed to the current strategy of O(n) sequential equality checks. 3. Make the logic of matchCharacterClassRange more recursive. We use the optimized single-range test if there is only a single range, and use the new bit-vector test if the whole set of ranges and character matches fits within a small-enough range. Moreover, the binary search is now totally recursive, meaning we can use these specialized checks for recursive checks within the binary search too, whereas currently binary search is kind of all-or-nothing. 4. A few small optimizations are removed - YarrJIT no longer special-cases ASCII letters in character class matches, since character set matching is now faster. Turning adjacent character matches into length-two ranges is also removed during CharacterClass construction since this doesn't really do anything other than make the binary search do extra work (I'd be really surprised if this was ever particularly profitable). Overall, this seems to be a somewhat modest but appreciable perf win on microbenchmarks. On the added ASCII alphanumeric test I'm seeing about 10% improvement with this new approach, and on the single-chars test I'm seeing more like 20% improvement. I've added a test for a set of separator chars too, and we have maybe a small ~2% improvement on my machine - this is pretty small and hopefully improvable? Not so exciting, but let's have the microbenchmark in the tree anyway. * JSTests/microbenchmarks/regexp-match-alphanumeric.js: Added. * JSTests/microbenchmarks/regexp-match-multiple-single-chars.js: Added. * JSTests/microbenchmarks/regexp-match-separators.js: Added. (let.src): (dot): (test): (i.let.re): * Source/JavaScriptCore/yarr/YarrJIT.cpp: * Source/JavaScriptCore/yarr/YarrPattern.cpp: (JSC::Yarr::CharacterClassConstructor::addSorted): Canonical link: https://commits.webkit.org/280425@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 958d1d: [WASM] Compute B3 effect ranges for memory and glo...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 958d1de8af7b3bea8e5df94bcf029935abc7b3e0 https://github.com/WebKit/WebKit/commit/958d1de8af7b3bea8e5df94bcf029935abc7b3e0 Author: David Degazio Date: 2024-07-19 (Fri, 19 Jul 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp Log Message: --- [WASM] Compute B3 effect ranges for memory and global ops in OMG https://bugs.webkit.org/show_bug.cgi?id=276504 rdar://problem/131562611 Reviewed by Keith Miller, Justin Michaud and Yusuke Suzuki. Adds an AbstractHeap notion to the OMG tier to represent ranges of effects. We compute distinct HeapRanges associated with each of these heaps after compilation, and pass them along to B3 in order to help with CSE and potentially hoisting. This initial patch defines abstract heap kinds for globals, WASM memory, and the fields of a variety of WASM structures such as the instance or tables. We should consider adding more later for things like GC types or the JS API, and/or introduce a parent/child system for AbstractHeaps like we have in FTL. * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::AbstractHeap::AbstractHeap): (JSC::Wasm::OMGIRGenerator::recordHeap): (JSC::Wasm::OMGIRGenerator::computeHeapRanges): (JSC::Wasm::OMGIRGenerator::emitPrepareWasmOperation): (JSC::Wasm::OMGIRGenerator::insertConstants): (JSC::Wasm::OMGIRGenerator::addCurrentMemory): (JSC::Wasm::OMGIRGenerator::getGlobal): (JSC::Wasm::OMGIRGenerator::setGlobal): (JSC::Wasm::OMGIRGenerator::emitWriteBarrierForJSWrapper): (JSC::Wasm::OMGIRGenerator::emitLoadOp): (JSC::Wasm::OMGIRGenerator::load): (JSC::Wasm::OMGIRGenerator::emitStoreOp): (JSC::Wasm::OMGIRGenerator::emitAtomicLoadOp): (JSC::Wasm::OMGIRGenerator::emitAtomicStoreOp): (JSC::Wasm::OMGIRGenerator::emitAtomicBinaryRMWOp): (JSC::Wasm::OMGIRGenerator::emitAtomicCompareExchange): (JSC::Wasm::OMGIRGenerator::addSIMDLoad): (JSC::Wasm::OMGIRGenerator::addSIMDStore): (JSC::Wasm::OMGIRGenerator::addSIMDLoadSplat): (JSC::Wasm::OMGIRGenerator::addSIMDLoadLane): (JSC::Wasm::OMGIRGenerator::addSIMDStoreLane): (JSC::Wasm::OMGIRGenerator::addSIMDLoadExtend): (JSC::Wasm::OMGIRGenerator::addSIMDLoadPad): (JSC::Wasm::OMGIRGenerator::emitInlineDirectCall): (JSC::Wasm::OMGIRGenerator::addCall): (JSC::Wasm::OMGIRGenerator::addCallIndirect): (JSC::Wasm::parseAndCompileOMG): Canonical link: https://commits.webkit.org/281143@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 326030: Re-enable B3 hoistLoopInvariantValues
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 326030ada54fec81647abc20977d3f2b38717a91 https://github.com/WebKit/WebKit/commit/326030ada54fec81647abc20977d3f2b38717a91 Author: David Degazio Date: 2024-07-23 (Tue, 23 Jul 2024) Changed paths: M Source/JavaScriptCore/b3/B3Generate.cpp M Source/JavaScriptCore/runtime/OptionsList.h Log Message: --- Re-enable B3 hoistLoopInvariantValues https://bugs.webkit.org/show_bug.cgi?id=212651 rdar://132334359 Reviewed by Yijia Huang and Yusuke Suzuki. Re-enables the hoistLoopInvariantValues phase in B3. This was previously disabled due to (as I understand it) performance concerns, but recent benchmarking shows it as neutral, if not a slight progression on Speedometer 3. LICM in B3 specifically is also more relevant now that WASM is more common - JS isn't likely to benefit quite as much since we already do LICM in DFG. But WASM, targeting B3 directly, is currently missing out on this important optimization. * Source/JavaScriptCore/runtime/OptionsList.h: Canonical link: https://commits.webkit.org/281268@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 64f40e: Use faster iterative algorithm to compute dominato...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 64f40e1806635d78dfe9a758585b5598d8793034 https://github.com/WebKit/WebKit/commit/64f40e1806635d78dfe9a758585b5598d8793034 Author: David Degazio Date: 2024-07-25 (Thu, 25 Jul 2024) Changed paths: M Source/WTF/wtf/Dominators.h Log Message: --- Use faster iterative algorithm to compute dominators for small CFGs https://bugs.webkit.org/show_bug.cgi?id=276977 rdar://problem/132363948 Reviewed by Yusuke Suzuki. Implements the dominance algorithm described in "A Simple, Fast Dominance Algorithm" (Cooper, Harvey, Kennedy 2001), and uses it over Lengauer-Tarjan when computing dominators for graphs smaller than 20,000 nodes. On the JetStream 2 benchmark, this means we compute dominance about 60% faster than Lengauer-Tarjan, although this doesn't seem to translate to a measurable progression overall. * Source/WTF/wtf/Dominators.h: (WTF::Dominators::Dominators): (WTF::Dominators::IterativeDominance::IterativeDominance): (WTF::Dominators::IterativeDominance::computeReversePostorder): (WTF::Dominators::IterativeDominance::intersect): (WTF::Dominators::IterativeDominance::compute): (WTF::Dominators::IterativeDominance::immediateDominator): Canonical link: https://commits.webkit.org/281359@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d898a3: [WASM] Prefixed opcodes should be printed in full ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d898a3cffd9c992980016cb1fbdba272cb0c992d https://github.com/WebKit/WebKit/commit/d898a3cffd9c992980016cb1fbdba272cb0c992d Author: David Degazio Date: 2024-07-26 (Fri, 26 Jul 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmBBQDisassembler.cpp M Source/JavaScriptCore/wasm/WasmBBQDisassembler.h M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.h M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp M Source/JavaScriptCore/wasm/WasmOpcodeOrigin.cpp M Source/JavaScriptCore/wasm/WasmOpcodeOrigin.h M Source/JavaScriptCore/wasm/WasmTypeDefinition.h M Source/JavaScriptCore/wasm/generateWasmOpsHeader.py Log Message: --- [WASM] Prefixed opcodes should be printed in full in code origins and disassembly https://bugs.webkit.org/show_bug.cgi?id=277089 rdar://132508220 Reviewed by Keith Miller and Yusuke Suzuki. Tracks the current extended opcode, not just the prefix, in the WASM function parser and uses it to display extended opcodes correctly in B3 origins and the BBQ disassembler. * Source/JavaScriptCore/wasm/WasmBBQDisassembler.cpp: (JSC::Wasm::makeString): (JSC::Wasm::BBQDisassembler::dumpVectorForInstructions): (JSC::Wasm::BBQDisassembler::dumpForInstructions): * Source/JavaScriptCore/wasm/WasmBBQDisassembler.h: (JSC::Wasm::PrefixedOpcode::PrefixedOpcode): (JSC::Wasm::BBQDisassembler::setOpcode): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::willParseOpcode): (JSC::Wasm::BBQJITImpl::BBQJIT::willParseExtendedOpcode): * Source/JavaScriptCore/wasm/WasmBBQJIT.h: * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: (JSC::Wasm::ConstExprGenerator::willParseExtendedOpcode): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::currentExtendedOpcode const): (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::willParseExtendedOpcode): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::willParseExtendedOpcode): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::willParseExtendedOpcode): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp: (JSC::Wasm::OMGIRGenerator::willParseExtendedOpcode): * Source/JavaScriptCore/wasm/WasmOpcodeOrigin.cpp: (JSC::Wasm::OpcodeOrigin::dump const): * Source/JavaScriptCore/wasm/WasmOpcodeOrigin.h: (JSC::Wasm::OpcodeOrigin::OpcodeOrigin): (JSC::Wasm::OpcodeOrigin::opcode const): (JSC::Wasm::OpcodeOrigin::ext1Opcode const): (JSC::Wasm::OpcodeOrigin::simdOpcode const): (JSC::Wasm::OpcodeOrigin::gcOpcode const): (JSC::Wasm::OpcodeOrigin::atomicOpcode const): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::makeString): * Source/JavaScriptCore/wasm/generateWasmOpsHeader.py: Canonical link: https://commits.webkit.org/281418@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 373853: Make David Degazio a reviewer
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3738530e9e5cf8e47795e08556e5f17140f0311c https://github.com/WebKit/WebKit/commit/3738530e9e5cf8e47795e08556e5f17140f0311c Author: David Degazio Date: 2024-07-30 (Tue, 30 Jul 2024) Changed paths: M metadata/contributors.json Log Message: --- Make David Degazio a reviewer https://bugs.webkit.org/show_bug.cgi?id=277372 rdar://problem/132841054 Reviewed by Yijia Huang. Update my status in contributors.json after being granted reviewer privileges. * metadata/contributors.json: Canonical link: https://commits.webkit.org/281601@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 62317c: [WASM] Incorrect use of productOverflows in WASM G...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 62317ccb3bf670d727320db79a71ba0eb2874242 https://github.com/WebKit/WebKit/commit/62317ccb3bf670d727320db79a71ba0eb2874242 Author: David Degazio Date: 2024-07-30 (Tue, 30 Jul 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmOperationsInlines.h Log Message: --- [WASM] Incorrect use of productOverflows in WASM GC operations https://bugs.webkit.org/show_bug.cgi?id=277362 rdar://129830849 Reviewed by Yijia Huang and Yusuke Suzuki. Fixes productOverflows() usage in some WASM GC array operations to correctly pass two operands instead of the potentially already- overflowing product. * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmOperationsInlines.h: (JSC::Wasm::arrayNew): Canonical link: https://commits.webkit.org/281633@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6bca30: [JSC] B3 Values shouldn't recompute their adjacenc...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6bca30fcc772588914e2db2da8f26c69f1c7eecd https://github.com/WebKit/WebKit/commit/6bca30fcc772588914e2db2da8f26c69f1c7eecd Author: David Degazio Date: 2024-07-31 (Wed, 31 Jul 2024) Changed paths: M Source/JavaScriptCore/b3/B3Value.h M Source/JavaScriptCore/b3/B3ValueInlines.h Log Message: --- [JSC] B3 Values shouldn't recompute their adjacency list offset when children are accessed https://bugs.webkit.org/show_bug.cgi?id=277381 rdar://132848864 Reviewed by Yusuke Suzuki. Avoids calling adjacencyListOffset() every time we need to access the adjacency list of a B3::Value. Currently, because we don't have the information about what derived class we are, this function means we switch on the B3::Value's opcode every time we access any child of a Value. With this patch, we instead compute this offset once on node construction, and cache it as a 16-bit integer field on the base Value, in what was previously two bytes of unused padding. * Source/JavaScriptCore/b3/B3Value.h: * Source/JavaScriptCore/b3/B3ValueInlines.h: (JSC::B3::Value::computeAdjacencyListOffset const): (JSC::B3::Value::adjacencyListOffset const): Deleted. Canonical link: https://commits.webkit.org/281663@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7da972: [WASM] Fix prefixed-opcode code origins for relaxe...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7da9729a2e2a44dd001f07f1acd000dda7a24e5f https://github.com/WebKit/WebKit/commit/7da9729a2e2a44dd001f07f1acd000dda7a24e5f Author: David Degazio Date: 2024-07-31 (Wed, 31 Jul 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmOpcodeOrigin.h Log Message: --- [WASM] Fix prefixed-opcode code origins for relaxed SIMD opcodes https://bugs.webkit.org/show_bug.cgi?id=277446 rdar://problem/132927699 Reviewed by Keith Miller and Yijia Huang. Removes the assertion that the prefixed opcode in an OpcodeOrigin fits in 8 bits. This is violated by the relaxed SIMD proposal, which currently reserves up to 0x12F. Instead, this patch just lets the opcode use all of the upper 24 bits of the origin. * Source/JavaScriptCore/wasm/WasmOpcodeOrigin.h: (JSC::Wasm::OpcodeOrigin::OpcodeOrigin): (JSC::Wasm::OpcodeOrigin::ext1Opcode const): (JSC::Wasm::OpcodeOrigin::simdOpcode const): (JSC::Wasm::OpcodeOrigin::gcOpcode const): (JSC::Wasm::OpcodeOrigin::atomicOpcode const): Canonical link: https://commits.webkit.org/281681@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 08d5b5: [WASM] Add missing expand() when computing caller ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 08d5b5ec570f65a9d5363c194173c148ffcc219e https://github.com/WebKit/WebKit/commit/08d5b5ec570f65a9d5363c194173c148ffcc219e Author: David Degazio Date: 2024-08-02 (Fri, 02 Aug 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp Log Message: --- [WASM] Add missing expand() when computing caller information in tail calls and OMG https://bugs.webkit.org/show_bug.cgi?id=275989 rdar://131166278 Reviewed by Keith Miller. In most cases, possible projection types are expanded in the function parser, but in the specific case of tail calls we need to compute the CallInformation of the caller, which means we load the signature from the module information, which is set at section parsing time and may be a projection. Even with tail calls disabled, in OMG we currently compute the CallInformation no matter what, so this can cause issues even if we just enable WASM GC. This patch adds the missing expand() calls in these locations, so we resolve to the correct FunctionSignature in places where we expect it. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::emitTailCall): (JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectTailCall): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addCall): (JSC::Wasm::LLIntGenerator::addCallIndirect): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::emitIndirectCall): (JSC::Wasm::OMGIRGenerator::addCall): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp: (JSC::Wasm::OMGIRGenerator::emitIndirectCall): (JSC::Wasm::OMGIRGenerator::addCall): Canonical link: https://commits.webkit.org/281767@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 28d59b: [WASM] Unify error messages between typed funcrefs...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 28d59bbfe713bc11306e3a9f8b6a3f40a646a444 https://github.com/WebKit/WebKit/commit/28d59bbfe713bc11306e3a9f8b6a3f40a646a444 Author: David Degazio Date: 2024-08-07 (Wed, 07 Aug 2024) Changed paths: M JSTests/wasm/function-references/ref_types.js M JSTests/wasm/gc/arrays.js M JSTests/wasm/gc/i31.js M JSTests/wasm/gc/js-api.js M JSTests/wasm/gc/structs.js M JSTests/wasm/references/func_ref.js M JSTests/wasm/references/globals.js M JSTests/wasm/stress/global-wrong-type.js M JSTests/wasm/stress/mutable-globals.js M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmGlobal.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h M Source/JavaScriptCore/wasm/js/WebAssemblyGlobalConstructor.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [WASM] Unify error messages between typed funcrefs and GC proposals https://bugs.webkit.org/show_bug.cgi?id=277637 rdar://133225789 Reviewed by Yusuke Suzuki. Changes the error message we report when converting a JSValue to a WASM typed function reference to be the same as the corresponding error when WASM GC is enabled, so that our expected behavior in tests doesn't change if WASM GC is enabled. * JSTests/wasm/function-references/ref_types.js: (async testRefTypeParamCheck): (async testRefGlobalCheck): (async testExternFuncrefNonNullCheck): (async testWasmJSGlobals): * JSTests/wasm/gc/arrays.js: * JSTests/wasm/gc/i31.js: * JSTests/wasm/gc/js-api.js: (testI31): (testCastFailure): * JSTests/wasm/gc/structs.js: * JSTests/wasm/references/func_ref.js: (assert.throws): (GetLocal.0.I32Const.0.TableSet.0.End.End.WebAssembly.assert.throws): (GetLocal.0.I32Const.0.TableSet.0.End.End.WebAssembly): (makeFuncrefIdent): * JSTests/wasm/references/globals.js: (async testGlobalConstructorForFuncref): * JSTests/wasm/stress/global-wrong-type.js: (assert.throws): * JSTests/wasm/stress/mutable-globals.js: * Source/JavaScriptCore/wasm/WasmExceptionType.h: (JSC::Wasm::isTypeErrorExceptionType): * Source/JavaScriptCore/wasm/WasmGlobal.cpp: (JSC::Wasm::Global::set): * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION): * Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h: (JSC::fromJSValue): * Source/JavaScriptCore/wasm/js/WebAssemblyGlobalConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): Canonical link: https://commits.webkit.org/281942@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 70830b: [Wasm-GC] Enable GC by default
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 70830b91a2c86576e20ec92f39518c14dee2b04c https://github.com/WebKit/WebKit/commit/70830b91a2c86576e20ec92f39518c14dee2b04c Author: David Degazio Date: 2024-08-07 (Wed, 07 Aug 2024) Changed paths: M JSTests/wasm/extended-const-spec-tests/data.wast.js M JSTests/wasm/extended-const-spec-tests/elem.wast.js M JSTests/wasm/extended-const-spec-tests/global.wast.js M JSTests/wasm/spec-tests/data.wast.js M JSTests/wasm/spec-tests/elem.wast.js M JSTests/wasm/spec-tests/global.wast.js M Source/JavaScriptCore/runtime/OptionsList.h Log Message: --- [Wasm-GC] Enable GC by default https://bugs.webkit.org/show_bug.cgi?id=272004 rdar://126103011 Reviewed by Yusuke Suzuki. Enables WASM GC by default in JavaScriptCore. This patch just changes the default value of the useWasmGC() option, and skips a few spec test assertions that are outdated under WASM GC semantics. * JSTests/wasm/extended-const-spec-tests/data.wast.js: * JSTests/wasm/extended-const-spec-tests/elem.wast.js: * JSTests/wasm/extended-const-spec-tests/global.wast.js: * JSTests/wasm/spec-tests/data.wast.js: * JSTests/wasm/spec-tests/elem.wast.js: * JSTests/wasm/spec-tests/global.wast.js: * Source/JavaScriptCore/runtime/OptionsList.h: Canonical link: https://commits.webkit.org/281975@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e947e7: [WASM] Expression stack element types should widen...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e947e7ebf9d2168298fd244a70bbe82e65c1fa16 https://github.com/WebKit/WebKit/commit/e947e7ebf9d2168298fd244a70bbe82e65c1fa16 Author: David Degazio Date: 2024-08-22 (Thu, 22 Aug 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- [WASM] Expression stack element types should widen to match target types after conditional branch https://bugs.webkit.org/show_bug.cgi?id=278496 rdar://problem/134449160 Reviewed by Yusuke Suzuki. Reassigns the types of expression stack elements to the exact types of the branch's target's parameters when we parse a conditional branch. This behavior is required by the spec and makes us pass newer versions of the spec tests. * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParserTypes::TypedExpression::setType): (JSC::Wasm::FunctionParser::checkBranchTarget): (JSC::Wasm::FunctionParser::parseExpression): Canonical link: https://commits.webkit.org/282624@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1af666: [WASM] Elements should assume non-null function re...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1af666fca2f06ee457cbaa6373e8d1f98633a28e https://github.com/WebKit/WebKit/commit/1af666fca2f06ee457cbaa6373e8d1f98633a28e Author: David Degazio Date: 2024-08-22 (Thu, 22 Aug 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmFormat.h M Source/JavaScriptCore/wasm/WasmSectionParser.cpp Log Message: --- [WASM] Elements should assume non-null function reference type when appropriate https://bugs.webkit.org/show_bug.cgi?id=278493 rdar://problem/134447131 Reviewed by Yusuke Suzuki. Updates our parsing of element sections so we use a non-null funcref type when the section can only contain non-null functions (i.e. by directly specifying their indices). * Source/JavaScriptCore/wasm/WasmFormat.h: (JSC::Wasm::nonNullFuncrefType): * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseElement): Canonical link: https://commits.webkit.org/282628@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f95652: [WASM] Check subtyping in both directions for muta...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f95652711d7e02dc8fb2005baf8dd36c1239e2e3 https://github.com/WebKit/WebKit/commit/f95652711d7e02dc8fb2005baf8dd36c1239e2e3 Author: David Degazio Date: 2024-08-23 (Fri, 23 Aug 2024) Changed paths: M JSTests/wasm/gc/linking.js M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- [WASM] Check subtyping in both directions for mutable globals and tables https://bugs.webkit.org/show_bug.cgi?id=278497 rdar://problem/134450707 Reviewed by Keith Miller and Yijia Huang. Replaces our existing typechecking for imported mutable globals and tables to check subtyping both ways. This ensures the type we import a global value or table as is not a supertype of the imported value's innate type - we don't want to be able to import a non-nullable (ref func) as a nullable (ref null func) and violate the original type by assigning it to a null value. * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): Canonical link: https://commits.webkit.org/282682@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 406449: [WASM] Subsequent comparisons and conditional bran...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 406449de0ae5f7558bbcec552b8207ef3e7e6cff https://github.com/WebKit/WebKit/commit/406449de0ae5f7558bbcec552b8207ef3e7e6cff Author: David Degazio Date: 2024-08-27 (Tue, 27 Aug 2024) Changed paths: M Source/JavaScriptCore/b3/testb3_7.cpp M Source/JavaScriptCore/jit/CCallHelpers.cpp M Source/JavaScriptCore/jit/RegisterSet.cpp M Source/JavaScriptCore/jit/RegisterSet.h M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.h M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/JavaScriptCore/wasm/WasmCallingConvention.h M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp M Source/JavaScriptCore/wasm/WasmParser.h M Source/JavaScriptCore/wasm/generateWasm.py M Source/JavaScriptCore/wasm/generateWasmOpsHeader.py Log Message: --- [WASM] Subsequent comparisons and conditional branches should be fused in BBQ https://bugs.webkit.org/show_bug.cgi?id=277703 rdar://133317430 Reviewed by Yusuke Suzuki. Adds fusion for sequential compare/branch opcode pairs to BBQ. We detect fusion straightforwardly in the function parser - for unary and binary comparison opcodes, we peek one opcode ahead, and if it's a br_if or if we try to fuse with it if our current compiler tier supports it. Then, in the actual generator, we expose new addFusedBranchCompare and addFusedIfCompare methods - analogous to addBranch and addIf, but given the opcode and operands of the compare op instead of a condition. This patch also simplifies our register allocation around branches. For br_if, we currently use a scratch register to hold the condition, but since our condition is a popped value, its register can't overlap with any live value, so it shouldn't be clobbered when we flush the stack. For if, it's more complicated, since we need to shuffle block arguments into position. Currently we have to select a scratch, move our condition into it, then tell the new block not to use that scratch as a parameter. Instead, we should just be able to tell the new block not to use the register the condition value already inhabits. This generally saves one or two moves when emitting an if or br_if. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::ControlData::ControlData): (JSC::Wasm::BBQJITImpl::BBQJIT::addIf): (JSC::Wasm::BBQJITImpl::BBQJIT::addBranch): (JSC::Wasm::BBQJITImpl::BBQJIT::emitTailCall): (JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectCall): (JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectTailCall): (JSC::Wasm::BBQJITImpl::BBQJIT::addCallIndirect): * Source/JavaScriptCore/wasm/WasmBBQJIT.h: * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::tryFoldFusedBranchCompare): (JSC::Wasm::BBQJITImpl::BBQJIT::emitFusedBranchCompareBranch): (JSC::Wasm::BBQJITImpl::BBQJIT::addFusedBranchCompare): (JSC::Wasm::BBQJITImpl::BBQJIT::addFusedIfCompare): (JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::tryFoldFusedBranchCompare): (JSC::Wasm::BBQJITImpl::BBQJIT::emitFusedBranchCompareBranch): (JSC::Wasm::BBQJITImpl::BBQJIT::addFusedBranchCompare): (JSC::Wasm::BBQJITImpl::BBQJIT::addFusedIfCompare): (JSC::Wasm::BBQJITImpl::emitBranchI32): (JSC::Wasm::BBQJITImpl::emitBranchI64): (JSC::Wasm::BBQJITImpl::emitBranchF32): (JSC::Wasm::BBQJITImpl::emitBranchF64): (JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef): * Source/JavaScriptCore/wasm/WasmCallingConvention.h: (JSC::Wasm::WasmCallingConvention::argumentGPRs const): (JSC::Wasm::WasmCallingConvention::argumentGPRS const): Deleted. * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::binaryCompareCase): (JSC::Wasm::FunctionParser::unaryCompareCase): (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::addFusedBranchCompare): (JSC::Wasm::IPIntGenerator::addFusedIfCompare): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addFusedBranchCompare): (JSC::Wasm::LLIntGenerator::addFusedIfCompare): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::addFusedBranchCompare): (JSC::Wasm::OMGIRGenerator::addFusedIfCompare): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp: (JSC::Wasm::OMGIRGenerator::addFusedBranchCompare): (JSC::Wasm::OMGIRGenerator::addFusedIfCompare): * Source/JavaScriptCore/wasm/WasmParser.h: (JSC::Wasm::ParserBase::peekUInt8): * Source
[webkit-changes] [WebKit/WebKit] 1fe68a: [WASM] Implement return_call_ref
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1fe68a1ecd11434fb0f36ea4460a5aaa9ae3dc3c https://github.com/WebKit/WebKit/commit/1fe68a1ecd11434fb0f36ea4460a5aaa9ae3dc3c Author: David Degazio Date: 2024-08-28 (Wed, 28 Aug 2024) Changed paths: M JSTests/wasm/tail-call-spec-harness/async_index.js M JSTests/wasm/tail-call-spec-harness/sync_index.js M JSTests/wasm/tail-call-spec-harness/wasm-constants.js A JSTests/wasm/tail-call-spec-tests/return_call_ref.wast.js M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/llint/LowLevelInterpreter.asm M Source/JavaScriptCore/llint/WebAssembly.asm M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.h M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.h M Source/JavaScriptCore/wasm/wasm.json Log Message: --- [WASM] Implement return_call_ref https://bugs.webkit.org/show_bug.cgi?id=278741 rdar://134442713 Reviewed by Yusuke Suzuki. Implements the return_call_ref instruction from the typed function references proposal in the LLInt, BBQ, and OMG tiers. * JSTests/wasm/tail-call-spec-harness/sync_index.js: (hostref): (eq_ref): * JSTests/wasm/tail-call-spec-harness/wasm-constants.js: (hostref): Deleted. * JSTests/wasm/tail-call-spec-tests/return_call_ref.wast.js: Added. * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: * Source/JavaScriptCore/llint/WebAssembly.asm: * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectCall): (JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectTailCall): (JSC::Wasm::BBQJITImpl::BBQJIT::addCallIndirect): * Source/JavaScriptCore/wasm/WasmBBQJIT.h: * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef): * Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp: * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): (JSC::Wasm::FunctionParser::parseUnreachableExpression): * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::addCallRef): * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addCallRef): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::addCallRef): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp: (JSC::Wasm::OMGIRGenerator::addCallRef): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmSlowPaths.h: * Source/JavaScriptCore/wasm/wasm.json: Canonical link: https://commits.webkit.org/282853@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8d6284: Addresses may not be persistent across calls to pa...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8d6284de0e3fef99a91c909e2bb9ffe1c4064f6f https://github.com/WebKit/WebKit/commit/8d6284de0e3fef99a91c909e2bb9ffe1c4064f6f Author: David Degazio Date: 2024-04-09 (Tue, 09 Apr 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_enumerator.c Log Message: --- Addresses may not be persistent across calls to pas_enumerator_reader https://bugs.webkit.org/show_bug.cgi?id=272404 rdar://125072587 Reviewed by Yusuke Suzuki. Stores the results of calling the reader function in pas_enumerator_create locally as opposed to referencing the remote memory. This reduction in indirection means changes to the enumerating process' mapping of the remote memory will no longer cause values the enumerator is actively using (such as the pas_root) to become unmapped. * Source/bmalloc/libpas/src/libpas/pas_enumerator.c: (pas_enumerator_create): Canonical link: https://commits.webkit.org/277271@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bd190f: [WASM-GC] RTT payload offset is wrong when HAVE(36...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bd190f34248f8b628b408fd3b5dcb1e0dd2a0065 https://github.com/WebKit/WebKit/commit/bd190f34248f8b628b408fd3b5dcb1e0dd2a0065 Author: David Degazio Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- [WASM-GC] RTT payload offset is wrong when HAVE(36BIT_ADDRESS) https://bugs.webkit.org/show_bug.cgi?id=272776 rdar://124477605 Reviewed by Justin Michaud and Yusuke Suzuki. Fixes RTT::offsetOfPayload() to return the end of the RTT structure instead of the end of the m_displaySize field. This agrees with the actual address we compute in RTT::payload(), and fixes a bug where on platforms with 36-bit addresses, the alignment of RTT causes these two notions of the payload offset to diverge. * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: Canonical link: https://commits.webkit.org/277626@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8c02c7: Unreviewed revert 277566@main because of crash in ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8c02c7ed2f319fc0e255afa6455733666c7936a9 https://github.com/WebKit/WebKit/commit/8c02c7ed2f319fc0e255afa6455733666c7936a9 Author: David Degazio Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: R JSTests/microbenchmarks/wasm-cc-int-to-int.js R JSTests/microbenchmarks/wasm-cc-int-to-int.wasm R JSTests/microbenchmarks/wasm-cc-int-to-int.wat R JSTests/wasm/stress/cc-i32-kitchen-sink.js R JSTests/wasm/stress/cc-int-to-int-cross-module-with-exception.js M JSTests/wasm/stress/cc-int-to-int-cross-module.js R JSTests/wasm/stress/cc-int-to-int-memory.js R JSTests/wasm/stress/cc-int-to-int-no-jit.js M JSTests/wasm/stress/cc-int-to-int.js M Source/JavaScriptCore/llint/InPlaceInterpreter.cpp M Source/JavaScriptCore/llint/InPlaceInterpreter.h M Source/JavaScriptCore/llint/WebAssembly.asm M Source/JavaScriptCore/runtime/OptionsList.h M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp M Source/JavaScriptCore/wasm/WasmCallee.cpp M Source/JavaScriptCore/wasm/WasmCallee.h M Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp M Source/JavaScriptCore/wasm/WasmLLIntPlan.h M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h Log Message: --- Unreviewed revert 277566@main because of crash in wasmLLIntPCRangeStart https://bugs.webkit.org/show_bug.cgi?id=272833 rdar://126631479 Unreviewed. Reverts commit that partially removed JS->Wasm LLInt entry thunks due to a crash that happened on certain platforms. * JSTests/microbenchmarks/wasm-cc-int-to-int.js: Removed. * JSTests/microbenchmarks/wasm-cc-int-to-int.wasm: Removed. * JSTests/microbenchmarks/wasm-cc-int-to-int.wat: Removed. * JSTests/wasm/stress/cc-i32-kitchen-sink.js: Removed. * JSTests/wasm/stress/cc-int-to-int-cross-module-with-exception.js: Removed. * JSTests/wasm/stress/cc-int-to-int-cross-module.js: * JSTests/wasm/stress/cc-int-to-int-memory.js: Removed. * JSTests/wasm/stress/cc-int-to-int-no-jit.js: Removed. * JSTests/wasm/stress/cc-int-to-int.js: * Source/JavaScriptCore/llint/InPlaceInterpreter.cpp: (JSC::IPInt::initialize): * Source/JavaScriptCore/llint/InPlaceInterpreter.h: * Source/JavaScriptCore/llint/WebAssembly.asm: * Source/JavaScriptCore/runtime/OptionsList.h: * Source/JavaScriptCore/wasm/WasmBBQPlan.cpp: (JSC::Wasm::BBQPlan::work): * Source/JavaScriptCore/wasm/WasmCallee.cpp: (JSC::Wasm::JSEntrypointInterpreterCallee::JSEntrypointInterpreterCallee): (JSC::Wasm::JSEntrypointInterpreterCallee::entrypointImpl const): (JSC::Wasm::JSEntrypointInterpreterCallee::calleeSaveRegistersImpl): * Source/JavaScriptCore/wasm/WasmCallee.h: (JSC::Wasm::jsEntrypointMetadataForGPR): Deleted. (JSC::Wasm::jsEntrypointMetadataForFPR): Deleted. (JSC::Wasm::dumpJSEntrypointInterpreterCalleeMetadata): Deleted. * Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp: (JSC::Wasm::LLIntPlan::didCompleteCompilation): (JSC::Wasm::LLIntPlan::makeInterpretedJSToWasmCallee): Deleted. * Source/JavaScriptCore/wasm/WasmLLIntPlan.h: * Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp: (JSC::m_boxedWasmCallee): (JSC::m_jsToWasmBoxedInterpreterCallee): Deleted. * Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h: Canonical link: https://commits.webkit.org/277632@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7a2375: [WASM] Avoid extraneous move for simple integer ar...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7a2375d28da42fb41b734a98cda029478f96b611 https://github.com/WebKit/WebKit/commit/7a2375d28da42fb41b734a98cda029478f96b611 Author: David Degazio Date: 2024-04-19 (Fri, 19 Apr 2024) Changed paths: M Source/JavaScriptCore/assembler/MacroAssembler.h M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h M Source/JavaScriptCore/b3/B3Common.h M Source/JavaScriptCore/b3/B3MemoryValue.cpp M Source/JavaScriptCore/b3/B3ValueInlines.h M Source/JavaScriptCore/b3/air/AirArg.h M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/WTF/wtf/MathExtras.h Log Message: --- [WASM] Avoid extraneous move for simple integer arithmetic in BBQ https://bugs.webkit.org/show_bug.cgi?id=272901 rdar://problem/126695575 Reviewed by Yusuke Suzuki. Cleans up our code generation for integer add, subtract, bitwise ops, and compare in the BBQ JIT. Specifically, we target the case where we know we have one constant operand, and try and avoid a move. - For i32.add, i32.and, i32.or, and i32.xor, we are currently doing totally redundant work - three-operand nondestructive versions of all these opcodes with an immediate are supported on all MacroAssembler targets, so we should just use those. - For i32.sub, we currently do a weird trick involving adding a negative. The only real benefit of this is that for additions, we consider lowering as a LEA instruction on x86 - in this patch, we add that to subtractions in the MacroAssembler too. - For 64-bit versions of these operations, most MacroAssembler targets do not natively support 64-bit immediates. For those that do - ARM64 bitwise ops - we carve out a special case. Otherwise, we now check if the immediate is representable as a 32-bit immediate with no precision loss, and use the 32-bit immediate form instead if so. * Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::sub32): * Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h: (JSC::MacroAssemblerX86_64::sub64): * Source/JavaScriptCore/b3/B3Common.h: (JSC::B3::isIdentical): Deleted. (JSC::B3::isRepresentableAsImpl): Deleted. (JSC::B3::isRepresentableAs): Deleted. * Source/JavaScriptCore/b3/B3MemoryValue.cpp: (JSC::B3::MemoryValue::isLegalOffsetImpl const): * Source/JavaScriptCore/b3/B3ValueInlines.h: (JSC::B3::Value::isRepresentableAs const): * Source/JavaScriptCore/b3/air/AirArg.h: (JSC::B3::Air::Arg::isRepresentableAs const): (JSC::B3::Air::Arg::isRepresentableAs): (JSC::B3::Air::Arg::isValidImmForm): (JSC::B3::Air::Arg::isValidBitImmForm): (JSC::B3::Air::Arg::isValidBitImm64Form): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addI32Add): (JSC::Wasm::BBQJITImpl::BBQJIT::addI32Sub): (JSC::Wasm::BBQJITImpl::BBQJIT::addI32And): (JSC::Wasm::BBQJITImpl::BBQJIT::addI32Xor): (JSC::Wasm::BBQJITImpl::BBQJIT::addI32Or): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addI64Add): (JSC::Wasm::BBQJITImpl::BBQJIT::addI64Sub): (JSC::Wasm::BBQJITImpl::BBQJIT::addI64And): (JSC::Wasm::BBQJITImpl::BBQJIT::addI64Xor): (JSC::Wasm::BBQJITImpl::BBQJIT::addI64Or): (JSC::Wasm::BBQJITImpl::BBQJIT::emitCompareI64): * Source/WTF/wtf/MathExtras.h: (WTF::isIdentical): (WTF::isRepresentableAsImpl): (WTF::isRepresentableAs): Canonical link: https://commits.webkit.org/20@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 884c93: Make WTF::negate work correctly when negating non-...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 884c93a89477439436e11c1081dcc73312599cd7 https://github.com/WebKit/WebKit/commit/884c93a89477439436e11c1081dcc73312599cd7 Author: David Degazio Date: 2024-04-23 (Tue, 23 Apr 2024) Changed paths: M Source/WTF/wtf/MathExtras.h M Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp Log Message: --- Make WTF::negate work correctly when negating non-negative integers https://bugs.webkit.org/show_bug.cgi?id=273048 rdar://problem/126872453 Reviewed by Yusuke Suzuki and Keith Miller. WTF::negate statically accepts signed integers, but ASSERTs that its input is already negative so it can return a non-negative result. This is pretty surprising behavior, and since the operation of WTF::negate is a simple two's-complement negate, it should be fine to allow it to return negative results as well. * Source/WTF/wtf/MathExtras.h: (WTF::negate): Canonical link: https://commits.webkit.org/277883@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 493615: Cherry-pick 277325@main (cb5290644a69). https://bu...
teboard/paste-text-009-expected.txt: Ditto * LayoutTests/platform/wincairo/editing/pasteboard/paste-text-009-expected.txt: Ditto * LayoutTests/platform/ios/editing/pasteboard/paste-text-009-expected.txt: Add Platform Specific Expectation * LayoutTests/editing/execCommand/canvas-counter-rooteditable-crash.html: Add Test Case * LayoutTests/editing/execCommand/canvas-counter-rooteditable-crash-expected.txt: Add Test Case Expectation Canonical link: https://commits.webkit.org/277291@main Canonical link: https://commits.webkit.org/274313.159@webkitglib/2.44 Commit: d56aced2a2121efffcff963a8f44f862de03122c https://github.com/WebKit/WebKit/commit/d56aced2a2121efffcff963a8f44f862de03122c Author: David Degazio Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_enumerator.c Log Message: --- Cherry-pick 277271@main (8d6284de0e3f). https://bugs.webkit.org/show_bug.cgi?id=272404 Addresses may not be persistent across calls to pas_enumerator_reader https://bugs.webkit.org/show_bug.cgi?id=272404 rdar://125072587 Reviewed by Yusuke Suzuki. Stores the results of calling the reader function in pas_enumerator_create locally as opposed to referencing the remote memory. This reduction in indirection means changes to the enumerating process' mapping of the remote memory will no longer cause values the enumerator is actively using (such as the pas_root) to become unmapped. * Source/bmalloc/libpas/src/libpas/pas_enumerator.c: (pas_enumerator_create): Canonical link: https://commits.webkit.org/277271@main Canonical link: https://commits.webkit.org/274313.160@webkitglib/2.44 Compare: https://github.com/WebKit/WebKit/compare/2431b537193e...d56aced2a212 To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] dab440: [JSC] Private brand can be empty in computed prope...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dab4400141adebfc0fb1f80a4a3c201df64a04ef https://github.com/WebKit/WebKit/commit/dab4400141adebfc0fb1f80a4a3c201df64a04ef Author: David Degazio Date: 2024-05-10 (Fri, 10 May 2024) Changed paths: A JSTests/stress/use-static-private-member-in-computed-property-name.js M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp Log Message: --- [JSC] Private brand can be empty in computed property name https://bugs.webkit.org/show_bug.cgi?id=273978 rdar://124072928 Reviewed by Yusuke Suzuki. Adds a check_tdz to emitCheckPrivateBrand to checks if the private brand is an empty value before comparing it against the access base. This covers the case where we're performing a private field access in a computed property name expression, in which case the enclosing class definition is incomplete and the private brand will not yet have been defined. * JSTests/stress/use-static-private-member-in-computed-property-name.js: Added. (Test.method): (Test): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitJumpIfEmpty): (JSC::BytecodeGenerator::emitCheckPrivateBrand): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h: Canonical link: https://commits.webkit.org/278642@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 68465c: Versioning.
l_command_buffer.mm M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.mm M Source/WebCore/Modules/webxr/WebXROpaqueFramebuffer.cpp M Source/WebCore/Modules/webxr/WebXROpaqueFramebuffer.h M Source/WebCore/Modules/webxr/WebXRWebGLLayer.cpp Log Message: --- Cherry-pick 4d12bc5c1a01. rdar://125751459 [WebXR] WebXR should base its foveation on the app's setting https://bugs.webkit.org/show_bug.cgi?id=272069 Reviewed by Tim Horton. Respect the app's foveation setting. Also fixup the viewport transformation. * Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.mm: (rx::ContextMtl::setupDrawImpl): * Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_command_buffer.h: * Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_command_buffer.mm: (rx::mtl::RenderCommandEncoder::setViewport): (rx::mtl::RenderCommandEncoder::rasterizationRateMapForPass const): * Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.mm: (rx::mtl::ClearUtils::setupClearWithDraw): * Source/WebCore/Modules/webxr/WebXROpaqueFramebuffer.cpp: (WebCore::WebXROpaqueFramebuffer::usesLayeredMode const): (WebCore::WebXROpaqueFramebuffer::blitSharedToLayered): (WebCore::convertViewportToPhysicalCoordinates): (WebCore::WebXROpaqueFramebuffer::drawViewport const): (WebCore::displayLayout): (WebCore::WebXROpaqueFramebuffer::setupFramebuffer): * Source/WebCore/Modules/webxr/WebXROpaqueFramebuffer.h: * Source/WebCore/Modules/webxr/WebXRWebGLLayer.cpp: (WebCore::WebXRWebGLLayer::computeViewports): Canonical link: https://commits.webkit.org/277037@main Commit: 654a8acfeda41c283be22ade4697f2703273df9c https://github.com/WebKit/WebKit/commit/654a8acfeda41c283be22ade4697f2703273df9c Author: Mike Wyrzykowski Date: 2024-04-03 (Wed, 03 Apr 2024) Changed paths: M Source/WebCore/Modules/webxr/WebXROpaqueFramebuffer.cpp Log Message: --- Cherry-pick 31c43b74127b. rdar://125620290 [WebXR] Depth values are not correct https://bugs.webkit.org/show_bug.cgi?id=272119 Reviewed by Dan Glastonbury. Compositor expects reverse-Z but WebXR writes forward Z values, so just zero them for now so the reprojection doesn't cause jittering. * Source/WebCore/Modules/webxr/WebXROpaqueFramebuffer.cpp: (WebCore::WebXROpaqueFramebuffer::blitSharedToLayered): Canonical link: https://commits.webkit.org/277040@main Canonical link: https://commits.webkit.org/276863.10@safari-7619.1.8-branch Commit: 290c9d39c219693e8be810d23c2a359e43aab54c https://github.com/WebKit/WebKit/commit/290c9d39c219693e8be810d23c2a359e43aab54c Author: Mohsin Qureshi Date: 2024-04-05 (Fri, 05 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: --- Versioning. WebKit-7619.1.8.1 Commit: 1cc1e64c83eea525d3826b4c40c6d1cd550ac3a0 https://github.com/WebKit/WebKit/commit/1cc1e64c83eea525d3826b4c40c6d1cd550ac3a0 Author: Dan Robson Date: 2024-04-08 (Mon, 08 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: --- Versioning. WebKit-7619.1.8.2 Canonical link: https://commits.webkit.org/276863.12@safari-7619.1.8-branch Commit: 0d3bde91488692c0fde8fa1cb448ab390d670e16 https://github.com/WebKit/WebKit/commit/0d3bde91488692c0fde8fa1cb448ab390d670e16 Author: Dan Robson Date: 2024-04-10 (Wed, 10 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: --- Versioning. WebKit-7619.1.8.3 Canonical link: https://commits.webkit.org/276863.13@safari-7619.1.8-branch Commit: 01ba069c5e5a12dbead28526a45cf20a8182908e https://github.com/WebKit/WebKit/commit/01ba069c5e5a12dbead28526a45cf20a8182908e Author: David Degazio Date: 2024-04-10 (Wed, 10 Apr 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_enumerator.c Log Message: --- Cherry-pick 8d6284de0e3f. rdar://125072587 Addresses may not be persistent across calls to pas_enumerator_reader https://bugs.webkit.org/show_bug.cgi?id=272404 rdar://125072587 Reviewed by Yusuke Suzuki. Stores the results of calling the reader function in pas_enumerator_create locally as opposed to referencing the remote memory. This reduction in indirection means changes to the enumerating process' mapping of the remote memory will no longer cause values the enumerator is actively using (such as the pas_root) to become unmapped. * Source/bmalloc/libpas/src/libpas/pas_enumerator.c: (pas_enumerator_create): Canonical link: https://commits.webkit.org/277271@main Canonical link: https://commits.webkit.org/276863.14@safari-7619.1.8-branch Compare: https://github.com/WebKit/WebKit/compare/68465c1315ea%5E...01b
[webkit-changes] [WebKit/WebKit] d957a6: [JSC] Mitigate null UnlinkedMetadataTable pointer ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d957a61b2ee955859b873b7c24781b735d8949d1 https://github.com/WebKit/WebKit/commit/d957a61b2ee955859b873b7c24781b735d8949d1 Author: David Degazio Date: 2024-05-15 (Wed, 15 May 2024) Changed paths: M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/MetadataTable.cpp M Source/JavaScriptCore/bytecode/MetadataTable.h M Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h Log Message: --- [JSC] Mitigate null UnlinkedMetadataTable pointer in CodeBlock destructor https://bugs.webkit.org/show_bug.cgi?id=272787 rdar://121747906 Reviewed by Yusuke Suzuki. Attempts to fix a rare bug where the UnlinkedMetadataTable pointer accessed in the CodeBlock destructor can become null. We think this may be due to a series of thread-unsafe reference count operations that might allow the destructor to happen twice, perhaps simultaneously on two threads. This patch attempts to mitigate this by: 1. Making UnlinkedMetadataTable and MetadataTable thread-safe refcounted. 2. Checking for the presence of a null UnlinkedMetadataTable pointer in the appropriate functions, and attempting to handle it nonfatally. This means we skip updating the didOptimize state in the CodeBlock destructor, and that we intentionally leak MetadataTables if they have this null pointer. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::~CodeBlock): * Source/JavaScriptCore/bytecode/MetadataTable.cpp: (JSC::MetadataTable::destroy): (JSC::MetadataTable::sizeInBytesForGC): * Source/JavaScriptCore/bytecode/MetadataTable.h: (JSC::MetadataTable::forEachValueProfile): (JSC::MetadataTable::valueProfileForOffset): (JSC::MetadataTable::deref): (JSC::MetadataTable::unlinkedMetadata const): (JSC::MetadataTable::totalSize const): * Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h: Originally-landed-as: 4cac7925aca4. rdar://128091467 Canonical link: https://commits.webkit.org/278832@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bc5bcf: [JSC] Inlined functions in OMG may have exception ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bc5bcf116eef81d7f61706d5e157e921461757ee https://github.com/WebKit/WebKit/commit/bc5bcf116eef81d7f61706d5e157e921461757ee Author: David Degazio Date: 2024-05-23 (Thu, 23 May 2024) Changed paths: A JSTests/wasm/stress/inlinee-may-have-exception-handlers.js A JSTests/wasm/stress/rethrow-should-set-callsite-index.js A JSTests/wasm/stress/throw-should-set-callsite-index.js M Source/JavaScriptCore/wasm/WasmCompilationContext.h M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.h M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp Log Message: --- [JSC] Inlined functions in OMG may have exception handlers https://bugs.webkit.org/show_bug.cgi?id=272106 rdar://125181187 Reviewed by Justin Michaud and Yusuke Suzuki. Primarily fixes a bug where any WebAssembly function inlined in OMG was assumed to not have exception handlers. We now propagate a reference to the Wasm::CalleeGroup from the OMGPlan/OSREntryPlan to the B3IRGenerator, and read the hasExceptionHandlers() property from the inlined function's callee, similar to how the top-level function's generator is initialized in the plan. In addition to this, we also change when we set the callsite index. Currently we don't set the callsite index for any call or throw outside of a try block, which means that we might throw with an old callsite index set, and erroneously catch the exception in a previous block. To fix this, we now set a bool in the IR generator after a try or catch block ends, and set the callsite index for the first call/throw after a try/catch ends. Finally, consistent with BBQ, we don't write invalid callsite indices except for during the function prologue (before our first call/throw). We also don't write the callsite index at all in the case that we are known to be in a function without exception handlers. * JSTests/wasm/stress/inlinee-may-have-exception-handlers.js: Added. (async test): * JSTests/wasm/stress/rethrow-should-set-callsite-index.js: Added. (async test): * JSTests/wasm/stress/throw-should-set-callsite-index.js: Added. (async test): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::shouldSetCallSiteIndexAfterTry const): (JSC::Wasm::B3IRGenerator::didSetCallSiteIndexAfterTry): (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::preparePatchpointForExceptions): (JSC::Wasm::B3IRGenerator::addThrow): (JSC::Wasm::B3IRGenerator::addRethrow): (JSC::Wasm::B3IRGenerator::addEndToUnreachable): (JSC::Wasm::B3IRGenerator::emitInlineDirectCall): (JSC::Wasm::parseAndCompileB3): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.h: * Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h: (JSC::Wasm::PatchpointExceptionHandle::PatchpointExceptionHandle): (JSC::Wasm::PatchpointExceptionHandle::generate const): * Source/JavaScriptCore/wasm/WasmOMGPlan.cpp: (JSC::Wasm::OMGPlan::work): * Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp: (JSC::Wasm::OSREntryPlan::work): Originally-landed-as: 272448.917@safari-7618-branch (1e58c9386ed9). rdar://128572165 Canonical link: https://commits.webkit.org/279242@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2ffa18: [JSC] Catch should preserve top expression stack o...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2ffa1875acb5dd36fe6cd44c1636795e017b7731 https://github.com/WebKit/WebKit/commit/2ffa1875acb5dd36fe6cd44c1636795e017b7731 Author: David Degazio Date: 2024-05-24 (Fri, 24 May 2024) Changed paths: A JSTests/wasm/stress/catch-should-keep-alive-inline-parent-expression-stack.js M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp Log Message: --- [JSC] Catch should preserve top expression stack of inline parents in OMG https://bugs.webkit.org/show_bug.cgi?id=271987 rdar://125145754 Reviewed by Justin Michaud. This patch makes it so we include the top-level expression stack (m_parser->expressionStack()) among the values we consider live when figuring out which values need to be reloaded at a catch entrypoint. Previously, we only considered the enclosed expression stacks buried in the control entries for each inline parent, which only captures values live in enclosing blocks and not the current block being executed. * JSTests/wasm/stress/catch-should-keep-alive-inline-parent-expression-stack.js: Added. (async test): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::preparePatchpointForExceptions): (JSC::Wasm::B3IRGenerator::emitCatchImpl): Originally-landed-as: 272448.849@safari-7618-branch (0b59e3f5e9ff). rdar://128550624 Canonical link: https://commits.webkit.org/279265@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2e7a7b: Cherry-pick 272448.917@safari-7618-branch (1e58c93...
Branch: refs/heads/webkitglib/2.44 Home: https://github.com/WebKit/WebKit Commit: 2e7a7b504ca22598698b11f3be3257e8042c0b1d https://github.com/WebKit/WebKit/commit/2e7a7b504ca22598698b11f3be3257e8042c0b1d Author: David Degazio Date: 2024-05-28 (Tue, 28 May 2024) Changed paths: A JSTests/wasm/stress/inlinee-may-have-exception-handlers.js A JSTests/wasm/stress/rethrow-should-set-callsite-index.js A JSTests/wasm/stress/throw-should-set-callsite-index.js M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp M Source/JavaScriptCore/wasm/WasmB3IRGenerator.h M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp Log Message: --- Cherry-pick 272448.917@safari-7618-branch (1e58c9386ed9). https://bugs.webkit.org/show_bug.cgi?id=272106 [JSC] Inlined functions in OMG may have exception handlers https://bugs.webkit.org/show_bug.cgi?id=272106 rdar://125181187 Reviewed by Justin Michaud and Yusuke Suzuki. Primarily fixes a bug where any WebAssembly function inlined in OMG was assumed to not have exception handlers. We now propagate a reference to the Wasm::CalleeGroup from the OMGPlan/OSREntryPlan to the B3IRGenerator, and read the hasExceptionHandlers() property from the inlined function's callee, similar to how the top-level function's generator is initialized in the plan. In addition to this, we also change when we set the callsite index. Currently we don't set the callsite index for any call or throw outside of a try block, which means that we might throw with an old callsite index set, and erroneously catch the exception in a previous block. To fix this, we now set a bool in the IR generator after a try or catch block ends, and set the callsite index for the first call/throw after a try/catch ends. Finally, consistent with BBQ, we don't write invalid callsite indices except for during the function prologue (before our first call/throw). We also don't write the callsite index at all in the case that we are known to be in a function without exception handlers. * JSTests/wasm/stress/inlinee-may-have-exception-handlers.js: Added. (async test): * JSTests/wasm/stress/rethrow-should-set-callsite-index.js: Added. (async test): * JSTests/wasm/stress/throw-should-set-callsite-index.js: Added. (async test): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::shouldSetCallSiteIndexAfterTry const): (JSC::Wasm::B3IRGenerator::didSetCallSiteIndexAfterTry): (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::preparePatchpointForExceptions): (JSC::Wasm::B3IRGenerator::addThrow): (JSC::Wasm::B3IRGenerator::addRethrow): (JSC::Wasm::B3IRGenerator::addEndToUnreachable): (JSC::Wasm::B3IRGenerator::emitInlineDirectCall): (JSC::Wasm::parseAndCompileB3): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.h: * Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h: (JSC::Wasm::PatchpointExceptionHandle::PatchpointExceptionHandle): (JSC::Wasm::PatchpointExceptionHandle::generate const): * Source/JavaScriptCore/wasm/WasmOMGPlan.cpp: (JSC::Wasm::OMGPlan::work): * Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp: (JSC::Wasm::OSREntryPlan::work): Canonical link: https://commits.webkit.org/272448.917@safari-7618-branch Canonical link: https://commits.webkit.org/274313.285@webkitglib/2.44 To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3d6a73: [JSC] Add optional mprotect mode for executable me...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3d6a7300a281e21aaf7a8b91ea07252ccc4fa000 https://github.com/WebKit/WebKit/commit/3d6a7300a281e21aaf7a8b91ea07252ccc4fa000 Author: David Degazio Date: 2024-05-29 (Wed, 29 May 2024) Changed paths: M Source/JavaScriptCore/assembler/ARM64Assembler.h M Source/JavaScriptCore/assembler/ARMv7Assembler.h M Source/JavaScriptCore/assembler/LinkBuffer.cpp M Source/JavaScriptCore/assembler/RISCV64Assembler.h M Source/JavaScriptCore/assembler/X86Assembler.h M Source/JavaScriptCore/jit/ExecutableAllocator.cpp M Source/JavaScriptCore/jit/ExecutableAllocator.h M Source/WTF/wtf/PlatformEnable.h Log Message: --- [JSC] Add optional mprotect mode for executable memory on Intel https://bugs.webkit.org/show_bug.cgi?id=274805 rdar://128901530 Reviewed by Mark Lam. Adds new build-time flag ENABLE_MPROTECT_RWX_TO_RX that toggles protecting executable memory from modification using mprotect() calls. It's disabled by default due to high performance cost, but should still be useful as a debugging mode to flush out possible sources of executable memory corruption. * Source/JavaScriptCore/assembler/ARM64Assembler.h: * Source/JavaScriptCore/assembler/ARMv7Assembler.h: (JSC::ARMv7Assembler::maxJumpReplacementSize): * Source/JavaScriptCore/assembler/LinkBuffer.cpp: (JSC::LinkBuffer::copyCompactAndLinkCode): (JSC::LinkBuffer::performFinalization): * Source/JavaScriptCore/assembler/RISCV64Assembler.h: (JSC::RISCV64Assembler::maxJumpReplacementSize): * Source/JavaScriptCore/assembler/X86Assembler.h: (JSC::X86Assembler::replaceWithHlt): (JSC::X86Assembler::replaceWithJump): (JSC::X86Assembler::replaceWithNops): (JSC::X86Assembler::maxJumpReplacementSize): (JSC::X86Assembler::revertJumpTo_movq_i64r): (JSC::X86Assembler::revertJumpTo_movl_i32r): (JSC::X86Assembler::revertJumpTo_cmpl_ir_force32): (JSC::X86Assembler::revertJumpTo_cmpl_im_force32): (JSC::X86Assembler::fillNops): (JSC::X86Assembler::setPointer): (JSC::X86Assembler::setInt32): (JSC::X86Assembler::setInt8): * Source/JavaScriptCore/jit/ExecutableAllocator.cpp: (JSC::ExecutableAllocator::startWriting): (JSC::ExecutableAllocator::finishWriting): (JSC::performJITMemcpyWithMProtect): * Source/JavaScriptCore/jit/ExecutableAllocator.h: (JSC::performJITMemcpy): * Source/WTF/wtf/PlatformEnable.h: Canonical link: https://commits.webkit.org/279455@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] eba05a: [WASM] V128 should be throwable to match Chrome an...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: eba05a59d7020b58706e5db7bbab8f5ec2c5f2b2 https://github.com/WebKit/WebKit/commit/eba05a59d7020b58706e5db7bbab8f5ec2c5f2b2 Author: David Degazio Date: 2024-06-13 (Thu, 13 Jun 2024) Changed paths: M JSTests/wasm/stress/big-try-simd.js A JSTests/wasm/stress/exception-containing-v128.js A JSTests/wasm/stress/import-exception-tag-with-v128.js M JSTests/wasm/stress/tuple-and-simd.js M JSTests/wasm/v8/exceptions-simd.js M Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/JavaScriptCore/wasm/WasmExceptionType.h M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp M Source/JavaScriptCore/wasm/WasmOperations.cpp M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp M Source/JavaScriptCore/wasm/WasmTag.h M Source/JavaScriptCore/wasm/js/JSWebAssemblyException.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyTagConstructor.cpp Log Message: --- [WASM] V128 should be throwable to match Chrome and the spec https://bugs.webkit.org/show_bug.cgi?id=275383 rdar://106030051 Reviewed by Yusuke Suzuki. Adds support for v128 parameters in tags to BBQ and OMG tiers and the WASM/JS interface. * JSTests/wasm/stress/exception-containing-v128.js: Added. (async test): * JSTests/wasm/stress/import-exception-tag-with-v128.js: Added. (async test): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addThrow): * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::emitCatchImpl): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::emitCatchImpl): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::addCatchToUnreachable): (JSC::Wasm::OMGIRGenerator::addThrow): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp: (JSC::Wasm::OMGIRGenerator::addCatchToUnreachable): (JSC::Wasm::OMGIRGenerator::addThrow): * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION): * Source/JavaScriptCore/wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * Source/JavaScriptCore/wasm/WasmTag.h: * Source/JavaScriptCore/wasm/js/WebAssemblyTagConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/279989@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 692b33: [WASM] Incorrect indexing in recursion group when ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 692b33ef1461c482702b0d509bf65b79964a93d7 https://github.com/WebKit/WebKit/commit/692b33ef1461c482702b0d509bf65b79964a93d7 Author: David Degazio Date: 2024-09-12 (Thu, 12 Sep 2024) Changed paths: A JSTests/wasm/stress/multiple-recgroups.js A JSTests/wasm/stress/multiple-recgroups.wat M Source/JavaScriptCore/wasm/WasmSectionParser.cpp Log Message: --- [WASM] Incorrect indexing in recursion group when checking subtype validity https://bugs.webkit.org/show_bug.cgi?id=279527 rdar://134582688 Reviewed by Yusuke Suzuki. Fixes a bug where we used an index to the list of types in a recursion group to index into the module-global list of defined types. Also replaces placeholders in the type up front instead of unrolling, since unroll() is a no-op on any non-projection type, but non-projection types can still contain projections that might be placeholders. Since the recursion group is done being defined here, we substitute placeholders in order to be able to find the correct supertype, in case that supertype is a projection. * JSTests/wasm/stress/multiple-recgroups.js: Added. * Source/JavaScriptCore/wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseRecursionGroup): Canonical link: https://commits.webkit.org/283568@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 17bdcc: [WASM] Fix and fuse br_on_null/non_null in BBQ
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 17bdcc9f84777a296dcf818791307da483ada500 https://github.com/WebKit/WebKit/commit/17bdcc9f84777a296dcf818791307da483ada500 Author: David Degazio Date: 2024-09-16 (Mon, 16 Sep 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp Log Message: --- [WASM] Fix and fuse br_on_null/non_null in BBQ https://bugs.webkit.org/show_bug.cgi?id=279701 rdar://135586113 Reviewed by Yusuke Suzuki. Changes the BBQ implementations of br_on_null and br_on_non_null to avoid calling addBranch() with an intermediate value. This resolves some debug-only assertion failures with these instructions, and also serves to fuse the compare and branch to make these instructions a bit more efficient. * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addBranchNull): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addBranchNull): Canonical link: https://commits.webkit.org/283745@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e1fb75: Skip Test262 Intl.DurationFormat tests
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e1fb75ade27b9f429e35fc0b05a25f3452b23916 https://github.com/WebKit/WebKit/commit/e1fb75ade27b9f429e35fc0b05a25f3452b23916 Author: David Degazio <35146201+ddega...@users.noreply.github.com> Date: 2022-09-27 (Tue, 27 Sep 2022) Changed paths: M JSTests/test262/config.yaml Log Message: --- Skip Test262 Intl.DurationFormat tests https://bugs.webkit.org/show_bug.cgi?id=245695 rdar://100428579 We encountered a recent regression on Test262 Intl.DurationFormat tests due to WebKit shipping with an out-of-date ICU header. This patch adds those tests to the skip list, as the feature is unsupported in the ICU version we build with. Reviewed by Yusuke Suzuki. * JSTests/test262/config.yaml: Canonical link: https://commits.webkit.org/254929@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0250a3: Don't mask unnecessarily for out-of-line CodeOrigin
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0250a327f2112417479c306d0710352c180e8cea https://github.com/WebKit/WebKit/commit/0250a327f2112417479c306d0710352c180e8cea Author: David Degazio Date: 2024-10-04 (Fri, 04 Oct 2024) Changed paths: M Source/JavaScriptCore/bytecode/CodeOrigin.h Log Message: --- Don't mask unnecessarily for out-of-line CodeOrigin https://bugs.webkit.org/show_bug.cgi?id=280780 rdar://137140090 Reviewed by Yusuke Suzuki. Decreases size of the mask used to extract the value of an out-of-line CodeOrigin, so it's easier to materialize and no longer precludes use of the upper 16 bits to store additional information about the origin. * Source/JavaScriptCore/bytecode/CodeOrigin.h: (JSC::CodeOrigin::outOfLineCodeOrigin const): Canonical link: https://commits.webkit.org/284714@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 9d4e2d: Avoid shifting address value in DFG AbstractHeap
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 9d4e2deb25c83756843ff69b0ccc3bd0ae3072f6 https://github.com/WebKit/WebKit/commit/9d4e2deb25c83756843ff69b0ccc3bd0ae3072f6 Author: David Degazio Date: 2024-10-04 (Fri, 04 Oct 2024) Changed paths: M Source/JavaScriptCore/dfg/DFGAbstractHeap.h Log Message: --- Avoid shifting address value in DFG AbstractHeap https://bugs.webkit.org/show_bug.cgi?id=280781 rdar://137149897 Reviewed by Yusuke Suzuki. Rearranges encoded fields of DFG::AbstractHeap to be consistent with other compact pointer tuples and simplify decoding of the address value. * Source/JavaScriptCore/dfg/DFGAbstractHeap.h: (JSC::DFG::AbstractHeap::kind const): (JSC::DFG::AbstractHeap::payloadImpl const): (JSC::DFG::AbstractHeap::encode): Canonical link: https://commits.webkit.org/284722@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ae4bc1: Ensure InitializeWebKit2 is called before allocati...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ae4bc135bbb4d8f8d5da23a31aeda69ec7d7552e https://github.com/WebKit/WebKit/commit/ae4bc135bbb4d8f8d5da23a31aeda69ec7d7552e Author: David Degazio Date: 2024-10-16 (Wed, 16 Oct 2024) Changed paths: M Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesFeatures.cpp.erb M Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesStoreDefaultsMap.cpp.erb Log Message: --- Ensure InitializeWebKit2 is called before allocating API::Features in WebPreferencesFeatures.cpp https://bugs.webkit.org/show_bug.cgi?id=281537 rdar://138003594 Reviewed by Mark Lam. Changes the way we initialize the WebPreferences feature list to ensure InitializeWebKit2() is called before constructing the API::Features, or the defaults map in the Preferences store, since these functions are potentially reachable before we do initialization elsewhere. * Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesFeatures.cpp.erb: * Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesStoreDefaultsMap.cpp.erb: Canonical link: https://commits.webkit.org/285293@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 511b82: [JSC] Ignore top byte in Integrity sanity checking...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 511b828afd0dc2c28bcd00a262e0f41cf80e48fe https://github.com/WebKit/WebKit/commit/511b828afd0dc2c28bcd00a262e0f41cf80e48fe Author: David Degazio Date: 2024-10-10 (Thu, 10 Oct 2024) Changed paths: M Source/JavaScriptCore/tools/Integrity.h Log Message: --- [JSC] Ignore top byte in Integrity sanity checking on ARM64 https://bugs.webkit.org/show_bug.cgi?id=281187 rdar://137641787 Reviewed by Keith Miller. Masks off top byte on ARM64 in Integrity::isSanePointer, since these bits are ignored architecturally, and we don't want to fail pointer audits if we use these bits for other things. * Source/JavaScriptCore/tools/Integrity.h: (JSC::Integrity::isSanePointer): Canonical link: https://commits.webkit.org/284975@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 168e01: Make ThreadTimerHeapItem compact-allocated
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 168e0150a520e2420997987e5d8b00237223e04e https://github.com/WebKit/WebKit/commit/168e0150a520e2420997987e5d8b00237223e04e Author: David Degazio Date: 2024-10-24 (Thu, 24 Oct 2024) Changed paths: M Source/WTF/wtf/CompactRefPtrTuple.h M Source/WTF/wtf/CompactUniquePtrTuple.h M Source/WebCore/platform/ThreadTimers.h M Source/WebCore/platform/Timer.cpp Log Message: --- Make ThreadTimerHeapItem compact-allocated https://bugs.webkit.org/show_bug.cgi?id=282006 rdar://138511333 Reviewed by Yijia Huang. Makes ThreadTimerHeapItem compact-allocated, and adds an allowCompactPointers() check to CompactRefPtrTuple and CompactUniquePtrTuple. * Source/WTF/wtf/CompactRefPtrTuple.h: * Source/WTF/wtf/CompactUniquePtrTuple.h: * Source/WebCore/platform/ThreadTimers.h: * Source/WebCore/platform/Timer.cpp: Canonical link: https://commits.webkit.org/285667@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 061d59: Revert 281143@main
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 061d5935034808807c6766afcc834f179fea3d6b https://github.com/WebKit/WebKit/commit/061d5935034808807c6766afcc834f179fea3d6b Author: David Degazio Date: 2024-11-01 (Fri, 01 Nov 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp Log Message: --- Revert 281143@main https://bugs.webkit.org/show_bug.cgi?id=282469 rdar://139012577 Reviewed by Keith Miller. Reverts 281143@main since it's been causing issues on some websites. * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::addConstant): (JSC::Wasm::OMGIRGenerator::addExtractLane): (JSC::Wasm::OMGIRGenerator::addReplaceLane): (JSC::Wasm::OMGIRGenerator::addSIMDI_V): (JSC::Wasm::OMGIRGenerator::addSIMDV_V): (JSC::Wasm::OMGIRGenerator::addSIMDBitwiseSelect): (JSC::Wasm::OMGIRGenerator::addSIMDRelOp): (JSC::Wasm::OMGIRGenerator::fixupOutOfBoundsIndicesForSwizzle): (JSC::Wasm::OMGIRGenerator::addSIMDV_VV): (JSC::Wasm::OMGIRGenerator::addSIMDRelaxedFMA): (JSC::Wasm::OMGIRGenerator::emitPrepareWasmOperation): (JSC::Wasm::OMGIRGenerator::callWasmOperation): (JSC::Wasm::OMGIRGenerator::get): (JSC::Wasm::OMGIRGenerator::set): (JSC::Wasm::OMGIRGenerator::fixupPointerPlusOffset): (JSC::Wasm::OMGIRGenerator::restoreWasmContextInstance): (JSC::Wasm::OMGIRGenerator::OMGIRGenerator): (JSC::Wasm::OMGIRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::OMGIRGenerator::reloadMemoryRegistersFromInstance): (JSC::Wasm::OMGIRGenerator::insertEntrySwitch): (JSC::Wasm::OMGIRGenerator::insertConstants): (JSC::Wasm::OMGIRGenerator::addLocal): (JSC::Wasm::OMGIRGenerator::addInlinedArguments): (JSC::Wasm::OMGIRGenerator::addArguments): (JSC::Wasm::OMGIRGenerator::addRefIsNull): (JSC::Wasm::OMGIRGenerator::addTableGet): (JSC::Wasm::OMGIRGenerator::addTableSet): (JSC::Wasm::OMGIRGenerator::addRefAsNonNull): (JSC::Wasm::OMGIRGenerator::addTableInit): (JSC::Wasm::OMGIRGenerator::addElemDrop): (JSC::Wasm::OMGIRGenerator::addTableSize): (JSC::Wasm::OMGIRGenerator::addTableGrow): (JSC::Wasm::OMGIRGenerator::addTableFill): (JSC::Wasm::OMGIRGenerator::addTableCopy): (JSC::Wasm::OMGIRGenerator::getLocal): (JSC::Wasm::OMGIRGenerator::addUnreachable): (JSC::Wasm::OMGIRGenerator::addCrash): (JSC::Wasm::OMGIRGenerator::emitIndirectCall): (JSC::Wasm::OMGIRGenerator::addCurrentMemory): (JSC::Wasm::OMGIRGenerator::addMemoryFill): (JSC::Wasm::OMGIRGenerator::addMemoryInit): (JSC::Wasm::OMGIRGenerator::addMemoryCopy): (JSC::Wasm::OMGIRGenerator::addDataDrop): (JSC::Wasm::OMGIRGenerator::setLocal): (JSC::Wasm::OMGIRGenerator::teeLocal): (JSC::Wasm::OMGIRGenerator::getGlobal): (JSC::Wasm::OMGIRGenerator::setGlobal): (JSC::Wasm::OMGIRGenerator::emitWriteBarrier): (JSC::Wasm::OMGIRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::OMGIRGenerator::emitLoadOp): (JSC::Wasm::OMGIRGenerator::load): (JSC::Wasm::OMGIRGenerator::emitStoreOp): (JSC::Wasm::OMGIRGenerator::store): (JSC::Wasm::OMGIRGenerator::sanitizeAtomicResult): (JSC::Wasm::OMGIRGenerator::fixupPointerPlusOffsetForAtomicOps): (JSC::Wasm::OMGIRGenerator::emitAtomicLoadOp): (JSC::Wasm::OMGIRGenerator::atomicLoad): (JSC::Wasm::OMGIRGenerator::emitAtomicStoreOp): (JSC::Wasm::OMGIRGenerator::atomicStore): (JSC::Wasm::OMGIRGenerator::emitAtomicBinaryRMWOp): (JSC::Wasm::OMGIRGenerator::atomicBinaryRMW): (JSC::Wasm::OMGIRGenerator::emitAtomicCompareExchange): (JSC::Wasm::OMGIRGenerator::emitStructSet): (JSC::Wasm::OMGIRGenerator::atomicCompareExchange): (JSC::Wasm::OMGIRGenerator::atomicWait): (JSC::Wasm::OMGIRGenerator::atomicNotify): (JSC::Wasm::OMGIRGenerator::atomicFence): (JSC::Wasm::OMGIRGenerator::truncSaturated): (JSC::Wasm::OMGIRGenerator::addRefI31): (JSC::Wasm::OMGIRGenerator::addI31GetS): (JSC::Wasm::OMGIRGenerator::addI31GetU): (JSC::Wasm::OMGIRGenerator::pushArrayNew): (JSC::Wasm::OMGIRGenerator::addArrayNew): (JSC::Wasm::OMGIRGenerator::pushArrayNewFromSegment): (JSC::Wasm::OMGIRGenerator::addArrayNewDefault): (JSC::Wasm::OMGIRGenerator::addArrayNewFixed): (JSC::Wasm::OMGIRGenerator::addArrayGet): (JSC::Wasm::OMGIRGenerator::emitArrayNullCheck): (JSC::Wasm::OMGIRGenerator::emitArraySetUnchecked): (JSC::Wasm::OMGIRGenerator::addArraySet): (JSC::Wasm::OMGIRGenerator::addArrayLen): (JSC::Wasm::OMGIRGenerator::addArrayFill): (JSC::Wasm::OMGIRGenerator::addArrayCopy): (JSC::Wasm::OMGIRGenerator::addArrayInitElem): (JSC::Wasm::OMGIRGenerator::addArrayInitData): (JSC::Wasm::OMGIRGenerator::addStructNew): (JSC::Wasm::OMGIRGenerator::addStructNewDefault): (JSC::Wasm::OMGIRGenerator::addStructGet): (JSC::Wasm::OMGIRGenerator::addStructSet): (JSC::Wasm::OMGIRGenerator::emitRefTestOrCast): (JSC::Wasm::OMGIRGenerator::emitCheckOrBranchForCast): (JSC::Wasm::OMGIRGenerator::emitLoadRTTFromFuncref): (JSC::Wasm::OMGIRGenerator::emitLoadRTTFromObject): (JSC::Wasm::OMGIRGenerator::emitNotRTTKind): (JSC::Wasm::OMGIRGenerator::addSelect): (JSC::Wasm::OMGIRGenerator::addSIMDSplat): (JSC:
[webkit-changes] [WebKit/WebKit] bcf1df: Unreviewed fix watchOS build after 286486@main
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bcf1df7bd5d16679d25f31a7b0d7ac43c0ce22b2 https://github.com/WebKit/WebKit/commit/bcf1df7bd5d16679d25f31a7b0d7ac43c0ce22b2 Author: David Degazio Date: 2024-11-12 (Tue, 12 Nov 2024) Changed paths: M Source/JavaScriptCore/runtime/ErrorInstance.h Log Message: --- Unreviewed fix watchOS build after 286486@main https://bugs.webkit.org/show_bug.cgi?id=283001 rdar://139735779 * Source/JavaScriptCore/runtime/ErrorInstance.h: (JSC::ErrorInstance::setStackOverflowError): (JSC::ErrorInstance::setOutOfMemoryError): Canonical link: https://commits.webkit.org/286493@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 45ccb5: Ensure WTF::initialize is called in WorkQueue::mai...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 45ccb551a4e879774bdfbd0204476fcd1ff0ea48 https://github.com/WebKit/WebKit/commit/45ccb551a4e879774bdfbd0204476fcd1ff0ea48 Author: David Degazio Date: 2024-11-13 (Wed, 13 Nov 2024) Changed paths: M Source/WTF/wtf/WorkQueue.cpp M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm Log Message: --- Ensure WTF::initialize is called in WorkQueue::main and XPCServiceEventHandler https://bugs.webkit.org/show_bug.cgi?id=283015 rdar://139753662 Reviewed by Yijia Huang. Adds calls to WTF::initialize to both WorkQueue (in the call_once where we allocate the WorkQueue) and the XPCServiceEventHandler (earlier in the block where we eventually WTF::initializeMainThread()) to ensure WTF is properly initialized before we use WTF types. * Source/WTF/wtf/WorkQueue.cpp: (WTF::WorkQueue::main): * Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm: (WebKit::XPCServiceEventHandler): Canonical link: https://commits.webkit.org/286545@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 92cfd5: WebCore::Color::OutOfLineComponents should be comp...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 92cfd59a16a33e7b5009bc85db31651fd6c00c96 https://github.com/WebKit/WebKit/commit/92cfd59a16a33e7b5009bc85db31651fd6c00c96 Author: David Degazio Date: 2024-11-13 (Wed, 13 Nov 2024) Changed paths: M Source/WebCore/platform/graphics/Color.h Log Message: --- WebCore::Color::OutOfLineComponents should be compact-allocated https://bugs.webkit.org/show_bug.cgi?id=283021 rdar://139756762 Reviewed by Yijia Huang. Adds a WTF_MAKE_FAST_COMPACT_ALLOCATED annotation to Color::OutOfLineComponents because pointers to it are encoded compressed in Color::m_colorAndFlags. * Source/WebCore/platform/graphics/Color.h: Canonical link: https://commits.webkit.org/286544@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 745857: NativeCallee and WasmCallee should be compact allo...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 74585738340bf57d985bd79f7e2bfa1dc0c37602 https://github.com/WebKit/WebKit/commit/74585738340bf57d985bd79f7e2bfa1dc0c37602 Author: David Degazio Date: 2024-09-24 (Tue, 24 Sep 2024) Changed paths: M Source/JavaScriptCore/runtime/NativeCallee.h M Source/JavaScriptCore/wasm/WasmCallee.cpp M Source/JavaScriptCore/wasm/WasmCallee.h Log Message: --- NativeCallee and WasmCallee should be compact allocated https://bugs.webkit.org/show_bug.cgi?id=280220 rdar://136533602 Reviewed by Yusuke Suzuki and Michael Saboff. Makes NativeCallee and all WASM Callees compact allocated, since we rely on storing their addresses in a compressed form. * Source/JavaScriptCore/runtime/NativeCallee.h: * Source/JavaScriptCore/wasm/WasmCallee.cpp: * Source/JavaScriptCore/wasm/WasmCallee.h: Canonical link: https://commits.webkit.org/284172@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5f38f0: Add more PAS_PROFILE invocations to libpas
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5f38f0401b71d26066fcc95dddb22924e7d8759d https://github.com/WebKit/WebKit/commit/5f38f0401b71d26066fcc95dddb22924e7d8759d Author: David Degazio Date: 2024-09-27 (Fri, 27 Sep 2024) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_get_allocation_size.h M Source/bmalloc/libpas/src/libpas/pas_get_heap.h M Source/bmalloc/libpas/src/libpas/pas_large_heap.c M Source/bmalloc/libpas/src/libpas/pas_large_sharing_pool.c M Source/bmalloc/libpas/src/libpas/pas_megapage_cache.c M Source/bmalloc/libpas/src/libpas/pas_page_base_config_utils.h M Source/bmalloc/libpas/src/libpas/pas_page_base_config_utils_inlines.h M Source/bmalloc/libpas/src/libpas/pas_try_reallocate.h Log Message: --- Add more PAS_PROFILE invocations to libpas https://bugs.webkit.org/show_bug.cgi?id=280297 rdar://136614456 Reviewed by Keith Miller. Adds more PAS_PROFILE macro invocations, providing hooks for profiling more parts of libpas. * Source/bmalloc/libpas/src/libpas/pas_get_allocation_size.h: (pas_get_allocation_size): * Source/bmalloc/libpas/src/libpas/pas_get_heap.h: (pas_get_heap): * Source/bmalloc/libpas/src/libpas/pas_large_heap.c: (pas_large_heap_try_deallocate): (pas_large_heap_try_shrink): * Source/bmalloc/libpas/src/libpas/pas_large_sharing_pool.c: (pas_large_sharing_pool_boot_free): (pas_large_sharing_pool_free): (pas_large_sharing_pool_allocate_and_commit): (pas_large_sharing_pool_compute_summary): * Source/bmalloc/libpas/src/libpas/pas_megapage_cache.c: (megapage_cache_allocate_aligned): * Source/bmalloc/libpas/src/libpas/pas_page_base_config_utils.h: * Source/bmalloc/libpas/src/libpas/pas_page_base_config_utils_inlines.h: * Source/bmalloc/libpas/src/libpas/pas_try_reallocate.h: (pas_try_reallocate): Canonical link: https://commits.webkit.org/284393@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2d71c4: Distinguish always/trivially compactible allocatio...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2d71c4b7c91e0c0bde284c99ada0ae797f2ed15c https://github.com/WebKit/WebKit/commit/2d71c4b7c91e0c0bde284c99ada0ae797f2ed15c Author: David Degazio Date: 2024-09-27 (Fri, 27 Sep 2024) Changed paths: M Source/bmalloc/bmalloc/CompactAllocationMode.h M Source/bmalloc/bmalloc/IsoHeap.cpp M Source/bmalloc/bmalloc/TZoneHeap.cpp M Source/bmalloc/libpas/src/libpas/jit_heap.c M Source/bmalloc/libpas/src/libpas/pas_allocation_mode.h M Source/bmalloc/libpas/src/libpas/pas_utility_heap.c Log Message: --- Distinguish always/trivially compactible allocations in libpas/bmalloc https://bugs.webkit.org/show_bug.cgi?id=280294 rdar://136616671 Reviewed by Keith Miller. Creates a new pas_always_compact_allocation_mode, used for allocations from memory spans that are known to be contiguous and specially managed and for which pointer compression is particularly simple. We adopt this mode for the libpas bootstrap heap and JIT reservation. * Source/bmalloc/bmalloc/CompactAllocationMode.h: (bmalloc::asPasAllocationMode): * Source/bmalloc/bmalloc/IsoHeap.cpp: (bmalloc::api::isoAllocateCompact): (bmalloc::api::isoTryAllocateCompact): * Source/bmalloc/bmalloc/TZoneHeap.cpp: (bmalloc::api::tzoneAllocateCompact): (bmalloc::api::tzoneTryAllocateCompact): * Source/bmalloc/libpas/src/libpas/jit_heap.c: (jit_heap_try_allocate): * Source/bmalloc/libpas/src/libpas/pas_allocation_mode.h: (pas_allocation_mode_get_string): * Source/bmalloc/libpas/src/libpas/pas_utility_heap.c: Canonical link: https://commits.webkit.org/284395@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] aab167: Cherry-pick 285316@main (d49fce1a2c4a). https://bu...
Branch: refs/heads/webkitglib/2.46 Home: https://github.com/WebKit/WebKit Commit: aab16753edfde49312203dac75a35ff6b5161dcb https://github.com/WebKit/WebKit/commit/aab16753edfde49312203dac75a35ff6b5161dcb Author: Pratiksha Choudhury Date: 2024-10-17 (Thu, 17 Oct 2024) Changed paths: A LayoutTests/fast/files/filereader-invalid-policy-container-expected.txt A LayoutTests/fast/files/filereader-invalid-policy-container.html M Source/WebCore/fileapi/FileReaderLoader.cpp Log Message: --- Cherry-pick 285316@main (d49fce1a2c4a). https://bugs.webkit.org/show_bug.cgi?id=281548 Nullptr crash in WebCore::SecurityContext::policyContainer https://bugs.webkit.org/show_bug.cgi?id=281548 rdar://137177434 Reviewed by Sihui Liu and Ryosuke Niwa. Added a nullptr check for contentSecurityPolicy() before fetching its policyContainer(). * LayoutTests/fast/files/filereader-invalid-policy-container-expected.txt: Added. * LayoutTests/fast/files/filereader-invalid-policy-container.html: Added. * Source/WebCore/fileapi/FileReaderLoader.cpp: (WebCore::FileReaderLoader::start): Canonical link: https://commits.webkit.org/285316@main Canonical link: https://commits.webkit.org/282416.219@webkitglib/2.46 Commit: 25474291fa688ee08798a50f86044bc48e1f76ec https://github.com/WebKit/WebKit/commit/25474291fa688ee08798a50f86044bc48e1f76ec Author: David Degazio Date: 2024-10-17 (Thu, 17 Oct 2024) Changed paths: M Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesFeatures.cpp.erb M Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesStoreDefaultsMap.cpp.erb Log Message: --- Cherry-pick 285293@main (ae4bc135bbb4). https://bugs.webkit.org/show_bug.cgi?id=281537 Ensure InitializeWebKit2 is called before allocating API::Features in WebPreferencesFeatures.cpp https://bugs.webkit.org/show_bug.cgi?id=281537 rdar://138003594 Reviewed by Mark Lam. Changes the way we initialize the WebPreferences feature list to ensure InitializeWebKit2() is called before constructing the API::Features, or the defaults map in the Preferences store, since these functions are potentially reachable before we do initialization elsewhere. * Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesFeatures.cpp.erb: * Source/WebKit/Scripts/PreferencesTemplates/WebPreferencesStoreDefaultsMap.cpp.erb: Canonical link: https://commits.webkit.org/285293@main Canonical link: https://commits.webkit.org/282416.220@webkitglib/2.46 Compare: https://github.com/WebKit/WebKit/compare/bb47a37d7f4f...25474291fa68 To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 113f84: Decompress the previous sibling and renderer point...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 113f84cbe25484e4cb4f167259c65e6200b651be https://github.com/WebKit/WebKit/commit/113f84cbe25484e4cb4f167259c65e6200b651be Author: David Degazio Date: 2024-11-19 (Tue, 19 Nov 2024) Changed paths: M Source/WebCore/cssjit/SelectorCompiler.cpp M Source/WebCore/dom/Node.cpp M Source/WebCore/dom/Node.h M Source/WebCore/dom/NodeRareData.cpp M Source/WebCore/domjit/JSNodeDOMJIT.cpp M Source/WebCore/rendering/RenderObject.cpp M Source/WebCore/rendering/RenderObject.h Log Message: --- Decompress the previous sibling and renderer pointers in WebCore::Node https://bugs.webkit.org/show_bug.cgi?id=281997 rdar://138409833 Reviewed by Ryosuke Niwa. Makes use of some currently unused padding bytes in WebCore::Node to decompress two CompactPointerTuple fields, simplifying access to these fields without increasing the memory footprint of Node itself. * Source/WebCore/cssjit/SelectorCompiler.cpp: (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacentElement): * Source/WebCore/dom/Node.cpp: (WebCore::Node::~Node): * Source/WebCore/dom/Node.h: (WebCore::Node::previousSibling const): (WebCore::Node::protectedPreviousSibling const): (WebCore::Node::previousSiblingMemoryOffset): (WebCore::Node::setPreviousSibling): (WebCore::Node::renderer const): (WebCore::Node::hasElementStateFlag const): (WebCore::Node::styleBitfields const): (WebCore::Node::setStyleBitfields): (WebCore::Node::setElementStateFlag const): (WebCore::Node::previousSiblingPointerMask): Deleted. * Source/WebCore/dom/NodeRareData.cpp: * Source/WebCore/domjit/JSNodeDOMJIT.cpp: (WebCore::compileNodePreviousSiblingAttribute): * Source/WebCore/rendering/RenderObject.cpp: * Source/WebCore/rendering/RenderObject.h: (WebCore::Node::setRenderer): Canonical link: https://commits.webkit.org/286827@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1bb13a: Add profiling hooks for page allocations in bmallo...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1bb13a609e06b2d825c11f8ba32ec8741e1c486f https://github.com/WebKit/WebKit/commit/1bb13a609e06b2d825c11f8ba32ec8741e1c486f Author: David Degazio Date: 2024-11-14 (Thu, 14 Nov 2024) Changed paths: M Source/bmalloc/bmalloc/AllocationCounts.h M Source/bmalloc/bmalloc/Gigacage.cpp M Source/bmalloc/bmalloc/VMAllocate.h M Source/bmalloc/libpas/src/libpas/pas_page_malloc.c Log Message: --- Add profiling hooks for page allocations in bmalloc and libpas https://bugs.webkit.org/show_bug.cgi?id=283027 rdar://136858445 Reviewed by Yusuke Suzuki. Adds allocation profiling hooks for bmalloc page allocation, mapping the gigacage, and makes the libpas page allocation aware of the intended VM tag. * Source/bmalloc/bmalloc/AllocationCounts.h: * Source/bmalloc/bmalloc/Gigacage.cpp: (Gigacage::ensureGigacage): * Source/bmalloc/bmalloc/VMAllocate.h: (bmalloc::tryVMAllocate): * Source/bmalloc/libpas/src/libpas/pas_page_malloc.c: (pas_page_malloc_try_map_pages): (pas_page_malloc_try_allocate_without_deallocating_padding): Canonical link: https://commits.webkit.org/286615@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 70d143: Check if allocation profiling is enabled during WT...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 70d143746f90849a770c671f41c6938d78c58dd4 https://github.com/WebKit/WebKit/commit/70d143746f90849a770c671f41c6938d78c58dd4 Author: David Degazio Date: 2024-11-14 (Thu, 14 Nov 2024) Changed paths: M Source/JavaScriptCore/runtime/Options.cpp M Source/WTF/wtf/WTFConfig.cpp Log Message: --- Check if allocation profiling is enabled during WTF config initialization https://bugs.webkit.org/show_bug.cgi?id=283010 rdar://139745080 Reviewed by Keith Miller. Moves the check for if JSC_allocationProfiling is enabled to WTF config Initialization, to be able to profile allocations that happen before JSC::initialize(). * Source/JavaScriptCore/runtime/Options.cpp: (JSC::Options::notifyOptionsChanged): * Source/WTF/wtf/WTFConfig.cpp: (WTF::Config::initialize): Canonical link: https://commits.webkit.org/286610@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a9abb7: [WASM] Default-initialized fields of WASM GC struc...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a9abb749d5dadc02aba2f0fea258da06d117 https://github.com/WebKit/WebKit/commit/a9abb749d5dadc02aba2f0fea258da06d117 Author: David Degazio Date: 2024-12-03 (Tue, 03 Dec 2024) Changed paths: A JSTests/wasm/stress/struct-new_default-small-members.js M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp Log Message: --- [WASM] Default-initialized fields of WASM GC struct should use Const32 if appropriate for storage type https://bugs.webkit.org/show_bug.cgi?id=283941 rdar://140773922 Reviewed by Yusuke Suzuki and Keith Miller. Generates a Const32Value in OMG instead of a Const64Value when zero-initializing fields in struct.new_default when the field storage types are 32-bit or smaller. This satisfies the B3 validator which expects an Int32 input for Stores of 32 bits or smaller. * JSTests/wasm/stress/struct-new_default-small-members.js: Added. * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: (JSC::Wasm::OMGIRGenerator::addStructNewDefault): * Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp: (JSC::Wasm::OMGIRGenerator::addStructNewDefault): Canonical link: https://commits.webkit.org/287295@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ab8312: Add hardened-process entitlement to JSC/WebKit pro...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ab83122584a039b94eec2a05d65fc379c2ada094 https://github.com/WebKit/WebKit/commit/ab83122584a039b94eec2a05d65fc379c2ada094 Author: David Degazio Date: 2025-01-06 (Mon, 06 Jan 2025) Changed paths: M Source/JavaScriptCore/Scripts/process-entitlements.sh M Source/WebKit/Scripts/process-entitlements.sh Log Message: --- Add hardened-process entitlement to JSC/WebKit processes on macOS https://bugs.webkit.org/show_bug.cgi?id=284995 rdar://141791063 Reviewed by Yijia Huang. Adds com.apple.developer.hardened-process entitlement to the JSC shell and WebKit processes on macOS. * Source/JavaScriptCore/Scripts/process-entitlements.sh: * Source/WebKit/Scripts/process-entitlements.sh: * Tools/DumpRenderTree/mac/Configurations/DumpRenderTree.entitlements: * Tools/MiniBrowser/MiniBrowser.entitlements: * Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements: Canonical link: https://commits.webkit.org/288473@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8175ee: Include pas_utils_additions.c into pas_utils.c whe...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8175ee187349b11e8e7d1dfce53700985f30957b https://github.com/WebKit/WebKit/commit/8175ee187349b11e8e7d1dfce53700985f30957b Author: David Degazio Date: 2025-01-31 (Fri, 31 Jan 2025) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_utils.c Log Message: --- Include pas_utils_additions.c into pas_utils.c when available https://bugs.webkit.org/show_bug.cgi?id=286770 rdar://143912942 Reviewed by Yusuke Suzuki. Adds an include to pas_utils_additions.c when available to pas_utils.c, akin to the existing header include in pas_utils.h. * Source/bmalloc/libpas/src/libpas/pas_utils.c: Canonical link: https://commits.webkit.org/289620@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5156f9: [WASM GC] Reference instructions should consume ar...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5156f93cff547f3c9a66684be4e0d5d65897f26d https://github.com/WebKit/WebKit/commit/5156f93cff547f3c9a66684be4e0d5d65897f26d Author: David Degazio Date: 2025-01-31 (Fri, 31 Jan 2025) Changed paths: A JSTests/wasm/stress/array-copy-with-constant-null.js M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT.h M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp M Source/JavaScriptCore/wasm/WasmFunctionParser.h M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp M Source/JavaScriptCore/wasm/WasmTypeDefinition.h Log Message: --- [WASM GC] Reference instructions should consume arguments even when operand is constant null https://bugs.webkit.org/show_bug.cgi?id=283889 rdar://140774231 Reviewed by Yusuke Suzuki. Fixes all instances where we have a WASM GC opcode that fails to call consume() on its arguments. Generally this previously happened in the case we detected one of the arguments was a JSNull constant. In order to limit the impact of failing to consume(), this patch also removes a case in BBQJIT::allocateWithHint that would blindly reuse the existing register binding for a value. This case seems to only have been reachable when calling allocate() on the result of a C call - a procedure that allocates a location for its result internally. I've replaced these redundant allocate() calls with loadIfNecessary() calls, although we pretty much always expect the value to already be in a register. Finally, this patch adds debug-only verification that every value we pop from the expression stack is consumed in BBQ. This required some minor changes to the implementations of some instructions to ensure we don't detect spurious errors. It was a big help in finding buggy cases when making this patch and should help defend against such bugs in the future. * JSTests/wasm/stress/array-copy-with-constant-null.js: Added. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addTableSet): (JSC::Wasm::BBQJITImpl::BBQJIT::addTableInit): (JSC::Wasm::BBQJITImpl::BBQJIT::addTableFill): (JSC::Wasm::BBQJITImpl::BBQJIT::addTableCopy): (JSC::Wasm::BBQJITImpl::BBQJIT::addMemoryFill): (JSC::Wasm::BBQJITImpl::BBQJIT::addMemoryCopy): (JSC::Wasm::BBQJITImpl::BBQJIT::addMemoryInit): (JSC::Wasm::BBQJITImpl::BBQJIT::atomicWait): (JSC::Wasm::BBQJITImpl::BBQJIT::atomicNotify): (JSC::Wasm::BBQJITImpl::BBQJIT::pushArrayNewFromSegment): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayCopy): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayInitElem): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayInitData): (JSC::Wasm::BBQJITImpl::BBQJIT::addAnyConvertExtern): (JSC::Wasm::BBQJITImpl::BBQJIT::addExternConvertAny): (JSC::Wasm::BBQJITImpl::BBQJIT::willParseOpcode): (JSC::Wasm::BBQJITImpl::BBQJIT::didPopValueFromStack): (JSC::Wasm::BBQJITImpl::BBQJIT::allocateWithHint): (JSC::Wasm::BBQJITImpl::BBQJIT::consume): * Source/JavaScriptCore/wasm/WasmBBQJIT.h: * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addTableGet): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewFixed): (JSC::Wasm::BBQJITImpl::BBQJIT::addArraySet): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayFill): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructSet): (JSC::Wasm::BBQJITImpl::BBQJIT::addRefCast): * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::addTableGet): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNew): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewFixed): (JSC::Wasm::BBQJITImpl::BBQJIT::addArraySet): (JSC::Wasm::BBQJITImpl::BBQJIT::addArrayFill): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew): (JSC::Wasm::BBQJITImpl::BBQJIT::addStructSet): (JSC::Wasm::BBQJITImpl::BBQJIT::addRefCast): (JSC::Wasm::BBQJITImpl::BBQJIT::addBranchNull): (JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: (JSC::Wasm::isCompareOpType): Originally-landed-as: 283286.567@safari-7620-branch (8964a07ea3fb). rdar://143593696 Canonical link: https://commits.webkit.org/289657@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] dff143: [WASM] Tail calls should consume expression stack ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dff14391ec0349aba5b843488112cc21b7b492cc https://github.com/WebKit/WebKit/commit/dff14391ec0349aba5b843488112cc21b7b492cc Author: David Degazio Date: 2025-01-31 (Fri, 31 Jan 2025) Changed paths: A JSTests/wasm/stress/tail-call-should-consume-stack-in-bbq.js M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp Log Message: --- [WASM] Tail calls should consume expression stack after call in BBQ https://bugs.webkit.org/show_bug.cgi?id=284159 rdar://141164805 Reviewed by Yusuke Suzuki. Adds a loop to consume expression stack elements after we generate a tail call (direct or indirect) in BBQ. This is consistent with our behavior in the return opcode, and prevents register bindings from persisting into the subsequent unreachable code. * JSTests/wasm/stress/tail-call-should-consume-stack-in-bbq.js: Added. * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: (JSC::Wasm::BBQJITImpl::BBQJIT::emitTailCall): (JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectTailCall): Originally-landed-as: 283286.575@safari-7620-branch (ca83d835b014). rdar://143593119 Canonical link: https://commits.webkit.org/289650@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6acd68: CSS CalculationValue should be compact-allocated
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6acd68c8bbe1e1535f79045af62655ed94ceb0c4 https://github.com/WebKit/WebKit/commit/6acd68c8bbe1e1535f79045af62655ed94ceb0c4 Author: David Degazio Date: 2024-12-11 (Wed, 11 Dec 2024) Changed paths: M Source/WebCore/platform/calc/CalculationValue.h Log Message: --- CSS CalculationValue should be compact-allocated https://bugs.webkit.org/show_bug.cgi?id=284409 rdar://141247331 Reviewed by Yusuke Suzuki. Adds a WTF_MAKE_FAST_COMPACT_ALLOCATED annotation to CalculationValue, since we make packed pointers to it in several different types. * Source/WebCore/platform/calc/CalculationValue.h: Canonical link: https://commits.webkit.org/287695@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5b5d40: Cherry-pick 282682@main (f95652711d7e). https://bu...
Branch: refs/heads/webkitglib/2.46 Home: https://github.com/WebKit/WebKit Commit: 5b5d40f02cec784b9e3f6008a37831e75750372d https://github.com/WebKit/WebKit/commit/5b5d40f02cec784b9e3f6008a37831e75750372d Author: David Degazio Date: 2024-12-11 (Wed, 11 Dec 2024) Changed paths: M JSTests/wasm/gc/linking.js M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp Log Message: --- Cherry-pick 282682@main (f95652711d7e). https://bugs.webkit.org/show_bug.cgi?id=278497 [WASM] Check subtyping in both directions for mutable globals and tables https://bugs.webkit.org/show_bug.cgi?id=278497 rdar://problem/134450707 Reviewed by Keith Miller and Yijia Huang. Replaces our existing typechecking for imported mutable globals and tables to check subtyping both ways. This ensures the type we import a global value or table as is not a supertype of the imported value's innate type - we don't want to be able to import a non-nullable (ref func) as a nullable (ref null func) and violate the original type by assigning it to a null value. * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): Canonical link: https://commits.webkit.org/282682@main Canonical link: https://commits.webkit.org/282416.356@webkitglib/2.46 To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 968212: Allocate megapages from different page provider th...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 968212ccdd07944a158b38d628827e06f2f1fa89 https://github.com/WebKit/WebKit/commit/968212ccdd07944a158b38d628827e06f2f1fa89 Author: David Degazio Date: 2024-12-18 (Wed, 18 Dec 2024) Changed paths: M LayoutTests/crypto/crypto-random-values-oom.html M LayoutTests/storage/indexeddb/IDBKey-create-array-buffer-view-oom.html M Source/bmalloc/CMakeLists.txt M Source/bmalloc/bmalloc.xcodeproj/project.pbxproj M Source/bmalloc/libpas/src/libpas/jit_heap_config.h M Source/bmalloc/libpas/src/libpas/pas_basic_heap_page_caches.h M Source/bmalloc/libpas/src/libpas/pas_bootstrap_free_heap.c M Source/bmalloc/libpas/src/libpas/pas_compact_heap_reservation.c M Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c M Source/bmalloc/libpas/src/libpas/pas_enumerable_page_malloc.c M Source/bmalloc/libpas/src/libpas/pas_enumerable_page_malloc.h M Source/bmalloc/libpas/src/libpas/pas_enumerator_region.c M Source/bmalloc/libpas/src/libpas/pas_heap.c M Source/bmalloc/libpas/src/libpas/pas_heap.h M Source/bmalloc/libpas/src/libpas/pas_heap_config_utils.c M Source/bmalloc/libpas/src/libpas/pas_heap_config_utils.h M Source/bmalloc/libpas/src/libpas/pas_heap_kind.h M Source/bmalloc/libpas/src/libpas/pas_large_heap.c M Source/bmalloc/libpas/src/libpas/pas_large_heap.h M Source/bmalloc/libpas/src/libpas/pas_large_heap_physical_page_sharing_cache.h M Source/bmalloc/libpas/src/libpas/pas_local_allocator.h M Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h M Source/bmalloc/libpas/src/libpas/pas_megapage_cache.h M Source/bmalloc/libpas/src/libpas/pas_page_base_config.h A Source/bmalloc/libpas/src/libpas/pas_page_config_size_category.h M Source/bmalloc/libpas/src/libpas/pas_page_malloc.c M Source/bmalloc/libpas/src/libpas/pas_page_malloc.h A Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_free_heap.c A Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_free_heap.h A Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_heap_page_provider.c A Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_heap_page_provider.h M Source/bmalloc/libpas/src/libpas/pas_try_allocate_intrinsic.h M Source/bmalloc/libpas/src/libpas/pas_utility_heap_config.h Log Message: --- Allocate megapages from different page provider than large allocations in libpas https://bugs.webkit.org/show_bug.cgi?id=284338 rdar://138070544 Reviewed by Yusuke Suzuki. This patch separates out the way megapages are allocated from other large allocations in libpas. First, we create a distinct bootstrap heap and page provider for small/medium allocations. Next, we create a new large free heap whose page provider is this new bootstrap heap. Next, for each pas_heap, we create a new megapage_large_heap alongside the existing large heap, a pas_large_heap backed by the new bootstrap heap. Finally, we change the way megapage caches are constructed, to use this new large heap as the allocator for megapages instead of self-hosting using the existing large heap. Altogether, this means megapages, and the small/medium objects within them, are no longer allocated out of the same page source as marge/large objects. This patch also adds some new fields to page configs and local allocators to make it clear whether a page or allocator belongs to a megapage or not. This patch also decreases the memory pressure in two OOM layout tests. These tests are relying too strongly on the absence of an OOM error in subsequent code, and with this patch perturbing the heap, it seems they consistently but spuriously crash with an OOM error. Removing some allocations in these tests reduces the chance we get an OOM after the critical section of the test is over, preventing spurious failures. * Source/bmalloc/CMakeLists.txt: * Source/bmalloc/bmalloc.xcodeproj/project.pbxproj: * Source/bmalloc/libpas/src/libpas/jit_heap_config.h: * Source/bmalloc/libpas/src/libpas/pas_basic_heap_page_caches.h: * Source/bmalloc/libpas/src/libpas/pas_bootstrap_free_heap.c: (bootstrap_source_allocate_aligned): * Source/bmalloc/libpas/src/libpas/pas_compact_heap_reservation.c: (pas_compact_heap_reservation_try_allocate): * Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c: (allocate_from_megapages): (pas_create_basic_heap_page_caches_with_reserved_memory): * Source/bmalloc/libpas/src/libpas/pas_enumerable_page_malloc.c: (pas_enumerable_page_malloc_try_allocate_without_deallocating_padding): * Source/bmalloc/libpas/src/libpas/pas_enumerable_page_malloc.h: * Source/bmalloc/libpas/src/libpas/pas_enumerator_region.c: (pas_enumerator_region_allocate): * Source/bmalloc/libpas/src/libpas/pas_heap.c: (pas_heap_create): * Source/bmalloc/libpas/src/libpas/pas_heap.h
[webkit-changes] [WebKit/WebKit] 31c9ad: Add additional initialization to WTFConfig when us...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 31c9ad6081b3a31a9e926d8ec20bf40b034dd56b https://github.com/WebKit/WebKit/commit/31c9ad6081b3a31a9e926d8ec20bf40b034dd56b Author: David Degazio Date: 2024-12-20 (Fri, 20 Dec 2024) Changed paths: M Source/WTF/wtf/WTFConfig.cpp Log Message: --- Add additional initialization to WTFConfig when using APPLE_INTERNAL_SDK https://bugs.webkit.org/show_bug.cgi?id=284988 rdar://141788100 Reviewed by Mark Lam. Adds an invocation of WTF_INITIALIZE_ADDITIONAL_CONFIG() into WTF config initialization for Apple-internal builds. * Source/WTF/wtf/WTFConfig.cpp: (WTF::Config::initialize): Canonical link: https://commits.webkit.org/288191@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] fc9b7e: Parse negation of the JSC_useAllocationProfiling e...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: fc9b7ed3bd00ef954dab8926783b057ace539c2f https://github.com/WebKit/WebKit/commit/fc9b7ed3bd00ef954dab8926783b057ace539c2f Author: David Degazio Date: 2025-01-09 (Thu, 09 Jan 2025) Changed paths: M Source/WTF/wtf/WTFConfig.cpp Log Message: --- Parse negation of the JSC_useAllocationProfiling environment variable https://bugs.webkit.org/show_bug.cgi?id=285711 rdar://142648614 Reviewed by Mark Lam. Adds parsing for negative values of the JSC_useAllocationProfiling environment variable to WTF::Config::initialize(). * Source/WTF/wtf/WTFConfig.cpp: (WTF::Config::initialize): Canonical link: https://commits.webkit.org/288679@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ff8e23: Move WTF initialization above common atom string i...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ff8e23ec6df0312feb10c3a2f00a57847040bad9 https://github.com/WebKit/WebKit/commit/ff8e23ec6df0312feb10c3a2f00a57847040bad9 Author: David Degazio Date: 2025-01-26 (Sun, 26 Jan 2025) Changed paths: M Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm Log Message: --- Move WTF initialization above common atom string initialization in InitializeWebKit2 https://bugs.webkit.org/show_bug.cgi?id=286513 rdar://14365 Reviewed by Mark Lam. Moves initialization functions when initializing WebKit 2 to ensure WTF is initialized before constructing common atom strings. * Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm: (WebKit::runInitializationCode): Canonical link: https://commits.webkit.org/289417@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6bed96: Revert use of separate megapage heap in libpas
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6bed96b90169acee3768919ebfe47fa3579067e4 https://github.com/WebKit/WebKit/commit/6bed96b90169acee3768919ebfe47fa3579067e4 Author: David Degazio Date: 2025-01-08 (Wed, 08 Jan 2025) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c Log Message: --- Revert use of separate megapage heap in libpas https://bugs.webkit.org/show_bug.cgi?id=285620 rdar://142561181 Reviewed by Yusuke Suzuki and Mark Lam. Reverts megapage allocations coming from a separate megapage large heap, allocating them out of the common large heap instead. Also adds a profiling macro to let us collect some info about how often this happens. * Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c: (allocate_from_megapages): Canonical link: https://commits.webkit.org/288613@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 13dae7: [JSC] Add com.apple.developer.hardened-process ent...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 13dae7def0db6ad2a8199d11a60b1d6a0e5f1804 https://github.com/WebKit/WebKit/commit/13dae7def0db6ad2a8199d11a60b1d6a0e5f1804 Author: David Degazio Date: 2025-02-26 (Wed, 26 Feb 2025) Changed paths: M Source/JavaScriptCore/Scripts/process-entitlements.sh Log Message: --- [JSC] Add com.apple.developer.hardened-process entitlement to JSC shell and testapi on all platforms https://bugs.webkit.org/show_bug.cgi?id=288514 rdar://145591218 Reviewed by Yijia Huang and Mark Lam. Adds the com.apple.developer.hardened-process entitlement to JSC shell on non-macOS (since previously it was macOS-only) and to the testapi binary on all platforms. * Source/JavaScriptCore/Scripts/process-entitlements.sh: Canonical link: https://commits.webkit.org/291141@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b6c35f: [JSC] Still optimize String.at, .charAt, .charCode...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b6c35f4cd18125c7d3acb54ace62b9d74a67a45c https://github.com/WebKit/WebKit/commit/b6c35f4cd18125c7d3acb54ace62b9d74a67a45c Author: David Degazio Date: 2025-02-27 (Thu, 27 Feb 2025) Changed paths: M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp Log Message: --- [JSC] Still optimize String.at, .charAt, .charCodeAt, and .codePointAt in DFG when called with no arguments https://bugs.webkit.org/show_bug.cgi?id=288657 rdar://145696925 Reviewed by Yijia Huang. Parses calls to String.at, .charAt, .charCodeAt, and .codePointAt with no arguments (not including this) into their respective intrinsics but with a constant zero index, since coercing an undefined argument into an integer as is done in these intrinsics always returns zero. Previously, we wouldn't optimize such calls, potentially limiting DFG/FTL performance on this weird but apparently not too uncommon pattern. * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleIntrinsicCall): Canonical link: https://commits.webkit.org/291263@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e1fce6: Profile the quantities of small v.s. medium megapa...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e1fce65a6b058fb79777e0e2f3bb448b93ae7a2e https://github.com/WebKit/WebKit/commit/e1fce65a6b058fb79777e0e2f3bb448b93ae7a2e Author: David Degazio Date: 2025-02-28 (Fri, 28 Feb 2025) Changed paths: M Source/bmalloc/libpas/src/libpas/pas_basic_heap_page_caches.h M Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c M Source/bmalloc/libpas/src/libpas/pas_megapage_cache.c M Source/bmalloc/libpas/src/libpas/pas_megapage_cache.h M Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_heap_page_provider.c Log Message: --- Profile the quantities of small v.s. medium megapage allocations in libpas https://bugs.webkit.org/show_bug.cgi?id=288532 rdar://144180799 Reviewed by Yusuke Suzuki. Adds PAS_PROFILE invocations to the paths where we allocate pages for small and medium megapages, and uses the cache provider_arg to pass whether the megapage is small or medium. * Source/bmalloc/libpas/src/libpas/pas_basic_heap_page_caches.h: * Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c: (allocate_from_megapages): (pas_create_basic_heap_page_caches_with_reserved_memory): * Source/bmalloc/libpas/src/libpas/pas_megapage_cache.c: (pas_megapage_cache_construct): * Source/bmalloc/libpas/src/libpas/pas_megapage_cache.h: * Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_heap_page_provider.c: (pas_small_medium_bootstrap_heap_page_provider): Canonical link: https://commits.webkit.org/291370@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b6667a: [JSC] emitEncodeStructureID should be a no-op when...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b6667ac3e18f1e2ce20c48e6e2cbbd3610ad8685 https://github.com/WebKit/WebKit/commit/b6667ac3e18f1e2ce20c48e6e2cbbd3610ad8685 Author: David Degazio Date: 2025-03-06 (Thu, 06 Mar 2025) Changed paths: M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h M Source/JavaScriptCore/jit/AssemblyHelpers.cpp Log Message: --- [JSC] emitEncodeStructureID should be a no-op when the structureIDMask is -1 https://bugs.webkit.org/show_bug.cgi?id=289114 rdar://146142200 Reviewed by Keith Miller. Modifies bitwise AND with immediate in the macro assembler to be a no-op when AND-ing with a -1 value. This removes an unnecessary instruction when compiling some structure ID operations on 64-bit platforms. * Source/JavaScriptCore/assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::and32): (JSC::MacroAssemblerARM64::and64): * Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::and32): * Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h: (JSC::MacroAssemblerRISCV64::and32): (JSC::MacroAssemblerRISCV64::and64): * Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h: (JSC::MacroAssemblerX86_64::and32): (JSC::MacroAssemblerX86_64::and64): * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::emitEncodeStructureID): Canonical link: https://commits.webkit.org/291713@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] eeecca: [JSC] Emit logical op children in condition contex...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: eeecca442eb0e974f22a45b07660754a42106275 https://github.com/WebKit/WebKit/commit/eeecca442eb0e974f22a45b07660754a42106275 Author: David Degazio Date: 2025-03-06 (Thu, 06 Mar 2025) Changed paths: M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp Log Message: --- [JSC] Emit logical op children in condition context when overall result is ignored https://bugs.webkit.org/show_bug.cgi?id=289134 rdar://146174665 Reviewed by Yusuke Suzuki and Geoffrey Garen. Emits logical op children in condition context, meaning we compile them down to conditional branches instead of getting their values, when the overall result of a logical operation is known to be ignored. This fixes an issue where we were unable to fuse conditions and branches in discarded logical operations because the result value was assumed to be accessible. Also changes SourceElements to ignore the results of child statements unless the completion value is observable. * Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp: (JSC::LogicalOpNode::emitBytecode): (JSC::SourceElements::emitBytecode): Canonical link: https://commits.webkit.org/291740@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 588321: [JSC] Allow direct load with offset from metadataT...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 588321aaad0462906bbadc73b0d9e633a89459f6 https://github.com/WebKit/WebKit/commit/588321aaad0462906bbadc73b0d9e633a89459f6 Author: David Degazio Date: 2025-03-07 (Fri, 07 Mar 2025) Changed paths: M Source/JavaScriptCore/jit/JIT.h M Source/JavaScriptCore/jit/JITInlines.h M Source/JavaScriptCore/jit/JITPropertyAccess.cpp Log Message: --- [JSC] Allow direct load with offset from metadataTableRegister in baseline JIT resolve_scope and get_from_scope https://bugs.webkit.org/show_bug.cgi?id=289289 rdar://146428148 Reviewed by Yusuke Suzuki. This patch adds a new common utility function computeGoodBaseAddressForMetadata to the baseline JIT compiler, which either materializes the base address of a bytecode instruction's metadata into a register, or attempts to offset from the metadata table register directly if it can be encoded efficiently on the current platform. This is used to remove some pointer arithmetic from the fast paths of resolve_scope and get_from_scope when we don't have huge amounts of metadata. Additionally, this patch refactors the implementation of put_to_scope to solve the opposite issue - currently that function uses loadXFromMetadata() for all of its metadata accesses, which at large offsets means we are redoing the pointer arithmetic for each access. Now it uses the same new helper function to compute the address just once. * Source/JavaScriptCore/jit/JIT.h: * Source/JavaScriptCore/jit/JITInlines.h: (JSC::JIT::computeGoodBaseAddressForMetadata): * Source/JavaScriptCore/jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_resolve_scope): (JSC::JIT::emitSlow_op_resolve_scope): (JSC::JIT::emit_op_get_from_scope): (JSC::JIT::emitSlow_op_get_from_scope): (JSC::JIT::emit_op_put_to_scope): Canonical link: https://commits.webkit.org/291812@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 40c330: [JSC] Use shuffle algorithm from BBQ for CCallHelp...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 40c330f75da3abf2cad6a49e51ec81e7adce87e9 https://github.com/WebKit/WebKit/commit/40c330f75da3abf2cad6a49e51ec81e7adce87e9 Author: David Degazio Date: 2025-03-07 (Fri, 07 Mar 2025) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/jit/CCallHelpers.h M Source/JavaScriptCore/wasm/WasmBBQJIT.h Log Message: --- [JSC] Use shuffle algorithm from BBQ for CCallHelpers::shuffleRegisters https://bugs.webkit.org/show_bug.cgi?id=289306 rdar://146442401 Reviewed by Yusuke Suzuki. Ports the shuffle algorithm used in the Wasm BBQ JIT to CCallHelpers::shuffleRegisters. This results in fewer redundant moves being generated, particularly due to the fact we are no longer using swaps to resolve dependent move cycles. Using this algorithm, we elide 17234 out of 160180 moves total resolving shuffles on JetStream 2, a 10.7% reduction, reducing code size and avoiding cheap but redundant work. * Source/JavaScriptCore/jit/CCallHelpers.h: (JSC::CCallHelpers::emitShuffleMove): (JSC::CCallHelpers::scratchRegisterByType): (JSC::CCallHelpers::scratchRegisterByType): (JSC::CCallHelpers::shuffleRegisters): * Source/JavaScriptCore/wasm/WasmBBQJIT.h: Canonical link: https://commits.webkit.org/291786@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
