[webkit-changes] [WebKit/WebKit] 308187: [JSC] Wasm exception table should not include a po...

Tue, 05 Nov 2024 21:25:16 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 308187e402fa21076d8e99620bd736d6824e7bc2
      
https://github.com/WebKit/WebKit/commit/308187e402fa21076d8e99620bd736d6824e7bc2
  Author: Yusuke Suzuki <ysuz...@apple.com>
  Date:   2024-11-05 (Tue, 05 Nov 2024)

  Changed paths:
    A JSTests/wasm/stress/try-table-control-ref.js
    M Source/JavaScriptCore/wasm/WasmBBQJIT.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmFunctionParser.h
    M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp

  Log Message:
  -----------
  [JSC] Wasm exception table should not include a pointer to ControlData
https://bugs.webkit.org/show_bug.cgi?id=282658
rdar://139087689

Reviewed by David Degazio.

Using a pointer to ControlData is wrong since it is in Vector. So when
Vector resizes, it becomes stale pointer. Let's use an index to the
ControlData so that we can safely access to that. This is also perfectly
fine since TryTable's targets are lexically nested ones.

* JSTests/wasm/stress/try-table-control-ref.js: Added.
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitCatchTableImpl):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitCatchTableImpl):
* Source/JavaScriptCore/wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser::resolveControlRef):
(JSC::Wasm::FunctionParser<Context>::parseExpression):
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addTryTable):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::emitCatchTableImpl):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::OMGIRGenerator::emitCatchTableImpl):

Canonical link: https://commits.webkit.org/286204@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to