[webkit-changes] [WebKit/WebKit] b4dbe4: [JSC] Do not repatch callee in wasm

Thu, 21 Aug 2025 13:29:50 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b4dbe4dc925ab6735243b683d20fd94a8e6c5d9d
      
https://github.com/WebKit/WebKit/commit/b4dbe4dc925ab6735243b683d20fd94a8e6c5d9d
  Author: Yusuke Suzuki <ysuz...@apple.com>
  Date:   2025-08-21 (Thu, 21 Aug 2025)

  Changed paths:
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/jit/CCallHelpers.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
    M Source/JavaScriptCore/wasm/WasmBinding.cpp
    M Source/JavaScriptCore/wasm/WasmCalleeGroup.h
    M Source/JavaScriptCore/wasm/WasmFormat.h
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
    M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp
    M Source/JavaScriptCore/wasm/js/JSToWasm.cpp

  Log Message:
  -----------
  [JSC] Do not repatch callee in wasm
https://bugs.webkit.org/show_bug.cgi?id=297711
rdar://158826875

Reviewed by Keith Miller and Justin Michaud.

The purpose of repatching callee in the caller side is because
IPInt cannot get a callee without passing it from the caller. But
because we cannot atomically repatch the both callee and entrypoint,
they can be different (it means, callee can be IPIntCalle but entrypoint
can be BBQJIT / OMGJIT etc.). But this is fine since we designed so that
JIT callee always store its callee at the prologue of wasm code with
embedded Callee pointer in the JIT code.

This design change gets done when IPInt gets JITLess mode, and this
means that we no longer need to repatch the callee at the caller's
callsite. Always using IPIntCallee is fine. If the callee is IPInt, then
it can use it. If the callee is getting BBQ / OMG, then JIT code stores
the correct Callee in the prologue of the code.

Now IPIntCallee is guaranteed to be generated when BBQ and OMG code is
compiled. So let's just embed it directly and not repatching it later.
This simplifies our wasm tier-up repatching. Also it reduces the code
size since patchable move takes maximum size of sequence of
instructions. It also makes repatching simply atomic, which offers more
reliable repatched results.

* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/jit/CCallHelpers.h:
(JSC::CCallHelpers::storeWasmCalleeToCalleeCallFrame):
(JSC::CCallHelpers::storeWasmCalleeCallee):
(JSC::CCallHelpers::storeWasmCalleeCalleePatchable): Deleted.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitTailCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCallIndirect):
(JSC::Wasm::parseAndCompileBBQ):
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addCallRef):
* Source/JavaScriptCore/wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::work):
(JSC::Wasm::BBQPlan::compileFunction):
* Source/JavaScriptCore/wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* Source/JavaScriptCore/wasm/WasmCalleeGroup.h:
* Source/JavaScriptCore/wasm/WasmFormat.h:
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::emitIndirectCall):
(JSC::Wasm::OMGIRGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::OMGIRGenerator::emitIndirectCall):
(JSC::Wasm::OMGIRGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
* Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp:
(JSC::Wasm::OSREntryPlan::work):
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::FunctionSignature::jsToWasmICEntrypoint const):

Canonical link: https://commits.webkit.org/299026@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to