Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bd4cba9aeaa54913c11630467ae56684210e217d
https://github.com/WebKit/WebKit/commit/bd4cba9aeaa54913c11630467ae56684210e217d
Author: Yusuke Suzuki <[email protected]>
Date: 2025-09-24 (Wed, 24 Sep 2025)
Changed paths:
M Source/JavaScriptCore/b3/B3AbstractHeapRepository.cpp
M Source/JavaScriptCore/b3/B3AbstractHeapRepository.h
M Source/JavaScriptCore/b3/B3HeapRange.h
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmGlobal.h
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
Log Message:
-----------
[JSC] Attach AbstractHeap to Loads / Stores in OMG
https://bugs.webkit.org/show_bug.cgi?id=299405
rdar://problem/161210525
Reviewed by Yijia Huang.
This patch is annotating Loads / Stores in OMG with B3::AbstractHeap.
This allows B3 to do CSE, which does load elimination and store
elimination based on these information.
Because WasmGC struct and array has various different offsets and size,
we modeled them with B3::NumberedAbstractHeap which does not directly
use the index as the actual load/store offset. This is a bit more
abstracted thing: we use field index and field type to distinguish the
access sites. For WasmGC Struct, we can further do strict type-based
alias analysis (TBAA) with WasmGC types. But for now, we are just doing
a naive approach as a starting point.
Some of missing enhancement we would like to do in the next changes are,
1. Modeling Wasm memory access with B3::AbstractHeap. Probably we need
to introduce B3::RangedAbtractHeap as Wasm memory access need to
represent ranges And put it under typedArrayProperties heap kind).
2. Unified clean interface with FTL and OMG for them. Right now, we are
intentionally doing much manual things in OMG since we need a bit
more extension later (1) and we are still in the process of exploring
how to unify these two interfaces with the enhancement.
3. B3 should remove `trap` flag for Load when leading memory access via
WasmStructGet / WasmArraySize succeeds. This implies that we should
eventually add WasmStructGet / WasmArraySize etc. higher concept, and
lowering it into Load / Store in the later phase in B3. But right
now, we are not doing it.
* Source/JavaScriptCore/b3/B3AbstractHeapRepository.cpp:
(JSC::B3::AbstractHeapRepository::computeRangesAndDecorateInstructions):
* Source/JavaScriptCore/b3/B3AbstractHeapRepository.h:
* Source/JavaScriptCore/b3/B3HeapRange.h:
* Source/JavaScriptCore/wasm/WasmFormat.h:
* Source/JavaScriptCore/wasm/WasmGlobal.h:
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::addCurrentMemory):
(JSC::Wasm::OMGIRGenerator::addMemoryFill):
(JSC::Wasm::OMGIRGenerator::addMemoryCopy):
(JSC::Wasm::OMGIRGenerator::getGlobal):
(JSC::Wasm::OMGIRGenerator::setGlobal):
(JSC::Wasm::OMGIRGenerator::emitWriteBarrier):
(JSC::Wasm::OMGIRGenerator::emitStructSet):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCArray):
(JSC::Wasm::OMGIRGenerator::emitGetArraySizeWithNullCheck):
(JSC::Wasm::OMGIRGenerator::addArrayGet):
(JSC::Wasm::OMGIRGenerator::emitArraySetUncheckedWithoutWriteBarrier):
(JSC::Wasm::OMGIRGenerator::emitArraySetUnchecked):
(JSC::Wasm::OMGIRGenerator::addArraySet):
(JSC::Wasm::OMGIRGenerator::addArrayLen):
(JSC::Wasm::OMGIRGenerator::addStructGet):
(JSC::Wasm::OMGIRGenerator::emitRefTestOrCast):
(JSC::Wasm::OMGIRGenerator::allocatorForWasmGCHeapCellSize):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCObject):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCArrayUninitialized):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCStructUninitialized):
(JSC::Wasm::OMGIRGenerator::mutatorFence):
(JSC::Wasm::OMGIRGenerator::emitLoadRTTFromObject):
(JSC::Wasm::OMGIRGenerator::emitDirectCall):
(JSC::Wasm::OMGIRGenerator::addCallIndirect):
(JSC::Wasm::OMGIRGenerator::addCallRef):
Canonical link: https://commits.webkit.org/300472@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
