Changeset 216173 in webkit for trunk/Source/JavaScriptCore/jit


Ignore:
Timestamp:
May 3, 2017, 10:50:01 PM (8 years ago)
Author:
[email protected]
Message:

How we build polymorphic cases is wrong when making a call from Wasm
https://bugs.webkit.org/show_bug.cgi?id=171527

Reviewed by JF Bastien.

Source/JavaScriptCore:

This patches fixes a bug when we emit a polymorphic call IC from
Wasm. We were incorrectly assuming that if we made a call *from wasm*,
then the thing we are *calling to* does not have a CodeBlock. This
is obviously wrong. This patch fixes the incorrect assumption.

This patch also does two more things:

  1. Add a new option that makes us make calls to JS using a

slow path instead of using a call IC.

  1. Fixes a potential GC bug where we didn't populate JSWebAssemblyCodeBlock's

JSWebAssemblyModule pointer.

  • jit/Repatch.cpp:

(JSC::linkPolymorphicCall):

  • runtime/Options.h:
  • wasm/WasmBinding.cpp:

(JSC::Wasm::wasmToJs):

  • wasm/js/JSWebAssemblyCodeBlock.cpp:

(JSC::JSWebAssemblyCodeBlock::create):
(JSC::JSWebAssemblyCodeBlock::finishCreation):

  • wasm/js/JSWebAssemblyCodeBlock.h:
  • wasm/js/JSWebAssemblyInstance.cpp:

(JSC::JSWebAssemblyInstance::finalizeCreation):

Tools:

  • Scripts/run-jsc-stress-tests:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/Repatch.cpp

    r214905 r216173  
    763763    for (CallVariant variant : list) {
    764764        CodeBlock* codeBlock;
    765         if (isWebAssembly || variant.executable()->isHostFunction())
     765        if (variant.executable()->isHostFunction())
    766766            codeBlock = nullptr;
    767767        else {
Note: See TracChangeset for help on using the changeset viewer.