Google Git
Sign in
webkit / WebKit / 9160999d4acfa4b3a9e290d9146b3879b6d5059c^! / .
commit9160999d4acfa4b3a9e290d9146b3879b6d5059c[log] [tgz]
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jun 23 07:45:56 2022 +0000
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jun 23 07:45:56 2022 +0000
tree2a624d97055ff56e75818744da73518772996e3e
parentdd8db5dd83842e89cd9f09a07d9275c2ab8ca55d [diff]
[JSC] Set up wasm stack |this| first
https://bugs.webkit.org/show_bug.cgi?id=241907
rdar://problem/94397072

Reviewed by Mark Lam.

We should set up the stack's |thisValue| first.

* Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::AirIRGenerator):

Canonical link: https://commits.webkit.org/251775@main


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@295770 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp b/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
index 5255b8d..3e155b0 100644
--- a/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
+++ b/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp

@@ -1014,14 +1014,20 @@
             bool needUnderflowCheck = static_cast<unsigned>(checkSize) > Options::reservedZoneSize();
             bool needsOverflowCheck = m_makesCalls || wasmFrameSize >= static_cast<int32_t>(minimumParentCheckSize) || needUnderflowCheck;
 
+            if ((needsOverflowCheck || m_usesInstanceValue) && Context::useFastTLS())
+                jit.loadWasmContextInstance(m_prologueWasmContextGPR);
+
+            // We need to setup JSWebAssemblyInstance in |this| slot first.
+            if (m_catchEntrypoints.size()) {
+                GPRReg scratch = wasmCallingConvention().prologueScratchGPRs[0];
+                jit.loadPtr(CCallHelpers::Address(m_prologueWasmContextGPR, Instance::offsetOfOwner()), scratch);
+                jit.store64(scratch, CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::thisArgument * sizeof(Register)));
+            }
+
             // This allows leaf functions to not do stack checks if their frame size is within
             // certain limits since their caller would have already done the check.
             if (needsOverflowCheck) {
                 GPRReg scratch = wasmCallingConvention().prologueScratchGPRs[0];
-
-                if (Context::useFastTLS())
-                    jit.loadWasmContextInstance(m_prologueWasmContextGPR);
-
                 jit.addPtr(CCallHelpers::TrustedImm32(-checkSize), GPRInfo::callFrameRegister, scratch);
                 MacroAssembler::JumpList overflow;
                 if (UNLIKELY(needUnderflowCheck))
@@ -1030,16 +1036,8 @@
                 jit.addLinkTask([overflow] (LinkBuffer& linkBuffer) {
                     linkBuffer.link(overflow, CodeLocationLabel<JITThunkPtrTag>(Thunks::singleton().stub(throwStackOverflowFromWasmThunkGenerator).code()));
                 });
-            } else if (m_usesInstanceValue && Context::useFastTLS()) {
-                // No overflow check is needed, but the instance values still needs to be correct.
-                jit.loadWasmContextInstance(m_prologueWasmContextGPR);
             }
 
-            if (m_catchEntrypoints.size()) {
-                GPRReg scratch = wasmCallingConvention().prologueScratchGPRs[0];
-                jit.loadPtr(CCallHelpers::Address(m_prologueWasmContextGPR, Instance::offsetOfOwner()), scratch);
-                jit.store64(scratch, CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::thisArgument * sizeof(Register)));
-            }
         }
     });