Unreviewed, rolling out r246322.
https://bugs.webkit.org/show_bug.cgi?id=198796
"It's a huge page load regression on iOS" (Requested by
saamyjoon on #webkit).
Reverted changeset:
"Roll out PAC cage"
https://bugs.webkit.org/show_bug.cgi?id=198726
https://trac.webkit.org/changeset/246322
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@246368 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/wasm/WasmBinding.cpp b/Source/JavaScriptCore/wasm/WasmBinding.cpp
index 9349717..fed45b1 100644
--- a/Source/JavaScriptCore/wasm/WasmBinding.cpp
+++ b/Source/JavaScriptCore/wasm/WasmBinding.cpp
@@ -46,7 +46,7 @@
const PinnedRegisterInfo& pinnedRegs = PinnedRegisterInfo::get();
JIT jit;
- GPRReg scratch = GPRInfo::nonPreservedNonArgumentGPR0;
+ GPRReg scratch = wasmCallingConventionAir().prologueScratch(0);
GPRReg baseMemory = pinnedRegs.baseMemoryPointer;
ASSERT(baseMemory != scratch);
ASSERT(pinnedRegs.sizeRegister != baseMemory);
@@ -66,8 +66,13 @@
// FIXME the following code assumes that all Wasm::Instance have the same pinned registers. https://bugs.webkit.org/show_bug.cgi?id=162952
// Set up the callee's baseMemory register as well as the memory size registers.
- jit.loadPtr(JIT::Address(baseMemory, Wasm::Instance::offsetOfCachedMemorySize()), pinnedRegs.sizeRegister); // Memory size.
- jit.loadPtr(JIT::Address(baseMemory, Wasm::Instance::offsetOfCachedMemory()), baseMemory); // Wasm::Memory::void*.
+ {
+ GPRReg scratchOrSize = isARM64E() ? pinnedRegs.sizeRegister : wasmCallingConventionAir().prologueScratch(1);
+
+ jit.loadPtr(JIT::Address(baseMemory, Wasm::Instance::offsetOfCachedMemorySize()), pinnedRegs.sizeRegister); // Memory size.
+ jit.loadPtr(JIT::Address(baseMemory, Wasm::Instance::offsetOfCachedMemory()), baseMemory); // Wasm::Memory::TaggedArrayStoragePtr<void> (void*).
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, scratchOrSize);
+ }
// Tail call into the callee WebAssembly function.
jit.loadPtr(scratch, scratch);
