Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b107f7698299c89d7e3a5c93a7c4f0337ce985f4
https://github.com/WebKit/WebKit/commit/b107f7698299c89d7e3a5c93a7c4f0337ce985f4
Author: Daniel Liu <[email protected]>
Date: 2025-11-18 (Tue, 18 Nov 2025)
Changed paths:
A JSTests/wasm/stress/ipint-bbq-osr-check-try-implicit-slot-overlap.js
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmOperations.cpp
Log Message:
-----------
BBQ stackmap should not write to try implicit slots
https://bugs.webkit.org/show_bug.cgi?id=298196
rdar://159610745
Reviewed by Yusuke Suzuki.
BBQ places the try block's implicit slot in the same Temp as the arguments. This
can lead to Debug assertions firing since it doesn't expect a real value at that
location. We should just not write to that slot when we parse the exception slot
reserved by IPInt's OSR.
* JSTests/wasm/stress/ipint-bbq-osr-check-try-implicit-slot-overlap.js: Added.
(instantiate):
(async let):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::ControlData::implicitSlots const):
(JSC::Wasm::BBQJITImpl::BBQJIT::makeStackMap):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
Originally-landed-as: 297297.400@safari-7622-branch (d3b258b586e6).
rdar://164277028
Canonical link: https://commits.webkit.org/303195@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
