From a98fdf70489a743d3ee98f91758e043ffee9f9ca Mon Sep 17 00:00:00 2001 From: Shu-yu Guo Date: Fri, 17 Apr 2026 16:10:11 -0500 Subject: [PATCH] Cherry-pick 7cda001308f2. https://bugs.webkit.org/show_bug.cgi?id=306638 [JSC] Fix !ENABLE(JIT) build https://bugs.webkit.org/show_bug.cgi?id=306638 rdar://169822205 Reviewed by NOBODY (OOPS!). * Source/JavaScriptCore/jit/ExecutableAllocator.h: (JSC::performJITMemcpy): * Source/JavaScriptCore/llint/InPlaceInterpreter.asm: * Source/JavaScriptCore/llint/LLIntData.cpp: (JSC::LLInt::initialize): * Source/JavaScriptCore/wasm/WasmCallee.cpp: * Source/WTF/wtf/PlatformEnable.h: --- .../JavaScriptCore/jit/ExecutableAllocator.h | 8 ++ .../llint/InPlaceInterpreter.asm | 8 +- Source/JavaScriptCore/llint/LLIntData.cpp | 81 +++++++++++++++---- Source/JavaScriptCore/wasm/WasmCallee.cpp | 18 ++++- Source/WTF/wtf/PlatformEnable.h | 2 +- 5 files changed, 93 insertions(+), 24 deletions(-) diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.h b/Source/JavaScriptCore/jit/ExecutableAllocator.h index 3e8efce28cfe..cb81579c8703 100644 --- a/Source/JavaScriptCore/jit/ExecutableAllocator.h +++ b/Source/JavaScriptCore/jit/ExecutableAllocator.h @@ -390,6 +390,14 @@ WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN WTF_ALLOW_UNSAFE_BUFFER_USAGE_END } +template +inline void* performJITMemcpy(void *dst, const void *src, size_t n) +{ +WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN + return memcpy(dst, src, n); +WTF_ALLOW_UNSAFE_BUFFER_USAGE_END +} + inline bool isJITPC(void*) { return false; } #endif // ENABLE(JIT) diff --git a/Source/JavaScriptCore/llint/InPlaceInterpreter.asm b/Source/JavaScriptCore/llint/InPlaceInterpreter.asm index 64db9cdb21df..dac1faa5260a 100644 --- a/Source/JavaScriptCore/llint/InPlaceInterpreter.asm +++ b/Source/JavaScriptCore/llint/InPlaceInterpreter.asm @@ -420,7 +420,7 @@ end # OSR macro ipintPrologueOSR(increment) -if JIT +if WEBASSEMBLY_BBQJIT loadp UnboxedWasmCalleeStackSlot[cfr], ws0 baddis increment, Wasm::IPIntCallee::m_tierUpCounter + Wasm::IPIntTierUpCounter::m_counter[ws0], .continue @@ -457,11 +457,11 @@ end if ARMv7 break # FIXME: ipint support. end # ARMv7 -end # JIT +end # WEBASSEMBLY_BBQJIT end macro ipintLoopOSR(increment) -if JIT and not ARMv7 +if WEBASSEMBLY_BBQJIT and not ARMv7 validateOpcodeConfig(ws0) loadp UnboxedWasmCalleeStackSlot[cfr], ws0 baddis increment, Wasm::IPIntCallee::m_tierUpCounter + Wasm::IPIntTierUpCounter::m_counter[ws0], .continue @@ -492,7 +492,7 @@ end end macro ipintEpilogueOSR(increment) -if JIT and not ARMv7 +if WEBASSEMBLY_BBQJIT and not ARMv7 loadp UnboxedWasmCalleeStackSlot[cfr], ws0 baddis increment, Wasm::IPIntCallee::m_tierUpCounter + Wasm::IPIntTierUpCounter::m_counter[ws0], .continue diff --git a/Source/JavaScriptCore/llint/LLIntData.cpp b/Source/JavaScriptCore/llint/LLIntData.cpp index 5d7c88f72571..2509dc4132f3 100644 --- a/Source/JavaScriptCore/llint/LLIntData.cpp +++ b/Source/JavaScriptCore/llint/LLIntData.cpp @@ -199,8 +199,28 @@ void initialize() #if CPU(ARM64E) #if ENABLE(JIT_CAGE) - if (Options::useJITCage()) + if (Options::useJITCage()) { g_jscConfig.llint.gateMap[static_cast(Gate::jitCagePtr)] = jitCagePtrThunk().code().taggedPtr(); +#if ENABLE(WEBASSEMBLY) + // JSPI JITCage gates + g_jscConfig.llint.gateMap[static_cast(Gate::jspiResignReturnPCs)] = jspiResignReturnPCsThunk().code().taggedPtr(); + g_jscConfig.llint.gateMap[static_cast(Gate::jspiExecuteSliceEntry)] = jspiExecuteSliceEntryThunk().code().taggedPtr(); + // jspiExitImplantedSlice is stored untagged because it's used as a return address + // (not as a jump target) and will be signed by JITCage with the stack pointer diversifier. + g_jscConfig.llint.gateMap[static_cast(Gate::jspiExitImplantedSlice)] = jspiExitImplantedSliceThunk().code().untaggedPtr(); +#endif // ENABLE(WEBASSEMBLY) + } +#endif + +#if ENABLE(JIT) +#define INITIALIZE_JS_GATE_JIT_PATH(name, tag) \ + if (Options::useJIT()) { \ + codeRef8.construct(createJSGateThunk(retagCodePtr(LLInt::getCodeFunctionPtr(name##_return_location)), tag, #name)); \ + codeRef16.construct(createJSGateThunk(retagCodePtr(LLInt::getWide16CodeFunctionPtr(name##_return_location)), tag, #name "_wide16")); \ + codeRef32.construct(createJSGateThunk(retagCodePtr(LLInt::getWide32CodeFunctionPtr(name##_return_location)), tag, #name "_wide32")); \ + } else +#else +#define INITIALIZE_JS_GATE_JIT_PATH(name, tag) #endif #define INITIALIZE_JS_GATE(name, tag) \ @@ -208,11 +228,7 @@ void initialize() static LazyNeverDestroyed> codeRef8; \ static LazyNeverDestroyed> codeRef16; \ static LazyNeverDestroyed> codeRef32; \ - if (Options::useJIT()) { \ - codeRef8.construct(createJSGateThunk(retagCodePtr(LLInt::getCodeFunctionPtr(name##_return_location)), tag, #name)); \ - codeRef16.construct(createJSGateThunk(retagCodePtr(LLInt::getWide16CodeFunctionPtr(name##_return_location)), tag, #name "_wide16")); \ - codeRef32.construct(createJSGateThunk(retagCodePtr(LLInt::getWide32CodeFunctionPtr(name##_return_location)), tag, #name "_wide32")); \ - } else { \ + INITIALIZE_JS_GATE_JIT_PATH(name, tag) { \ codeRef8.construct(LLInt::getCodeRef(js_trampoline_##name)); \ codeRef16.construct(LLInt::getWide16CodeRef(js_trampoline_##name)); \ codeRef32.construct(LLInt::getWide32CodeRef(js_trampoline_##name)); \ @@ -226,16 +242,23 @@ void initialize() #if ENABLE(WEBASSEMBLY) +#if ENABLE(JIT) +#define INITIALIZE_WASM_GATE_JIT_PATH(name, tag) \ + if (Options::useJIT()) { \ + codeRef8.construct(createWasmGateThunk(retagCodePtr(LLInt::getCodeFunctionPtr(name##_return_location)), tag, #name)); \ + codeRef16.construct(createWasmGateThunk(retagCodePtr(LLInt::getWide16CodeFunctionPtr(name##_return_location)), tag, #name "_wide16")); \ + codeRef32.construct(createWasmGateThunk(retagCodePtr(LLInt::getWide32CodeFunctionPtr(name##_return_location)), tag, #name "_wide32")); \ + } else +#else +#define INITIALIZE_WASM_GATE_JIT_PATH(name, tag) +#endif + #define INITIALIZE_WASM_GATE(name, tag) \ do { \ static LazyNeverDestroyed> codeRef8; \ static LazyNeverDestroyed> codeRef16; \ static LazyNeverDestroyed> codeRef32; \ - if (Options::useJIT()) { \ - codeRef8.construct(createWasmGateThunk(retagCodePtr(LLInt::getCodeFunctionPtr(name##_return_location)), tag, #name)); \ - codeRef16.construct(createWasmGateThunk(retagCodePtr(LLInt::getWide16CodeFunctionPtr(name##_return_location)), tag, #name "_wide16")); \ - codeRef32.construct(createWasmGateThunk(retagCodePtr(LLInt::getWide32CodeFunctionPtr(name##_return_location)), tag, #name "_wide32")); \ - } else { \ + INITIALIZE_WASM_GATE_JIT_PATH(name, tag) { \ codeRef8.construct(LLInt::getCodeRef(wasm_trampoline_##name)); \ codeRef16.construct(LLInt::getWide16CodeRef(wasm_trampoline_##name)); \ codeRef32.construct(LLInt::getWide32CodeRef(wasm_trampoline_##name)); \ @@ -253,10 +276,12 @@ void initialize() // This is key to entering the interpreter. { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) { auto gateCodeRef = createJSGateThunk(retagCodePtr(&vmEntryToJavaScriptGateAfter), JSEntryPtrTag, "vmEntryToJavaScript"); codeRef.construct(gateCodeRef.retagged()); } else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&vmEntryToJavaScriptTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::vmEntryToJavaScript)] = codeRef.get().code().taggedPtr(); } @@ -268,79 +293,103 @@ void initialize() { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(createTailCallGate(JSEntryPtrTag, true)); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&tailCallJSEntryTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::tailCallJSEntryPtrTag)]= codeRef.get().code().taggedPtr(); } { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(createTailCallGate(JSEntryPtrTag, true)); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&tailCallJSEntrySlowPathTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::tailCallJSEntrySlowPathPtrTag)] = codeRef.get().code().taggedPtr(); } { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(createTailCallGate(JSEntryPtrTag, false)); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&tailCallWithoutUntagJSEntryTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::tailCallWithoutUntagJSEntryPtrTag)]= codeRef.get().code().taggedPtr(); } { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(createWasmTailCallGate(WasmEntryPtrTag)); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&wasmTailCallTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::wasmTailCallWasmEntryPtrTag)]= codeRef.get().code().taggedPtr(); } { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(createWasmTailCallGate(WasmEntryPtrTag)); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&wasmTailCallTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::wasmIPIntTailCallWasmEntryPtrTag)]= codeRef.get().code().taggedPtr(); } { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(exceptionHandlerGateThunk()); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&exceptionHandlerTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::exceptionHandler)] = codeRef.get().code().taggedPtr(); } { static LazyNeverDestroyed> codeRef; +#if ENABLE(JIT) if (Options::useJIT()) codeRef.construct(returnFromLLIntGateThunk()); else +#endif codeRef.construct(MacroAssemblerCodeRef::createSelfManagedCodeRef(CodePtr::fromTaggedPtr(retagCodePtr(&returnFromLLIntTrampoline)))); g_jscConfig.llint.gateMap[static_cast(Gate::returnFromLLInt)] = codeRef.get().code().taggedPtr(); } +#if ENABLE(JIT) if (Options::useJIT()) { g_jscConfig.llint.gateMap[static_cast(Gate::loopOSREntry)] = loopOSREntryGateThunk().code().taggedPtr(); g_jscConfig.llint.gateMap[static_cast(Gate::entryOSREntry)] = entryOSREntryGateThunk().code().taggedPtr(); g_jscConfig.llint.gateMap[static_cast(Gate::wasmOSREntry)] = wasmOSREntryGateThunk().code().taggedPtr(); - } else { + } else +#endif + { g_jscConfig.llint.gateMap[static_cast(Gate::loopOSREntry)] = LLInt::getCodeRef(loop_osr_entry_gate).code().taggedPtr(); g_jscConfig.llint.gateMap[static_cast(Gate::entryOSREntry)] = nullptr; g_jscConfig.llint.gateMap[static_cast(Gate::wasmOSREntry)] = nullptr; } +#if ENABLE(JIT) +#define INITIALIZE_TAG_AND_UNTAG_THUNKS_JIT_PATH(name) \ + if (Options::useJIT()) { \ + tagCodeRef.construct(tagGateThunk(retagCodePtr(name##TagGateAfter))); \ + untagCodeRef.construct(untagGateThunk(retagCodePtr(name##UntagGateAfter))); \ + } else +#else +#define INITIALIZE_TAG_AND_UNTAG_THUNKS_JIT_PATH(name) +#endif + #define INITIALIZE_TAG_AND_UNTAG_THUNKS(name) \ do { \ static LazyNeverDestroyed> tagCodeRef; \ static LazyNeverDestroyed> untagCodeRef; \ - if (Options::useJIT()) { \ - tagCodeRef.construct(tagGateThunk(retagCodePtr(name##TagGateAfter))); \ - untagCodeRef.construct(untagGateThunk(retagCodePtr(name##UntagGateAfter))); \ - } else { \ + INITIALIZE_TAG_AND_UNTAG_THUNKS_JIT_PATH(name) { \ tagCodeRef.construct(LLInt::getCodeRef(js_trampoline_##name##_tag)); \ untagCodeRef.construct(LLInt::getCodeRef(js_trampoline_##name##_untag)); \ } \ diff --git a/Source/JavaScriptCore/wasm/WasmCallee.cpp b/Source/JavaScriptCore/wasm/WasmCallee.cpp index 94a845ab47e4..b689f00143ab 100644 --- a/Source/JavaScriptCore/wasm/WasmCallee.cpp +++ b/Source/JavaScriptCore/wasm/WasmCallee.cpp @@ -55,13 +55,25 @@ WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(Callee); WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(JITCallee); WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(JSToWasmCallee); WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(WasmToJSCallee); +WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(IPIntCallee); +WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(WasmBuiltinCallee); + +#if ENABLE(JIT) WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(JSToWasmICCallee); +#endif + +#if ENABLE(WEBASSEMBLY_BBQJIT) || ENABLE(WEBASSEMBLY_OMGJIT) WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(OptimizingJITCallee); +#endif + +#if ENABLE(WEBASSEMBLY_BBQJIT) +WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(BBQCallee); +#endif + +#if ENABLE(WEBASSEMBLY_OMGJIT) WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(OMGCallee); WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(OMGOSREntryCallee); -WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(BBQCallee); -WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(IPIntCallee); -WTF_MAKE_COMPACT_TZONE_ALLOCATED_IMPL(WasmBuiltinCallee); +#endif Callee::Callee(Wasm::CompilationMode compilationMode) : NativeCallee(NativeCallee::Category::Wasm, ImplementationVisibility::Private) diff --git a/Source/WTF/wtf/PlatformEnable.h b/Source/WTF/wtf/PlatformEnable.h index 9c20eb45de48..1561e5ecc85a 100644 --- a/Source/WTF/wtf/PlatformEnable.h +++ b/Source/WTF/wtf/PlatformEnable.h @@ -1006,7 +1006,7 @@ #define ENABLE_JIT_OPERATION_DISASSEMBLY 1 #endif -#if CPU(ARM64E) +#if CPU(ARM64E) && ENABLE(JIT) #define ENABLE_JIT_SIGN_ASSEMBLER_BUFFER 1 #endif -- 2.53.0