WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
219848
[WASM-References] Add support for memory.fill
https://bugs.webkit.org/show_bug.cgi?id=219848
Summary
[WASM-References] Add support for memory.fill
Dmitry
Reported
2020-12-14 02:54:40 PST
[WASM-References] Add support for memory.fill
Attachments
Patch
(60.01 KB, patch)
2020-12-14 02:58 PST
,
Dmitry
no flags
Details
Formatted Diff
Diff
Patch
(59.96 KB, patch)
2020-12-14 23:59 PST
,
Dmitry
no flags
Details
Formatted Diff
Diff
Patch
(60.00 KB, patch)
2020-12-15 03:34 PST
,
Dmitry
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Dmitry
Comment 1
2020-12-14 02:58:22 PST
Created
attachment 416145
[details]
Patch
EWS Watchlist
Comment 2
2020-12-14 02:58:58 PST
This patch modifies one of the wasm.json files. Please ensure that any changes in one have been mirrored to the other. You can find the wasm.json files at "Source/JavaScriptCore/wasm/wasm.json" and "JSTests/wasm/wasm.json".
Yusuke Suzuki
Comment 3
2020-12-14 17:20:28 PST
Comment on
attachment 416145
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=416145&action=review
Looks good. Some comments.
> Source/JavaScriptCore/ChangeLog:8 > + Added spec tests and unreachable tests for memory.fill.
Can you put this to JSTests/ChangeLog side?
> Source/JavaScriptCore/wasm/WasmMemory.cpp:624 > + auto locker = holdLock(m_handle->lock());
I don't think we need this locking. When size is updated, mprotect is already done (because mprotect has memory barrier). So, if `if (offset + count > m_handle->size())` pass, then we can just perform this without taking a lock. So, I think we can just remove `doMemoryFill` function, and merge it into `Memory::fill`.
> Source/JavaScriptCore/wasm/WasmMemory.cpp:633 > + if ((unsafeOffset < 0) || (unsafeCount < 0)) > + return false;
Is it correct? I'm looking into
https://webassembly.github.io/bulk-memory-operations/core/exec/instructions.html#exec-memory-fill
, but I cannot find the corresponding thing. Should we just handle unsafeOffset and unsafeCount as uint32_t instead?
> Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:387 > + int32_t dstAddress = READ(instruction.m_dstAddress).unboxedInt32(); > + int32_t targetValue = READ(instruction.m_targetValue).unboxedInt32(); > + int32_t count = READ(instruction.m_count).unboxedInt32();
If they should be handled as uint32, let's add unboxedUInt32 and use it (this is just `static_cast<uint32_t>(unboxedInt32())`).
> JSTests/ChangeLog:10 > + Add support for memory.fill from ref-types spec. > + memory.fill sets all bytes in a memory region to a given byte: > +
https://webassembly.github.io/reference-types/core/syntax/instructions.html#memory-instructions
.
Can you put this to JavaScriptCore/ChangeLog side?
Yusuke Suzuki
Comment 4
2020-12-14 17:21:57 PST
Comment on
attachment 416145
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=416145&action=review
>> Source/JavaScriptCore/wasm/WasmMemory.cpp:624 >> + auto locker = holdLock(m_handle->lock()); > > I don't think we need this locking. When size is updated, mprotect is already done (because mprotect has memory barrier). > So, if `if (offset + count > m_handle->size())` pass, then we can just perform this without taking a lock. > So, I think we can just remove `doMemoryFill` function, and merge it into `Memory::fill`.
Note that, if the memory mode is MemorySharingMode::Shared, underlying memory never gets replaced. mprotect will just extend it if memory grows.
Dmitry
Comment 5
2020-12-14 23:59:01 PST
Created
attachment 416226
[details]
Patch
Yusuke Suzuki
Comment 6
2020-12-15 01:54:46 PST
Comment on
attachment 416226
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=416226&action=review
r=me with comment.
> Source/JavaScriptCore/wasm/WasmOperations.cpp:641 > +JSC_DEFINE_JIT_OPERATION(operationWasmMemoryFill, bool, (Instance* instance, uint32_t dstAddress, int32_t targetValue, uint32_t count))
Change `int32_t targetValue` to `uint32_t`.
> Source/JavaScriptCore/wasm/WasmOperations.h:64 > +JSC_DECLARE_JIT_OPERATION(operationWasmMemoryFill, bool, (Instance*, uint32_t dstAddress, int32_t targetValue, uint32_t count));
Ditto.
Dmitry
Comment 7
2020-12-15 03:34:41 PST
Created
attachment 416233
[details]
Patch
EWS
Comment 8
2020-12-15 11:15:57 PST
Committed
r270855
: <
https://trac.webkit.org/changeset/270855
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 416233
[details]
.
Radar WebKit Bug Importer
Comment 9
2020-12-15 11:16:24 PST
<
rdar://problem/72349990
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug