301117 – Save SP in IPInt frames as a frame-relative value

RESOLVED FIXED301117

Save SP in IPInt frames as a frame-relative value

https://bugs.webkit.org/show_bug.cgi?id=301117

Summary Save SP in IPInt frames as a frame-relative value

Vassili Bykov

Reported 2025-10-20 13:11:32 PDT

Before a function call, IPInt stores the current SP in the 'this' argument slot of CallFrame so that it can be recovered after a series of tail calls. In JSPI, we need the ability to save frame data off the stack and later reinstall and execute the saved frames at a different stack address. Because the saved data includes absolute values of SP, we need to maintain a list of such locations and relocate them after installing the frames at a new address. This extra complexity can be avoided if we change IPInt to save SP in the call frame as an FP-relative value.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2025-10-20 13:11:38 PDT

<rdar://problem/163059656>

Vassili Bykov

Comment 2 2025-10-20 13:19:47 PDT

Pull request: https://github.com/WebKit/WebKit/pull/52673

EWS

Comment 3 2025-10-20 22:38:35 PDT

Committed 301855@main (463c854b2ffb): <https://commits.webkit.org/301855@main> Reviewed commits have been landed. Closing PR #52673 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Enhancement

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Vassili Bykov

Reported

2025-10-20 13:11 PDT

Modified

2025-10-20 22:38 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks