wasm.yaml/wasm/lowExecutableMemory/imports-oom.js.default-wasm is a f…

…laky failure

https://bugs.webkit.org/show_bug.cgi?id=244122
rdar://98882300

Reviewed by Justin Michaud.

Fixed two issues.
1) If we run out of memory when creating a LLIntPlan in the CalleeGroup constructor, we now error out.
2) If we run out of memory when compiling / linking the JS to Wasm IC callee, we error out instead of
   creating a JSToWasmICCallee that doesn't have and entrypoint.

Re-enabled exports-oom.js and imports-oom.js tests.

* JSTests/wasm/lowExecutableMemory/exports-oom.js:
* JSTests/wasm/lowExecutableMemory/imports-oom.js:
* Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp:
(JSC::Wasm::CalleeGroup::CalleeGroup):
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

Canonical link: https://commits.webkit.org/269682@main

JSTests/wasm/lowExecutableMemory/exports-oom.js

@@ -1,6 +1,5 @@
 // FIXME: Consider making jump islands work with Options::jitMemoryReservationSize
 // https://bugs.webkit.org/show_bug.cgi?id=209037
-//@ skip
 
 import * as assert from '../assert.js'
 import Builder from '../Builder.js'

JSTests/wasm/lowExecutableMemory/imports-oom.js

@@ -1,6 +1,5 @@
 // FIXME: Consider making jump islands work with Options::jitMemoryReservationSize
 // https://bugs.webkit.org/show_bug.cgi?id=209037
-//@ skip
 
 import * as assert from '../assert.js'
 import Builder from '../Builder.js'

Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp

@@ -76,6 +76,11 @@ CalleeGroup::CalleeGroup(VM& vm, MemoryMode mode, ModuleInformation& moduleInfor
     RefPtr<CalleeGroup> protectedThis = this;
     if (Options::useWasmLLInt()) {
         m_plan = adoptRef(*new LLIntPlan(vm, moduleInformation, m_llintCallees->data(), createSharedTask<Plan::CallbackType>([this, protectedThis = WTFMove(protectedThis)] (Plan&) {
+            if (!m_plan) {
+                m_errorMessage = makeString("Out of memory while creating LLInt CalleeGroup"_s);
+                setCompilationFinished();
+                return;
+            }
             Locker locker { m_lock };
             if (m_plan->failed()) {
                 m_errorMessage = m_plan->errorMessage();

Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

@@ -388,8 +388,8 @@ CodePtr<JSEntryPtrTag> WebAssemblyFunction::jsCallEntrypointSlow()
     // 1. We need to know where to get callee saves.
     // 2. We need to know to restore the previous wasm context.
     ASSERT(!m_jsToWasmICCallee);
-    m_jsToWasmICCallee = Wasm::JSToWasmICCallee::create();
-    jit.move(CCallHelpers::TrustedImmPtr(CalleeBits::boxNativeCallee(m_jsToWasmICCallee.get())), scratchJSR.payloadGPR());
+    RefPtr<Wasm::JSToWasmICCallee> jsToWasmICCallee = Wasm::JSToWasmICCallee::create();
+    jit.move(CCallHelpers::TrustedImmPtr(CalleeBits::boxNativeCallee(jsToWasmICCallee.get())), scratchJSR.payloadGPR());
     // We do not need to set up |this| in this IC since the caller of this IC itself already set up arguments and its |this| should be WebAssemblyFunction,
     // which anchors JSWebAssemblyInstance correctly from GC.
 #if USE(JSVALUE32_64)
@@ -433,7 +433,11 @@ CodePtr<JSEntryPtrTag> WebAssemblyFunction::jsCallEntrypointSlow()
 
     linkBuffer.link(jumpToHostCallThunk, CodeLocationLabel<JSEntryPtrTag>(executable()->entrypointFor(CodeForCall, MustCheckArity)));
     auto compilation = makeUnique<Compilation>(FINALIZE_WASM_CODE(linkBuffer, JITCompilationPtrTag, "JS->Wasm IC"), nullptr);
-    m_jsToWasmICCallee->setEntrypoint({ WTFMove(compilation), WTFMove(registersToSpill) });
+    jsToWasmICCallee->setEntrypoint({ WTFMove(compilation), WTFMove(registersToSpill) });
+
+    // Successfully compiled and linked the IC.
+    m_jsToWasmICCallee = jsToWasmICCallee;
+
     return m_jsToWasmICCallee->entrypoint().retagged<JSEntryPtrTag>();
 }
 #endif // ENABLE(JIT)