[JSC] Move aINT / mINT / uINT bytecode under RTT#64302
Merged
webkit-commit-queue merged 1 commit intoMay 7, 2026
Merged
Conversation
Constellation
added
the
JavaScriptCore
Collaborator
|
EWS run on previous version of this PR (hash e7847d6) Details
|
🧪 bindings
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
e7847d6 to
90b9efe
Compare
Collaborator
|
EWS run on previous version of this PR (hash 90b9efe) Details
|
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
90b9efe to
4566606
Compare
Collaborator
|
EWS run on previous version of this PR (hash 4566606) Details
|
Collaborator
macOS Safer C++ Build #100576 (4566606)❌ Found 1 failing file with 6 issues. Please address these issues before landing. See WebKit Guidelines for Safer C++ Programming. |
webkit-ews-buildbot
added
the
merging-blocked
Collaborator
iOS Safer C++ Build #18966 (4566606)❌ Found 1 failing file with 6 issues. Please address these issues before landing. See WebKit Guidelines for Safer C++ Programming. |
Constellation
removed
the
merging-blocked
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
4566606 to
aee4c24
Compare
Collaborator
|
EWS run on previous version of this PR (hash aee4c24) Details |
kmiller68
approved these changes
May 7, 2026
|
|
||
| // Function-kind only. Lazy-install under m_ipintBytecodeLock; buffer is | ||
| // immutable once published. | ||
| Ref<const IPIntSharedBytecode> ensureArgumINTBytecode(const CallInformation&) const; |
Contributor
There was a problem hiding this comment.
I don't think you use the results of these ensureXYZBytecode() functions anywhere. Could probably avoid a ref count churn.
Member
Author
There was a problem hiding this comment.
Sounds good. Changed.
Comment on lines
+1074
to
+1075
| if (auto buffer = m_argumINTBytecode) [[likely]] | ||
| return buffer.releaseNonNull(); |
Contributor
There was a problem hiding this comment.
Why not do the:
if (m_argumINTBytecode) [[likely]]
return;
Locker ...
if (m_argumINTBytecode)
return;
idiom?
Member
Author
There was a problem hiding this comment.
Sounds good. Changed.
| SUPPRESS_UNCOUNTED_LOCAL const auto& rtt = *call->signature.rtt; | ||
| rtt.ensureCallBytecode(); | ||
|
|
||
| auto* callee = IPINT_CALLEE(callFrame); |
Contributor
There was a problem hiding this comment.
All this code seems heavily duplicated after the rtt.ensureXYZBytecode() can we have a shared helper?
Member
Author
There was a problem hiding this comment.
Sounds good. Changed.
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
aee4c24 to
834d881
Compare
Collaborator
|
EWS run on previous version of this PR (hash 834d881) Details
|
webkit-ews-buildbot
added
the
merging-blocked
Constellation
removed
the
merging-blocked
webkit-ews-buildbot
added
the
merging-blocked
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
834d881 to
8811767
Compare
Collaborator
|
EWS run on previous version of this PR (hash 8811767) Details
|
Constellation
removed
the
merging-blocked
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
8811767 to
af5ffec
Compare
Collaborator
|
EWS run on previous version of this PR (hash af5ffec) Details
|
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
af5ffec to
da03041
Compare
Collaborator
|
EWS run on previous version of this PR (hash da03041) Details
|
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
da03041 to
3bc3af1
Compare
Collaborator
|
EWS run on previous version of this PR (hash 3bc3af1) Details
|
kmiller68
reviewed
May 7, 2026
Contributor
kmiller68
left a comment
kmiller68
left a comment
There was a problem hiding this comment.
Discussing offline, I think there's a bug here because there's no data dependency between the bytecode pointer and the other fields. Since the bytecode pointer controls publication it's possible for one of the other fields to get hoisted by a "reader" thread above the publication.
Member
Author
The latest version of the code fixed it by embedding that field into the bytecode :) |
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
3bc3af1 to
06c78ed
Compare
Collaborator
|
EWS run on previous version of this PR (hash 06c78ed) Details |
kmiller68
approved these changes
May 7, 2026
Contributor
There was a problem hiding this comment.
Why is this refcounted rather than unique_ptr?
Member
Author
There was a problem hiding this comment.
Originally trying to share even further between some RTTs, like func(array, array) and func(struct, struct), but just going to the simpler way for now. Changed it to unique-ptr.
Constellation
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
06c78ed to
bb3ff1d
Compare
Collaborator
|
EWS run on current version of this PR (hash bb3ff1d) Details |
Constellation
added
the
unsafe-merge-queue
https://bugs.webkit.org/show_bug.cgi?id=314133 rdar://176306252 Reviewed by Keith Miller. We move aINT / mINT / uINT bytecode to RTT since they are tied to the signature. This allows us to share them between calls with the same signature, and also this offers an ability to lazily generate it when mINT is actually used. 1. aINT / uINT are right now generated eagerly. This is similar to what we have right now. 2. mINT is generated when a particular callsite encounters RTT and there is no already registered bytecode. This becomes lazy generation, and not happening until the callsite is actually used. We save and restore MC in an unused slot before calls, which allows to switch MC to pointing at shared bytecode instead of IPInt metadata. We still have local bytecode which is used to initialize locals, but it should be improved subsequently. * Source/JavaScriptCore/llint/InPlaceInterpreter.asm: * Source/JavaScriptCore/llint/InPlaceInterpreter64.asm: * Source/JavaScriptCore/wasm/WasmCallee.cpp: (JSC::Wasm::IPIntCallee::IPIntCallee): * Source/JavaScriptCore/wasm/WasmCallee.h: * Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.cpp: (JSC::Wasm::FunctionIPIntMetadataGenerator::addReturnData): Deleted. * Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.h: * Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp: (JSC::Wasm::IPIntGenerator::getCurrentInstructionLength): (JSC::Wasm::IPIntGenerator::cachedCallInformationFor): (JSC::Wasm::IPIntGenerator::addArguments): (JSC::Wasm::IPIntGenerator::addLocal): (JSC::Wasm::IPIntGenerator::addTailCallCommonData): (JSC::Wasm::IPIntGenerator::addCall): (JSC::Wasm::IPIntGenerator::addCallIndirect): (JSC::Wasm::IPIntGenerator::addCallRef): (JSC::Wasm::IPIntGenerator::finalize): (JSC::Wasm::addCallArgumentBytecode): Deleted. (JSC::Wasm::addCallResultBytecode): Deleted. (JSC::Wasm::IPIntGenerator::addCallCommonData): Deleted. * Source/JavaScriptCore/wasm/WasmIPIntGenerator.h: * Source/JavaScriptCore/wasm/WasmIPIntPlan.cpp: (JSC::Wasm::IPIntPlan::compileFunction): * Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp: (JSC::IPInt::ensureCallBytecodeForKind): (JSC::IPInt::prepareCallImpl): (JSC::IPInt::prepareCallIndirectImpl): (JSC::IPInt::prepareCallRefImpl): (JSC::IPInt::WASM_IPINT_EXTERN_CPP_DECL): * Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.h: * Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp: (JSC::Wasm::RTT::ensureArgumINTBytecode const): (JSC::Wasm::RTT::ensureUINTBytecode const): (JSC::Wasm::buildCallArgumentBytecode): (JSC::Wasm::buildCallResultBytecode): (JSC::Wasm::RTT::ensureCallBytecode const): (JSC::Wasm::RTT::ensureTailCallBytecode const): * Source/JavaScriptCore/wasm/WasmTypeDefinition.h: Canonical link: https://commits.webkit.org/312841@main
webkit-commit-queue
force-pushed
the
eng/JSC-Move-aINT-mINT-uINT-bytecode-under-RTT
branch
from
bb3ff1d to
5accc20
Compare
Collaborator
|
Committed 312841@main (5accc20): https://commits.webkit.org/312841@main Reviewed commits have been landed. Closing PR #64302 and removing active labels. |
webkit-commit-queue
removed
the
unsafe-merge-queue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
5accc20
bb3ff1d
🛠 win🧪 win-tests🧪 ios-wk2-wpt🧪 api-mac-debug🧪 mac-intel-wk2