caitp · caitp · Nov 18, 2021 · Dec 1, 2021 · Dec 1, 2021 · Dec 1, 2021
diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
@@ -1093,6 +1093,7 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
     runtime/JSPromiseConstructor.h
     runtime/JSPropertyNameEnumerator.h
     runtime/JSProxy.h
+    runtime/JSRemoteFunction.h
     runtime/JSRunLoopTimer.h
     runtime/JSScope.h
     runtime/JSScriptFetchParameters.h

diff --git a/Source/JavaScriptCore/Sources.txt b/Source/JavaScriptCore/Sources.txt
@@ -907,6 +907,7 @@ runtime/JSPromiseConstructor.cpp
 runtime/JSPromisePrototype.cpp
 runtime/JSPropertyNameEnumerator.cpp
 runtime/JSProxy.cpp
+runtime/JSRemoteFunction.cpp
 runtime/JSRunLoopTimer.cpp
 runtime/JSScope.cpp
 runtime/JSScriptFetcher.cpp

diff --git a/Source/JavaScriptCore/builtins/BuiltinNames.h b/Source/JavaScriptCore/builtins/BuiltinNames.h
@@ -188,6 +188,8 @@ namespace JSC {
     macro(outOfLineReactionCounts) \
     macro(emptyPropertyNameEnumerator) \
     macro(sentinelString) \
+    macro(createRemoteFunction) \
+    macro(isRemoteFunction) \
 
 
 namespace Symbols {

diff --git a/Source/JavaScriptCore/builtins/ShadowRealmPrototype.js b/Source/JavaScriptCore/builtins/ShadowRealmPrototype.js
@@ -32,28 +32,7 @@ function wrap(fromShadowRealm, shadowRealm, target)
     "use strict";
 
     if (@isCallable(target)) {
-        var wrapped = function(/* args... */) {
-            var length = arguments.length;
-            var wrappedArgs = @newArrayWithSize(length);
-            for (var index = 0; index < length; ++index)
-                // Note that for arguments, we flip `fromShadowRealm` since to
-                // wrap a function from realm A to work in realm B, we need to
-                // wrap the arguments (from realm B) to work in realm A before
-                // calling the wrapped function
-                @putByValDirect(wrappedArgs, index, @wrap(!fromShadowRealm, shadowRealm, arguments[index]));
-
-            var result = target.@apply(@undefined, wrappedArgs);
-            return @wrap(fromShadowRealm, shadowRealm, result);
-        };
-        delete wrapped['name'];
-        delete wrapped['length'];
-
-        // Because this function (wrap) will run with the incubating realm
-        // active, we only need to fix the prototype on `wrapped` if we are
-        // moving the function from the incubating realm to the shadow realm
-        if (!fromShadowRealm)
-            @moveFunctionToRealm(wrapped, shadowRealm);
-        return wrapped;
+        target = @createRemoteFunction(target, fromShadowRealm ? null : shadowRealm);
     } else if (@isObject(target)) {
         @throwTypeError("value passing between realms must be callable or primitive");
     }

diff --git a/Source/JavaScriptCore/bytecode/LinkTimeConstant.h b/Source/JavaScriptCore/bytecode/LinkTimeConstant.h
@@ -116,6 +116,8 @@ class JSGlobalObject;
     v(createPrivateSymbol, nullptr) \
     v(emptyPropertyNameEnumerator, nullptr) \
     v(sentinelString, nullptr) \
+    v(createRemoteFunction, nullptr) \
+    v(isRemoteFunction, nullptr) \
 
 
 #define DECLARE_LINK_TIME_CONSTANT(name, code) name,

diff --git a/Source/JavaScriptCore/jit/JITOperations.cpp b/Source/JavaScriptCore/jit/JITOperations.cpp
@@ -55,6 +55,7 @@
 #include "JSGlobalObjectFunctions.h"
 #include "JSInternalPromise.h"
 #include "JSLexicalEnvironment.h"
+#include "JSRemoteFunction.h"
 #include "JSWithScope.h"
 #include "LLIntEntrypoint.h"
 #include "ObjectConstructor.h"
@@ -115,6 +116,32 @@ JSC_DEFINE_JIT_OPERATION(operationThrowStackOverflowErrorFromThunk, void, (JSGlo
     ASSERT(vm.targetMachinePCForThrow);
 }
 
+JSC_DEFINE_JIT_OPERATION(operationGetWrappedValue, EncodedJSValue, (JSFunction* callee, EncodedJSValue encodedValue))
+{
+    ASSERT(isRemoteFunction(callee));
+    JSGlobalObject* globalObject = callee->globalObject();
+    VM& vm = globalObject->vm();
+
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+
+    JSGlobalObject* targetGlobalObject = jsCast<JSRemoteFunction*>(callee)->targetFunction()->globalObject();
+
+    JSValue value = JSValue::decode(encodedValue);
+    if (!value.isObject()) {
+        return encodedValue;
+    }
+
+    if (value.isCallable(vm)) {
+        JSFunction* targetCallee = static_cast<JSFunction*>(value.asCell());
+        return JSValue::encode(JSRemoteFunction::create(vm, targetGlobalObject, targetCallee));
+    }
+
+    auto scope = DECLARE_THROW_SCOPE(vm);
+    throwTypeError(targetGlobalObject, scope, "value passing between realms must be callable or primitive");
+    return encodedJSValue();
+}
+
 JSC_DEFINE_JIT_OPERATION(operationThrowIteratorResultIsNotObject, void, (JSGlobalObject* globalObject))
 {
     VM& vm = globalObject->vm();