Commit 0241041e authored by Jakob Kummerow's avatar Jakob Kummerow Committed by Commit Bot

[wasm-gc] Fix slow path of "FromJS" conversion

Since WasmToJSWrappers are on-heap Code objects, they should use
the "kCallBuiltinPointer" mechanism to call builtins.
AFAICT this only affected the call_ref instruction.

Bug: v8:9495
Change-Id: I2d55e8f2504787a8a92410868ced8d5ce63a5376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846896Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74157}
parent 752c1239
...@@ -7636,7 +7636,7 @@ MaybeHandle<Code> CompileWasmToJSWrapper(Isolate* isolate, ...@@ -7636,7 +7636,7 @@ MaybeHandle<Code> CompileWasmToJSWrapper(Isolate* isolate,
MachineGraph* mcgraph = zone->New<MachineGraph>(graph, common, machine); MachineGraph* mcgraph = zone->New<MachineGraph>(graph, common, machine);
WasmWrapperGraphBuilder builder(zone.get(), mcgraph, sig, nullptr, nullptr, WasmWrapperGraphBuilder builder(zone.get(), mcgraph, sig, nullptr, nullptr,
nullptr, StubCallMode::kCallWasmRuntimeStub, nullptr, StubCallMode::kCallBuiltinPointer,
wasm::WasmFeatures::FromIsolate(isolate)); wasm::WasmFeatures::FromIsolate(isolate));
builder.BuildWasmToJSWrapper(kind, expected_arity); builder.BuildWasmToJSWrapper(kind, expected_arity);
......
...@@ -115,3 +115,20 @@ load("test/mjsunit/wasm/wasm-module-builder.js"); ...@@ -115,3 +115,20 @@ load("test/mjsunit/wasm/wasm-module-builder.js");
function(a) { return a * a; }), function(a) { return a * a; }),
10, 15)); 10, 15));
})(); })();
(function TestFromJSSlowPath() {
var builder = new WasmModuleBuilder();
var sig_index = builder.addType(kSig_i_i);
builder.addFunction("main", makeSig(
[wasmRefType(sig_index), kWasmI32], [kWasmI32]))
.addBody([kExprLocalGet, 1, kExprLocalGet, 0, kExprCallRef])
.exportFunc();
var instance = builder.instantiate({});
var fun = new WebAssembly.Function(
{ parameters: ['i32'], results: ['i32'] }, (a) => undefined);
// {undefined} is converted to 0.
assertEquals(0, instance.exports.main(fun, 1000));
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment