commit 502f496baad4cd63a6ee25e692849236cc0de00f
parent c88006d7cb01f48769e5861af65410d7e6896779
Author: Ben Visness <bvisness@mozilla.com>
Date: Tue, 25 Nov 2025 15:36:43 +0000
Bug 1949860: Move cast trap OOL in baseline. r=rhunt
It's actually very easy to emit the trap for a bad cast OOL, and since
it's guaranteed to be cold, it's worth doing.
Differential Revision: https://phabricator.services.mozilla.com/D273610
Diffstat:
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/js/src/wasm/WasmBaselineCompile.cpp b/js/src/wasm/WasmBaselineCompile.cpp
@@ -8974,12 +8974,17 @@ bool BaseCompiler::emitRefCast(bool nullable) {
RegRef ref = popRef();
- Label success;
+ OutOfLineCode* ool = addOutOfLineCode(
+ new (alloc_) OutOfLineAbortingTrap(Trap::BadCast, trapSiteDesc()));
+ if (!ool) {
+ return false;
+ }
+
BranchIfRefSubtypeRegisters regs =
allocRegistersForBranchIfRefSubtype(destType);
FaultingCodeOffset fco = masm.branchWasmRefIsSubtype(
- ref, MaybeRefType(sourceType), destType, &success,
- /*onSuccess=*/true, /*signalNullChecks=*/true, regs.superSTV,
+ ref, MaybeRefType(sourceType), destType, ool->entry(),
+ /*onSuccess=*/false, /*signalNullChecks=*/true, regs.superSTV,
regs.scratch1, regs.scratch2);
if (fco.isValid()) {
masm.append(wasm::Trap::BadCast, wasm::TrapMachineInsnForLoadWord(),
@@ -8987,8 +8992,6 @@ bool BaseCompiler::emitRefCast(bool nullable) {
}
freeRegistersForBranchIfRefSubtype(regs);
- trap(Trap::BadCast);
- masm.bind(&success);
pushRef(ref);
return true;
