wasm.yaml/wasm/lowExecutableMemory/imports-oom.js.default-wasm is a flaky failure

msaboff · msaboff · commit 551c2ebfb07a · 2023-10-23T16:53:38.000-07:00
https://bugs.webkit.org/show_bug.cgi?id=244122 rdar://98882300 Reviewed by Justin Michaud. Fixed two issues. 1) If we run out of memory when creating a LLIntPlan in the CalleeGroup constructor, we now error out. 2) If we run out of memory when compiling / linking the JS to Wasm IC callee, we error out instead of creating a JSToWasmICCallee that doesn't have and entrypoint. Re-enabled exports-oom.js and imports-oom.js tests. * JSTests/wasm/lowExecutableMemory/exports-oom.js: * JSTests/wasm/lowExecutableMemory/imports-oom.js: * Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp: (JSC::Wasm::CalleeGroup::CalleeGroup): * Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::jsCallEntrypointSlow): Canonical link: https://commits.webkit.org/269682@main
diff --git a/JSTests/wasm/lowExecutableMemory/exports-oom.js b/JSTests/wasm/lowExecutableMemory/exports-oom.js
@@ -1,6 +1,5 @@
 // FIXME: Consider making jump islands work with Options::jitMemoryReservationSize
 // https://bugs.webkit.org/show_bug.cgi?id=209037
-//@ skip
 
 import * as assert from '../assert.js'
 import Builder from '../Builder.js'
diff --git a/JSTests/wasm/lowExecutableMemory/imports-oom.js b/JSTests/wasm/lowExecutableMemory/imports-oom.js
@@ -1,6 +1,5 @@
 // FIXME: Consider making jump islands work with Options::jitMemoryReservationSize
 // https://bugs.webkit.org/show_bug.cgi?id=209037
-//@ skip
 
 import * as assert from '../assert.js'
 import Builder from '../Builder.js'
diff --git a/Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp b/Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp
@@ -76,6 +76,11 @@ CalleeGroup::CalleeGroup(VM& vm, MemoryMode mode, ModuleInformation& moduleInfor
     RefPtr<CalleeGroup> protectedThis = this;
     if (Options::useWasmLLInt()) {
         m_plan = adoptRef(*new LLIntPlan(vm, moduleInformation, m_llintCallees->data(), createSharedTask<Plan::CallbackType>([this, protectedThis = WTFMove(protectedThis)] (Plan&) {
+            if (!m_plan) {
+                m_errorMessage = makeString("Out of memory while creating LLInt CalleeGroup"_s);
+                setCompilationFinished();
+                return;
+            }
             Locker locker { m_lock };
             if (m_plan->failed()) {
                 m_errorMessage = m_plan->errorMessage();
diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
@@ -388,8 +388,8 @@ CodePtr<JSEntryPtrTag> WebAssemblyFunction::jsCallEntrypointSlow()
     // 1. We need to know where to get callee saves.
     // 2. We need to know to restore the previous wasm context.
     ASSERT(!m_jsToWasmICCallee);
-    m_jsToWasmICCallee = Wasm::JSToWasmICCallee::create();
-    jit.move(CCallHelpers::TrustedImmPtr(CalleeBits::boxNativeCallee(m_jsToWasmICCallee.get())), scratchJSR.payloadGPR());
+    RefPtr<Wasm::JSToWasmICCallee> jsToWasmICCallee = Wasm::JSToWasmICCallee::create();
+    jit.move(CCallHelpers::TrustedImmPtr(CalleeBits::boxNativeCallee(jsToWasmICCallee.get())), scratchJSR.payloadGPR());
     // We do not need to set up |this| in this IC since the caller of this IC itself already set up arguments and its |this| should be WebAssemblyFunction,
     // which anchors JSWebAssemblyInstance correctly from GC.
 #if USE(JSVALUE32_64)
@@ -433,7 +433,11 @@ CodePtr<JSEntryPtrTag> WebAssemblyFunction::jsCallEntrypointSlow()
 
     linkBuffer.link(jumpToHostCallThunk, CodeLocationLabel<JSEntryPtrTag>(executable()->entrypointFor(CodeForCall, MustCheckArity)));
     auto compilation = makeUnique<Compilation>(FINALIZE_WASM_CODE(linkBuffer, JITCompilationPtrTag, "JS->Wasm IC"), nullptr);
-    m_jsToWasmICCallee->setEntrypoint({ WTFMove(compilation), WTFMove(registersToSpill) });
+    jsToWasmICCallee->setEntrypoint({ WTFMove(compilation), WTFMove(registersToSpill) });
+
+    // Successfully compiled and linked the IC.
+    m_jsToWasmICCallee = jsToWasmICCallee;
+
     return m_jsToWasmICCallee->entrypoint().retagged<JSEntryPtrTag>();
 }
 #endif // ENABLE(JIT)
