WebKit
diff --git a/‎JSTests/wasm.yaml‎
Lines changed: 2 additions & 0 deletions b/‎JSTests/wasm.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎JSTests/wasm/function-references-spec-tests/ref_as_non_null.wast.js‎
Lines changed: 20 additions & 0 deletions b/‎JSTests/wasm/function-references-spec-tests/ref_as_non_null.wast.js‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎JSTests/wasm/function-references/ref_as_non_null.js‎
Lines changed: 45 additions & 0 deletions b/‎JSTests/wasm/function-references/ref_as_non_null.js‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎JSTests/wasm/wasm.json‎
Lines changed: 1 addition & 0 deletions b/‎JSTests/wasm/wasm.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Source/JavaScriptCore/bytecode/BytecodeList.rb‎
Lines changed: 6 additions & 0 deletions b/‎Source/JavaScriptCore/bytecode/BytecodeList.rb‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎Source/JavaScriptCore/llint/WebAssembly32_64.asm‎
Lines changed: 9 additions & 0 deletions b/‎Source/JavaScriptCore/llint/WebAssembly32_64.asm‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎Source/JavaScriptCore/llint/WebAssembly64.asm‎
Lines changed: 9 additions & 0 deletions b/‎Source/JavaScriptCore/llint/WebAssembly64.asm‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h‎
Lines changed: 10 additions & 0 deletions b/‎Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp‎
Lines changed: 14 additions & 0 deletions b/‎Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎Source/JavaScriptCore/wasm/WasmExceptionType.h‎
Lines changed: 3 additions & 1 deletion b/‎Source/JavaScriptCore/wasm/WasmExceptionType.h‎
Lines changed: 3 additions & 1 deletion
@@ -65,6 +65,8 @@
 
 - path: wasm/function-references-spec-tests/call_ref.wast.js
   cmd: runWebAssemblyFunctionReferenceSpecTest :normal
+- path: wasm/function-references-spec-tests/ref_as_non_null.wast.js
+  cmd: runWebAssemblyFunctionReferenceSpecTest :normal
 - path: wasm/function-references-spec-tests/ref_null.wast.js
   cmd: runWebAssemblyFunctionReferenceSpecTest :normal
 - path: wasm/function-references-spec-tests/call-null-ref.wast.js
 
@@ -0,0 +1,20 @@
+// ref_as_non_null.wast:1
+let $1 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x91\x80\x80\x80\x00\x03\x60\x00\x01\x7f\x60\x01\x6b\x00\x01\x7f\x60\x01\x6c\x00\x01\x7f\x03\x88\x80\x80\x80\x00\x07\x01\x02\x00\x00\x00\x00\x00\x07\xbc\x80\x80\x80\x00\x04\x0d\x6e\x75\x6c\x6c\x61\x62\x6c\x65\x2d\x6e\x75\x6c\x6c\x00\x03\x0d\x6e\x6f\x6e\x6e\x75\x6c\x6c\x61\x62\x6c\x65\x2d\x66\x00\x04\x0a\x6e\x75\x6c\x6c\x61\x62\x6c\x65\x2d\x66\x00\x05\x0b\x75\x6e\x72\x65\x61\x63\x68\x61\x62\x6c\x65\x00\x06\x09\x85\x80\x80\x80\x00\x01\x01\x00\x01\x02\x0a\xce\x80\x80\x80\x00\x07\x87\x80\x80\x80\x00\x00\x20\x00\xd3\x14\x00\x0b\x87\x80\x80\x80\x00\x00\x20\x00\xd3\x14\x00\x0b\x84\x80\x80\x80\x00\x00\x41\x07\x0b\x86\x80\x80\x80\x00\x00\xd0\x00\x10\x01\x0b\x86\x80\x80\x80\x00\x00\xd2\x02\x10\x00\x0b\x86\x80\x80\x80\x00\x00\xd2\x02\x10\x01\x0b\x86\x80\x80\x80\x00\x00\x00\xd3\x10\x00\x0b");
+
+// ref_as_non_null.wast:25
+assert_trap(() => call($1, "unreachable", []));
+
+// ref_as_non_null.wast:27
+assert_trap(() => call($1, "nullable-null", []));
+
+// ref_as_non_null.wast:28
+assert_return(() => call($1, "nonnullable-f", []), 7);
+
+// ref_as_non_null.wast:29
+assert_return(() => call($1, "nullable-f", []), 7);
+
+// ref_as_non_null.wast:31
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x8d\x80\x80\x80\x00\x03\x60\x00\x01\x7f\x60\x01\x6b\x00\x00\x60\x00\x00\x03\x83\x80\x80\x80\x00\x02\x01\x02\x0a\x97\x80\x80\x80\x00\x02\x86\x80\x80\x80\x00\x00\x20\x00\xd3\x1a\x0b\x86\x80\x80\x80\x00\x00\xd0\x00\x10\x00\x0b");
+
+// ref_as_non_null.wast:41
+let $2 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x93\x80\x80\x80\x00\x04\x60\x00\x00\x60\x01\x6b\x00\x00\x60\x01\x6b\x70\x00\x60\x01\x6b\x6f\x00\x03\x84\x80\x80\x80\x00\x03\x01\x02\x03\x0a\xa2\x80\x80\x80\x00\x03\x86\x80\x80\x80\x00\x00\x20\x00\xd3\x1a\x0b\x86\x80\x80\x80\x00\x00\x20\x00\xd3\x1a\x0b\x86\x80\x80\x80\x00\x00\x20\x00\xd3\x1a\x0b");
@@ -0,0 +1,45 @@
+//@ runWebAssemblySuite("--useWebAssemblyTypedFunctionReferences=true")
+import * as assert from '../assert.js';
+import { instantiate } from "../wabt-wrapper.js";
+
+function module(bytes, valid = true) {
+  let buffer = new ArrayBuffer(bytes.length);
+  let view = new Uint8Array(buffer);
+  for (let i = 0; i < bytes.length; ++i) {
+    view[i] = bytes.charCodeAt(i);
+  }
+  return new WebAssembly.Module(buffer);
+}
+
+async function ref_as_non_null() {
+  /*
+  (module
+    (type $t (func))
+    (elem declare funcref (ref.func $foo))
+    (func $foo)
+    (func $f (result (ref null $t)) (ref.func $foo))
+    (func (export "main") (result (ref $t))
+      (ref.as_non_null (call $f)))
+  )
+  */
+  let instance = new WebAssembly.Instance(module("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x8e\x80\x80\x80\x00\x03\x60\x00\x00\x60\x00\x01\x6c\x00\x60\x00\x01\x6b\x00\x03\x84\x80\x80\x80\x00\x03\x00\x01\x02\x07\x88\x80\x80\x80\x00\x01\x04\x6d\x61\x69\x6e\x00\x02\x09\x87\x80\x80\x80\x00\x01\x07\x70\x01\xd2\x00\x0b\x0a\x9b\x80\x80\x80\x00\x03\x82\x80\x80\x80\x00\x00\x0b\x84\x80\x80\x80\x00\x00\xd2\x00\x0b\x85\x80\x80\x80\x00\x00\x10\x01\xd3\x0b"));
+  instance.exports.main();
+
+  /*
+  (module
     (type $t (func))
+    (elem declare funcref (ref.func $foo))
+    (func $foo)
+    (func $f (result (ref null $t)) (ref.null $t))
+    (func (export "main") (result (ref $t))
+      (ref.as_non_null (call $f)))
+  )
+  */
+  assert.throws(
+    () => new WebAssembly.Instance(module("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x8e\x80\x80\x80\x00\x03\x60\x00\x00\x60\x00\x01\x6c\x00\x60\x00\x01\x6b\x00\x03\x84\x80\x80\x80\x00\x03\x00\x01\x02\x07\x88\x80\x80\x80\x00\x01\x04\x6d\x61\x69\x6e\x00\x02\x09\x87\x80\x80\x80\x00\x01\x07\x70\x01\xd2\x00\x0b\x0a\x9b\x80\x80\x80\x00\x03\x82\x80\x80\x80\x00\x00\x0b\x84\x80\x80\x80\x00\x00\xd0\x00\x0b\x85\x80\x80\x80\x00\x00\x10\x01\xd3\x0b")).exports.main(),
+    WebAssembly.RuntimeError,
+    "ref.as_non_null to a null reference (evaluating 'func(...args)')"
+  )
+}
+
+assert.asyncTest(ref_as_non_null());
@@ -88,6 +88,7 @@
         "ref.null":            { "category": "special",    "value": 208, "return": ["externref", "funcref"],         "parameter": [],                             "immediate": [{"name": "reftype",        "type": "ref_type"}],                                              "description": "a constant null reference" },
         "ref.is_null":         { "category": "special",    "value": 209, "return": ["i32"],                          "parameter": ["externref"],                  "immediate": [],                                                                                            "description": "determine if a reference is null" },
         "ref.func":            { "category": "special",    "value": 210, "return": ["funcref"],                      "parameter": [],                             "immediate": [{"name": "function_index", "type": "varuint32"}],                                             "description": "return a reference to the function at the given index" },
+        "ref.as_non_null":     { "category": "special",    "value": 211, "return": ["any"],                          "parameter": ["any"],                        "immediate": [],                                                                                            "description": "return the reference with non-null type or trap if null" },
         "get_local":           { "category": "special",    "value":  32, "return": ["any"],                          "parameter": [],                             "immediate": [{"name": "local_index",    "type": "varuint32"}],                                             "description": "read a local variable or parameter" },
         "set_local":           { "category": "special",    "value":  33, "return": [],                               "parameter": ["any"],                        "immediate": [{"name": "local_index",    "type": "varuint32"}],                                             "description": "write a local variable or parameter" },
         "tee_local":           { "category": "special",    "value":  34, "return": ["any"],                          "parameter": ["any"],                        "immediate": [{"name": "local_index",    "type": "varuint32"}],                                             "description": "write a local variable or parameter and return the same value" },
 
@@ -1588,6 +1588,12 @@
         functionIndex: unsigned,
     }
 
+op :ref_as_non_null,
+    args: {
+        dst: VirtualRegister,
+        ref: VirtualRegister,
+    }
+
 op :get_global,
     args: {
         dst: VirtualRegister,
 
@@ -156,6 +156,15 @@ wasmOp(ref_is_null, WasmRefIsNull, macro(ctx)
     returni(ctx, t0)
 end)
 
+wasmOp(ref_as_non_null, WasmRefAsNonNull, macro(ctx)
+    mload2i(ctx, m_ref, t1, t0)
+    bieq t1, NullTag, .nullRef
+    returni(ctx, t0)
+
+.nullRef:
+    throwException(NullRefAsNonNull)
+end)
+
 wasmOp(get_global, WasmGetGlobal, macro(ctx)
     loadp Wasm::Instance::m_globals[wasmInstance], t0
     wgetu(ctx, m_globalIndex, t1)
 
@@ -104,6 +104,15 @@ wasmOp(ref_is_null, WasmRefIsNull, macro(ctx)
     returni(ctx, t0)
 end)
 
+wasmOp(ref_as_non_null, WasmRefAsNonNull, macro(ctx)
+    mloadp(ctx, m_ref, t0)
+    bqeq t0, ValueNull, .nullRef
+    returnq(ctx, t0)
+
+.nullRef:
+    throwException(NullRefAsNonNull)
+end)
+
 wasmOp(get_global, WasmGetGlobal, macro(ctx)
     loadp Wasm::Instance::m_globals[wasmInstance], t0
     wgetu(ctx, m_globalIndex, t1)
 
@@ -362,6 +362,7 @@ struct AirIRGeneratorBase {
     // References
     //                               addRefIsNull (in derived classes)
     PartialResult WARN_UNUSED_RETURN addRefFunc(uint32_t index, ExpressionType& result);
+    PartialResult WARN_UNUSED_RETURN addRefAsNonNull(ExpressionType, ExpressionType&);
 
     // Tables
     PartialResult WARN_UNUSED_RETURN addTableGet(unsigned, ExpressionType index, ExpressionType& result);
@@ -1245,6 +1246,15 @@ auto AirIRGeneratorBase<Derived, ExpressionType>::addRefFunc(uint32_t index, Exp
     return { };
 }
 
+template <typename Derived, typename ExpressionType>
+auto AirIRGeneratorBase<Derived, ExpressionType>::addRefAsNonNull(ExpressionType reference, ExpressionType& result) -> PartialResult
+{
+    emitThrowOnNullReference(reference, ExceptionType::NullRefAsNonNull);
+    result = self().tmpForType(Type { TypeKind::Ref, reference.type().index });
+    append(Move, reference, result);
+    return { };
+}
+
 template <typename Derived, typename ExpressionType>
 auto AirIRGeneratorBase<Derived, ExpressionType>::addTableGet(unsigned tableIndex, ExpressionType index, ExpressionType& result) -> PartialResult
 {
 
@@ -529,6 +529,7 @@ class B3IRGenerator {
     // References
     PartialResult WARN_UNUSED_RETURN addRefIsNull(ExpressionType value, ExpressionType& result);
     PartialResult WARN_UNUSED_RETURN addRefFunc(uint32_t index, ExpressionType& result);
+    PartialResult WARN_UNUSED_RETURN addRefAsNonNull(ExpressionType, ExpressionType&);
 
     // Tables
     PartialResult WARN_UNUSED_RETURN addTableGet(unsigned, ExpressionType index, ExpressionType& result);
@@ -1295,6 +1296,19 @@ auto B3IRGenerator::addRefFunc(uint32_t index, ExpressionType& result) -> Partia
     return { };
 }
 
+auto B3IRGenerator::addRefAsNonNull(ExpressionType reference, ExpressionType& result) -> PartialResult
+{
+    result = push(get(reference));
+    {
+        CheckValue* check = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(),
+            m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), get(reference), m_currentBlock->appendNew<Const64Value>(m_proc, origin(), JSValue::encode(jsNull()))));
+        check->setGenerator([=, this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
+            this->emitExceptionCheck(jit, ExceptionType::NullRefAsNonNull);
+        });
+    }
+    return { };
+}
+
 auto B3IRGenerator::addTableInit(unsigned elementIndex, unsigned tableIndex, ExpressionType dstOffset, ExpressionType srcOffset, ExpressionType length) -> PartialResult
 {
     Value* resultValue = callWasmOperation(m_currentBlock, toB3Type(Types::I32), operationWasmTableInit,
 
@@ -53,7 +53,8 @@ namespace Wasm {
     macro(NullArrayGet, "array.get to a null reference"_s) \
     macro(NullArraySet, "array.set to a null reference"_s) \
     macro(NullArrayLen, "array.len to a null reference"_s) \
-    macro(TypeErrorInvalidV128Use, "an exported wasm function cannot contain a v128 parameter or return value"_s)
+    macro(TypeErrorInvalidV128Use, "an exported wasm function cannot contain a v128 parameter or return value"_s) \
+    macro(NullRefAsNonNull, "ref.as_non_null to a null reference"_s)
 
 enum class ExceptionType : uint32_t {
 #define MAKE_ENUM(enumName, error) enumName,
@@ -94,6 +95,7 @@ ALWAYS_INLINE bool isTypeErrorExceptionType(ExceptionType type)
     case ExceptionType::NullArrayGet:
     case ExceptionType::NullArraySet:
     case ExceptionType::NullArrayLen:
+    case ExceptionType::NullRefAsNonNull:
         return false;
     case ExceptionType::FuncrefNotWasm:
     case ExceptionType::InvalidGCTypeUse: