[webkit-changes] [260246] trunk/Source/JavaScriptCore

Fri, 17 Apr 2020 07:40:14 -0700

Title: [260246] trunk/Source/_javascript_Core
Revision
260246
Author
[email protected]
Date
2020-04-17 07:38:43 -0700 (Fri, 17 Apr 2020)

Log Message

offlineasm is generating the wrong load/store for the "orh" instruction.
https://bugs.webkit.org/show_bug.cgi?id=210639
<rdar://problem/21501876>

Reviewed by Robin Morisset.

For example, on ARM64E, the "orh" instruction was generating the following:

    "\tldr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
    "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
    "\tstr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919

i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.

Instead, it should be generating the following:

    "\tldrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
    "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
    "\tstrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919

i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.

This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
riscLowerMisplacedAddresses() from rise.rb).  It does not affect x86, x86_64, and
C_LOOP (which was written based on x86).

* offlineasm/risc.rb:

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (260245 => 260246)


--- trunk/Source/_javascript_Core/ChangeLog	2020-04-17 14:22:23 UTC (rev 260245)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-04-17 14:38:43 UTC (rev 260246)
@@ -1,3 +1,33 @@
+2020-04-17  Mark Lam  <[email protected]>
+
+        offlineasm is generating the wrong load/store for the "orh" instruction.
+        https://bugs.webkit.org/show_bug.cgi?id=210639
+        <rdar://problem/21501876>
+
+        Reviewed by Robin Morisset.
+
+        For example, on ARM64E, the "orh" instruction was generating the following:
+
+            "\tldr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+            "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+            "\tstr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+
+        i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.
+
+        Instead, it should be generating the following:
+
+            "\tldrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+            "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+            "\tstrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+
+        i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.
+
+        This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
+        riscLowerMisplacedAddresses() from rise.rb).  It does not affect x86, x86_64, and
+        C_LOOP (which was written based on x86).
+
+        * offlineasm/risc.rb:
+
 2020-04-16  Ross Kirsling  <[email protected]>
 
         REGRESSION(r259480): Two new failing i18n tests

Modified: trunk/Source/_javascript_Core/offlineasm/risc.rb (260245 => 260246)


--- trunk/Source/_javascript_Core/offlineasm/risc.rb	2020-04-17 14:22:23 UTC (rev 260245)
+++ trunk/Source/_javascript_Core/offlineasm/risc.rb	2020-04-17 14:38:43 UTC (rev 260246)
@@ -1,4 +1,4 @@
-# Copyright (C) 2011-2018 Apple Inc. All rights reserved.
+# Copyright (C) 2011-2020 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -462,12 +462,17 @@
             postInstructions = []
             annotation = node.annotation
             case node.opcode
-            when "addi", "addis", "andi", "lshifti", "muli", "negi", "noti", "ori", "orh", "oris",
+            when "addi", "addis", "andi", "lshifti", "muli", "negi", "noti", "ori", "oris",
                 "rshifti", "urshifti", "subi", "subis", "xori", /^bi/, /^bti/, /^ci/, /^ti/
                 newList << Instruction.new(node.codeOrigin,
                                            node.opcode,
                                            riscAsRegisters(newList, postInstructions, node.operands, "i"),
                                            annotation)
+            when "orh"
+                newList << Instruction.new(node.codeOrigin,
+                                           node.opcode,
+                                           riscAsRegisters(newList, postInstructions, node.operands, "h"),
+                                           annotation)
             when "addp", "andp", "lshiftp", "mulp", "negp", "orp", "rshiftp", "urshiftp",
                 "subp", "xorp", /^bp/, /^btp/, /^cp/
                 newList << Instruction.new(node.codeOrigin,

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to