Skip to site navigation (Press enter)

[webkit-changes] [260287] branches/safari-609-branch/Source/JavaScriptCore

alancoon Fri, 17 Apr 2020 14:35:22 -0700

Title: [260287] branches/safari-609-branch/Source/_javascript_Core

Revision: 260287
Author: [email protected]
Date: 2020-04-17 14:34:39 -0700 (Fri, 17 Apr 2020)

Log Message

Cherry-pick r260246. rdar://problem/61943700


    offlineasm is generating the wrong load/store for the "orh" instruction.
    https://bugs.webkit.org/show_bug.cgi?id=210639
    <rdar://problem/21501876>

    Reviewed by Robin Morisset.

    For example, on ARM64E, the "orh" instruction was generating the following:

        "\tldr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
        "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
        "\tstr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919

    i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.

    Instead, it should be generating the following:

        "\tldrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
        "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
        "\tstrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919

    i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.

    This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
    riscLowerMisplacedAddresses() from rise.rb).  It does not affect x86, x86_64, and
    C_LOOP (which was written based on x86).

    * offlineasm/risc.rb:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260246 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-609-branch/Source/_javascript_Core/ChangeLog
branches/safari-609-branch/Source/_javascript_Core/offlineasm/risc.rb

Diff

Modified: branches/safari-609-branch/Source/_javascript_Core/ChangeLog (260286 => 260287)


--- branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-04-17 21:34:36 UTC (rev 260286)
+++ branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-04-17 21:34:39 UTC (rev 260287)
@@ -1,5 +1,71 @@
 2020-04-17  Alan Coon  <[email protected]>
 
+        Cherry-pick r260246. rdar://problem/61943700
+
+    offlineasm is generating the wrong load/store for the "orh" instruction.
+    https://bugs.webkit.org/show_bug.cgi?id=210639
+    <rdar://problem/21501876>
+    
+    Reviewed by Robin Morisset.
+    
+    For example, on ARM64E, the "orh" instruction was generating the following:
+    
+        "\tldr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+        "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+        "\tstr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+    
+    i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.
+    
+    Instead, it should be generating the following:
+    
+        "\tldrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+        "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+        "\tstrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+    
+    i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.
+    
+    This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
+    riscLowerMisplacedAddresses() from rise.rb).  It does not affect x86, x86_64, and
+    C_LOOP (which was written based on x86).
+    
+    * offlineasm/risc.rb:
+    
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260246 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-04-17  Mark Lam  <[email protected]>
+
+            offlineasm is generating the wrong load/store for the "orh" instruction.
+            https://bugs.webkit.org/show_bug.cgi?id=210639
+            <rdar://problem/21501876>
+
+            Reviewed by Robin Morisset.
+
+            For example, on ARM64E, the "orh" instruction was generating the following:
+
+                "\tldr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+                "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+                "\tstr w17, [x1, #0]\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+
+            i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.
+
+            Instead, it should be generating the following:
+
+                "\tldrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+                "\torr w17, w17, #64\n"     // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+                "\tstrh w17, [x1, #0]\n"    // _javascript_Core/llint/LowLevelInterpreter64.asm:919
+
+            i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.
+
+            This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
+            riscLowerMisplacedAddresses() from rise.rb).  It does not affect x86, x86_64, and
+            C_LOOP (which was written based on x86).
+
+            * offlineasm/risc.rb:
+
+2020-04-17  Alan Coon  <[email protected]>
+
         Cherry-pick r260180. rdar://problem/61943707
 
     [JSC] Use ensureStillAliveHere in FTL when content of storage should be kept alive

Modified: branches/safari-609-branch/Source/_javascript_Core/offlineasm/risc.rb (260286 => 260287)


--- branches/safari-609-branch/Source/_javascript_Core/offlineasm/risc.rb	2020-04-17 21:34:36 UTC (rev 260286)
+++ branches/safari-609-branch/Source/_javascript_Core/offlineasm/risc.rb	2020-04-17 21:34:39 UTC (rev 260287)
@@ -1,4 +1,4 @@
-# Copyright (C) 2011-2018 Apple Inc. All rights reserved.
+# Copyright (C) 2011-2020 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -462,12 +462,17 @@
             postInstructions = []
             annotation = node.annotation
             case node.opcode
-            when "addi", "addis", "andi", "lshifti", "muli", "negi", "noti", "ori", "orh", "oris",
+            when "addi", "addis", "andi", "lshifti", "muli", "negi", "noti", "ori", "oris",
                 "rshifti", "urshifti", "subi", "subis", "xori", /^bi/, /^bti/, /^ci/, /^ti/
                 newList << Instruction.new(node.codeOrigin,
                                            node.opcode,
                                            riscAsRegisters(newList, postInstructions, node.operands, "i"),
                                            annotation)
+            when "orh"
+                newList << Instruction.new(node.codeOrigin,
+                                           node.opcode,
+                                           riscAsRegisters(newList, postInstructions, node.operands, "h"),
+                                           annotation)
             when "addp", "andp", "lshiftp", "mulp", "negp", "orp", "rshiftp", "urshiftp",
                 "subp", "xorp", /^bp/, /^btp/, /^cp/
                 newList << Instruction.new(node.codeOrigin,

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes