Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 50c7aaec2f53ab3b960f1b299aad5009df6f1967
https://github.com/WebKit/WebKit/commit/50c7aaec2f53ab3b960f1b299aad5009df6f1967
Author: Justin Michaud <[email protected]>
Date: 2023-02-08 (Wed, 08 Feb 2023)
Changed paths:
A JSTests/wasm/stress/big-try-simd.js
A JSTests/wasm/stress/big-try.js
A JSTests/wasm/stress/big-tuple-args.js
A JSTests/wasm/stress/big-tuple.js
A JSTests/wasm/stress/simd-big-tuple.js
A JSTests/wasm/stress/tag-return.js
M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
Log Message:
-----------
Fixup air pointer args if they are not valid in BBQ
https://bugs.webkit.org/show_bug.cgi?id=251890
rdar://105079565
Reviewed by Mark Lam and Yusuke Suzuki.
We are not fixing up air args if their offsets don't fit into the instruction
in a few cases.
Here are some examples:
MoveDouble 28480(%sp), %q16 ; too big
MoveVector 248(%sp), %q16 ; not 16-byte aligned
Let's fix up these arguments. We also fix a missing validation check
when parsing exception tags exposed by this test.
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addReturn):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::AirIRGeneratorBase::emitPatchpoint):
oops
Canonical link: https://commits.webkit.org/260038@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
