Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cb49ec55ee3b6f49db87dc9818732b462279188a
https://github.com/WebKit/WebKit/commit/cb49ec55ee3b6f49db87dc9818732b462279188a
Author: Loïc Yhuel <[email protected]>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp
Log Message:
-----------
REGRESSION(255736@main): [JSC] Fix FP register offsets in
ScratchRegisterAllocator
https://bugs.webkit.org/show_bug.cgi?id=259778
Reviewed by Justin Michaud.
On 32-bit targets, count was multiplied by 4 bytes in GPR loop, then by 8 bytes
in FPR loop,
using more than the computed stackOffset (so overwriting previous saved values
on the stack).
In restoreRegistersFromStackForCall, the ignored FP registers didn't increase
the count, so
the following registers wouln't be restored from the correct offset.
We now use an offset instead of a count, and the ASSERT checks it on all
targets.
The roundUpToMultipleOf call matches the code in byteSizeOfSetRegisters
(aligning the FP
registers save location).
* Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::preserveRegistersToStackForCall):
(JSC::ScratchRegisterAllocator::restoreRegistersFromStackForCall):
Canonical link: https://commits.webkit.org/267228@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
