Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2cba369d0b95a5e3a07452103efbb20d16ca3de0
https://github.com/WebKit/WebKit/commit/2cba369d0b95a5e3a07452103efbb20d16ca3de0
Author: Justin Michaud <[email protected]>
Date: 2024-11-27 (Wed, 27 Nov 2024)
Changed paths:
M Source/JavaScriptCore/b3/air/AirCode.h
M Source/JavaScriptCore/b3/air/AirEmitShuffle.cpp
M Source/JavaScriptCore/b3/air/testair.cpp
Log Message:
-----------
Air shuffles should not use fringe destination as scratch
https://bugs.webkit.org/show_bug.cgi?id=283641
Reviewed by Yusuke Suzuki.
When we have a shuffle in air, we have a series of shifts
and rotates. Rotates have extra bits not part of the loop,
called the fringe.
A series of shifts permits the destination of the first shift
to be used as scratch before it gets its final value. This is
not true for a fringe, even though a fringe is basically a shift.
This is only because the lifetime of the scratch register extends
into the rotate that follows it.
Basically, the mutable state in this code gets very confused
because of the constantly changing order of instructions emitted.
This bug was discovered with ARMv7 wasm tail calls, and the test case
will be included in that patch.
* Source/JavaScriptCore/b3/air/AirEmitShuffle.cpp:
(JSC::B3::Air::emitShuffle):
Canonical link: https://commits.webkit.org/287139@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
