Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c977165dfa4c852c7b6b029d8fc7be710cebd8a3
https://github.com/WebKit/WebKit/commit/c977165dfa4c852c7b6b029d8fc7be710cebd8a3
Author: Mikhail R. Gadelha <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp
Log Message:
-----------
[JSC][32-bit] Fix BBQ's I64Or
https://bugs.webkit.org/show_bug.cgi?id=301931
Reviewed by Justin Michaud.
When running JS3 I noticed the following code:
[ 0x22d] I64Or
0xf1b953fa: orr.w r1, r2, r4
0xf1b953fe: orr.w r0, r1, r3
Here, lhs is (r1, r2), rhs is (r3, r4) and result is (r0, r1), so when we write
to resultHi (r1), we override the value in lhs, then read it again in the
second orr, leading to a wrong result.
This patch implements i64or in the ARMv7 backend and fixes this problem by
calculating the low or to a scratch, calculating hi to the destination, then
moving the low or from the scratch to the destination.
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::or64):
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addI64Or):
Canonical link: https://commits.webkit.org/302862@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
