Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9cc23c0e75b77974539bcb414eacef33bf94ed02
https://github.com/WebKit/WebKit/commit/9cc23c0e75b77974539bcb414eacef33bf94ed02
Author: Justin Michaud <[email protected]>
Date: 2026-01-14 (Wed, 14 Jan 2026)
Changed paths:
A JSTests/stress/tail-call-register-pressure.js
M Source/JavaScriptCore/jit/CallFrameShuffler32_64.cpp
Log Message:
-----------
[32-bit] Armv7 tail call shuffler should not run out of registers when
loading cells.
https://bugs.webkit.org/show_bug.cgi?id=305427
Reviewed by Yusuke Suzuki.
Patch by @emutavchi downstream:
https://github.com/WebPlatformForEmbedded/WPEWebKit/pull/1593.
We find ourselves in a state where canLoad says yes, because our JSValue
can be loaded via FPR, but we choose to load it via GPR instead because
we do not have two gprs free. This inconsistency causes an assertion failure,
and incorrect tail call shuffling.
This can only happen if loadsIntoFPR is true, but loadsIntoGPR is false.
In addition, everything DisplacedInJSStack must either have loadsIntoFPR or
loadsIntoGPR, so no other corner cases need to be considered.
Canonical link: https://commits.webkit.org/305572@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
