Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8396ad321ad05b2f64744e068aabb0932323a7a6
https://github.com/WebKit/WebKit/commit/8396ad321ad05b2f64744e068aabb0932323a7a6
Author: Yusuke Suzuki <[email protected]>
Date: 2026-02-09 (Mon, 09 Feb 2026)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
M Source/JavaScriptCore/assembler/testmasm.cpp
Log Message:
-----------
[JSC] Fix edge case issue of cached imm in ARM64
https://bugs.webkit.org/show_bug.cgi?id=307363
rdar://169993335
Reviewed by Yijia Huang and Marcus Plutowski.
When caching materialized imm in ARM64 MacroAssembler, we didn't
zero-extend the TrustedImm32, which causes wrong caching since the
sequence of code is actually zero-extending the result. So if we have a
code TrustedImm32(-1) and TrustedImm64(-1), then the latter gets the
32bit -1 with zero-extend wrongly. This patch fixes it.
Test: Source/JavaScriptCore/assembler/testmasm.cpp
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::tryMoveUsingCacheRegisterContents):
(JSC::MacroAssemblerARM64::moveToCachedReg):
* Source/JavaScriptCore/assembler/testmasm.cpp:
(JSC::testCachedTempRegisterImm32Normalization):
Canonical link: https://commits.webkit.org/307115@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
