Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4572dd488e4eb6e056e7734b9738bb4cb4b0dab0
https://github.com/WebKit/WebKit/commit/4572dd488e4eb6e056e7734b9738bb4cb4b0dab0
Author: Shu-yu Guo <[email protected]>
Date: 2026-03-11 (Wed, 11 Mar 2026)
Changed paths:
A JSTests/wasm/stress/omg-tail-call-clobber-scratch-register-2.js
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
Log Message:
-----------
[JSC] Clobber scratch register in OMG tail call on non-x64
https://bugs.webkit.org/show_bug.cgi?id=303444
rdar://165678403
Reviewed by Yusuke Suzuki.
The OMG tailcall patchpoint uses the scratch register. Currently, the scratch
is not clobbered early because on x64 we exhaust all registers if we do so.
Because of that, prepareTailCallImpl has special handling for saving and
restoring the scratch if it happens to alias one of the inputs. This special
save and restore has issues on ARM as the stack pointer arithmetic itself may
use the scratch, which complicates the restoring.
This PR makes the tail call patchpoint code architecture specific to confine
the save/restore complexity to x64. The special scratch register save/restore
paths are kept only on x64. On non-x64 platforms, the scratch registers are
clobbered early so they can never alias an input.
There is also a drive-by fix for negating float32s on x64 in BBQ, as the test
case also causes an assertion failure there.
Test: JSTests/wasm/stress/omg-tail-call-clobber-scratch-register-2.js
Originally-landed-as: 301765.350@safari-7623-branch (271320645405).
rdar://171559550
Canonical link: https://commits.webkit.org/309070@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
