[webkit-changes] [WebKit/WebKit] cb49ec: REGRESSION(255736 at main): [JSC] Fix FP register off...
Loïc Yhuel
noreply at github.com
Thu Aug 24 08:32:57 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cb49ec55ee3b6f49db87dc9818732b462279188a
https://github.com/WebKit/WebKit/commit/cb49ec55ee3b6f49db87dc9818732b462279188a
Author: Loïc Yhuel <loic.yhuel at softathome.com>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp
Log Message:
-----------
REGRESSION(255736 at main): [JSC] Fix FP register offsets in ScratchRegisterAllocator
https://bugs.webkit.org/show_bug.cgi?id=259778
Reviewed by Justin Michaud.
On 32-bit targets, count was multiplied by 4 bytes in GPR loop, then by 8 bytes in FPR loop,
using more than the computed stackOffset (so overwriting previous saved values on the stack).
In restoreRegistersFromStackForCall, the ignored FP registers didn't increase the count, so
the following registers wouln't be restored from the correct offset.
We now use an offset instead of a count, and the ASSERT checks it on all targets.
The roundUpToMultipleOf call matches the code in byteSizeOfSetRegisters (aligning the FP
registers save location).
* Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::preserveRegistersToStackForCall):
(JSC::ScratchRegisterAllocator::restoreRegistersFromStackForCall):
Canonical link: https://commits.webkit.org/267228@main
More information about the webkit-changes
mailing list