[webkit-changes] [WebKit/WebKit] c0310d: Fix result height when folding select in WasmBBQJIT
Commit Queue
noreply at github.com
Thu Mar 9 13:27:08 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c0310d30906b1c4f724f8074bbf1211e6a9cc1e7
https://github.com/WebKit/WebKit/commit/c0310d30906b1c4f724f8074bbf1211e6a9cc1e7
Author: David Degazio <d_degazio at apple.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
A JSTests/wasm/stress/foldable-select.js
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
Fix result height when folding select in WasmBBQJIT
https://bugs.webkit.org/show_bug.cgi?id=253592
rdar://106420016
Reviewed by Michael Saboff and Yusuke Suzuki.
Currently, when BBQ JIT folds a select instruction, it naively selects
between the Value operands it was given based on the constant condition.
This can sometimes result in a resulting temp with an incorrect stack
height.
This patch changes select to consume all operands, not just the one we
didn't select, similar to the non-folded case. It also sets the result
to the right temp index, if applicable (we can still return a constant,
where the height of the value is irrelevant), and allocates it
independently. Finally, this patch also includes some semi-related
changes to the BBQ JIT move helpers, allowing them to be used to move
values between any two Locations, instead of the current implementation
which requires the source operand to be a Value.
* JSTests/wasm/stress/foldable-select.js: Added.
(async test):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::addSelect):
(JSC::Wasm::BBQJIT::emitStore):
(JSC::Wasm::BBQJIT::emitMoveMemory):
(JSC::Wasm::BBQJIT::emitMoveRegister):
(JSC::Wasm::BBQJIT::emitLoad):
(JSC::Wasm::BBQJIT::emitMove):
Canonical link: https://commits.webkit.org/261461@main
More information about the webkit-changes
mailing list