[webkit-changes] [WebKit/WebKit] fb2d9b: WasmBBQJIT I64Rotl incorrectly masks immediate to ...
Commit Queue
noreply at github.com
Wed Mar 29 10:19:16 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: fb2d9bc1e82053cf2384d840aef55ea8266e7794
https://github.com/WebKit/WebKit/commit/fb2d9bc1e82053cf2384d840aef55ea8266e7794
Author: David Degazio <d_degazio at apple.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
A JSTests/wasm/stress/big-shifts-and-rotations.js
A JSTests/wasm/stress/wrapping-shifts-and-rotations.js
M Source/JavaScriptCore/assembler/X86Assembler.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
WasmBBQJIT I64Rotl incorrectly masks immediate to be less than 32
https://bugs.webkit.org/show_bug.cgi?id=254626
rdar://107028963
Reviewed by Justin Michaud and Yusuke Suzuki.
Directly construct the immediate for rotateLeft64 in WasmBBQJIT's I64Rotl
implementation, rather than calling trustedImm32ForShift() which masks the
shift amount to be below 32. We also add a mask to these immediates in the
X86 assembler, so that shift immediates are always modulo their target width,
as is the case on ARM.
* JSTests/wasm/stress/big-shifts-and-rotations.js: Added.
(2.rotl.32.2.rotr.32.async test):
* JSTests/wasm/stress/wrapping-shifts-and-rotations.js: Added.
(2.rotl.960.2.rotr.960.async test):
* Source/JavaScriptCore/assembler/X86Assembler.h:
(JSC::X86Assembler::shiftInstruction32):
(JSC::X86Assembler::shiftInstruction64):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::addI64Rotl):
Canonical link: https://commits.webkit.org/262279@main
More information about the webkit-changes
mailing list