[webkit-changes] [WebKit/WebKit] c06646: Shuffle clobbers indirect call target in BBQ JIT
Commit Queue
noreply at github.com
Thu May 4 16:25:35 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c0664686f49dda83274d0dcc85c2ff4419db81c5
https://github.com/WebKit/WebKit/commit/c0664686f49dda83274d0dcc85c2ff4419db81c5
Author: David Degazio <d_degazio at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A JSTests/wasm/stress/call-indirect-argument-depends-on-load.js
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
Shuffle clobbers indirect call target in BBQ JIT
https://bugs.webkit.org/show_bug.cgi?id=256331
rdar://108908936
Reviewed by Justin Michaud.
Fixes a bug where passing arguments in an indirect call in WebAssembly
BBQ JIT could clobber the target address, stored in the wasmScratchGPR.
Instead of assuming we can use the normal scratch register, parameter
passing now takes scratch registers as parameters. Since we have lots
of spare scratch registers that no longer hold live values in indirect
calls, we just reuse one as the scratch for parameter passing.
* JSTests/wasm/stress/call-indirect-argument-depends-on-load.js: Added.
(async test):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::saveValuesAcrossCallAndPassArguments):
(JSC::Wasm::BBQJIT::emitCCall):
(JSC::Wasm::BBQJIT::addCall):
(JSC::Wasm::BBQJIT::emitIndirectCall):
Canonical link: https://commits.webkit.org/263697@main
More information about the webkit-changes
mailing list