[webkit-changes] [WebKit/WebKit] 1bef55: [JSC] Support BranchSub32/64 3 operands

Yusuke Suzuki noreply at github.com
Thu Sep 19 23:19:41 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1bef55fa7ec3a5c431f24bc731e2ecaa01d97785
      https://github.com/WebKit/WebKit/commit/1bef55fa7ec3a5c431f24bc731e2ecaa01d97785
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-09-19 (Thu, 19 Sep 2024)

  Changed paths:
    M Source/JavaScriptCore/b3/B3CheckSpecial.cpp
    M Source/JavaScriptCore/b3/air/AirOpcode.opcodes

  Log Message:
  -----------
  [JSC] Support BranchSub32/64 3 operands
https://bugs.webkit.org/show_bug.cgi?id=279991
rdar://problem/136300288

Reviewed by Yijia Huang.

This patch extends CheckSpecial to handle 3-operands BranchSub32 /
BranchSub64. BranchSub32 / BranchSub64 need to have undo behavior
when speculation fails. But if it is emitted like

    BranchSub32 %x0, %x0, %x0

There is no way to recover %x0 after this sub32 gets done. To avoid
this, we use EarlyDef for the destination register, which ensures that
we will never have conflicting register assginment with Use and Def.
Def is always not Use. So in the worst case,

    BranchSub32 %x0, %x0, %x1

will be generated. And at that time, we can undo the behavior by doing

    Add32 %x0, %x1

Also, EarlyDef ensures that any Use in stackmap for this patchpoint does
not get clobbered.

* Source/JavaScriptCore/b3/B3CheckSpecial.cpp:
(JSC::B3::CheckSpecial::forEachArg):
(JSC::B3::CheckSpecial::generate):
* Source/JavaScriptCore/b3/B3LowerToAir.cpp:
* Source/JavaScriptCore/b3/B3LowerToAir32_64.cpp:
* Source/JavaScriptCore/b3/B3StackmapSpecial.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/b3/air/AirOpcode.opcodes:

Canonical link: https://commits.webkit.org/283978@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list