[Webkit-unassigned] [Bug 210639] New: offlineasm is generating the wrong load/store for the "orh" instruction.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 16 23:40:27 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210639
Bug ID: 210639
Summary: offlineasm is generating the wrong load/store for the
"orh" instruction.
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mark.lam at apple.com
For example, on ARM64E, it was generating the following:
"\tldr w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\torr w17, w17, #64\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\tstr w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.
Instead, it should be generating the following:
"\tldrh w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\torr w17, w17, #64\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\tstrh w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.
This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses riscLowerMisplacedAddresses() from rise.rb).
It does not affect x86, x86_64, and C_LOOP (which was written based on x86).
<rdar://problem/21501876>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200417/46b54a70/attachment.htm>
More information about the webkit-unassigned
mailing list