Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6055ee6392589ea77765c0a3d4d8b8898a6534ff https://github.com/WebKit/WebKit/commit/6055ee6392589ea77765c0a3d4d8b8898a6534ff Author: Joseph Griego <jgri...@igalia.com> Date: 2023-02-07 (Tue, 07 Feb 2023)
Changed paths: M Source/JavaScriptCore/llint/WebAssembly32_64.asm M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h Log Message: ----------- [JSC][armv7] Fix wasm ref.as_non_null https://bugs.webkit.org/show_bug.cgi?id=251606 Reviewed by Yusuke Suzuki. Right now, the implementation of this instruction triggers assertion failures in both LLInt and the BBQ/Air backends on 32-bit ARM. For LLInt, the incorrect `return` instruction is used, use `return2i` since refs are two-word values. For the Air backend, we need to use `emitMove` (again, because refs are two-word values); here, we also need a version that doesn't assert in the JIT that the dest is a supertype of the source TypedTmp--since the whole point of ref.as_non_null is that it works as a checked coercion... So, I've added that as `emitMoveWithoutTypeCheck` * Source/JavaScriptCore/llint/WebAssembly32_64.asm: * Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp: (JSC::Wasm::AirIRGenerator32::emitMoveWithoutTypeCheck): (JSC::Wasm::AirIRGenerator32::emitMove): * Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp: (JSC::Wasm::AirIRGenerator64::emitMoveWithoutTypeCheck): (JSC::Wasm::AirIRGenerator64::emitMove): * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h: (JSC::Wasm::ExpressionType>::addRefAsNonNull): Canonical link: https://commits.webkit.org/259958@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes