Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 42c141462b40cec8182b5730d783a7b9b1477904
https://github.com/WebKit/WebKit/commit/42c141462b40cec8182b5730d783a7b9b1477904
Author: Max Rottenkolber <[email protected]>
Date: 2025-03-24 (Mon, 24 Mar 2025)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
[JSC][armv7] Verify MacroAssemblerARMv7::branch32 usage in debug builds
https://bugs.webkit.org/show_bug.cgi?id=288083
Reviewed by Yusuke Suzuki and Justin Michaud.
On armv7 certain uses of branchPtr cause it to clobber its own arguments,
leading to bogus assembly.
Catch this pitfall at least in debug builds and fix instances of this bug.
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::branch32):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::compile):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addLoopOSREntrypoint):
Canonical link: https://commits.webkit.org/292608@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
