Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5c9ea3c73f316b62cd56eb12d4599bb6e2a6e89f
https://github.com/WebKit/WebKit/commit/5c9ea3c73f316b62cd56eb12d4599bb6e2a6e89f
Author: Dan Hecht <[email protected]>
Date: 2025-10-24 (Fri, 24 Oct 2025)
Changed paths:
A JSTests/wasm/stress/osr-entry-live-fpr.js
M Source/JavaScriptCore/wasm/WasmOperations.cpp
Log Message:
-----------
[JSC] Wasm: Fix loop OSR entry to BBQ with live FPRs
https://bugs.webkit.org/show_bug.cgi?id=301435
rdar://163350385
Reviewed by Yusuke Suzuki.
The operationWasmLoopOSREnterBBQJIT code for loading FPRs is incorrect.
It interprets the bytes holding the register value as an integer and
then implicitly converts that to double, which will be some "random" value.
Instead, we should interpret the bytes as a double and load that value
into the FPR.
Added a test that demonstrates this correctness issue and verifies
the v128 case as well (which was not buggy but had extraneous casting).
Test: JSTests/wasm/stress/osr-entry-live-fpr.js
* JSTests/wasm/stress/osr-entry-live-fpr.js: Added.
(generateWat):
(async testFloatType):
(async testV128Type):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
Canonical link: https://commits.webkit.org/302112@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
