Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 952aebad0ffafd7b9888f143cf8d2e07ace3b8d4
https://github.com/WebKit/WebKit/commit/952aebad0ffafd7b9888f143cf8d2e07ace3b8d4
Author: Dan Hecht <[email protected]>
Date: 2025-04-15 (Tue, 15 Apr 2025)
Changed paths:
M JSTests/wasm/stress/tail-call-js-to-wasm.js
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
Log Message:
-----------
[JSC] wasm tail-call patchpoint can clobber param register
https://bugs.webkit.org/show_bug.cgi?id=289100
rdar://145246917
Reviewed by Yusuke Suzuki and Keith Miller.
The wasm tail call patchpoint was saving/restoring
the tmp register before clobbering it, however it was still
reading the tmp register in the case that the tmp was used
to pass an argument. Fix this by using the already spilled
value for this register.
Also, in assert builds, the code that stores 0xBEEF to
the safe area clobbers tmp (since it's also the
macroassembler's data scratch), so the tmp spilling
must occur before that.
An alternate solution considered was to mark the tmp
(which is also the macroassembler's scratch) as an early
clobber. However, on x86_64 there are not enough registers
for that solution since a register is used to carry the
"calleeCallee" across the prepare code, and on x86_64 the
only available register for that is the tmp/scratch.
* JSTests/wasm/stress/tail-call-js-to-wasm.js:
(async testCallToTail):
(async testCallToTail2):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::prepareForTailCallImpl):
Originally-landed-as: 0f9cca586aee. rdar://148052596
Canonical link: https://commits.webkit.org/293735@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
