[webkit-changes] [WebKit/WebKit] 452790: [JSC] Zero-extend integral JIT OPERATION result to...

Sat, 18 Oct 2025 01:03:38 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4527900e3422cfba85d93749666f358014ead75d
      
https://github.com/WebKit/WebKit/commit/4527900e3422cfba85d93749666f358014ead75d
  Author: Dan Hecht <[email protected]>
  Date:   2025-10-15 (Wed, 15 Oct 2025)

  Changed paths:
    M Source/JavaScriptCore/jit/OperationResult.h

  Log Message:
  -----------
  [JSC] Zero-extend integral JIT OPERATION result to register width
https://bugs.webkit.org/show_bug.cgi?id=300765
rdar://162648517

Reviewed by Yusuke Suzuki.

JIT operations that can throw return a pair of values in registers,
where the first item is the return value and the second is the exception
pointer. This is implemented by putting the two values into a struct, and
relying on the calling convention to return the struct in two registers.

When the return type is smaller than a register, the struct will have
some padding bytes which are not guaranteed to be zeroed. Technically,
the caller should only access the bytes for the returned result type, but
given that these callers are written in assembly, it seems worthwhile
to zero-extend the result register to eliminate this pitfall.

Most operations already return register width results, however
operationWasmToJSExitMarshalArguments does not. It returns a bool,
and the caller was testing 32-bits of the return register.
On X86_64, since the compiler is using movb to fill the bool,
and 8 and 16-bit register moves leave the higher bits untouched.
Thus, the caller of operationWasmToJSExitMarshalArguments was
reading those undefined high bits and taking the wrong path.

That path is only used in JIT-less wasm when hitting a runtime
exception for V128 an import signature, which is unused when
useWasmIPIntSIMD=false. Fix this in preparation for enabling that flag.

* Source/JavaScriptCore/jit/OperationResult.h:
(JSC::ExceptionOperationImplicitResult::operator ExceptionOperationResult<To>):

Canonical link: https://commits.webkit.org/301560@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to