Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9d9bfb82f4fd2162d6a366d293a64db50f5360bc
https://github.com/WebKit/WebKit/commit/9d9bfb82f4fd2162d6a366d293a64db50f5360bc
Author: Dan Hecht <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M Source/JavaScriptCore/b3/B3LowerInt64.cpp
M Source/JavaScriptCore/b3/B3Value.h
M Source/JavaScriptCore/b3/B3ValueRep.h
M
Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp
M Source/JavaScriptCore/b3/air/AirCCallingConvention.cpp
M Source/JavaScriptCore/b3/air/AirOptimizePairedLoadStore.cpp
M Source/JavaScriptCore/b3/air/testair.cpp
M Source/JavaScriptCore/b3/testb3_5.cpp
M Source/JavaScriptCore/b3/testb3_7.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.h
M Source/JavaScriptCore/wasm/WasmBBQJIT64.h
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp
Log Message:
-----------
[JSC] Make B3::IsLegalOffset actually enforce signed 32-bit types
https://bugs.webkit.org/show_bug.cgi?id=302089
rdar://164175031
Reviewed by Yusuke Suzuki.
Apparently IsLegalOffset never actually enforced the constraint it
intended to since being introduced in 2017 in 187822@main. This
became apparent with the recent transition to using modern C++ concept.
Fix the concept to match the intended constraint, and cleanup some code
to satisfy the constraint. To do that, move the
B3 IsLegalOffset / OffsetType frontier to include stack ValueReps
as this seemed like a less disruptive change and cleaner boundary.
Tests: Source/JavaScriptCore/b3/air/testair.cpp
Source/JavaScriptCore/b3/testb3_5.cpp
Source/JavaScriptCore/b3/testb3_7.cpp
Canonical link: https://commits.webkit.org/302727@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
