Changeset 260246 in webkit

Timestamp:

Apr 17, 2020 7:38:43 AM (4 years ago)

Author:

mark.lam@apple.com

Message:

offlineasm is generating the wrong load/store for the "orh" instruction.
​https://bugs.webkit.org/show_bug.cgi?id=210639
<rdar://problem/21501876>

Reviewed by Robin Morisset.

For example, on ARM64E, the "orh" instruction was generating the following:

"\tldr w17, [x1, #0]\n" JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\torr w17, w17, #64\n" JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\tstr w17, [x1, #0]\n" JavaScriptCore/llint/LowLevelInterpreter64.asm:919

i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.

Instead, it should be generating the following:

"\tldrh w17, [x1, #0]\n" JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\torr w17, w17, #64\n" JavaScriptCore/llint/LowLevelInterpreter64.asm:919
"\tstrh w17, [x1, #0]\n" JavaScriptCore/llint/LowLevelInterpreter64.asm:919

i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.

This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
riscLowerMisplacedAddresses() from rise.rb). It does not affect x86, x86_64, and
C_LOOP (which was written based on x86).

• offlineasm/risc.rb:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• offlineasm/risc.rb (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-04-17  Mark Lam  <mark.lam@apple.com>
+
+        offlineasm is generating the wrong load/store for the "orh" instruction.
+        https://bugs.webkit.org/show_bug.cgi?id=210639
+        <rdar://problem/21501876>
+
+        Reviewed by Robin Morisset.
+
+        For example, on ARM64E, the "orh" instruction was generating the following:
+
+            "\tldr w17, [x1, #0]\n"     // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
+            "\torr w17, w17, #64\n"     // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
+            "\tstr w17, [x1, #0]\n"     // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
+
+        i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store.
+
+        Instead, it should be generating the following:
+
+            "\tldrh w17, [x1, #0]\n"    // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
+            "\torr w17, w17, #64\n"     // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
+            "\tstrh w17, [x1, #0]\n"    // JavaScriptCore/llint/LowLevelInterpreter64.asm:919
+
+        i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store.
+
+        This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses
+        riscLowerMisplacedAddresses() from rise.rb).  It does not affect x86, x86_64, and
+        C_LOOP (which was written based on x86).
+
+        * offlineasm/risc.rb:
+
 2020-04-16  Ross Kirsling  <ross.kirsling@sony.com>
 

trunk/Source/JavaScriptCore/offlineasm/risc.rb

@@ -1 @@
-# Copyright (C) 2011-2018 Apple Inc. All rights reserved.
+# Copyright (C) 2011-2020 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -463 +463 @@
             annotation = node.annotation
             case node.opcode
-            when "addi", "addis", "andi", "lshifti", "muli", "negi", "noti", "ori", "orh", "oris",
+            when "addi", "addis", "andi", "lshifti", "muli", "negi", "noti", "ori", "oris",
                 "rshifti", "urshifti", "subi", "subis", "xori", /^bi/, /^bti/, /^ci/, /^ti/
                 newList << Instruction.new(node.codeOrigin,
                                            node.opcode,
                                            riscAsRegisters(newList, postInstructions, node.operands, "i"),
+                                           annotation)
+            when "orh"
+                newList << Instruction.new(node.codeOrigin,
+                                           node.opcode,
+                                           riscAsRegisters(newList, postInstructions, node.operands, "h"),
                                            annotation)
             when "addp", "andp", "lshiftp", "mulp", "negp", "orp", "rshiftp", "urshiftp",