Bug 263660

Summary: REGRESSION(269608@main): 32-bit shifts are used to zero out upper 32-bits after all.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Mark Lam 2023-10-25 08:22:37 PDT 
In https://commits.webkit.org/269608@main, we added a peephole optimization to reduce shifts to moves if the shift amount is 0.  However, this is only correct if shift instructions are never used indirectly to zero out the upper 32-bits of the register.  It turns out that the JIT backends do rely on shifts to zero out the upper 32-bits.
Comment 1 Radar WebKit Bug Importer 2023-10-25 08:22:56 PDT 
<rdar://problem/117475957>
Comment 2 Mark Lam 2023-10-25 09:25:51 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/19543
Comment 3 EWS 2023-10-25 14:39:02 PDT 
Committed 269785@main (748f4d4620ab): <https://commits.webkit.org/269785@main>

Reviewed commits have been landed. Closing PR #19543 and removing active labels.