Bug 263660

Summary:	REGRESSION(269608@main): 32-bit shifts are used to zero out upper 32-bits after all.
Product:	WebKit	Reporter:	Mark Lam <mark.lam>
Component:	JavaScriptCore	Assignee:	Mark Lam <mark.lam>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Mark Lam

Reported 2023-10-25 08:22:37 PDT

In https://commits.webkit.org/269608@main, we added a peephole optimization to reduce shifts to moves if the shift amount is 0. However, this is only correct if shift instructions are never used indirectly to zero out the upper 32-bits of the register. It turns out that the JIT backends do rely on shifts to zero out the upper 32-bits.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-10-25 08:22:56 PDT

<rdar://problem/117475957>

Mark Lam

Comment 2 2023-10-25 09:25:51 PDT

Pull request: https://github.com/WebKit/WebKit/pull/19543

EWS

Comment 3 2023-10-25 14:39:02 PDT

Committed 269785@main (748f4d4620ab): <https://commits.webkit.org/269785@main> Reviewed commits have been landed. Closing PR #19543 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.