Bug 288083

Summary: MacroAssemblerARMv7::branch32 may clobber its own arguments
Product: WebKit Reporter: Max Rottenkolber <maximilian>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fujii.hironori, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=288993
Bug Depends on: 288997    
Bug Blocks:    

Max Rottenkolber
Reported 2025-02-20 04:30:59 PST
On armv7 certain uses of branchPtr cause it to clobber its own arguments, leading to bogus assembly. We need to catch this pitfall at least in debug builds and fix instances of this bug.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2025-02-27 04:31:20 PST
<rdar://problem/145737036>
EWS
Comment 2 2025-03-03 04:51:26 PST
Committed 291489@main (5ea7dfca4252): <https://commits.webkit.org/291489@main> Reviewed commits have been landed. Closing PR #40966 and removing active labels.
Fujii Hironori
Comment 3 2025-03-03 12:45:46 PST
PR https://github.com/WebKit/WebKit/pull/40966
WebKit Commit Bot
Comment 4 2025-03-03 13:12:39 PST
Re-opened since this is blocked by bug 288997
EWS
Comment 5 2025-03-24 13:18:18 PDT
Committed 292608@main (42c141462b40): <https://commits.webkit.org/292608@main> Reviewed commits have been landed. Closing PR #41849 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.