For every load/store instruction, where the address is in the form of base + offset, and the offset is out of range -255..4095, the ARM64 backend applies the standard risc lowering. That is, as the documentation of riscLowerMalformedAddresses describes: loadp 10000[foo], bar will become move 10000, tmp addp foo, tmp loadp 0[tmp], bar Which, in ARM64, means that, e.g., storep cfr, VM::topVMEntryFrame[vm] becomes movz x17, #45424, lsl #0 add x17, x17, x1 str x29, [x17, #0] However, ARM64 can do better: movz x17, #45424, lsl #0 str x29, [x1, x17, lsl #0] This would achieve the same result with less instructions.
Created attachment 237682 [details] Proposed patch.
Comment on attachment 237682 [details] Proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=237682&action=review r=me > Source/JavaScriptCore/ChangeLog:10 > + base to the temporary, and the change the load/store to use the "the change" -> "then change" > Source/JavaScriptCore/ChangeLog:13 > + perform explicit register additons but it is enough to change load/store Typo: "additions"
Comment on attachment 237682 [details] Proposed patch. r=me
Created attachment 237911 [details] Updated patch Typos fixed.
Comment on attachment 237911 [details] Updated patch r=me.
Comment on attachment 237911 [details] Updated patch Clearing flags on attachment: 237911 Committed r173497: <http://trac.webkit.org/changeset/173497>
All reviewed patches have been landed. Closing bug.