https://trac.webkit.org/changeset/194613 added the new or32 to ARMv7(Thumb2) and AArch64 assemblers, but not to ARMv7(ARM).
Created attachment 268365 [details] Patch
Comment on attachment 268365 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=268365&action=review > Source/JavaScriptCore/assembler/MacroAssemblerARM.h:231 > + void or32(TrustedImm32 imm, AbsoluteAddress dest) Uh, that sucks :( > Source/JavaScriptCore/assembler/MacroAssemblerARM.h:235 > + or32(imm, ARMRegisters::S1); I don't think that's fine. It will override S0 to load imm into register.
(In reply to comment #2) > Comment on attachment 268365 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=268365&action=review > > > Source/JavaScriptCore/assembler/MacroAssemblerARM.h:231 > > + void or32(TrustedImm32 imm, AbsoluteAddress dest) > > Uh, that sucks :( > > > Source/JavaScriptCore/assembler/MacroAssemblerARM.h:235 > > + or32(imm, ARMRegisters::S1); > > I don't think that's fine. It will override S0 to load imm into register. It is a copy/paste of the ARMv7(Thumb2) change: https://trac.webkit.org/changeset/194613/trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h And JSC stress tests run without regression.
(In reply to comment #3) > > I don't think that's fine. It will override S0 to load imm into register. > > It is a copy/paste of the ARMv7(Thumb2) change: > https://trac.webkit.org/changeset/194613/trunk/Source/JavaScriptCore/ > assembler/MacroAssemblerARMv7.h The thumb version of or32() uses the "dataTempRegister" to load the immediate. It does not override the address. The ARM version you propose override the address. > And JSC stress tests run without regression. Looks like the test coverage is not good enough then. Please add a test.
Created attachment 268449 [details] Patch Thanks for catching this bug around or32(imm,reg). I think the easiest fix is reloading the address to S0 after or32(imm,reg) overwrote it. Let me know if you have better idea to fix this issue.
(In reply to comment #4) > (In reply to comment #3) > > And JSC stress tests run without regression. > Looks like the test coverage is not good enough then. Please add a test. It's not trivial at all to write a test in JS to trigger a behaviour in macroassembler and there is no test framework for macroassembler, so I don't think if it is a fair request.
(In reply to comment #6) > (In reply to comment #4) > > (In reply to comment #3) > > > > And JSC stress tests run without regression. > > Looks like the test coverage is not good enough then. Please add a test. > > It's not trivial at all to write a test in JS to trigger a behaviour > in macroassembler and there is no test framework for macroassembler, > so I don't think if it is a fair request. You would need a stress-test that exercices the baseline-JIT/DFG part that uses this form of or32. I understand you don't want to do that. (In reply to comment #5) > Created attachment 268449 [details] > Patch > > Thanks for catching this bug around or32(imm,reg). I think the easiest fix > is reloading the address to S0 after or32(imm,reg) overwrote it. Let me know > if you have better idea to fix this issue. IMHO, that's perfectly reasonable.
Comment on attachment 268449 [details] Patch Clearing flags on attachment: 268449 Committed r194698: <http://trac.webkit.org/changeset/194698>
All reviewed patches have been landed. Closing bug.