153897 – REGRESSION(192409): Cannot rely on add32() to zero-extend

RESOLVED FIXED 153897

REGRESSION(192409): Cannot rely on add32() to zero-extend

https://bugs.webkit.org/show_bug.cgi?id=153897

Summary REGRESSION(192409): Cannot rely on add32() to zero-extend

Filip Pizlo

Reported 2016-02-04 15:05:07 PST

Callers of add32() and other 32-bit arithmetic ops rely on the fact that the destination register is zero-extended. The optimizations in r192409 broke this feature, and this causes crashes on some obscure code.

Attachments
Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2016-02-04 15:16:34 PST

rdar://problem/24289839

Filip Pizlo

Comment 2 2016-02-04 15:20:26 PST

I tried writing a test, but actually hitting this issue is sooooper hard.

Filip Pizlo

Comment 3 2016-02-04 15:23:58 PST

Landed in http://trac.webkit.org/changeset/196152

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2016-02-04 15:05 PST

Modified

2016-02-04 15:23 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks