197677 – macro assembler code-pointer tagging has its arguments backwards

Bug 197677 - macro assembler code-pointer tagging has its arguments backwards

Summary: macro assembler code-pointer tagging has its arguments backwards

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Saam Barati

URL:
Keywords:	InRadar

Duplicates (1):	197422 (view as bug list)
Depends on:
Blocks:

Reported:	2019-05-07 16:14 PDT by Keith Miller
Modified:	2019-05-13 14:35 PDT (History)
CC List:	15 users (show)

See Also:

Attachments
patch (9.81 KB, patch) 2019-05-13 12:53 PDT, Saam Barati	msaboff: review+	Details \| Formatted Diff \| Diff
patch for landing (10.46 KB, patch) 2019-05-13 13:07 PDT, Saam Barati	saam: commit-queue-	Details \| Formatted Diff \| Diff
patch for landing (10.61 KB, patch) 2019-05-13 14:01 PDT, Saam Barati	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Keith Miller 2019-05-07 16:14:50 PDT

Normally, we have the macro assembler code put the destination as the right-most parameter. the code-pointer tagging has the destination on the left.

Comment 1 Saam Barati 2019-05-07 16:51:11 PDT

*** Bug 197422 has been marked as a duplicate of this bug. ***

Comment 2 Saam Barati 2019-05-13 12:53:07 PDT

Created attachment 369765 [details]
patch

Comment 3 Michael Saboff 2019-05-13 13:00:22 PDT

Comment on attachment 369765 [details]
patch

r=me, but it looks like you need to fix mips.

Comment 4 Saam Barati 2019-05-13 13:07:07 PDT

Created attachment 369769 [details]
patch for landing

Comment 5 Tadeu Zagallo 2019-05-13 13:50:24 PDT

Comment on attachment 369769 [details]
patch for landing

View in context: https://bugs.webkit.org/attachment.cgi?id=369769&action=review

> Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:980
>      ALWAYS_INLINE void tagPtr(RegisterID, PtrTag) { }

Shouldn't this be flipped as well?

Comment 6 Saam Barati 2019-05-13 14:00:48 PDT

Comment on attachment 369769 [details]
patch for landing

View in context: https://bugs.webkit.org/attachment.cgi?id=369769&action=review

>> Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:980
>>      ALWAYS_INLINE void tagPtr(RegisterID, PtrTag) { }
> 
> Shouldn't this be flipped as well?

yup

Comment 7 Saam Barati 2019-05-13 14:01:50 PDT

Created attachment 369779 [details]
patch for landing

Comment 8 WebKit Commit Bot 2019-05-13 14:34:49 PDT

Comment on attachment 369779 [details]
patch for landing

Clearing flags on attachment: 369779

Committed r245251: <https://trac.webkit.org/changeset/245251>

Comment 9 WebKit Commit Bot 2019-05-13 14:34:50 PDT

All reviewed patches have been landed.  Closing bug.

Comment 10 Radar WebKit Bug Importer 2019-05-13 14:35:19 PDT

<rdar://problem/50739261>