For example, on ARM64E, it was generating the following: "\tldr w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919 "\torr w17, w17, #64\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919 "\tstr w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919 i.e. a 32-bit load, followed by a 32-bit OR, followed by a 32-bit store. Instead, it should be generating the following: "\tldrh w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919 "\torr w17, w17, #64\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919 "\tstrh w17, [x1, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter64.asm:919 i.e. a 16-bit load, followed by a 32-bit OR, followed by a 16-bit store. This bug also affects ARM64, ARMv7, and MIPS (basically any backend that uses riscLowerMisplacedAddresses() from rise.rb). It does not affect x86, x86_64, and C_LOOP (which was written based on x86). <rdar://problem/21501876>
Created attachment 396743 [details] proposed patch.
Comment on attachment 396743 [details] proposed patch. r=me
Thanks for the review. Landed in r260246: <http://trac.webkit.org/r260246>.