RESOLVED FIXED 22925
The JIT's handling of JSImmediate values is broken on x86-64. 
https://bugs.webkit.org/show_bug.cgi?id=22925
Summary The JIT's handling of JSImmediate values is broken on x86-64.
Gavin Barraclough
Reported 2008-12-18 16:15:01 PST
The upper bits of the immediate should be a sign extension of the low 32-bit word; the 32-bit operations on x86-64 zero the upper portion of the register.
Attachments
The patch (10.76 KB, patch)
2008-12-18 16:15 PST, Gavin Barraclough 		no flags
DetailsFormatted DiffDiff
Down to 1 regression! (11.88 KB, patch)
2008-12-18 16:24 PST, Gavin Barraclough 		sam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2008-12-18 16:15:27 PST
Created attachment 26131 [details] The patch
Gavin Barraclough
Comment 2 2008-12-18 16:24:13 PST
Created attachment 26132 [details] Down to 1 regression!
Sam Weinig
Comment 3 2008-12-18 17:59:29 PST
Comment on attachment 26132 [details] Down to 1 regression! > + > + This fix honors previous behavoir. A better fix in the long run > + (when the JIT is enabled by default) may be to change JSImmediate.h > + so it no longer relies on the upper bits of the pointer,... though > + if we're goign to change JSImmediate.h for 64-bit, we probably may Typo. "going". > + as well change the format so that the full range of 32-bit ints can > + be stored, rather than just 31-bits. [hrrrm, maybe we want 33-bit > + ints, so that all results of bit-ops can be represented in immediate > + format?] Please add a reference to this bug. r=me
Gavin Barraclough
Comment 4 2008-12-18 18:30:54 PST
Sending JavaScriptCore/ChangeLog Sending JavaScriptCore/assembler/MacroAssembler.h Sending JavaScriptCore/assembler/X86Assembler.h Sending JavaScriptCore/jit/JIT.cpp Sending JavaScriptCore/jit/JITInlineMethods.h Transmitting file data ..... Committed revision 39389.
Note You need to log in before you can comment on or make changes to this bug.