Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 85fad46954dcf56c0fae2ad8096d5dc795c3fa1c
https://github.com/WebKit/WebKit/commit/85fad46954dcf56c0fae2ad8096d5dc795c3fa1c
Author: Mikhail R. Gadelha <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.h
M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp
Log Message:
-----------
[JSC] Improve shift operations in 32-bit BBQ
https://bugs.webkit.org/show_bug.cgi?id=301709
Reviewed by Justin Michaud.
This PR improves the codegen of the shift operations (I64Shl, I64ShrS, I64ShrU)
in the 32-bit implementation of BBQ:
1. The algorithm are now branchless
2. The previous version was not entirely correct when rhs/lhs' registers would
alias the res registers.
This new version fixes a crash on JS3's tfjs-wasm when using 32-bit JSC.
tfjs-wasm is still crashing, due to a similar issue on the rotate algorithms,
which I'll fix in follow-up PRs.
This PR also doesn't handle cases where either lhs or rhs are constants (so we
could generate more optimized code), and I have plan to fix that in the future.
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::lshiftUnchecked):
(JSC::MacroAssemblerARMv7::lshift32):
(JSC::MacroAssemblerARMv7::rshiftUnchecked):
(JSC::MacroAssemblerARMv7::urshiftUnchecked):
(JSC::MacroAssemblerARMv7::urshift32):
(JSC::MacroAssemblerARMv7::sub32):
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addI64Shl):
(JSC::Wasm::BBQJITImpl::BBQJIT::addI64ShrS):
(JSC::Wasm::BBQJITImpl::BBQJIT::addI64ShrU):
(JSC::Wasm::BBQJITImpl::BBQJIT::shiftI64Helper): Deleted.
Canonical link: https://commits.webkit.org/302845@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
