[JSC] Use ExtendedOffsetAddr if normal Addr with SP/FP failed for Patch

https://bugs.webkit.org/show_bug.cgi?id=249553 rdar://103492366 Reviewed by Justin Michaud. Patchpoint requires that all stack arguments needs to be represented as "SP + offset" or "FP + offset". But in AirLowerStackArgs, we are incorrectly lowering this to "LR + offset" if offset is too large. We should use a bit suboptimal ExtendedOffsetAddr for that case to ensure that they are still "FP + offset" form. This fixes debug assertion failure in call.wast.js, happening after 257974@main. * Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp: (JSC::B3::Air::lowerStackArgs): Canonical link: https://commits.webkit.org/258083@main
WebKit · Dec 19, 2022 · 87ae77e · 87ae77e
1 parent 2bdb3a2
commit 87ae77e
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp b/Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp
@@ -126,6 +126,10 @@ void lowerStackArgs(Code& code)
                         result = Arg::addr(Air::Tmp(MacroAssembler::stackPointerRegister), offsetFromSP);
                         if (result.isValidForm(width))
                             return result;
+
+                        if (inst.kind.opcode == Patch)
+                            return Arg::extendedOffsetAddr(offsetFromFP);
+
 #if CPU(ARM64) || CPU(RISCV64)
                         Air::Tmp tmp = Air::Tmp(extendedOffsetAddrRegister());