Bug 1574865 - Wasm: Allow stackmaps that are indexed at an x86 indirect call instruction with any register. r=jseward

Cranelift fails this assertion and it's not clear to me that there is any restriction inside Cranelift that would limit the set of registers we'd need to check here. Differential Revision: https://phabricator.services.mozilla.com/D58887 --HG-- extra : moz-landing-system : lando
2024-10-20 08:45:46 +00:00 · 2020-01-26 03:17:07 +00:00 · 2020-01-26 03:17:07 +00:00 · fb42ac6003
commit fb42ac6003
parent 38e117a093
1 changed files with 3 additions and 3 deletions
--- a/js/src/wasm/WasmBaselineCompile.cpp
+++ b/js/src/wasm/WasmBaselineCompile.cpp
@ -13003,9 +13003,9 @@ bool js::wasm::BaselineCompileFunctions(const ModuleEnvironment& env,
 bool js::wasm::IsValidStackMapKey(bool debugEnabled, const uint8_t* nextPC) {
 #  if defined(JS_CODEGEN_X64) || defined(JS_CODEGEN_X86)
  const uint8_t* insn = nextPC;
-  return (insn[-2] == 0x0F && insn[-1] == 0x0B) ||  // ud2
-         (insn[-2] == 0xFF && insn[-1] == 0xD0) ||  // call *%{rax,eax}
-         insn[-5] == 0xE8 ||                        // call simm32
+  return (insn[-2] == 0x0F && insn[-1] == 0x0B) ||           // ud2
+         (insn[-2] == 0xFF && (insn[-1] & 0xF8) == 0xD0) ||  // call *%r_
+         insn[-5] == 0xE8 ||                                 // call simm32
         (debugEnabled && insn[-5] == 0x0F && insn[-4] == 0x1F &&
          insn[-3] == 0x44 && insn[-2] == 0x00 &&
          insn[-1] == 0x00);  // nop_five