From d12c2716064e1dc6013c175952a34146a69aa507 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Mon, 27 Apr 2020 09:06:44 +0200 Subject: Fix failing assertion in the GC with JIT Commit d4edf441257b7e5782a6c25802d821647ffcba45 fixed the issue for architectures where the return value register overlaps with the accumulator register and thus clobbers it (x86-64, x86). The issue however persisted on ARMv7 (and in theory also ARMv8). Further investigation suggests that another source of clobbering of the accumulator register may be the caller of the JIT generated code itself, since we never explicitly initialize the register. So if one of the first byte code instructions is the creation of a call context or ConvertThisToObject - anything that saves the register to the JS stack frame - then we could end up with the GC trying to mark a value that contains garbage (or looks like a managed, typically). Change-Id: I719e189c3314c85adb23fb2ab2a0acf26a418d4e Task-number: QTBUG-83384 Pick-to: 5.15 Pick-to: 5.12 Reviewed-by: Fabian Kosmale Reviewed-by: Ulf Hermann --- src/qml/jit/qv4baselinejit.cpp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/qml/jit') diff --git a/src/qml/jit/qv4baselinejit.cpp b/src/qml/jit/qv4baselinejit.cpp index fcaa87290e..d329a5afec 100644 --- a/src/qml/jit/qv4baselinejit.cpp +++ b/src/qml/jit/qv4baselinejit.cpp @@ -65,6 +65,8 @@ void BaselineJIT::generate() labels.insert(int(function->compiledFunction->labelInfoTable()[i])); as->generatePrologue(); + // Make sure the ACC register is initialized and not clobbered by the caller. + as->loadAccumulatorFromFrame(); decode(code, len); as->generateEpilogue(); -- cgit v1.2.3