diff options
| author | Simon Hausmann <simon.hausmann@qt.io> | 2020-04-27 09:06:44 +0200 |
|---|---|---|
| committer | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2020-05-19 00:46:13 +0200 |
| commit | b86e109b90808dce5ff5f946672d541eecd1b4e7 (patch) | |
| tree | 02df0a18019304faeabf9917b7c4867ede069ae8 /src/qml/jit/qv4baselinejit.cpp | |
| parent | c2df9ce7b0cb6ac9a9117578a167d54a708c64b3 (diff) | |
Fix failing assertion in the GC with JIT
Commit d4edf441257b7e5782a6c25802d821647ffcba45 fixed the issue for
architectures where the return value register overlaps with the
accumulator register and thus clobbers it (x86-64, x86). The issue
however persisted on ARMv7 (and in theory also ARMv8). Further
investigation suggests that another source of clobbering of the
accumulator register may be the caller of the JIT generated code itself,
since we never explicitly initialize the register. So if one of the
first byte code instructions is the creation of a call context or
ConvertThisToObject - anything that saves the register to the JS stack
frame - then we could end up with the GC trying to mark a value that
contains garbage (or looks like a managed, typically).
Change-Id: I719e189c3314c85adb23fb2ab2a0acf26a418d4e
Task-number: QTBUG-83384
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit d12c2716064e1dc6013c175952a34146a69aa507)
Diffstat (limited to 'src/qml/jit/qv4baselinejit.cpp')
| -rw-r--r-- | src/qml/jit/qv4baselinejit.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/qml/jit/qv4baselinejit.cpp b/src/qml/jit/qv4baselinejit.cpp index fcaa87290e..d329a5afec 100644 --- a/src/qml/jit/qv4baselinejit.cpp +++ b/src/qml/jit/qv4baselinejit.cpp @@ -65,6 +65,8 @@ void BaselineJIT::generate() labels.insert(int(function->compiledFunction->labelInfoTable()[i])); as->generatePrologue(); + // Make sure the ACC register is initialized and not clobbered by the caller. + as->loadAccumulatorFromFrame(); decode(code, len); as->generateEpilogue(); |