From b86e109b90808dce5ff5f946672d541eecd1b4e7 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Mon, 27 Apr 2020 09:06:44 +0200 Subject: Fix failing assertion in the GC with JIT Commit d4edf441257b7e5782a6c25802d821647ffcba45 fixed the issue for architectures where the return value register overlaps with the accumulator register and thus clobbers it (x86-64, x86). The issue however persisted on ARMv7 (and in theory also ARMv8). Further investigation suggests that another source of clobbering of the accumulator register may be the caller of the JIT generated code itself, since we never explicitly initialize the register. So if one of the first byte code instructions is the creation of a call context or ConvertThisToObject - anything that saves the register to the JS stack frame - then we could end up with the GC trying to mark a value that contains garbage (or looks like a managed, typically). Change-Id: I719e189c3314c85adb23fb2ab2a0acf26a418d4e Task-number: QTBUG-83384 Reviewed-by: Fabian Kosmale Reviewed-by: Ulf Hermann (cherry picked from commit d12c2716064e1dc6013c175952a34146a69aa507) --- src/qml/jit/qv4baselinejit.cpp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/qml/jit/qv4baselinejit.cpp') diff --git a/src/qml/jit/qv4baselinejit.cpp b/src/qml/jit/qv4baselinejit.cpp index fcaa87290e..d329a5afec 100644 --- a/src/qml/jit/qv4baselinejit.cpp +++ b/src/qml/jit/qv4baselinejit.cpp @@ -65,6 +65,8 @@ void BaselineJIT::generate() labels.insert(int(function->compiledFunction->labelInfoTable()[i])); as->generatePrologue(); + // Make sure the ACC register is initialized and not clobbered by the caller. + as->loadAccumulatorFromFrame(); decode(code, len); as->generateEpilogue(); -- cgit v1.2.3