commit 240789f4ce7c0bfe8f63a1c325576ade86b04105
parent f886788ccc912a971d7556f5dec2bb9d1d2db6ad
Author: Rong "Mantle" Bao <webmaster@csmantle.top>
Date: Fri, 3 Oct 2025 11:26:32 +0000
Bug 1990484 - [arm64] Part 1: Re-acquire scratch register in in ScratchTagScope::reacquire(). r=jandem
This patch also removes explicit ip0 allocation to avoid conflicts in
assumeUnreachable debug-only code, as shown in the following stack
trace:
```plain-text
[24036] Assertion failure: temps.IsAvailable(ScratchReg64), at D:/Workspace/gecko-dev/js/src/jit/arm64/MacroAssembler-arm64.cpp:1624
#01: js::jit::MacroAssembler::call (D:\Workspace\gecko-dev\js\src\jit\arm64\MacroAssembler-arm64.cpp:1624)
#02: js::jit::MacroAssembler::callWithABINoProfiler (D:\Workspace\gecko-dev\js\src\jit\MacroAssembler.cpp:4983)
#03: js::jit::MacroAssembler::assumeUnreachable (D:\Workspace\gecko-dev\js\src\jit\MacroAssembler.cpp:4038)
#04: js::jit::CodeGenerator::testValueTruthyForType (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:1358)
#05: js::jit::CodeGenerator::testValueTruthy (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:1477)
#06: js::jit::CodeGenerator::visitTestVAndBranch (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:1927)
#07: js::jit::CodeGenerator::generateBody (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:8347)
#08: js::jit::CodeGenerator::generate (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:17024)
#09: js::jit::CompileBackEnd (D:\Workspace\gecko-dev\js\src\jit\Ion.cpp:1696)
#10: js::jit::Compile (D:\Workspace\gecko-dev\js\src\jit\Ion.cpp:2014)
#11: js::jit::CanEnterIon (D:\Workspace\gecko-dev\js\src\jit\Ion.cpp:2107)
#12: js::jit::MaybeEnterJit (D:\Workspace\gecko-dev\js\src\jit\Jit.cpp:202)
#13: js::RunScript (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:462)
```
Differential Revision: https://phabricator.services.mozilla.com/D266948
Diffstat:
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/js/src/jit/arm64/MacroAssembler-arm64.cpp b/js/src/jit/arm64/MacroAssembler-arm64.cpp
@@ -1621,10 +1621,9 @@ void MacroAssembler::call(ImmPtr imm) {
// eg testcase: asm.js/testTimeout5.js
syncStackPtr();
vixl::UseScratchRegisterScope temps(this);
- MOZ_ASSERT(temps.IsAvailable(ScratchReg64)); // ip0
- temps.Exclude(ScratchReg64);
- movePtr(imm, ScratchReg64.asUnsized());
- Blr(ScratchReg64);
+ const Register scratch = temps.AcquireX().asUnsized();
+ movePtr(imm, scratch);
+ Blr(ARMRegister(scratch, 64));
}
void MacroAssembler::call(ImmWord imm) { call(ImmPtr((void*)imm.value)); }
diff --git a/js/src/jit/arm64/MacroAssembler-arm64.h b/js/src/jit/arm64/MacroAssembler-arm64.h
@@ -2151,6 +2151,10 @@ class ScratchTagScope {
void reacquire() {
MOZ_ASSERT(released_);
released_ = false;
+ if (!owned_) {
+ scratch64_ = temps_.AcquireX();
+ owned_ = true;
+ }
}
};
