Bug 1990484 - [arm64] Part 1: Re-acquire scratch register in in ScratchTagScope::reacquire(). r=jandem

CSharperMantle · jandem · commit 240789f4ce7c · 2025-10-03T11:31:47.000Z
This patch also removes explicit ip0 allocation to avoid conflicts in assumeUnreachable debug-only code, as shown in the following stack trace: ```plain-text [24036] Assertion failure: temps.IsAvailable(ScratchReg64), at D:/Workspace/gecko-dev/js/src/jit/arm64/MacroAssembler-arm64.cpp:1624 #1: js::jit::MacroAssembler::call (D:\Workspace\gecko-dev\js\src\jit\arm64\MacroAssembler-arm64.cpp:1624) #2: js::jit::MacroAssembler::callWithABINoProfiler (D:\Workspace\gecko-dev\js\src\jit\MacroAssembler.cpp:4983) #3: js::jit::MacroAssembler::assumeUnreachable (D:\Workspace\gecko-dev\js\src\jit\MacroAssembler.cpp:4038) #4: js::jit::CodeGenerator::testValueTruthyForType (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:1358) #5: js::jit::CodeGenerator::testValueTruthy (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:1477) #6: js::jit::CodeGenerator::visitTestVAndBranch (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:1927) #7: js::jit::CodeGenerator::generateBody (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:8347) #8: js::jit::CodeGenerator::generate (D:\Workspace\gecko-dev\js\src\jit\CodeGenerator.cpp:17024) #9: js::jit::CompileBackEnd (D:\Workspace\gecko-dev\js\src\jit\Ion.cpp:1696) #10: js::jit::Compile (D:\Workspace\gecko-dev\js\src\jit\Ion.cpp:2014) #11: js::jit::CanEnterIon (D:\Workspace\gecko-dev\js\src\jit\Ion.cpp:2107) #12: js::jit::MaybeEnterJit (D:\Workspace\gecko-dev\js\src\jit\Jit.cpp:202) #13: js::RunScript (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:462) ``` Differential Revision: https://phabricator.services.mozilla.com/D266948
diff --git a/js/src/jit/arm64/MacroAssembler-arm64.cpp b/js/src/jit/arm64/MacroAssembler-arm64.cpp
@@ -1621,10 +1621,9 @@ void MacroAssembler::call(ImmPtr imm) {
   // eg testcase: asm.js/testTimeout5.js
   syncStackPtr();
   vixl::UseScratchRegisterScope temps(this);
-  MOZ_ASSERT(temps.IsAvailable(ScratchReg64));  // ip0
-  temps.Exclude(ScratchReg64);
-  movePtr(imm, ScratchReg64.asUnsized());
-  Blr(ScratchReg64);
+  const Register scratch = temps.AcquireX().asUnsized();
+  movePtr(imm, scratch);
+  Blr(ARMRegister(scratch, 64));
 }
 
 void MacroAssembler::call(ImmWord imm) { call(ImmPtr((void*)imm.value)); }
diff --git a/js/src/jit/arm64/MacroAssembler-arm64.h b/js/src/jit/arm64/MacroAssembler-arm64.h
@@ -2151,6 +2151,10 @@ class ScratchTagScope {
   void reacquire() {
     MOZ_ASSERT(released_);
     released_ = false;
+    if (!owned_) {
+      scratch64_ = temps_.AcquireX();
+      owned_ = true;
+    }
   }
 };
 
