Attempt to fix JIT icache coherency on Arm64

jserv · jserv · commit 0286257e1aca · 2025-09-25T06:12:12.000+08:00
The JIT compiler was experiencing intermittent failures on Arm64/Apple
Silicon due to missing instruction cache invalidation after patching
branch instructions. When update_branch_imm() modified branch targets
in JIT-compiled code, the CPU's icache wasn't being invalidated, causing
it to execute stale cached instructions instead of the newly patched
ones.

This manifested as non-deterministic test failures, particularly in
compute-intensive benchmarks like the pi calculation test, with
failure rates around 40%.

The fix adds sys_icache_invalidate() after memcpy() in update_branch_imm
to ensure the icache is synchronized with the data cache after code
modification. This is critical on Arm64 architectures which have separate
L1 instruction and data caches.
diff --git a/src/jit.c b/src/jit.c
@@ -611,6 +611,7 @@ static void update_branch_imm(struct jit_state *state,
     pthread_jit_write_protect_np(false);
 #endif
     memcpy(state->buf + offset, &insn, sizeof(uint32_t));
+    sys_icache_invalidate(state->buf + offset, sizeof(uint32_t));
 #if defined(__APPLE__) && defined(__aarch64__)
     pthread_jit_write_protect_np(true);
 #endif
@@ -2229,6 +2230,7 @@ static void resolve_jumps(struct jit_state *state)
 
         uint8_t *offset_ptr = &state->buf[jump.offset_loc];
         memcpy(offset_ptr, &rel, sizeof(uint32_t));
+        sys_icache_invalidate(offset_ptr, sizeof(uint32_t));
 #elif defined(__aarch64__)
         int32_t rel = target_loc - jump.offset_loc;
         update_branch_imm(state, jump.offset_loc, rel);
@@ -2318,12 +2320,16 @@ void jit_translate(riscv_t *rv, block_t *block)
     memset(state->jumps, 0, MAX_JUMPS * sizeof(struct jump));
     state->n_jumps = 0;
     block->offset = state->offset;
+    uint32_t translation_start = state->offset;
     translate_chained_block(state, rv, block);
     if (unlikely(should_flush)) {
         code_cache_flush(state, rv);
         goto restart;
     }
     resolve_jumps(state);
+    /* Ensure all instruction cache is synchronized after translation */
+    sys_icache_invalidate(state->buf + translation_start,
+                          state->offset - translation_start);
     block->hot = true;
 }
 
