Attempt to fix JIT icache coherency on Arm64

jserv · jserv · commit 2634c1ef8adc · 2025-09-26T00:26:51.000+08:00
The JIT compiler was experiencing intermittent failures on Arm64/Apple
Silicon due to missing instruction cache invalidation after patching
branch instructions. When update_branch_imm() modified branch targets
in JIT-compiled code, the CPU's icache wasn't being invalidated, causing
it to execute stale cached instructions instead of the newly patched
ones.

This manifested as non-deterministic test failures, particularly in
compute-intensive benchmarks like the pi calculation test.

The fix adds sys_icache_invalidate() after memcpy() in update_branch_imm
to ensure the icache is synchronized with the data cache after code
modification. This is critical on Arm64 cores which have separate L1
instruction and data caches.
diff --git a/src/jit.c b/src/jit.c
@@ -611,6 +611,7 @@ static void update_branch_imm(struct jit_state *state,
     pthread_jit_write_protect_np(false);
 #endif
     memcpy(state->buf + offset, &insn, sizeof(uint32_t));
+    sys_icache_invalidate(state->buf + offset, sizeof(uint32_t));
 #if defined(__APPLE__) && defined(__aarch64__)
     pthread_jit_write_protect_np(true);
 #endif
@@ -2167,6 +2168,7 @@ static void code_cache_flush(struct jit_state *state, riscv_t *rv)
     should_flush = false;
     state->offset = state->org_size;
     state->n_blocks = 0;
+    state->n_jumps = 0; /* Reset jump count when flushing */
     set_reset(&state->set);
     clear_cache_hot(rv->block_cache, (clear_func_t) clear_hot);
 #if RV32_HAS(T2C)
@@ -2229,6 +2231,7 @@ static void resolve_jumps(struct jit_state *state)
 
         uint8_t *offset_ptr = &state->buf[jump.offset_loc];
         memcpy(offset_ptr, &rel, sizeof(uint32_t));
+        sys_icache_invalidate(offset_ptr, sizeof(uint32_t));
 #elif defined(__aarch64__)
         int32_t rel = target_loc - jump.offset_loc;
         update_branch_imm(state, jump.offset_loc, rel);
@@ -2318,12 +2321,36 @@ void jit_translate(riscv_t *rv, block_t *block)
     memset(state->jumps, 0, MAX_JUMPS * sizeof(struct jump));
     state->n_jumps = 0;
     block->offset = state->offset;
+    uint32_t translation_start = state->offset;
     translate_chained_block(state, rv, block);
     if (unlikely(should_flush)) {
         code_cache_flush(state, rv);
         goto restart;
     }
     resolve_jumps(state);
+    /* Ensure all instruction cache is synchronized after translation */
+    if (state->offset > translation_start) {
+#if defined(__APPLE__) && defined(__aarch64__)
+        /* Must be in write mode to invalidate cache on Apple ARM64 */
+        pthread_jit_write_protect_np(false);
+#endif
+#if defined(__aarch64__)
+        /* ARM64 needs data synchronization before cache invalidation */
+        __asm__ __volatile__("dsb sy" ::: "memory");
+#endif
+        sys_icache_invalidate(state->buf + translation_start,
+                              state->offset - translation_start);
+#if defined(__aarch64__)
+        /* ARM64 needs instruction synchronization after cache invalidation */
+        __asm__ __volatile__("isb" ::: "memory");
+#endif
+#if defined(__APPLE__) && defined(__aarch64__)
+        /* Re-enable execution mode */
+        pthread_jit_write_protect_np(true);
+#endif
+    }
+    /* Memory barrier to ensure all writes complete before marking hot */
+    __asm__ __volatile__("" ::: "memory");
     block->hot = true;
 }
 
