Bug 1124397 - Temporary diagnostic patch to help figure out what's going on. r=efaust a=kwierso
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 31 Mar 2016 14:02:10 -0700
changeset 291100 2f39deb1b3e2865ced9cead27a03e97d729fbcfb
parent 291099 2204c405d07c203a32bad351200e81b43ac062c4
child 291101 da683f5c0a43b8ee64b604406d784667b474f6d1
push id19656
push usergwagner@mozilla.com
push dateMon, 04 Apr 2016 13:43:23 +0000
treeherderb2g-inbound@e99061fde28a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersefaust, kwierso
bugs1124397
milestone48.0a1
Bug 1124397 - Temporary diagnostic patch to help figure out what's going on. r=efaust a=kwierso MozReview-Commit-ID: 2pt0UAblcL6
js/src/jit/x86-shared/Assembler-x86-shared.cpp
js/src/jit/x86-shared/BaseAssembler-x86-shared.h
--- a/js/src/jit/x86-shared/Assembler-x86-shared.cpp
+++ b/js/src/jit/x86-shared/Assembler-x86-shared.cpp
@@ -253,8 +253,10 @@ CPUInfo::SetSSEVersion()
         static const int xcr0AVXBit = 1 << 2;
         avxPresent = (xcr0EAX & xcr0SSEBit) && (xcr0EAX & xcr0AVXBit);
     }
 
     static const int POPCNTBit = 1 << 23;
 
     popcntPresent = (flagsECX & POPCNTBit);
 }
+
+volatile uintptr_t* blackbox = nullptr;
--- a/js/src/jit/x86-shared/BaseAssembler-x86-shared.h
+++ b/js/src/jit/x86-shared/BaseAssembler-x86-shared.h
@@ -31,16 +31,18 @@
 #define jit_x86_shared_BaseAssembler_x86_shared_h
 
 #include "mozilla/IntegerPrintfMacros.h"
 
 #include "jit/x86-shared/AssemblerBuffer-x86-shared.h"
 #include "jit/x86-shared/Encoding-x86-shared.h"
 #include "jit/x86-shared/Patching-x86-shared.h"
 
+extern volatile uintptr_t* blackbox;
+
 namespace js {
 namespace jit {
 
 namespace X86Encoding {
 
 class BaseAssembler : public GenericAssembler {
 public:
     BaseAssembler()
@@ -3396,17 +3398,36 @@ threeByteOpImmSimd("vblendps", VEX_PD, O
 
         assertValidJmpSrc(from);
 
         const unsigned char* code = m_formatter.data();
         int32_t offset = GetInt32(code + from.offset());
         if (offset == -1)
             return false;
 
-        MOZ_RELEASE_ASSERT(size_t(offset) < size());
+        if (MOZ_UNLIKELY(size_t(offset) >= size())) {
+#ifdef NIGHTLY_BUILD
+            // Stash some data on the stack so we can retrieve it from minidumps,
+            // see bug 1124397.
+            volatile uintptr_t dump[10];
+            blackbox = dump;
+            blackbox[0] = uintptr_t(0xABCD1234);
+            blackbox[1] = uintptr_t(offset);
+            blackbox[2] = uintptr_t(size());
+            blackbox[3] = uintptr_t(from.offset());
+            blackbox[4] = uintptr_t(code[from.offset() - 5]);
+            blackbox[5] = uintptr_t(code[from.offset() - 4]);
+            blackbox[6] = uintptr_t(code[from.offset() - 3]);
+            blackbox[7] = uintptr_t(code[from.offset() - 2]);
+            blackbox[8] = uintptr_t(code[from.offset() - 1]);
+            blackbox[9] = uintptr_t(0xFFFF7777);
+#endif
+            MOZ_CRASH("nextJump bogus offset");
+        }
+
         *next = JmpSrc(offset);
         return true;
     }
     void setNextJump(const JmpSrc& from, const JmpSrc& to)
     {
         // Sanity check - if the assembler has OOM'd, it will start overwriting
         // its internal buffer and thus our links could be garbage.
         if (oom())