Bug 1533204 - Crash [@ js::jit::CompileRuntime::mainContextPtr] with asm.js. r=jandem.
☠☠ backed out by 85952c9c8c02 ☠ ☠
authorJulian Seward <jseward@acm.org>
Mon, 11 Mar 2019 10:36:33 +0100
changeset 463428 0a14e20db6a15ec557afd2d8e50b1cb30f468ca6
parent 463427 cdb2110b85f32263e6213ee39e6cc9dc37945a03
child 463429 85952c9c8c02e28de331622831432ef3c0f0d66a
push id112384
push userjseward@mozilla.com
push dateMon, 11 Mar 2019 11:30:21 +0000
treeherdermozilla-inbound@0a14e20db6a1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1533204
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533204 - Crash [@ js::jit::CompileRuntime::mainContextPtr] with asm.js. r=jandem. Baldr: in CodeGenerator::generateBody, don't call resetOsiPointRegs on safepoints associated with Wasm code.
js/src/jit-test/tests/wasm/regress/bug1533204.js
js/src/jit/CodeGenerator.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/regress/bug1533204.js
@@ -0,0 +1,9 @@
+enableOsiPointRegisterChecks();
+evalInWorker(`
+function DiagModule(stdlib, foreign) {
+    "use asm";
+    function diag() {
+        while(1) {}
+    }
+    return {};
+`);
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -6337,17 +6337,17 @@ bool CodeGenerator::generateBody() {
       JitSpewFin(JitSpew_Codegen);
 #endif
 
       if (counts) {
         blockCounts->visitInstruction(*iter);
       }
 
 #ifdef CHECK_OSIPOINT_REGISTERS
-      if (iter->safepoint()) {
+      if (iter->safepoint() && !gen->compilingWasm()) {
         resetOsiPointRegs(iter->safepoint());
       }
 #endif
 
       if (iter->mirRaw()) {
         // Only add instructions that have a tracked inline script tree.
         if (iter->mirRaw()->trackedTree()) {
           if (!addNativeToBytecodeEntry(iter->mirRaw()->trackedSite())) {