Bug 1111327 - Fix AsmJSModule::clone to duplicate profiling labels (r=dougc)
authorLuke Wagner <luke@mozilla.com>
Tue, 16 Dec 2014 08:59:53 -0600
changeset 219923 47fdf63700085a4fb75f47ca78e87e7a89629521
parent 219922 139e84c2fe8196ead2a0aabde4182e658945e49c
child 219924 473ecad73b44b88f88c858727c9431f351d76820
push id52949
push userlwagner@mozilla.com
push dateTue, 16 Dec 2014 15:02:53 +0000
treeherdermozilla-inbound@47fdf6370008 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdougc
bugs1111327
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1111327 - Fix AsmJSModule::clone to duplicate profiling labels (r=dougc)
js/src/asmjs/AsmJSModule.cpp
js/src/asmjs/AsmJSModule.h
js/src/jit-test/tests/asm.js/testBug1111327.js
--- a/js/src/asmjs/AsmJSModule.cpp
+++ b/js/src/asmjs/AsmJSModule.cpp
@@ -1491,16 +1491,21 @@ AsmJSModule::serializedSize() const
            SerializedVectorSize(profiledFunctions_) +
 #endif
            staticLinkData_.serializedSize();
 }
 
 uint8_t *
 AsmJSModule::serialize(uint8_t *cursor) const
 {
+    MOZ_ASSERT(!dynamicallyLinked_);
+    MOZ_ASSERT(!loadedFromCache_);
+    MOZ_ASSERT(!profilingEnabled_);
+    MOZ_ASSERT(!interrupted_);
+
     cursor = WriteBytes(cursor, &pod, sizeof(pod));
     cursor = WriteBytes(cursor, code_, pod.codeBytes_);
     cursor = SerializeName(cursor, globalArgumentName_);
     cursor = SerializeName(cursor, importArgumentName_);
     cursor = SerializeName(cursor, bufferArgumentName_);
     cursor = SerializeVector(cursor, globals_);
     cursor = SerializeVector(cursor, exits_);
     cursor = SerializeVector(cursor, exports_);
@@ -1585,16 +1590,26 @@ AsmJSModule::clone(JSContext *cx, Scoped
         !staticLinkData_.clone(cx, &out.staticLinkData_))
     {
         return false;
     }
 
     out.loadedFromCache_ = loadedFromCache_;
     out.profilingEnabled_ = profilingEnabled_;
 
+    if (profilingEnabled_) {
+        if (!out.profilingLabels_.resize(profilingLabels_.length()))
+            return false;
+        for (size_t i = 0; i < profilingLabels_.length(); i++) {
+            out.profilingLabels_[i] = DuplicateString(cx, profilingLabels_[i].get());
+            if (!out.profilingLabels_[i])
+                return false;
+        }
+    }
+
     // We already know the exact extent of areas that need to be patched, just make sure we
     // flush all of them at once.
     out.setAutoFlushICacheRange();
 
     out.restoreToInitialState(maybeHeap_, code_, cx);
     return true;
 }
 
--- a/js/src/asmjs/AsmJSModule.h
+++ b/js/src/asmjs/AsmJSModule.h
@@ -640,17 +640,17 @@ class AsmJSModule
         PropertyName *name() const { return name_; }
         PropertyName *&name() { return name_; }
         size_t serializedSize() const;
         uint8_t *serialize(uint8_t *cursor) const;
         const uint8_t *deserialize(ExclusiveContext *cx, const uint8_t *cursor);
         bool clone(ExclusiveContext *cx, Name *out) const;
     };
 
-    typedef mozilla::UniquePtr<char, JS::FreePolicy> ProfilingLabel;
+    typedef mozilla::UniquePtr<char[], JS::FreePolicy> ProfilingLabel;
 
 #if defined(MOZ_VTUNE) || defined(JS_ION_PERF)
     // Function information to add to the VTune JIT profiler following linking.
     struct ProfiledFunction
     {
         PropertyName *name;
         struct Pod {
             unsigned startCodeOffset;
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/asm.js/testBug1111327.js
@@ -0,0 +1,11 @@
+load(libdir + "asm.js");
+
+// Single-step profiling currently only works in the ARM simulator
+if (!getBuildConfiguration()["arm-simulator"])
+    quit();
+
+enableSPSProfiling();
+enableSingleStepProfiling();
+var m = asmCompile(USE_ASM + 'function f() {} return f');
+asmLink(m)();
+asmLink(m)();