Bug 1226896 - Fix OOM handling related to script counts r=nbp
authorJon Coppeard <jcoppeard@mozilla.com>
Tue, 24 Nov 2015 17:27:35 +0000
changeset 273938 ae0f0b8d2d06bc5100fc2250ad72e3475a49522f
parent 273937 55b18b66242c548f91ff961f70501227f0645c9f
child 273939 226fe77322b7212c9008302588efc898b3366255
push id68441
push userjcoppeard@mozilla.com
push dateTue, 24 Nov 2015 17:28:32 +0000
treeherdermozilla-inbound@eb9e244e3834 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnbp
bugs1226896
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1226896 - Fix OOM handling related to script counts r=nbp
js/src/jit-test/tests/gc/bug-1226896.js
js/src/jit/BaselineCompiler.cpp
js/src/jsscript.cpp
js/src/vm/Interpreter.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1226896.js
@@ -0,0 +1,9 @@
+// |jit-test| --ion-pgo=on
+
+if (!('oomTest' in this))
+   quit();
+
+oomTest(() => {
+    var g = newGlobal();
+    g.eval("(function() {})()");
+});
--- a/js/src/jit/BaselineCompiler.cpp
+++ b/js/src/jit/BaselineCompiler.cpp
@@ -92,18 +92,20 @@ BaselineCompiler::compile()
     AutoTraceLog logCompile(logger, TraceLogger_BaselineCompilation);
 
     if (!script->ensureHasTypes(cx) || !script->ensureHasAnalyzedArgsUsage(cx))
         return Method_Error;
 
     // When a Debugger set the collectCoverageInfo flag, we recompile baseline
     // scripts without entering the interpreter again. We have to create the
     // ScriptCounts if they do not exist.
-    if (!script->hasScriptCounts() && cx->compartment()->collectCoverage())
-        script->initScriptCounts(cx);
+    if (!script->hasScriptCounts() && cx->compartment()->collectCoverage()) {
+        if (!script->initScriptCounts(cx))
+            return Method_Error;
+    }
 
     // Pin analysis info during compilation.
     AutoEnterAnalysis autoEnterAnalysis(cx);
 
     MOZ_ASSERT(!script->hasBaselineScript());
 
     if (!emitPrologue())
         return Method_Error;
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@@ -1370,20 +1370,25 @@ JSScript::initScriptCounts(JSContext* cx
 
     for (size_t i = 0; i < jumpTargets.length(); i++)
         base.infallibleEmplaceBack(pcToOffset(jumpTargets[i]));
 
     // Create compartment's scriptCountsMap if necessary.
     ScriptCountsMap* map = compartment()->scriptCountsMap;
     if (!map) {
         map = cx->new_<ScriptCountsMap>();
-        if (!map || !map->init()) {
+        if (!map)
+            return false;
+
+        if (!map->init()) {
             js_delete(map);
+            ReportOutOfMemory(cx);
             return false;
         }
+
         compartment()->scriptCountsMap = map;
     }
 
     // Register the current ScriptCount in the compartment's map.
     if (!map->putNew(this, Move(base)))
         return false;
 
     // safe to set this;  we can't fail after this point.
--- a/js/src/vm/Interpreter.cpp
+++ b/js/src/vm/Interpreter.cpp
@@ -1665,17 +1665,18 @@ Interpret(JSContext* cx, RunState& state
 INTERPRETER_LOOP() {
 
 CASE(EnableInterruptsPseudoOpcode)
 {
     bool moreInterrupts = false;
     jsbytecode op = *REGS.pc;
 
     if (!script->hasScriptCounts() && cx->compartment()->collectCoverage()) {
-        script->initScriptCounts(cx);
+        if (!script->initScriptCounts(cx))
+            goto error;
         moreInterrupts = true;
     }
 
     if (script->hasScriptCounts()) {
         PCCounts* counts = script->maybeGetPCCounts(REGS.pc);
         if (counts)
             counts->numExec()++;
         moreInterrupts = true;