Bug 1353356 - Add rematerialized frames to the table on JitActivation after rematerialization succeeds. (r=jandem)
authorShu-yu Guo <shu@rfrn.org>
Mon, 05 Jun 2017 16:58:50 -0700
changeset 362464 187554939350e5c0c66be425eb3425eccabf6455
parent 362463 8d0269a6e46499ab2e15c62d433fa913537096f0
child 362465 2128f5860eb4774a5e3ab85eda1a0383e652afe0
push id31978
push userarchaeopteryx@coole-files.de
push dateTue, 06 Jun 2017 09:21:30 +0000
treeherdermozilla-central@58ce95bc58ce [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1353356
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1353356 - Add rematerialized frames to the table on JitActivation after rematerialization succeeds. (r=jandem)
js/src/jit-test/tests/debug/bug1353356.js
js/src/vm/Stack.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/debug/bug1353356.js
@@ -0,0 +1,65 @@
+// |jit-test| allow-oom; --fuzzing-safe
+
+var lfLogBuffer = `
+//corefuzz-dcd-endofdata
+//corefuzz-dcd-endofdata
+//corefuzz-dcd-endofdata
+    setJitCompilerOption("ion.warmup.trigger", 4);
+    var g = newGlobal();
+    g.debuggeeGlobal = this;
+    g.eval("(" + function () {
+        dbg = new Debugger(debuggeeGlobal);
+        dbg.onExceptionUnwind = function (frame, exc) {
+            var s = '!';
+            for (var f = frame; f; f = f.older)
+            debuggeeGlobal.log += s;
+        };
+    } + ")();");
+      j('Number.prototype.toSource.call([])');
+//corefuzz-dcd-endofdata
+//corefuzz-dcd-endofdata
+//corefuzz-dcd-endofdata
+//corefuzz-dcd-selectmode 4
+//corefuzz-dcd-endofdata
+}
+//corefuzz-dcd-endofdata
+//corefuzz-dcd-selectmode 5
+//corefuzz-dcd-endofdata
+oomTest(() => i({
+    new  : (true  ),
+    thisprops: true
+}));
+`;
+lfLogBuffer = lfLogBuffer.split('\n');
+var lfRunTypeId = -1;
+var lfCodeBuffer = "";
+while (true) {
+    var line = lfLogBuffer.shift();
+    if (line == null) {
+        break;
+    } else if (line == "//corefuzz-dcd-endofdata") {
+        loadFile(lfCodeBuffer);
+        lfCodeBuffer = "";
+        loadFile(line);
+    } else {
+        lfCodeBuffer += line + "\n";
+    }
+}
+if (lfCodeBuffer) loadFile(lfCodeBuffer);
+function loadFile(lfVarx) {
+    try {
+        if (lfVarx.indexOf("//corefuzz-dcd-selectmode ") === 0) {
+            lfRunTypeId = parseInt(lfVarx.split(" ")[1]) % 6;
+        } else {
+            switch (lfRunTypeId) {
+                case 4:
+                    oomTest(function() {
+                        let m = parseModule(lfVarx);
+                    });
+                    break;
+                default:
+                    evaluate(lfVarx);
+            }
+        }
+    } catch (lfVare) {}
+}
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@@ -1534,38 +1534,36 @@ jit::JitActivation::getRematerializedFra
             ReportOutOfMemory(cx);
             return nullptr;
         }
     }
 
     uint8_t* top = iter.fp();
     RematerializedFrameTable::AddPtr p = rematerializedFrames_->lookupForAdd(top);
     if (!p) {
-        RematerializedFrameVector empty(cx);
-        if (!rematerializedFrames_->add(p, top, Move(empty))) {
-            ReportOutOfMemory(cx);
-            return nullptr;
-        }
+        RematerializedFrameVector frames(cx);
 
         // The unit of rematerialization is an uninlined frame and its inlined
         // frames. Since inlined frames do not exist outside of snapshots, it
         // is impossible to synchronize their rematerialized copies to
         // preserve identity. Therefore, we always rematerialize an uninlined
         // frame and all its inlined frames at once.
         InlineFrameIterator inlineIter(cx, &iter);
         MaybeReadFallback recover(cx, this, &iter);
 
         // Frames are often rematerialized with the cx inside a Debugger's
         // compartment. To recover slots and to create CallObjects, we need to
         // be in the activation's compartment.
         AutoCompartmentUnchecked ac(cx, compartment_);
 
-        if (!RematerializedFrame::RematerializeInlineFrames(cx, top, inlineIter, recover,
-                                                            p->value()))
-        {
+        if (!RematerializedFrame::RematerializeInlineFrames(cx, top, inlineIter, recover, frames))
+            return nullptr;
+
+        if (!rematerializedFrames_->add(p, top, Move(frames))) {
+            ReportOutOfMemory(cx);
             return nullptr;
         }
 
         // See comment in unsetPrevUpToDateUntil.
         DebugEnvironments::unsetPrevUpToDateUntil(cx, p->value()[inlineDepth]);
     }
 
     return p->value()[inlineDepth];