Bug 777186 - Detect NULL return from newBlock(). r=dvander
authorSean Stangl <sstangl@mozilla.com>
Wed, 19 Sep 2012 12:18:00 -0700
changeset 107536 3073e4bb03ffdee7a987714ca3da4ef768f19912
parent 107535 ebd274828b7fb2ce3ffc72043094a295500f0e2f
child 107537 fdc9029194ed3e22c875978826230aa859b9135d
push id23490
push userMs2ger@gmail.com
push dateThu, 20 Sep 2012 11:22:06 +0000
treeherdermozilla-central@6a2d1a3556b9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdvander
bugs777186
milestone18.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 777186 - Detect NULL return from newBlock(). r=dvander
js/src/ion/IonBuilder.cpp
--- a/js/src/ion/IonBuilder.cpp
+++ b/js/src/ion/IonBuilder.cpp
@@ -260,17 +260,18 @@ IonBuilder::pushLoop(CFGState::State ini
 bool
 IonBuilder::build()
 {
     current = newBlock(pc);
     if (!current)
         return false;
 
     IonSpew(IonSpew_Scripts, "Analyzing script %s:%d (%p) (usecount=%d) (maxloopcount=%d)",
-            script->filename, script->lineno, (void *) script, (int) script->getUseCount(), (int) script->getMaxLoopCount());
+            script->filename, script->lineno, (void *)script, (int)script->getUseCount(),
+            (int)script->getMaxLoopCount());
 
     if (!graph().addScript(script))
         return false;
 
     if (!initParameters())
         return false;
 
     // Initialize local variables.
@@ -1597,17 +1598,17 @@ IonBuilder::processTableSwitchEnd(CFGSta
     // Else create a block with current as predecessor
     MBasicBlock *successor = NULL;
     if (state.tableswitch.breaks)
         successor = createBreakCatchBlock(state.tableswitch.breaks, state.tableswitch.exitpc);
     else
         successor = newBlock(current, state.tableswitch.exitpc);
 
     if (!successor)
-        return ControlStatus_Ended;
+        return ControlStatus_Error;
 
     // If there is current, the current block flows into this one.
     // So current is also a predecessor to this block
     if (current) {
         current->end(MGoto::New(successor));
         if (state.tableswitch.breaks)
             successor->addPredecessor(current);
     }
@@ -1935,18 +1936,21 @@ IonBuilder::doWhileLoop(JSOp op, jssrcno
     MBasicBlock *header = newPendingLoopHeader(current, pc);
     if (!header)
         return ControlStatus_Error;
     current->end(MGoto::New(header));
 
     jsbytecode *bodyStart = GetNextPc(GetNextPc(pc));
     jsbytecode *bodyEnd = conditionpc;
     jsbytecode *exitpc = GetNextPc(ifne);
-    if (!pushLoop(CFGState::DO_WHILE_LOOP_BODY, conditionpc, header, bodyStart, bodyEnd, exitpc, conditionpc))
+    if (!pushLoop(CFGState::DO_WHILE_LOOP_BODY, conditionpc, header,
+                  bodyStart, bodyEnd, exitpc, conditionpc))
+    {
         return ControlStatus_Error;
+    }
 
     CFGState &state = cfgStack_.back();
     state.loop.updatepc = conditionpc;
     state.loop.updateEnd = ifne;
 
     current = header;
     if (!jsop_loophead(GetNextPc(pc)))
         return ControlStatus_Error;
@@ -3207,16 +3211,18 @@ IonBuilder::inlineScriptedCall(AutoObjec
                 getPropCache = NULL;
         }
     }
 
     // Create a |bottom| block for all the callee subgraph exits to jump to.
     JS_ASSERT(types::IsInlinableCall(pc));
     jsbytecode *postCall = GetNextPc(pc);
     MBasicBlock *bottom = newBlock(NULL, postCall);
+    if (!bottom)
+        return false;
     bottom->setCallerResumePoint(callerResumePoint_);
 
     Vector<MDefinition *, 8, IonAllocPolicy> retvalDefns;
 
     // Do the inline build. Return value definitions are stored in retvalDefns.
     // The monomorphic inlining only occurs if we're not handling a getPropCache guard
     // optimization.  The reasoning for this is as follows:
     //      If there was a single object type leading to a single inlineable function, then
@@ -3309,17 +3315,18 @@ IonBuilder::inlineScriptedCall(AutoObjec
 
             // Only need to phi returns together if there's more than one
             if (retvalDefns.length() > 1) {
                 // This is the same depth as the phi node of the 'bottom' block
                 // after all of the 'pops' happen (see pop() sequence below)
                 MPhi *phi = MPhi::New(inlineBottom->stackDepth() - argc - 2);
                 inlineBottom->addPhi(phi);
 
-                for (MDefinition **it = retvalDefns.begin(), **end = retvalDefns.end(); it != end; ++it) {
+                MDefinition **it = retvalDefns.begin(), **end = retvalDefns.end();
+                for (; it != end; ++it) {
                     if (!phi->addInput(*it))
                         return false;
                 }
                 // retvalDefns should become a singleton vector of 'phi'
                 retvalDefns.clear();
                 if (!retvalDefns.append(phi))
                     return false;
             }
@@ -4087,17 +4094,18 @@ IonBuilder::jsop_initprop(HandleProperty
 
         current->add(store);
         return resumeAfter(store);
     }
 
     MSlots *slots = MSlots::New(obj);
     current->add(slots);
 
-    MStoreSlot *store = MStoreSlot::New(slots, templateObject->dynamicSlotIndex(shape->slot()), value);
+    uint32 slot = templateObject->dynamicSlotIndex(shape->slot());
+    MStoreSlot *store = MStoreSlot::New(slots, slot, value);
     if (needsBarrier)
         store->setNeedsBarrier();
 
     current->add(store);
     return resumeAfter(store);
 }
 
 MBasicBlock *
@@ -5025,17 +5033,18 @@ IonBuilder::jsop_getelem_typed(int array
         // be valid and unbarriered.
         JS_ASSERT_IF(knownType == MIRType_Int32, types->hasType(types::Type::Int32Type()));
         JS_ASSERT_IF(knownType == MIRType_Double, types->hasType(types::Type::DoubleType()));
         return true;
     } else {
         // Assume we will read out-of-bound values. In this case the
         // bounds check will be part of the instruction, and the instruction
         // will always return a Value.
-        MLoadTypedArrayElementHole *load = MLoadTypedArrayElementHole::New(obj, id, arrayType, allowDouble);
+        MLoadTypedArrayElementHole *load =
+            MLoadTypedArrayElementHole::New(obj, id, arrayType, allowDouble);
         current->add(load);
         current->push(load);
 
         return resumeAfter(load) && pushTypeBarrier(load, types, barrier);
     }
 }
 
 bool