Bug 1344334 - Make DoTypeUpdateFallback infallible. r=h4writer
authorJan de Mooij <jdemooij@mozilla.com>
Tue, 07 Mar 2017 15:57:28 +0100
changeset 346365 4e6fc030c70b70b13f0bd59dd43443bacbc43b21
parent 346364 340e7f8a7229786fc8808d4a78983338997f81f3
child 346366 a8d5f142c025a938b6af1656443b9eac20020e94
push id31465
push userkwierso@gmail.com
push dateWed, 08 Mar 2017 00:40:52 +0000
treeherdermozilla-central@58753259bfeb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersh4writer
bugs1344334
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1344334 - Make DoTypeUpdateFallback infallible. r=h4writer
js/src/jit-test/tests/baseline/bug1344334.js
js/src/jit/BaselineIC.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/baseline/bug1344334.js
@@ -0,0 +1,14 @@
+if (!('oomTest' in this))
+    quit();
+
+function f(s) {
+    s + "x";
+    s.indexOf("y") === 0;
+    oomTest(new Function(s));
+}
+var s = `
+    class TestClass { constructor() {} }
+    for (var fun of hasPrototype) {}
+`;
+if (s.length)
+    f(s);
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -324,17 +324,24 @@ DoTypeUpdateFallback(JSContext* cx, Base
         JSObject* maybeSingleton = obj->isSingleton() ? obj.get() : nullptr;
         AddTypePropertyId(cx, group, maybeSingleton, id, value);
         break;
       }
       default:
         MOZ_CRASH("Invalid stub");
     }
 
-    return stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value);
+    if (!stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value)) {
+        // The calling JIT code assumes this function is infallible (for
+        // instance we may reallocate dynamic slots before calling this),
+        // so ignore OOMs if we failed to attach a stub.
+        cx->recoverFromOutOfMemory();
+    }
+
+    return true;
 }
 
 typedef bool (*DoTypeUpdateFallbackFn)(JSContext*, BaselineFrame*, ICUpdatedStub*, HandleValue,
                                        HandleValue);
 const VMFunction DoTypeUpdateFallbackInfo =
     FunctionInfo<DoTypeUpdateFallbackFn>(DoTypeUpdateFallback, "DoTypeUpdateFallback", NonTailCall);
 
 bool