Bug 1601072 part 3 - Assert all backward jumps are to a JSOP_LOOPHEAD. r=arai,jorendorff
authorJan de Mooij <jdemooij@mozilla.com>
Mon, 16 Dec 2019 07:13:08 +0000
changeset 507046 f2fefbe8b9dbe19350d93ea13997f11c9fe6561a
parent 507045 099b03af31e1e873e46063d4b11232dc20e0752b
child 507047 e1ef71575321e3a606eac6e8ff396110c5c13949
push id36922
push userncsoregi@mozilla.com
push dateMon, 16 Dec 2019 17:21:47 +0000
treeherdermozilla-central@27d0d6cc2131 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersarai, jorendorff
bugs1601072
milestone73.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1601072 part 3 - Assert all backward jumps are to a JSOP_LOOPHEAD. r=arai,jorendorff Differential Revision: https://phabricator.services.mozilla.com/D56717
js/src/vm/JSScript.cpp
--- a/js/src/vm/JSScript.cpp
+++ b/js/src/vm/JSScript.cpp
@@ -4579,16 +4579,21 @@ void JSScript::assertValidJumpTargets() 
   AllBytecodesIterable iter(this);
   for (BytecodeLocation loc : iter) {
     // Check jump instructions' target.
     if (loc.isJump()) {
       BytecodeLocation target = loc.getJumpTarget();
       MOZ_ASSERT(mainLoc <= target && target < endLoc);
       MOZ_ASSERT(target.isJumpTarget());
 
+      // All backward jumps must be to a JSOP_LOOPHEAD op. This is an invariant
+      // we want to maintain to simplify JIT compilation and bytecode analysis.
+      MOZ_ASSERT_IF(target < loc, target.is(JSOP_LOOPHEAD));
+      MOZ_ASSERT_IF(target < loc, IsBackedgePC(loc.toRawBytecode()));
+
       // Check fallthrough of conditional jump instructions.
       if (loc.fallsThrough()) {
         BytecodeLocation fallthrough = loc.next();
         MOZ_ASSERT(mainLoc <= fallthrough && fallthrough < endLoc);
         MOZ_ASSERT(fallthrough.isJumpTarget());
       }
     }