Bug 1264948 - MBasicBlock::addPredecessor, check for OOMs when allocating Phi nodes. r=h4writer
☠☠ backed out by 6e2527718052 ☠ ☠
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Fri, 10 Jun 2016 16:56:28 +0000
changeset 377678 c8ee3d05669522daa682ebb4b6c46fcfa858db8b
parent 377677 dcf8fc5c0f3492c867474ce342a66ada2ad6a447
child 377679 74d0a284f6ff1a2603d44afac6658077b963640a
push id20857
push userbmo:james@hoppipolla.co.uk
push dateSun, 12 Jun 2016 16:59:39 +0000
reviewersh4writer
bugs1264948
milestone50.0a1
Bug 1264948 - MBasicBlock::addPredecessor, check for OOMs when allocating Phi nodes. r=h4writer
js/src/jit/MIR.h
js/src/jit/MIRGraph.cpp
--- a/js/src/jit/MIR.h
+++ b/js/src/jit/MIR.h
@@ -7535,16 +7535,19 @@ class MPhi final
 #endif
     {
         setResultType(resultType);
     }
 
     static MPhi* New(TempAllocator& alloc, MIRType resultType = MIRType::Value) {
         return new(alloc) MPhi(alloc, resultType);
     }
+    static MPhi* New(TempAllocator::Fallible alloc, MIRType resultType = MIRType::Value) {
+        return new(alloc) MPhi(alloc.alloc, resultType);
+    }
 
     void removeOperand(size_t index);
     void removeAllOperands();
 
     MDefinition* getOperand(size_t index) const override {
         return inputs_[index].producer();
     }
     size_t numOperands() const override {
--- a/js/src/jit/MIRGraph.cpp
+++ b/js/src/jit/MIRGraph.cpp
@@ -1188,19 +1188,21 @@ MBasicBlock::addPredecessorPopN(TempAllo
             if (mine->isPhi() && mine->block() == this) {
                 MOZ_ASSERT(predecessors_.length());
                 if (!mine->toPhi()->addInputSlow(other))
                     return false;
             } else {
                 // Otherwise, create a new phi node.
                 MPhi* phi;
                 if (mine->type() == other->type())
-                    phi = MPhi::New(alloc, mine->type());
+                    phi = MPhi::New(alloc.fallible(), mine->type());
                 else
-                    phi = MPhi::New(alloc);
+                    phi = MPhi::New(alloc.fallible());
+                if (!phi)
+                    return false;
                 addPhi(phi);
 
                 // Prime the phi for each predecessor, so input(x) comes from
                 // predecessor(x).
                 if (!phi->reserveLength(predecessors_.length() + 1))
                     return false;
 
                 for (size_t j = 0, numPreds = predecessors_.length(); j < numPreds; ++j) {