Bug 1533204 - Crash [@ js::jit::CompileRuntime::mainContextPtr] with asm.js. r=jandem.
☠☠ backed out by 85952c9c8c02 ☠ ☠
authorJulian Seward <jseward@acm.org>
Mon, 11 Mar 2019 10:36:33 +0100
changeset 521349 0a14e20db6a1
parent 521309 cdb2110b85f3
child 521350 85952c9c8c02
push id10866
push usernerli@mozilla.com
push dateTue, 12 Mar 2019 18:59:09 +0000
treeherdermozilla-beta@445c24a51727 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1533204
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533204 - Crash [@ js::jit::CompileRuntime::mainContextPtr] with asm.js. r=jandem. Baldr: in CodeGenerator::generateBody, don't call resetOsiPointRegs on safepoints associated with Wasm code.
js/src/jit-test/tests/wasm/regress/bug1533204.js
js/src/jit/CodeGenerator.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/regress/bug1533204.js
@@ -0,0 +1,9 @@
+enableOsiPointRegisterChecks();
+evalInWorker(`
+function DiagModule(stdlib, foreign) {
+    "use asm";
+    function diag() {
+        while(1) {}
+    }
+    return {};
+`);
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -6337,17 +6337,17 @@ bool CodeGenerator::generateBody() {
       JitSpewFin(JitSpew_Codegen);
 #endif
 
       if (counts) {
         blockCounts->visitInstruction(*iter);
       }
 
 #ifdef CHECK_OSIPOINT_REGISTERS
-      if (iter->safepoint()) {
+      if (iter->safepoint() && !gen->compilingWasm()) {
         resetOsiPointRegs(iter->safepoint());
       }
 #endif
 
       if (iter->mirRaw()) {
         // Only add instructions that have a tracked inline script tree.
         if (iter->mirRaw()->trackedTree()) {
           if (!addNativeToBytecodeEntry(iter->mirRaw()->trackedSite())) {