Bug 1533204 - Crash [@ js::jit::CompileRuntime::mainContextPtr] with asm.js. r=jandem.
☠☠ backed out by 85952c9c8c02 ☠ ☠
authorJulian Seward <jseward@acm.org>
Mon, 11 Mar 2019 10:36:33 +0100
changeset 521349 0a14e20db6a15ec557afd2d8e50b1cb30f468ca6
parent 521309 cdb2110b85f32263e6213ee39e6cc9dc37945a03
child 521350 85952c9c8c02e28de331622831432ef3c0f0d66a
push id10866
push usernerli@mozilla.com
push dateTue, 12 Mar 2019 18:59:09 +0000
treeherdermozilla-beta@445c24a51727 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1533204
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533204 - Crash [@ js::jit::CompileRuntime::mainContextPtr] with asm.js. r=jandem. Baldr: in CodeGenerator::generateBody, don't call resetOsiPointRegs on safepoints associated with Wasm code.
js/src/jit-test/tests/wasm/regress/bug1533204.js
js/src/jit/CodeGenerator.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/regress/bug1533204.js
@@ -0,0 +1,9 @@
+enableOsiPointRegisterChecks();
+evalInWorker(`
+function DiagModule(stdlib, foreign) {
+    "use asm";
+    function diag() {
+        while(1) {}
+    }
+    return {};
+`);
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -6337,17 +6337,17 @@ bool CodeGenerator::generateBody() {
       JitSpewFin(JitSpew_Codegen);
 #endif
 
       if (counts) {
         blockCounts->visitInstruction(*iter);
       }
 
 #ifdef CHECK_OSIPOINT_REGISTERS
-      if (iter->safepoint()) {
+      if (iter->safepoint() && !gen->compilingWasm()) {
         resetOsiPointRegs(iter->safepoint());
       }
 #endif
 
       if (iter->mirRaw()) {
         // Only add instructions that have a tracked inline script tree.
         if (iter->mirRaw()->trackedTree()) {
           if (!addNativeToBytecodeEntry(iter->mirRaw()->trackedSite())) {