Bug 1310418 - Fix Assertion failure: this->is<MIRType>(), at js/src/jit/MIR.h:891 r=nbp
authorSander Mathijs van Veen <sander@leaningtech.com>
Tue, 25 Oct 2016 16:52:53 +0200
changeset 362249 370e304078ebea97624799d66bb549bee52fd3cf
parent 362248 596e116970344aabd3e43b9782d9b779eb4a68eb
child 362250 733063079b8e2d99364ceab3ca51e1f024314b26
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-beta@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnbp
bugs1310418
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1310418 - Fix Assertion failure: this->is<MIRType>(), at js/src/jit/MIR.h:891 r=nbp
js/src/jit-test/tests/basic/bug1310418.js
js/src/jit/FoldLinearArithConstants.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug1310418.js
@@ -0,0 +1,9 @@
+(function(stdlib, n, heap) {
+    "use asm";
+    var Uint8ArrayView = new stdlib.Uint8Array(heap);
+    function f(d1) {
+        d1 = +d1;
+        var d2 = .0;
+        Uint8ArrayView[d1 < d2] = 0 + 3 + (d2 > -0);
+    }
+})(this, 0>>0, new Int32Array(0))
--- a/js/src/jit/FoldLinearArithConstants.cpp
+++ b/js/src/jit/FoldLinearArithConstants.cpp
@@ -47,23 +47,26 @@ AnalyzeAdd(TempAllocator& alloc, MAdd* a
         return;
 
     JitSpew(JitSpew_FLAC, "analyze add: %s%u", add->opName(), add->id());
 
     SimpleLinearSum sum = ExtractLinearSum(add);
     if (sum.constant == 0 || !sum.term)
         return;
 
-    // Do not replace an add where the outcome is the same add instruction.
+    // Determine which operand is the constant.
     int idx = add->getOperand(0)->isConstant() ? 0 : 1 ;
-    MOZ_ASSERT(add->getOperand(idx)->toConstant()->type() == MIRType::Int32);
-    if (sum.term == add->getOperand(1 - idx) ||
-        sum.constant == add->getOperand(idx)->toConstant()->toInt32())
-    {
-        return;
+    if (add->getOperand(idx)->isConstant()) {
+        // Do not replace an add where the outcome is the same add instruction.
+        MOZ_ASSERT(add->getOperand(idx)->toConstant()->type() == MIRType::Int32);
+        if (sum.term == add->getOperand(1 - idx) ||
+            sum.constant == add->getOperand(idx)->toConstant()->toInt32())
+        {
+            return;
+        }
     }
 
     MInstruction* rhs = MConstant::New(alloc, Int32Value(sum.constant));
     add->block()->insertBefore(add, rhs);
 
     MAdd* addNew = MAdd::NewAsmJS(alloc, sum.term, rhs, MIRType::Int32);
 
     add->replaceAllLiveUsesWith(addNew);