Bug 1216277 - Don't assert properties of the buffer location if the assembler is out of memory r=jandem
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 21 Oct 2015 15:14:13 +0100
changeset 302172 c957a53970002745c631f493a47fa589a4b4c1b1
parent 302171 e532df30d2a14409ce4a25e2a127468bf3eee55b
child 302173 874761c630c2d02abff6bd179985ce81b9ce64a9
push idunknown
push userunknown
push dateunknown
reviewersjandem
bugs1216277
milestone44.0a1
Bug 1216277 - Don't assert properties of the buffer location if the assembler is out of memory r=jandem
js/src/jit/shared/CodeGenerator-shared.cpp
--- a/js/src/jit/shared/CodeGenerator-shared.cpp
+++ b/js/src/jit/shared/CodeGenerator-shared.cpp
@@ -327,17 +327,17 @@ CodeGeneratorShared::addTrackedOptimizat
         return true;
 
     MOZ_ASSERT(optimizations);
 
     uint32_t nativeOffset = masm.currentOffset();
 
     if (!trackedOptimizations_.empty()) {
         NativeToTrackedOptimizations& lastEntry = trackedOptimizations_.back();
-        MOZ_ASSERT(nativeOffset >= lastEntry.endOffset.offset());
+        MOZ_ASSERT_IF(!masm.oom(), nativeOffset >= lastEntry.endOffset.offset());
 
         // If we're still generating code for the same set of optimizations,
         // we are done.
         if (lastEntry.optimizations == optimizations)
             return true;
     }
 
     // If we're generating code for a new set of optimizations, add a new
@@ -353,17 +353,17 @@ void
 CodeGeneratorShared::extendTrackedOptimizationsEntry(const TrackedOptimizations* optimizations)
 {
     if (!isOptimizationTrackingEnabled())
         return;
 
     uint32_t nativeOffset = masm.currentOffset();
     NativeToTrackedOptimizations& entry = trackedOptimizations_.back();
     MOZ_ASSERT(entry.optimizations == optimizations);
-    MOZ_ASSERT(nativeOffset >= entry.endOffset.offset());
+    MOZ_ASSERT_IF(!masm.oom(), nativeOffset >= entry.endOffset.offset());
 
     entry.endOffset = CodeOffsetLabel(nativeOffset);
 
     // If we generated no code, remove the last entry.
     if (nativeOffset == entry.startOffset.offset())
         trackedOptimizations_.popBack();
 }
 
@@ -920,55 +920,68 @@ CodeGeneratorShared::generateCompactTrac
     JitSpew(JitSpew_OptimizationTracking,
             "     with type list of length %u, size %u",
             allTypes->length(), allTypes->length() * sizeof(IonTrackedTypeWithAddendum));
 
     return true;
 }
 
 #ifdef DEBUG
-// Since this is a DEBUG-only verification, crash on OOM in the forEach ops
-// below.
-
 class ReadTempAttemptsVectorOp : public JS::ForEachTrackedOptimizationAttemptOp
 {
     TempOptimizationAttemptsVector* attempts_;
+    bool oom_;
 
   public:
     explicit ReadTempAttemptsVectorOp(TempOptimizationAttemptsVector* attempts)
-      : attempts_(attempts)
+      : attempts_(attempts), oom_(false)
     { }
 
+    bool oom() {
+        return oom_;
+    }
+
     void operator()(JS::TrackedStrategy strategy, JS::TrackedOutcome outcome) override {
-        MOZ_ALWAYS_TRUE(attempts_->append(OptimizationAttempt(strategy, outcome)));
+        if (!attempts_->append(OptimizationAttempt(strategy, outcome)))
+            oom_ = true;
     }
 };
 
 struct ReadTempTypeInfoVectorOp : public IonTrackedOptimizationsTypeInfo::ForEachOp
 {
     TempAllocator& alloc_;
     TempOptimizationTypeInfoVector* types_;
     TempTypeList accTypes_;
+    bool oom_;
 
   public:
     ReadTempTypeInfoVectorOp(TempAllocator& alloc, TempOptimizationTypeInfoVector* types)
       : alloc_(alloc),
         types_(types),
-        accTypes_(alloc)
+        accTypes_(alloc),
+        oom_(false)
     { }
 
+    bool oom() {
+        return oom_;
+    }
+
     void readType(const IonTrackedTypeWithAddendum& tracked) override {
-        MOZ_ALWAYS_TRUE(accTypes_.append(tracked.type));
+        if (!accTypes_.append(tracked.type))
+            oom_ = true;
     }
 
     void operator()(JS::TrackedTypeSite site, MIRType mirType) override {
         OptimizationTypeInfo ty(alloc_, site, mirType);
-        for (uint32_t i = 0; i < accTypes_.length(); i++)
-            MOZ_ALWAYS_TRUE(ty.trackType(accTypes_[i]));
-        MOZ_ALWAYS_TRUE(types_->append(mozilla::Move(ty)));
+        for (uint32_t i = 0; i < accTypes_.length(); i++) {
+            if (!ty.trackType(accTypes_[i]))
+                oom_ = true;
+        }
+        if (!types_->append(mozilla::Move(ty)))
+            oom_ = true;
         accTypes_.clear();
     }
 };
 #endif // DEBUG
 
 void
 CodeGeneratorShared::verifyCompactTrackedOptimizationsMap(JitCode* code, uint32_t numRegions,
                                                           const UniqueTrackedOptimizations& unique,
@@ -1032,24 +1045,24 @@ CodeGeneratorShared::verifyCompactTracke
             // decoded. This is disabled for now if the types table might
             // contain nursery pointers, in which case the types might not
             // match, see bug 1175761.
             if (!code->runtimeFromMainThread()->gc.storeBuffer.cancelIonCompilations()) {
                 IonTrackedOptimizationsTypeInfo typeInfo = typesTable->entry(index);
                 TempOptimizationTypeInfoVector tvec(alloc());
                 ReadTempTypeInfoVectorOp top(alloc(), &tvec);
                 typeInfo.forEach(top, allTypes);
-                MOZ_ASSERT(entry.optimizations->matchTypes(tvec));
+                MOZ_ASSERT_IF(!top.oom(), entry.optimizations->matchTypes(tvec));
             }
 
             IonTrackedOptimizationsAttempts attempts = attemptsTable->entry(index);
             TempOptimizationAttemptsVector avec(alloc());
             ReadTempAttemptsVectorOp aop(&avec);
             attempts.forEach(aop);
-            MOZ_ASSERT(entry.optimizations->matchAttempts(avec));
+            MOZ_ASSERT_IF(!aop.oom(), entry.optimizations->matchAttempts(avec));
         }
     }
 #endif
 }
 
 void
 CodeGeneratorShared::markSafepoint(LInstruction* ins)
 {