Bug 1344334 - Make DoTypeUpdateFallback infallible. r=h4writer a=gchang
authorJan de Mooij <jdemooij@mozilla.com>
Tue, 07 Mar 2017 15:57:28 +0100
changeset 395066 2ad6acb9736b213bda02f9b56d600f00401e7455
parent 395065 b9e3abb24bed2de6467fb343c5d0bea47fa0dce1
child 395067 eff06436e4bbe2f35166dae145c15d0bf76a47d5
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersh4writer, gchang
bugs1344334
milestone54.0a2
Bug 1344334 - Make DoTypeUpdateFallback infallible. r=h4writer a=gchang
js/src/jit-test/tests/baseline/bug1344334.js
js/src/jit/BaselineIC.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/baseline/bug1344334.js
@@ -0,0 +1,14 @@
+if (!('oomTest' in this))
+    quit();
+
+function f(s) {
+    s + "x";
+    s.indexOf("y") === 0;
+    oomTest(new Function(s));
+}
+var s = `
+    class TestClass { constructor() {} }
+    for (var fun of hasPrototype) {}
+`;
+if (s.length)
+    f(s);
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -324,17 +324,24 @@ DoTypeUpdateFallback(JSContext* cx, Base
         JSObject* maybeSingleton = obj->isSingleton() ? obj.get() : nullptr;
         AddTypePropertyId(cx, group, maybeSingleton, id, value);
         break;
       }
       default:
         MOZ_CRASH("Invalid stub");
     }
 
-    return stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value);
+    if (!stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value)) {
+        // The calling JIT code assumes this function is infallible (for
+        // instance we may reallocate dynamic slots before calling this),
+        // so ignore OOMs if we failed to attach a stub.
+        cx->recoverFromOutOfMemory();
+    }
+
+    return true;
 }
 
 typedef bool (*DoTypeUpdateFallbackFn)(JSContext*, BaselineFrame*, ICUpdatedStub*, HandleValue,
                                        HandleValue);
 const VMFunction DoTypeUpdateFallbackInfo =
     FunctionInfo<DoTypeUpdateFallbackFn>(DoTypeUpdateFallback, "DoTypeUpdateFallback", NonTailCall);
 
 bool