Bug 1354275 - Fix handling of Array() throwing in Ion. r=jandem, a=jcristau
authorTed Campbell <tcampbell@mozilla.com>
Mon, 10 Apr 2017 10:40:47 -0400
changeset 396035 4bde1b05f7bf61e39ba8d3679b2ea73c58bea0e4
parent 396034 5938ef3ed0dba31593d818757972657c96c31dd8
child 396036 f14e5d09f00da2751b6ed35a8b566c7f134f4559
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem, jcristau
bugs1354275
milestone54.0
Bug 1354275 - Fix handling of Array() throwing in Ion. r=jandem, a=jcristau MozReview-Commit-ID: 4bwSYSmvLUV
js/src/jit-test/tests/ion/bug1354275.js
js/src/jit/MCallOptimize.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1354275.js
@@ -0,0 +1,16 @@
+// --ion-eager --ion-offthread-compile=off
+
+function f(t) {
+    for (var i = 0; i < 2; i++) {
+        try {
+            var x = 1;
+            Array(1);
+            x = 2;
+            Array(t);
+        } catch (e) {
+            assertEq(x, 2);
+        }
+    }
+}
+
+f(-1);
--- a/js/src/jit/MCallOptimize.cpp
+++ b/js/src/jit/MCallOptimize.cpp
@@ -510,16 +510,20 @@ IonBuilder::inlineArray(CallInfo& callIn
         if (!arg->isConstant()) {
             callInfo.setImplicitlyUsedUnchecked();
             MNewArrayDynamicLength* ins =
                 MNewArrayDynamicLength::New(alloc(), constraints(), templateObject,
                                             templateObject->group()->initialHeap(constraints()),
                                             arg);
             current->add(ins);
             current->push(ins);
+
+            // This may throw, so we need a resume point.
+            MOZ_TRY(resumeAfter(ins));
+
             return InliningStatus_Inlined;
         }
 
         // The next several checks all may fail due to range conditions.
         trackOptimizationOutcome(TrackedOutcome::ArrayRange);
 
         // Negative lengths generate a RangeError, unhandled by the inline path.
         initLength = arg->toConstant()->toInt32();