Bug 1216607 - Fix assertion failure ARM assembler on OOM r=jandem
authorJon Coppeard <jcoppeard@mozilla.com>
Mon, 26 Oct 2015 10:16:51 +0000
changeset 304863 f0fe043c7b4cd4f7a8c747cadcf6523a188840ea
parent 304862 66d59599465c708d4dc985c774c99ccc26aca69d
child 304864 6c52ba960d877b45f2058794031a53246328327f
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1216607
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1216607 - Fix assertion failure ARM assembler on OOM r=jandem
js/src/jit-test/tests/gc/bug-1216607.js
js/src/jit/CompactBuffer.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1216607.js
@@ -0,0 +1,19 @@
+if (!('oomTest' in this))
+    quit();
+
+enableSPSProfilingWithSlowAssertions();
+try {
+(function() {
+   while (n--) {
+   }
+})();
+} catch(exc1) {}
+function arrayProtoOutOfRange() {
+    function f(obj) {}
+    function test() {
+        for (var i = 0; i < 1000; i++)
+            var r = f(i % 2 ? a : b);
+    }
+    test();
+}
+oomTest(arrayProtoOutOfRange);
--- a/js/src/jit/CompactBuffer.h
+++ b/js/src/jit/CompactBuffer.h
@@ -163,17 +163,17 @@ class CompactBufferWriter
         writeByte((value >> 24) & 0xFF);
     }
     void writeFixedUint16_t(uint16_t value) {
         writeByte(value & 0xFF);
         writeByte(value >> 8);
     }
     void writeNativeEndianUint32_t(uint32_t value) {
         // Must be at 4-byte boundary
-        MOZ_ASSERT(length() % sizeof(uint32_t) == 0);
+        MOZ_ASSERT_IF(!oom(), length() % sizeof(uint32_t) == 0);
         writeFixedUint32_t(0);
         if (oom())
             return;
         uint8_t* endPtr = buffer() + length();
         reinterpret_cast<uint32_t*>(endPtr)[-1] = value;
     }
     size_t length() const {
         return buffer_.length();