Bug 1161303 - Fix bug in NewObjectCache::newObjectFromHit() caused by previous patch in bug 1155618 r=terrence
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 07 May 2015 10:14:40 +0100
changeset 274118 ff666faf8a5d1282c0d289862ac356c7b71d6b2f
parent 274117 29f691ba32226459b66ac3b924bbcebefa34b299
child 274119 f15de6365040b3ad6bb6de1e692d720a8c9d420f
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence
bugs1161303, 1155618
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1161303 - Fix bug in NewObjectCache::newObjectFromHit() caused by previous patch in bug 1155618 r=terrence
js/src/jit-test/tests/gc/bug-1161303.js
js/src/vm/Runtime-inl.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1161303.js
@@ -0,0 +1,7 @@
+function f(x) {
+    for (var i = 0; i < 100000; i++ ) {
+        [(x, 2)];
+        try { g(); } catch (t) {}
+    }
+}
+f(2);
--- a/js/src/vm/Runtime-inl.h
+++ b/js/src/vm/Runtime-inl.h
@@ -57,21 +57,18 @@ NewObjectCache::newObjectFromHit(JSConte
     if (group->shouldPreTenure())
         heap = gc::TenuredHeap;
 
     if (cx->runtime()->gc.upcomingZealousGC())
         return nullptr;
 
     NativeObject* obj = static_cast<NativeObject*>(Allocate<JSObject, NoGC>(cx, entry->kind, 0,
                                                                              heap, group->clasp()));
-    if (!obj) {
-        // It's expected that this can return nullptr.
-        cx->recoverFromOutOfMemory();
+    if (!obj)
         return nullptr;
-    }
 
     copyCachedToObject(obj, templateObj, entry->kind);
 
     SetNewObjectMetadata(cx, obj);
 
     probes::CreateObject(cx, obj);
     gc::TraceCreateObject(obj);
     return obj;