Bug 965745 - Always patch loop backedges in Ion if interrupt flag is set r=jandem

2014-02-05 14:09:41 +00:00 · 2014-02-05 14:09:41 +00:00 · 0aec5ecde9
--- a/js/src/jit/Ion.cpp
+++ b/js/src/jit/Ion.cpp
@ -347,6 +347,9 @@ JitRuntime::handleAccessViolation(JSRuntime *rt, void *faultingAddress)
    // to SEGV while still inside the signal handler, and the process will terminate.
    JSRuntime::AutoLockForOperationCallback lock(rt);

+    // Ion code in the runtime faulted after it was made inaccessible. Reset
+    // the code privileges and patch all loop backedges to perform an interrupt
+    // check instead.
    ensureIonCodeAccessible(rt);
    return true;
 }
@ -362,18 +365,14 @@ JitRuntime::ensureIonCodeAccessible(JSRuntime *rt)
    JS_ASSERT(CurrentThreadCanAccessRuntime(rt));
 #endif

-    if (!ionCodeProtected_)
-        return;
-
-    // Ion code in the runtime faulted after it was made inaccessible. Reset
-    // the code privileges and patch all loop backedges to perform an interrupt
-    // check instead.
-    ionAlloc_->toggleAllCodeAsAccessible(true);
-    ionCodeProtected_ = false;
+    if (ionCodeProtected_) {
+        ionAlloc_->toggleAllCodeAsAccessible(true);
+        ionCodeProtected_ = false;
+    }

    if (rt->interrupt) {
-        // The interrupt handler needs to be invoked by this thread, but we
-        // are inside a signal handler and have no idea what is above us on the
+        // The interrupt handler needs to be invoked by this thread, but we may
+        // be inside a signal handler and have no idea what is above us on the
        // stack (probably we are executing Ion code at an arbitrary point, but
        // we could be elsewhere, say repatching a jump for an IonCache).
        // Patch all backedges in the runtime so they will invoke the interrupt