From b5f1f14dd510c47dad56c32764114e24c0f80bbf Mon Sep 17 00:00:00 2001 From: "Nicolas B. Pierron" Date: Thu, 11 Feb 2016 17:50:52 +0000 Subject: [PATCH] Bug 1244828 - Ensure enough ballast space in TypeAnalyzer::adjustPhiInputs. r=h4writer --- js/src/jit/IonAnalysis.cpp | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp index 1ebb480c5729..9c2f6364fb6f 100644 --- a/js/src/jit/IonAnalysis.cpp +++ b/js/src/jit/IonAnalysis.cpp @@ -1193,7 +1193,7 @@ class TypeAnalyzer bool propagateSpecialization(MPhi* phi); bool specializePhis(); void replaceRedundantPhi(MPhi* phi); - void adjustPhiInputs(MPhi* phi); + bool adjustPhiInputs(MPhi* phi); bool adjustInputs(MDefinition* def); bool insertConversions(); @@ -1408,7 +1408,7 @@ TypeAnalyzer::specializePhis() return true; } -void +bool TypeAnalyzer::adjustPhiInputs(MPhi* phi) { MIRType phiType = phi->type(); @@ -1424,6 +1424,9 @@ TypeAnalyzer::adjustPhiInputs(MPhi* phi) if (in->type() == phiType) continue; + if (!alloc().ensureBallast()) + return false; + if (in->isBox() && in->toBox()->input()->type() == phiType) { phi->replaceOperand(i, in->toBox()->input()); } else { @@ -1467,7 +1470,7 @@ TypeAnalyzer::adjustPhiInputs(MPhi* phi) } } - return; + return true; } // Box every typed input. @@ -1481,10 +1484,15 @@ TypeAnalyzer::adjustPhiInputs(MPhi* phi) // the original box. phi->replaceOperand(i, in->toUnbox()->input()); } else { + if (!alloc().ensureBallast()) + return false; + MDefinition* box = AlwaysBoxAt(alloc(), in->block()->lastIns(), in); phi->replaceOperand(i, box); } } + + return true; } bool @@ -1552,7 +1560,8 @@ TypeAnalyzer::insertConversions() replaceRedundantPhi(phi); block->discardPhi(phi); } else { - adjustPhiInputs(phi); + if (!adjustPhiInputs(phi)) + return false; } }