Bug 1567327 - Fix some OOM issues when generating BaselineInterpreter code. r=iain

* Use NonAssertingLabel in BaselineInterpreterHandler, similar to BaselineCodeGen fields.
* Make addDebugInstrumentationOffset report OOM.

No test case because the fuzz test is huge and this patch is based on the stack traces.

Differential Revision: https://phabricator.services.mozilla.com/D53630

--HG--
extra : moz-landing-system : lando

js/src/jit/BaselineCodeGen.cpp

@@ -173,6 +173,15 @@ bool BaselineInterpreterHandler::recordCallRetAddr(JSContext* cx,
   return true;
 }
 
+bool BaselineInterpreterHandler::addDebugInstrumentationOffset(
+    JSContext* cx, CodeOffset offset) {
+  if (!debugInstrumentationOffsets_.append(offset.offset())) {
+    ReportOutOfMemory(cx);
+    return false;
+  }
+  return true;
+}
+
 MethodStatus BaselineCompiler::compile() {
   JSScript* script = handler.script();
   JitSpew(JitSpew_BaselineScripts, "Baseline compiling script %s:%u:%u (%p)",
@@ -769,7 +778,7 @@ bool BaselineInterpreterCodeGen::emitIsDebuggeeCheck() {
     restoreInterpreterPCReg();
   }
   masm.bind(&skipCheck);
-  return handler.addDebugInstrumentationOffset(toggleOffset);
+  return handler.addDebugInstrumentationOffset(cx, toggleOffset);
 }
 
 static void MaybeIncrementCodeCoverageCounter(MacroAssembler& masm,
@@ -4941,7 +4950,7 @@ MOZ_MUST_USE bool BaselineInterpreterCodeGen::emitDebugInstrumentation(
   Label isNotDebuggee, done;
 
   CodeOffset toggleOffset = masm.toggledJump(&isNotDebuggee);
-  if (!handler.addDebugInstrumentationOffset(toggleOffset)) {
+  if (!handler.addDebugInstrumentationOffset(cx, toggleOffset)) {
     return false;
   }
 
@@ -5944,7 +5953,7 @@ bool BaselineInterpreterCodeGen::emitAfterYieldDebugInstrumentation(
   // If the current Realm is not a debuggee we're done.
   Label done;
   CodeOffset toggleOffset = masm.toggledJump(&done);
-  if (!handler.addDebugInstrumentationOffset(toggleOffset)) {
+  if (!handler.addDebugInstrumentationOffset(cx, toggleOffset)) {
     return false;
   }
   masm.loadPtr(AbsoluteAddress(cx->addressOfRealm()), scratch);

js/src/jit/BaselineCodeGen.h

@@ -654,11 +654,11 @@ class BaselineInterpreterHandler {
 
   // Entry point to start interpreting a bytecode op. No registers are live. PC
   // is loaded from the frame.
-  Label interpretOp_;
+  NonAssertingLabel interpretOp_;
 
   // Like interpretOp_ but at this point the PC is expected to be in
   // InterpreterPCReg.
-  Label interpretOpWithPCReg_;
+  NonAssertingLabel interpretOpWithPCReg_;
 
   // Offsets of toggled jumps for debugger instrumentation.
   using CodeOffsetVector = Vector<uint32_t, 0, SystemAllocPolicy>;
@@ -666,8 +666,8 @@ class BaselineInterpreterHandler {
 
   // Offsets of toggled jumps for code coverage instrumentation.
   CodeOffsetVector codeCoverageOffsets_;
-  Label codeCoverageAtPrologueLabel_;
-  Label codeCoverageAtPCLabel_;
+  NonAssertingLabel codeCoverageAtPrologueLabel_;
+  NonAssertingLabel codeCoverageAtPCLabel_;
 
   // Offsets of IC calls for IsIonInlinableOp ops, for Ion bailouts.
   BaselineInterpreter::ICReturnOffsetVector icReturnOffsets_;
@@ -728,9 +728,8 @@ class BaselineInterpreterHandler {
     return false;
   }
 
-  MOZ_MUST_USE bool addDebugInstrumentationOffset(CodeOffset offset) {
-    return debugInstrumentationOffsets_.append(offset.offset());
-  }
+  MOZ_MUST_USE bool addDebugInstrumentationOffset(JSContext* cx,
+                                                  CodeOffset offset);
 
   const BaselineInterpreter::CallVMOffsets& callVMOffsets() const {
     return callVMOffsets_;