61 lines
1.8 KiB
Diff
61 lines
1.8 KiB
Diff
Copied from upstream:
|
|
https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/2839062f84fb
|
|
|
|
# HG changeset patch
|
|
# User Jan de Mooij <jdemooij@mozilla.com>
|
|
# Date 1455119320 -3600
|
|
# Node ID 2839062f84fb6cba2781ea8d59150f13d4813ddc
|
|
# Parent 185b233ea03f3811404e3979b65ec86b29d13555
|
|
Bug 1242279 - r=bhackett1024 a=sylvestre
|
|
|
|
diff --git a/js/src/vm/TypeInference.cpp b/js/src/vm/TypeInference.cpp
|
|
--- a/js/src/vm/TypeInference.cpp
|
|
+++ b/js/src/vm/TypeInference.cpp
|
|
@@ -3961,16 +3961,22 @@ JSScript::maybeSweepTypes(AutoClearTypeI
|
|
|
|
unsigned num = TypeScript::NumTypeSets(this);
|
|
StackTypeSet* typeArray = types_->typeArray();
|
|
|
|
// Remove constraints and references to dead objects from stack type sets.
|
|
for (unsigned i = 0; i < num; i++)
|
|
typeArray[i].sweep(zone(), *oom);
|
|
|
|
+ if (oom->hadOOM()) {
|
|
+ // It's possible we OOM'd while copying freeze constraints, so they
|
|
+ // need to be regenerated.
|
|
+ hasFreezeConstraints_ = false;
|
|
+ }
|
|
+
|
|
// Update the recompile indexes in any IonScripts still on the script.
|
|
if (hasIonScript())
|
|
ionScript()->recompileInfoRef().shouldSweep(types);
|
|
}
|
|
|
|
void
|
|
TypeScript::destroy()
|
|
{
|
|
diff --git a/js/src/vm/TypeInference.h b/js/src/vm/TypeInference.h
|
|
--- a/js/src/vm/TypeInference.h
|
|
+++ b/js/src/vm/TypeInference.h
|
|
@@ -566,16 +566,19 @@ class AutoClearTypeInferenceStateOnOOM
|
|
: zone(zone), oom(false)
|
|
{}
|
|
|
|
~AutoClearTypeInferenceStateOnOOM();
|
|
|
|
void setOOM() {
|
|
oom = true;
|
|
}
|
|
+ bool hadOOM() const {
|
|
+ return oom;
|
|
+ }
|
|
};
|
|
|
|
/* Superclass common to stack and heap type sets. */
|
|
class ConstraintTypeSet : public TypeSet
|
|
{
|
|
public:
|
|
/* Chain of constraints which propagate changes out from this type set. */
|
|
TypeConstraint* constraintList;
|
|
|