Bug 1301191 - Baldr: handle interrupt signal while mutating instance vector (r=bbouvier)

MozReview-Commit-ID: Eo97B4RqVRF --HG-- extra : rebase_source : e560495c26f7bef966940ea5d5a9c93a2c4ab5ca
2024-10-09 19:35:51 +00:00 · 2016-09-08 11:01:42 -05:00 · 2016-09-08 11:01:42 -05:00 · d9ad73e886
commit d9ad73e886
parent b2e122e612
2 changed files with 27 additions and 2 deletions
--- a/js/src/asmjs/WasmCompartment.cpp
+++ b/js/src/asmjs/WasmCompartment.cpp
@ -125,8 +125,12 @@ Compartment::lookupCode(const void* pc) const
 Instance*
 Compartment::lookupInstanceDeprecated(const void* pc) const
 {
-    // See profilingEnabled().
-    MOZ_ASSERT(!mutatingInstances_);
+    // lookupInstanceDeprecated can be called asynchronously from the interrupt
+    // signal handler. In that case, the signal handler is just asking whether
+    // the pc is in wasm code. If instances_ is being mutated then we can't be
+    // executing wasm code so returning nullptr is fine.
+    if (mutatingInstances_)
+        return nullptr;

    size_t index;
    if (!BinarySearchIf(instances_, 0, instances_.length(), PCComparator(pc), &index))
--- a/js/src/jit-test/tests/asm.js/testBug1301191.js
+++ b/js/src/jit-test/tests/asm.js/testBug1301191.js
@ -0,0 +1,21 @@
+// |jit-test| exitstatus:6
+timeout(1);
+// Adapted from randomly chosen test: js/src/jit-test/tests/asm.js/testBug975182.js
+(function() {
+    g = (function(t, foreign) {
+        "use asm";
+        var ff = foreign.ff;
+        function f() {
+            ff()
+        }
+        return f
+    })(this, {
+        ff: arguments.callee
+    })
+})()
+function m(f) {
+    while (true) {
+        f();
+    }
+}
+m(g);