diff --git a/js/src/jit/BaselineJIT.cpp b/js/src/jit/BaselineJIT.cpp index 3e25fd7b7120..baec7b63b8f0 100644 --- a/js/src/jit/BaselineJIT.cpp +++ b/js/src/jit/BaselineJIT.cpp @@ -669,12 +669,16 @@ BaselineScript::maybeICEntryFromPCOffset(uint32_t pcOffset) if (!ComputeBinarySearchMid(this, pcOffset, &mid)) return nullptr; + MOZ_ASSERT(mid < numICEntries()); + // Found an IC entry with a matching PC offset. Search backward, and then // forward from this IC entry, looking for one with the same PC offset which // has isForOp() set. - for (size_t i = mid; i < numICEntries() && icEntry(i).pcOffset() == pcOffset; i--) { + for (size_t i = mid; icEntry(i).pcOffset() == pcOffset; i--) { if (icEntry(i).isForOp()) return &icEntry(i); + if (i == 0) + break; } for (size_t i = mid+1; i < numICEntries() && icEntry(i).pcOffset() == pcOffset; i++) { if (icEntry(i).isForOp()) @@ -728,10 +732,13 @@ BaselineScript::callVMEntryFromPCOffset(uint32_t pcOffset) // inserted by VM calls. size_t mid; MOZ_ALWAYS_TRUE(ComputeBinarySearchMid(this, pcOffset, &mid)); + MOZ_ASSERT(mid < numICEntries()); - for (size_t i = mid; i < numICEntries() && icEntry(i).pcOffset() == pcOffset; i--) { + for (size_t i = mid; icEntry(i).pcOffset() == pcOffset; i--) { if (icEntry(i).kind() == ICEntry::Kind_CallVM) return icEntry(i); + if (i == 0) + break; } for (size_t i = mid+1; i < numICEntries() && icEntry(i).pcOffset() == pcOffset; i++) { if (icEntry(i).kind() == ICEntry::Kind_CallVM) diff --git a/js/src/jit/IonControlFlow.cpp b/js/src/jit/IonControlFlow.cpp index 4f27cd53dcaa..8d8a796d3f3b 100644 --- a/js/src/jit/IonControlFlow.cpp +++ b/js/src/jit/IonControlFlow.cpp @@ -1619,7 +1619,7 @@ ControlFlowGenerator::processBreak(JSOp op, jssrcnote* sn) DebugOnly found = false; if (SN_TYPE(sn) == SRC_BREAK2LABEL) { - for (size_t i = labels_.length() - 1; i < labels_.length(); i--) { + for (size_t i = labels_.length() - 1; ; i--) { CFGState& cfg = cfgStack_[labels_[i].cfgEntry]; MOZ_ASSERT(cfg.state == CFGState::LABEL); if (cfg.stopAt == target) { @@ -1627,9 +1627,11 @@ ControlFlowGenerator::processBreak(JSOp op, jssrcnote* sn) found = true; break; } + if (i == 0) + break; } } else { - for (size_t i = loops_.length() - 1; i < loops_.length(); i--) { + for (size_t i = loops_.length() - 1; ; i--) { CFGState& cfg = cfgStack_[loops_[i].cfgEntry]; MOZ_ASSERT(cfg.isLoop()); if (cfg.loop.exitpc == target) { @@ -1637,6 +1639,8 @@ ControlFlowGenerator::processBreak(JSOp op, jssrcnote* sn) found = true; break; } + if (i == 0) + break; } } @@ -1665,7 +1669,7 @@ ControlFlowGenerator::processContinue(JSOp op) // Find the target loop. CFGState* found = nullptr; jsbytecode* target = pc + GetJumpOffset(pc); - for (size_t i = loops_.length() - 1; i < loops_.length(); i--) { + for (size_t i = loops_.length() - 1; ; i--) { // +1 to skip JSOP_JUMPTARGET. if (loops_[i].continuepc == target + 1 || EffectiveContinue(loops_[i].continuepc) == target) @@ -1673,6 +1677,8 @@ ControlFlowGenerator::processContinue(JSOp op) found = &cfgStack_[loops_[i].cfgEntry]; break; } + if (i == 0) + break; } // There must always be a valid target loop structure. If not, there's @@ -1698,11 +1704,13 @@ ControlFlowGenerator::processSwitchBreak(JSOp op) // Find the target switch. CFGState* found = nullptr; jsbytecode* target = pc + GetJumpOffset(pc); - for (size_t i = switches_.length() - 1; i < switches_.length(); i--) { + for (size_t i = switches_.length() - 1; ; i--) { if (switches_[i].continuepc == target) { found = &cfgStack_[switches_[i].cfgEntry]; break; } + if (i == 0) + break; } // There must always be a valid target loop structure. If not, there's