Closed Bug 766355 Opened 12 years ago Closed 12 years ago

GC valgrind warnings

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla16

People

(Reporter: Benjamin, Assigned: billm)

References

Details

(Whiteboard: [js:t])

Attachments

(1 file)

patch
743 bytes, patch
terrence
: review+
Details | Diff | Splinter Review 
If I configure --enable-valgrind --disable-debug --disable-optimize and run valgrind with any jit test, I get:

==22179== Conditional jump or move depends on uninitialised value(s)
==22179==    at 0x496A87: js::gc::GetAvailableChunkList(JSCompartment*) (jsgc.cpp:616)
==22179==    by 0x4970F7: PickChunk(JSCompartment*) (jsgc.cpp:788)
==22179==    by 0x49808A: js::gc::ArenaLists::allocateFromArena(JSCompartment*, js::gc::AllocKind) (jsgc.cpp:1443)
==22179==    by 0x498763: js::gc::ArenaLists::refillFreeList(JSContext*, js::gc::AllocKind) (jsgc.cpp:1673)
==22179==    by 0x4BF2FD: js::types::TypeObject* js::gc::NewGCThing<js::types::TypeObject>(JSContext*, js::gc::AllocKind, unsigned long) (jsgcinlines.h:419)
==22179==    by 0x4AFEC6: js::types::TypeCompartment::newTypeObject(JSContext*, JSScript*, JSProtoKey, JSObject*, bool) (jsinfer.cpp:1889)
==22179==    by 0x48DC7D: JSCompartment::getEmptyType(JSContext*) (jsinferinlines.h:1492)
==22179==    by 0x50DE0D: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*, js::gc::AllocKind) (jsobj.cpp:2840)
==22179==    by 0x41D07F: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*) (jsobjinlines.h:1381)
==22179==    by 0x639544: js::GlobalObject::create(JSContext*, js::Class*) (GlobalObject.cpp:247)
==22179==    by 0x424D7A: JS_NewGlobalObject (jsapi.cpp:3298)
==22179==    by 0x424E46: JS_NewCompartmentAndGlobalObject (jsapi.cpp:3331)
==22179== 
==22179== Conditional jump or move depends on uninitialised value(s)
==22179==    at 0x496A87: js::gc::GetAvailableChunkList(JSCompartment*) (jsgc.cpp:616)
==22179==    by 0x496ABD: js::gc::Chunk::addToAvailableList(JSCompartment*) (jsgc.cpp:622)
==22179==    by 0x4971E2: PickChunk(JSCompartment*) (jsgc.cpp:812)
==22179==    by 0x49808A: js::gc::ArenaLists::allocateFromArena(JSCompartment*, js::gc::AllocKind) (jsgc.cpp:1443)
==22179==    by 0x498763: js::gc::ArenaLists::refillFreeList(JSContext*, js::gc::AllocKind) (jsgc.cpp:1673)
==22179==    by 0x4BF2FD: js::types::TypeObject* js::gc::NewGCThing<js::types::TypeObject>(JSContext*, js::gc::AllocKind, unsigned long) (jsgcinlines.h:419)
==22179==    by 0x4AFEC6: js::types::TypeCompartment::newTypeObject(JSContext*, JSScript*, JSProtoKey, JSObject*, bool) (jsinfer.cpp:1889)
==22179==    by 0x48DC7D: JSCompartment::getEmptyType(JSContext*) (jsinferinlines.h:1492)
==22179==    by 0x50DE0D: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*, js::gc::AllocKind) (jsobj.cpp:2840)
==22179==    by 0x41D07F: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*) (jsobjinlines.h:1381)
==22179==    by 0x639544: js::GlobalObject::create(JSContext*, js::Class*) (GlobalObject.cpp:247)
==22179==    by 0x424D7A: JS_NewGlobalObject (jsapi.cpp:3298)
I wrote "--disable-debug" instead of "--enable-debug". That makes no difference.
Attached patch patchSplinter Review 
I think this only affects the shell. Normally we call JS_SetCompartmentPrincipals, which sets this.
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #634626 - Flags: review?(terrence)
This fixes it.
Whiteboard: [js:t]
Attachment #634626 - Flags: review?(terrence) → review+
https://hg.mozilla.org/mozilla-central/rev/bd1992ab029b
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: