[gecko] add initialization for valgrind in Assembler-arm.h

RESOLVED FIXED in Firefox 52

Status

()

Core
JavaScript Engine: JIT
RESOLVED FIXED
4 years ago
2 years ago

People

(Reporter: hiroaki.kawai, Unassigned)

Tracking

Trunk
mozilla52
x86_64
Linux
Points:
---

Firefox Tracking Flags

(firefox52 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
Created attachment 8483481 [details] [diff] [review]
Imm8mData.patch

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140830210550

Steps to reproduce:

I run B2G (master HEAD) ./run-valgrind.sh with flame attached.

In B2G directory, I have .userconfig as following:
```
export LOCALE_BASEDIR=$PWD/gaia-l10n
export LOCALES_FILE=$PWD/gaia/locales/languages_dev.json
export GAIA_KEYBOARD_LAYOUTS="en,pt-BR,es,de,fr,pl,zh-Hans-Pinyin,en-Dvorak,jp-kanji"
export L10NBASEDIR=$PWD/gecko-l10n
export MOZ_CHROME_MULTILOCALE="ja en"
export B2G_VALGRIND=1
export B2G_DEBUG=1
export DEVICE_DEBUG=1
```



Actual results:

prints many valgrind warnings like:

```
==2019== Conditional jump or move depends on uninitialised value(s)
==2019==    at 0x6C1BFB0: js::jit::datastore::Imm8mData::encode() (Assembler-arm.h:401)
==2019==    by 0x6C1C129: js::jit::Imm8::Imm8(unsigned int) (Assembler-arm.h:546)
==2019==    by 0x6C2E6DF: js::jit::MacroAssemblerARM::ma_alu(js::jit::Register, js::jit::Imm32, js::jit::Register, js::jit::ALUOp, js::jit::SetCond_, js::jit::Assembler::Condition) (MacroAssembler-arm.cpp:286)
==2019==    by 0x6C41211: js::jit::JitRuntime::generateExceptionTailStub(JSContext*) (MacroAssembler-arm.cpp:462)
==2019==    by 0x6B699BD: js::jit::JitRuntime::initialize(JSContext*) (Ion.cpp:213)
==2019==    by 0x6C6E76B: JSRuntime::createJitRuntime(JSContext*) (jscompartment.cpp:138)
==2019==    by 0x6AECEDF: JS::Zone::createJitZone(JSContext*) (Runtime.h:864)
==2019==    by 0x6C6EED9: JSCompartment::ensureJitCompartmentExists(JSContext*) (jscompartment.cpp:161)
==2019==    by 0x6B74B67: CanEnterBaselineJIT(JSContext*, JS::Handle<JSScript*>, bool) (BaselineJIT.cpp:255)
==2019==    by 0x6B74C85: js::jit::CanEnterBaselineMethod(JSContext*, js::RunState&) (BaselineJIT.cpp:339)
==2019==    by 0x6D4E255: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:414)
==2019==    by 0x6D4E2F7: js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) (Interpreter.cpp:636)
==2019==  Uninitialised value was created by a stack allocation
==2019==    at 0x6C1C07C: js::jit::Imm8::EncodeImm(unsigned int) (Assembler-arm.h:568)
```




Expected results:

The warnings should not appear. This seems to be because of valgrind's limitation that bit fields are not fully handled(*1). Attached fix does not cost much.

*1) http://valgrind.org/info/tools.html

Comment 1

2 years ago
Comment on attachment 8483481 [details] [diff] [review]
Imm8mData.patch

Review of attachment 8483481 [details] [diff] [review]:
-----------------------------------------------------------------

Nice catch, I'll land this.
Attachment #8483481 - Flags: review+

Comment 2

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/4d4f412dce1036106cb2343aeb0b531691e4135d
Bug 1062289 - initialize an uninitialized field.  patch=hiroaki.kawai, r=lhansen, push=lhansen

Updated

2 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 3

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/4d4f412dce10
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.