Closed Bug 495166 Opened 15 years ago Closed 15 years ago

static-analysis error in jsparse.cpp JSCompiler::compileScript: return without going through label out

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
Other Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jorendorff, Assigned: jorendorff)

Details

(Keywords: fixed1.9.1, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

v1
2.50 KB, patch
brendan
: review+
Details | Diff | Splinter Review 
/builds/static-analysis-buildbot/slave/full-tm/build/js/src/jsparse.cpp: In static member function 'static JSScript* JSCompiler::compileScript(JSContext*, JSObject*, JSStackFrame*, JSPrincipals*, uint32, const jschar*, size_t, FILE*, const char*, uintN, JSString*)':
/builds/static-analysis-buildbot/slave/full-tm/build/js/src/jsparse.cpp:9088: error: return without going through label out
/builds/static-analysis-buildbot/slave/full-tm/build/js/src/jsparse.cpp:817: error: JSCompiler::compileScript: Control did not flow through out

The function has had the guilty code since April 5.  Apparently recent fixes to the analysis caused it to start noticing the problem.  It is a real bug, but  symptomless given the current implementation of jsarena.  Patch coming.
I think this is wanted-1.9.1 because we want static analysis to be up-to-date and passing.
Flags: wanted1.9.1?
Attached patch v1Splinter Review 
Assignee: general → jorendorff

        Attachment #380023 -
        Flags: review?(brendan)

    
    

    
  
Comment on attachment 380023 [details] [diff] [review]
v1

I, for one, welcome our static analysis overlords.

/be

        Attachment #380023 -
        Flags: review?(brendan) → review+

    
    

    
  
http://hg.mozilla.org/tracemonkey/rev/26f38f9b8f49

Pushed with these additional changes, to avoid errors goto-ing across local variable initialization.

diff --git a/js/src/jsparse.cpp b/js/src/jsparse.cpp
--- a/js/src/jsparse.cpp
+++ b/js/src/jsparse.cpp
@@ -823,17 +823,18 @@ JSCompiler::compileScript(JSContext *cx,
     cg.scopeChain = scopeChain;
     if (!SetStaticLevel(&cg, TCF_GET_STATIC_LEVEL(tcflags)))
         goto out;
 
     /*
      * If funbox is non-null after we create the new script, callerFrame->fun
      * was saved in the 0th object table entry.
      */
-    JSObjectBox *funbox = NULL;
+    JSObjectBox *funbox;
+    funbox = NULL;
 
     if (tcflags & TCF_COMPILE_N_GO) {
         if (source) {
             /*
              * Save eval program source in script->atomMap.vector[0] for the
              * eval cache (see obj_eval in jsobj.cpp).
              */
             JSAtom *atom = js_AtomizeString(cx, source, 0);
@@ -862,17 +863,18 @@ JSCompiler::compileScript(JSContext *cx,
      */
     uint32 bodyid;
     if (!GenerateBlockId(&cg, bodyid))
         goto out;
     cg.bodyid = bodyid;
 
 #if JS_HAS_XML_SUPPORT
     pn = NULL;
-    bool onlyXML = true;
+    bool onlyXML;
+    onlyXML = true;
 #endif
 
     for (;;) {
         jsc.tokenStream.flags |= TSF_OPERAND;
         tt = js_PeekToken(cx, &jsc.tokenStream);
         jsc.tokenStream.flags &= ~TSF_OPERAND;
         if (tt <= TOK_EOF) {
             if (tt == TOK_EOF)
Whiteboard: fixed-in-tracemonkey

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/26f38f9b8f49
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
  
Flags: wanted1.9.1? → wanted1.9.1+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: