Closed
Bug 495166
Opened 15 years ago
Closed 15 years ago
static-analysis error in jsparse.cpp JSCompiler::compileScript: return without going through label out
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorendorff, Assigned: jorendorff)
Details
(Keywords: fixed1.9.1, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
2.50 KB,
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
/builds/static-analysis-buildbot/slave/full-tm/build/js/src/jsparse.cpp: In static member function 'static JSScript* JSCompiler::compileScript(JSContext*, JSObject*, JSStackFrame*, JSPrincipals*, uint32, const jschar*, size_t, FILE*, const char*, uintN, JSString*)': /builds/static-analysis-buildbot/slave/full-tm/build/js/src/jsparse.cpp:9088: error: return without going through label out /builds/static-analysis-buildbot/slave/full-tm/build/js/src/jsparse.cpp:817: error: JSCompiler::compileScript: Control did not flow through out The function has had the guilty code since April 5. Apparently recent fixes to the analysis caused it to start noticing the problem. It is a real bug, but symptomless given the current implementation of jsarena. Patch coming.
Assignee | ||
Comment 1•15 years ago
|
||
I think this is wanted-1.9.1 because we want static analysis to be up-to-date and passing.
Flags: wanted1.9.1?
Assignee | ||
Comment 2•15 years ago
|
||
Assignee: general → jorendorff
Attachment #380023 -
Flags: review?(brendan)
Comment 3•15 years ago
|
||
Comment on attachment 380023 [details] [diff] [review] v1 I, for one, welcome our static analysis overlords. /be
Attachment #380023 -
Flags: review?(brendan) → review+
Assignee | ||
Comment 4•15 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/26f38f9b8f49 Pushed with these additional changes, to avoid errors goto-ing across local variable initialization. diff --git a/js/src/jsparse.cpp b/js/src/jsparse.cpp --- a/js/src/jsparse.cpp +++ b/js/src/jsparse.cpp @@ -823,17 +823,18 @@ JSCompiler::compileScript(JSContext *cx, cg.scopeChain = scopeChain; if (!SetStaticLevel(&cg, TCF_GET_STATIC_LEVEL(tcflags))) goto out; /* * If funbox is non-null after we create the new script, callerFrame->fun * was saved in the 0th object table entry. */ - JSObjectBox *funbox = NULL; + JSObjectBox *funbox; + funbox = NULL; if (tcflags & TCF_COMPILE_N_GO) { if (source) { /* * Save eval program source in script->atomMap.vector[0] for the * eval cache (see obj_eval in jsobj.cpp). */ JSAtom *atom = js_AtomizeString(cx, source, 0); @@ -862,17 +863,18 @@ JSCompiler::compileScript(JSContext *cx, */ uint32 bodyid; if (!GenerateBlockId(&cg, bodyid)) goto out; cg.bodyid = bodyid; #if JS_HAS_XML_SUPPORT pn = NULL; - bool onlyXML = true; + bool onlyXML; + onlyXML = true; #endif for (;;) { jsc.tokenStream.flags |= TSF_OPERAND; tt = js_PeekToken(cx, &jsc.tokenStream); jsc.tokenStream.flags &= ~TSF_OPERAND; if (tt <= TOK_EOF) { if (tt == TOK_EOF)
Whiteboard: fixed-in-tracemonkey
Comment 5•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/26f38f9b8f49
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•15 years ago
|
Flags: wanted1.9.1? → wanted1.9.1+
Comment 6•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/f7f77e20cc77
Keywords: fixed1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•