Closed Bug 583049 Opened 15 years ago Closed 15 years ago

js::detail::HashTable - Use of uninitialised value of size 8

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: dougt, Assigned: igor)

References

Details

Using Fennec under Valgrind I see lots of these while starting up the content process: ==23709== Use of uninitialised value of size 8 ==23709== at 0x9B877A2: js::detail::HashTable<unsigned long const, js::HashSet<unsigned long, js::GCChunkHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::Entry::isFree() const (jshashtable.h:80) ==23709== by 0x9B85B31: js::detail::HashTable<unsigned long const, js::HashSet<unsigned long, js::GCChunkHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::lookup(unsigned long const&, unsigned int, unsigned int) const (jshashtable.h:435) ==23709== by 0x9B83D8B: js::detail::HashTable<unsigned long const, js::HashSet<unsigned long, js::GCChunkHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::lookup(unsigned long const&) const (jshashtable.h:582) ==23709== by 0x9B81DF2: js::HashSet<unsigned long, js::GCChunkHasher, js::SystemAllocPolicy>::has(unsigned long const&) const (jshashtable.h:1039) ==23709== by 0x9B77499: js::ConservativeGCStackMarker::markWord(unsigned long) (jsgc.cpp:1154) ==23709== by 0x9B77A32: js::ConservativeGCStackMarker::markRange(unsigned long*, unsigned long*) (jsgc.cpp:1261) ==23709== by 0x9B77AFF: js::ConservativeGCStackMarker::markRoots() (jsgc.cpp:1282) ==23709== by 0x9B7BBE0: js_TraceRuntime(JSTracer*) (jsgc.cpp:2704) ==23709== by 0x9B7C654: GC(JSContext*) (jsgc.cpp:3271) ==23709== by 0x9B7CFA9: GCUntilDone(JSContext*, JSGCInvocationKind) (jsgc.cpp:3655) ==23709== by 0x9B7D11C: js_GC(JSContext*, JSGCInvocationKind) (jsgc.cpp:3709) ==23709== by 0x9B79292: LastDitchGC(JSContext*) (jsgc.cpp:1737)
Assignee: general → igor
Hmm, the line of code at jshashtable.h:80 is looking at a 4-byte value, so I don't think the warning is complaining about keyHash. However, IIRC from Julian, Valgrind tried to detect branching based on uninitialized values, so what I think Valgrind is pointing out is that the (if (entry->isFree()) branch at jshashtable.h:432 is determined by table[h1] (jshashtable.h:432), where h1 is derived from the value w passed to ConservativeGCStackMarker::markWord, which is 8 bytes, which fits the report (+ the fact that this bug is reported for x86_64). Now, the VALGRIND_MAKE_MEM_DEFINED(w, sizeof(w)) call at jsgc.cpp:1157 is supposed to fix this... are you building with --enable-valgrind?
just a standard fennec build: export CCACHE_HARDLINK=1 export CC="ccache gcc" export CXX="ccache g++" mk_add_options MOZ_MAKE_FLAGS=-j9 # Make build w/ symbols. ac_add_options --disable-optimize ac_add_options --enable-debug ac_add_options --enable-debugger-info-modules=yes # important mobile options mk_add_options MOZ_OBJDIR=obj-mobilebase-gtk #mk_add_options MOZ_OBJDIR=obj-ff ac_add_options --enable-application=mobile #ac_add_options --enable-application=browser ac_add_options --disable-crashreporter ac_add_options --enable-ipc ac_add_options --enable-tests then I run with valgrind like: valgrind --trace-children=yes --smc-check=all ./fennec
With the introduction of the conservative stack scanner, to avoid the above warnings in valgrind, you need to build with --enable-valigrind. This injects special nop sequences that tell valgrind to ignore certain cases that otherwise look like undefined memory access.
so, fixed invalid?
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.