758841 - 4 bytes in 1 blocks are definitely lost as detected by Valgrind with Evaluate

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

(function(){
  evaluate("", {}
)})()

shows a Valgrind error when run in m-c changeset 6ad95e65d74d 64-bit opt build:

==2210== 4 bytes in 1 blocks are definitely lost in loss record 1 of 1
==2210==    at 0x4C2A864: calloc (vg_replace_malloc.c:590)
==2210==    by 0x409B56: NewContext(JSRuntime*) (js.cpp:330)
==2210==    by 0x40B56F: Evaluate(JSContext*, unsigned int, JS::Value*) (js.cpp:755)
==2210==    by 0x4999B7: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:397)
==2210==    by 0x49304C: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2512)
==2210==    by 0x4994C0: js::RunScript(JSContext*, JSScript*, js::StackFrame*) (jsinterp.cpp:266)
==2210==    by 0x49A56F: js::Execute(JSContext*, JSScript*, JSObject&, JS::Value*) (jsinterp.cpp:466)
==2210==    by 0x41C088: JS_ExecuteScript (jsapi.cpp:5334)
==2210==    by 0x409245: Process(JSContext*, JSObject*, char const*, bool) (js.cpp:445)
==2210==    by 0x40C483: Shell(JSContext*, js::cli::OptionParser*, char**) (js.cpp:4754)
==2210==    by 0x404058: main (js.cpp:5041)
==2210== 
==2210== LEAK SUMMARY:
==2210==    definitely lost: 4 bytes in 1 blocks
==2210==    indirectly lost: 0 bytes in 0 blocks
==2210==      possibly lost: 0 bytes in 0 blocks
==2210==    still reachable: 0 bytes in 0 blocks
==2210==         suppressed: 0 bytes in 0 blocks
==2210== 
==2210== For counts of detected and suppressed errors, rerun with: -v
==2210== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Debug shell shows a conditional jump error:

==2183== Conditional jump or move depends on uninitialised value(s)
==2183==    at 0x409E43: Evaluate(JSContext*, unsigned int, JS::Value*) (js.cpp:879)
==2183==    by 0x501762: js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), js::CallArgs const&) (jscntxtinlines.h:397)
==2183==    by 0x5092CE: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jsinterp.cpp:310)
==2183==    by 0x516EF4: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2512)
==2183==    by 0x508E82: js::RunScript(JSContext*, JSScript*, js::StackFrame*) (jsinterp.cpp:266)
==2183==    by 0x509C4C: js::ExecuteKernel(JSContext*, JSScript*, JSObject&, JS::Value const&, js::ExecuteType, js::StackFrame*, JS::Value*) (jsinterp.cpp:466)
==2183==    by 0x509EE0: js::Execute(JSContext*, JSScript*, JSObject&, JS::Value*) (jsinterp.cpp:508)
==2183==    by 0x448790: JS_ExecuteScript (jsapi.cpp:5334)
==2183==    by 0x4084FB: Process(JSContext*, JSObject*, char const*, bool) (js.cpp:445)
==2183==    by 0x413837: ProcessArgs(JSContext*, JSObject*, js::cli::OptionParser*) (js.cpp:4754)
==2183==    by 0x413AAF: Shell(JSContext*, js::cli::OptionParser*, char**) (js.cpp:4837)
==2183==    by 0x4141F7: main (js.cpp:5041)


Might be related to bug 755808.

Comment 1

[Jim Blandy :jimb]

This is the uninitialized newContext, noted in bug 755808 comment 6. I thought we'd fixed this...

Comment 2

[Jim Blandy :jimb]

Attachment: Bother to initialize newContext in js/src/shell/js.cpp:Evaluate.

Comment 3

[Jason Orendorff [:jorendorff]]

Comment on attachment 627519 [details] [diff] [review]
Bother to initialize newContext in js/src/shell/js.cpp:Evaluate.

Didn't see this. I just pushed effectively the same patch as:
https://hg.mozilla.org/integration/mozilla-inbound/rev/732355e3de2a

Comment 4

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

Marking RESOLVED FIXED by follow-up patch above (and also in bug 755808 comment 9).