Closed Bug 766355 Opened 13 years ago Closed 13 years ago

GC valgrind warnings

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla16

People

(Reporter: Benjamin, Assigned: billm)

References

Details

(Whiteboard: [js:t])

Attachments

(1 file)

patch
743 bytes, patch
terrence
: review+
Details | Diff | Splinter Review
If I configure --enable-valgrind --disable-debug --disable-optimize and run valgrind with any jit test, I get: ==22179== Conditional jump or move depends on uninitialised value(s) ==22179== at 0x496A87: js::gc::GetAvailableChunkList(JSCompartment*) (jsgc.cpp:616) ==22179== by 0x4970F7: PickChunk(JSCompartment*) (jsgc.cpp:788) ==22179== by 0x49808A: js::gc::ArenaLists::allocateFromArena(JSCompartment*, js::gc::AllocKind) (jsgc.cpp:1443) ==22179== by 0x498763: js::gc::ArenaLists::refillFreeList(JSContext*, js::gc::AllocKind) (jsgc.cpp:1673) ==22179== by 0x4BF2FD: js::types::TypeObject* js::gc::NewGCThing<js::types::TypeObject>(JSContext*, js::gc::AllocKind, unsigned long) (jsgcinlines.h:419) ==22179== by 0x4AFEC6: js::types::TypeCompartment::newTypeObject(JSContext*, JSScript*, JSProtoKey, JSObject*, bool) (jsinfer.cpp:1889) ==22179== by 0x48DC7D: JSCompartment::getEmptyType(JSContext*) (jsinferinlines.h:1492) ==22179== by 0x50DE0D: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*, js::gc::AllocKind) (jsobj.cpp:2840) ==22179== by 0x41D07F: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*) (jsobjinlines.h:1381) ==22179== by 0x639544: js::GlobalObject::create(JSContext*, js::Class*) (GlobalObject.cpp:247) ==22179== by 0x424D7A: JS_NewGlobalObject (jsapi.cpp:3298) ==22179== by 0x424E46: JS_NewCompartmentAndGlobalObject (jsapi.cpp:3331) ==22179== ==22179== Conditional jump or move depends on uninitialised value(s) ==22179== at 0x496A87: js::gc::GetAvailableChunkList(JSCompartment*) (jsgc.cpp:616) ==22179== by 0x496ABD: js::gc::Chunk::addToAvailableList(JSCompartment*) (jsgc.cpp:622) ==22179== by 0x4971E2: PickChunk(JSCompartment*) (jsgc.cpp:812) ==22179== by 0x49808A: js::gc::ArenaLists::allocateFromArena(JSCompartment*, js::gc::AllocKind) (jsgc.cpp:1443) ==22179== by 0x498763: js::gc::ArenaLists::refillFreeList(JSContext*, js::gc::AllocKind) (jsgc.cpp:1673) ==22179== by 0x4BF2FD: js::types::TypeObject* js::gc::NewGCThing<js::types::TypeObject>(JSContext*, js::gc::AllocKind, unsigned long) (jsgcinlines.h:419) ==22179== by 0x4AFEC6: js::types::TypeCompartment::newTypeObject(JSContext*, JSScript*, JSProtoKey, JSObject*, bool) (jsinfer.cpp:1889) ==22179== by 0x48DC7D: JSCompartment::getEmptyType(JSContext*) (jsinferinlines.h:1492) ==22179== by 0x50DE0D: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*, js::gc::AllocKind) (jsobj.cpp:2840) ==22179== by 0x41D07F: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*) (jsobjinlines.h:1381) ==22179== by 0x639544: js::GlobalObject::create(JSContext*, js::Class*) (GlobalObject.cpp:247) ==22179== by 0x424D7A: JS_NewGlobalObject (jsapi.cpp:3298)
I wrote "--disable-debug" instead of "--enable-debug". That makes no difference.
Attached patch patchSplinter Review
I think this only affects the shell. Normally we call JS_SetCompartmentPrincipals, which sets this.
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #634626 - Flags: review?(terrence)
This fixes it.
Whiteboard: [js:t]
Attachment #634626 - Flags: review?(terrence) → review+
https://hg.mozilla.org/mozilla-central/rev/bd1992ab029b
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: