Valgrind warning about use of uninitialized data in Parser::functionDef()

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
6 years ago
2 years ago

People

(Reporter: bent.mozilla, Unassigned)

Tracking

18 Branch
ARM
Gonk (Firefox OS)
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

==233== Use of uninitialised value of size 4
==233==    at 0x5FA0BAA: js::frontend::Parser::functionDef(JS::Handle<js::PropertyName*>, js::frontend::Parser::FunctionType, js::frontend::FunctionSyntaxKind) (SharedContext.h:175)
==233==    by 0x5FA0E73: js::frontend::Parser::functionExpr() (Parser.cpp:1759)
==233==    by 0x5FA11B5: js::frontend::Parser::primaryExpr(js::frontend::TokenKind, bool) (Parser.cpp:6488)
==233==    by 0x5FA2C07: js::frontend::Parser::memberExpr(bool) (Parser.cpp:5477)
==233==    by 0x5FA35A9: js::frontend::Parser::unaryExpr() (Parser.cpp:4685)
==233==    by 0x5F9CDFB: js::frontend::Parser::assignExpr() (Parser.cpp:4218)
==233==    by 0x5FA29AF: js::frontend::Parser::argumentList(js::frontend::ParseNode*) (Parser.cpp:5405)
==233==    by 0x5FA2D1B: js::frontend::Parser::memberExpr(bool) (Parser.cpp:5672)
==233==    by 0x5FA35A9: js::frontend::Parser::unaryExpr() (Parser.cpp:4685)
==233==    by 0x5F9CDFB: js::frontend::Parser::assignExpr() (Parser.cpp:4218)
==233==    by 0x5F9D467: js::frontend::Parser::expr() (Parser.cpp:4174)
==233==    by 0x5FA7A89: js::frontend::Parser::expressionStatement() (Parser.cpp:3659)

This is on mozilla-b2g18, so it looks like something is uninitialized either in one of these two places:

http://mxr.mozilla.org/mozilla-b2g18/source/js/src/frontend/Parser.cpp#1673
http://mxr.mozilla.org/mozilla-b2g18/source/js/src/frontend/Parser.cpp#1715
I see tons of these warnings on startup when we're first compiling everything.

Oh, and this is a --disable-ion build if that makes any difference.
This might be a false error from Memcheck on ARM, due to some clever
gcc code generation that confuses Memcheck.  I will investigate further.
FTR the code is

  # r3 is mostly uninitialised, except for bit 1
  eb68a2:       0799            lsls    r1, r3, #30
  eb68a4:       bf41            itttt   mi           // flags are defined (mi depends on bit 1)
  eb68a6:       f8d8 3000       ldrmi.w r3, [r8]     // r3 either fully defined, or mostly undef
  eb68aa:       795a            ldrbmi  r2, [r3, #5] // error reported here
  eb68ac:       f042 0202       orrmi.w r2, r2, #2 

It doesn't understand that ldrbmi uses r3 only if the previous insn, ldrmi.w
put a defined value into it.
Assignee: general → nobody
Mass-closing JS bugs for which the platform is Gonk (Firefox OS), since Firefox OS is gone. Feel free to re-open if still valid.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.