900198 - Suppress the indirect call static analysis hazards in AsmJS.cpp

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Terrence Cole [:terrence]]

These appear to be spurious because of the indirect control flow.

Comment 1

[Terrence Cole [:terrence]]

Attachment: hazard_AsmJS-v0.diff

CheckCallArgs is a static function which makes use of namespaces, so the whole signature acts as the name. I think it would probably be safe to just search for CheckCallArgs in the string, but I've gone with the more conservative approach of comparing the full string. It will re-trigger the hazard if someone changes the signature, but I think that's probably preferable to adding unnecessary holes at this point.

Comment 2

[Steve Fink [:sfink] [:s:]]

Comment on attachment 784001 [details] [diff] [review]
hazard_AsmJS-v0.diff

Review of attachment 784001 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/devtools/rootAnalysis/annotations.js
@@ +25,5 @@
>          return true;
>  
> +    // CheckCallArgs dispatches to customize the checks.
> +    var CheckCallArgs = "AsmJS.cpp:uint8 CheckCallArgs(FunctionCompiler*, js::frontend::ParseNode*," +
> +                        " (uint8)(FunctionCompiler*,js::frontend::ParseNode*,Type)*, FunctionCompiler::Call*)";

No comment, and forget about the line length -- I'd rather have the function name in a cut & pastable form. I tend to do that a lot when working with the analysis. (I like the CheckCallArgs var, though.)

Comment 3

[Terrence Cole [:terrence]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/ef0470081b25

Comment 4

[Ed Morley [:emorley]]

https://hg.mozilla.org/mozilla-central/rev/ef0470081b25