Closed Bug 978714 Opened 10 years ago Closed 10 years ago

OdinMonkey: Conditional jump or move depends on uninitialised value(s) - AsmJSModule::AsmJSModule does not initialise AsmJSModule::codeIsProtected_

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30

People

(Reporter: gkw, Assigned: bbouvier)

References

Details

(Keywords: testcase, valgrind)

Attachments

(1 file)

Patch + test
1.38 KB, patch
luke
: review+
Details | Diff | Splinter Review 
for (var i = 0; i < 4; ++i) {}
x = Array.buildPar(9, function() {});
y = x.filterPar(function() {
    return i
});
Array.prototype.every.call(y, (function() {
    "use asm";
    function f() {}
    return f
}))

According to jseward, AsmJSModule::AsmJSModule does not seem to initialise AsmJSModule::codeIsProtected_. This results in a Valgrind "Conditional jump or move depends on uninitialised value(s)" error.

Tested on rev 4cfb6c61b137, with the 8382126: bug970643-2-val.diff and 8382966: bug970643-2-fx.cset patches, from bug 970643.

valgrind -v --track-origins=yes --vex-iropt-register-updates=allregs-at-mem-access --leak-check=full --smc-check=all-non-file ./js --no-ti --ion-eager testcase.js

Stack is in bug 970643 comment 33.
Flags: needinfo?(luke)
Attached patch Patch + testSplinter Review 
Seems that the value is indeed initialized. No code at the beginning => it can't be protected at first.

Gary, I can't apply the patches from the valgrind bug properly on my machine, but I can see Valgrind complaining without the patch and stop complaining once the patch is applied. Does it fix it for you too?
Assignee: nobody → benj
Status: NEW → ASSIGNED
Attachment #8384555 - Flags: review?(luke)
Attachment #8384555 - Flags: feedback?(gary)
Flags: needinfo?(luke)
Comment on attachment 8384555 [details] [diff] [review]
Patch + test

Ugh, thanks!
Attachment #8384555 - Flags: review?(luke) → review+
Comment on attachment 8384555 [details] [diff] [review]
Patch + test

Clearing feedback? flag as I'm busy with other stuff (both in the Valgrind bug and others) at the moment, and this landed, so I'll file follow-ups as needed, if I do find any regressions.
Attachment #8384555 - Flags: feedback?(gary)
https://hg.mozilla.org/mozilla-central/rev/2271863167e9
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: