Bug 834766 - GC: Fix some more rooting issues found by static analysis r=sphink
authorJon Coppeard <jcoppeard@mozilla.com>
Fri, 25 Jan 2013 17:48:07 +0000
changeset 120196 0e64eba378053be73b882c0a94a27c4f373dde6e
parent 120195 3f5dfcc20fa4afc69150975c727974b7687c1bb7
child 120197 f6367c0f3f2bd5ee86f4c958670ed06edc0e70d0
push id22089
push userjcoppeard@mozilla.com
push dateTue, 29 Jan 2013 13:10:54 +0000
treeherdermozilla-inbound@719e2132cc42 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssphink
bugs834766
milestone21.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 834766 - GC: Fix some more rooting issues found by static analysis r=sphink
js/src/jsstr.cpp
js/src/jstypedarray.cpp
js/src/jstypedarray.h
js/src/jsweakmap.cpp
--- a/js/src/jsstr.cpp
+++ b/js/src/jsstr.cpp
@@ -61,16 +61,19 @@
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 using namespace js::unicode;
 
 using mozilla::CheckedInt;
 
+typedef Rooted<JSLinearString*> RootedLinearString;
+typedef Handle<JSLinearString*> HandleLinearString;
+
 static JSLinearString *
 ArgToRootedString(JSContext *cx, CallArgs &args, unsigned argno)
 {
     if (argno >= args.length())
         return cx->names().undefined;
 
     Value &arg = args[argno];
     JSString *str = ToString<CanGC>(cx, arg);
@@ -1849,18 +1852,18 @@ js::str_match(JSContext *cx, unsigned ar
         return false;
 
     if (!g.normalizeRegExp(cx, false, 1, args))
         return false;
 
     RootedObject array(cx);
     MatchArgType arg = array.address();
     RegExpStatics *res = cx->regExpStatics();
-    Value rval;
-    if (!DoMatch(cx, res, str, g.regExp(), MatchCallback, arg, MATCH_ARGS, &rval))
+    RootedValue rval(cx);
+    if (!DoMatch(cx, res, str, g.regExp(), MatchCallback, arg, MATCH_ARGS, rval.address()))
         return false;
 
     if (g.regExp().global())
         args.rval().setObjectOrNull(array);
     else
         args.rval().set(rval);
     return true;
 }
@@ -2008,32 +2011,32 @@ FindReplaceLength(JSContext *cx, RegExpS
          * 'function(a) { return b[a]; }' for the base object b.  b will not change
          * in the course of the replace unless we end up making a scripted call due
          * to accessing a scripted getter or a value with a scripted toString.
          */
         JS_ASSERT(rdata.lambda);
         JS_ASSERT(!rdata.elembase->getOps()->lookupProperty);
         JS_ASSERT(!rdata.elembase->getOps()->getProperty);
 
-        Value match;
-        if (!res->createLastMatch(cx, &match))
+        RootedValue match(cx);
+        if (!res->createLastMatch(cx, match.address()))
             return false;
         JSString *str = match.toString();
 
         JSAtom *atom;
         if (str->isAtom()) {
             atom = &str->asAtom();
         } else {
             atom = AtomizeString<CanGC>(cx, str);
             if (!atom)
                 return false;
         }
 
-        Value v;
-        if (HasDataProperty(cx, rdata.elembase, AtomToId(atom), &v) && v.isString()) {
+        RootedValue v(cx);
+        if (HasDataProperty(cx, rdata.elembase, AtomToId(atom), v.address()) && v.isString()) {
             rdata.repstr = v.toString()->ensureLinear(cx);
             if (!rdata.repstr)
                 return false;
             *sizep = rdata.repstr->length();
             return true;
         }
 
         /*
@@ -3153,17 +3156,17 @@ str_slice(JSContext *cx, unsigned argc, 
     return true;
 }
 
 #if JS_HAS_STR_HTML_HELPERS
 /*
  * HTML composition aids.
  */
 static bool
-tagify(JSContext *cx, const char *begin, JSLinearString *param, const char *end,
+tagify(JSContext *cx, const char *begin, HandleLinearString param, const char *end,
        CallReceiver call)
 {
     JSString *thisstr = ThisToStringForStringProto(cx, call);
     if (!thisstr)
         return false;
 
     JSLinearString *str = thisstr->ensureLinear(cx);
     if (!str)
@@ -3226,39 +3229,39 @@ tagify(JSContext *cx, const char *begin,
 
     call.rval().setString(retstr);
     return true;
 }
 
 static JSBool
 tagify_value(JSContext *cx, CallArgs args, const char *begin, const char *end)
 {
-    JSLinearString *param = ArgToRootedString(cx, args, 0);
+    RootedLinearString param(cx, ArgToRootedString(cx, args, 0));
     if (!param)
         return false;
 
     return tagify(cx, begin, param, end, args);
 }
 
 static JSBool
 str_bold(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "b", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "b", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_italics(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "i", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "i", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_fixed(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "tt", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "tt", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_fontsize(JSContext *cx, unsigned argc, Value *vp)
 {
     return tagify_value(cx, CallArgsFromVp(argc, vp), "font size", "font");
 }
 
@@ -3278,47 +3281,47 @@ static JSBool
 str_anchor(JSContext *cx, unsigned argc, Value *vp)
 {
     return tagify_value(cx, CallArgsFromVp(argc, vp), "a name", "a");
 }
 
 static JSBool
 str_strike(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "strike", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "strike", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_small(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "small", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "small", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_big(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "big", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "big", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_blink(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "blink", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "blink", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_sup(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "sup", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "sup", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 
 static JSBool
 str_sub(JSContext *cx, unsigned argc, Value *vp)
 {
-    return tagify(cx, "sub", NULL, NULL, CallReceiverFromVp(vp));
+    return tagify(cx, "sub", NullPtr(), NULL, CallReceiverFromVp(vp));
 }
 #endif /* JS_HAS_STR_HTML_HELPERS */
 
 static JSFunctionSpec string_methods[] = {
 #if JS_HAS_TOSOURCE
     JS_FN("quote",             str_quote,             0,JSFUN_GENERIC_NATIVE),
     JS_FN(js_toSource_str,     str_toSource,          0,0),
 #endif
@@ -4275,18 +4278,18 @@ Decode(JSContext *cx, JSString *str, con
 static JSBool
 str_decodeURI(JSContext *cx, unsigned argc, Value *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
     JSLinearString *str = ArgToRootedString(cx, args, 0);
     if (!str)
         return false;
 
-    Value result;
-    if (!Decode(cx, str, js_uriReservedPlusPound_ucstr, &result))
+    RootedValue result(cx);
+    if (!Decode(cx, str, js_uriReservedPlusPound_ucstr, result.address()))
         return false;
 
     args.rval().set(result);
     return true;
 }
 
 static JSBool
 str_decodeURI_Component(JSContext *cx, unsigned argc, Value *vp)
--- a/js/src/jstypedarray.cpp
+++ b/js/src/jstypedarray.cpp
@@ -2496,17 +2496,17 @@ TypedArrayTemplate<double>::copyIndexToV
      * canonical nans are stored into jsvals, which means user code could
      * confuse the engine into interpreting a double-typed jsval as an
      * object-typed jsval.
      */
     vp.setDouble(JS_CANONICALIZE_NAN(val));
 }
 
 JSBool
-DataViewObject::construct(JSContext *cx, JSObject *bufobj, const CallArgs &args, JSObject *proto)
+DataViewObject::construct(JSContext *cx, JSObject *bufobj, const CallArgs &args, HandleObject proto)
 {
     if (!bufobj->isArrayBuffer()) {
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_EXPECTED_TYPE,
                              "DataView", "ArrayBuffer", bufobj->getClass()->name);
         return false;
     }
 
     Rooted<ArrayBufferObject*> buffer(cx, &bufobj->asArrayBuffer());
@@ -2580,17 +2580,17 @@ DataViewObject::class_constructor(JSCont
         PodCopy(ag.array(), args.array(), args.length());
         ag[argc] = ObjectValue(*proto);
         if (!Invoke(cx, ag))
             return false;
         args.rval().set(ag.rval());
         return true;
     }
 
-    return construct(cx, bufobj, args, NULL);
+    return construct(cx, bufobj, args, NullPtr());
 }
 
 /* static */ bool
 DataViewObject::getDataPointer(JSContext *cx, Handle<DataViewObject*> obj,
                                CallArgs args, size_t typeSize, uint8_t **data)
 {
     uint32_t offset;
     JS_ASSERT(args.length() > 0);
--- a/js/src/jstypedarray.h
+++ b/js/src/jstypedarray.h
@@ -334,17 +334,17 @@ private:
 
     static inline Value bufferValue(DataViewObject &view);
     static inline Value byteOffsetValue(DataViewObject &view);
     static inline Value byteLengthValue(DataViewObject &view);
 
     static JSBool class_constructor(JSContext *cx, unsigned argc, Value *vp);
     static JSBool constructWithProto(JSContext *cx, unsigned argc, Value *vp);
     static JSBool construct(JSContext *cx, JSObject *bufobj, const CallArgs &args,
-                            JSObject *proto);
+                            HandleObject proto);
 
     static inline DataViewObject *
     create(JSContext *cx, uint32_t byteOffset, uint32_t byteLength,
            Handle<ArrayBufferObject*> arrayBuffer, JSObject *proto);
 
     static bool getInt8Impl(JSContext *cx, CallArgs args);
     static JSBool fun_getInt8(JSContext *cx, unsigned argc, Value *vp);
 
--- a/js/src/jsweakmap.cpp
+++ b/js/src/jsweakmap.cpp
@@ -271,17 +271,17 @@ WeakMap_set_impl(JSContext *cx, CallArgs
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_MORE_ARGS_NEEDED,
                              "WeakMap.set", "0", "s");
         return false;
     }
     RootedObject key(cx, GetKeyArg(cx, args));
     if (!key)
         return false;
 
-    Value value = (args.length() > 1) ? args[1] : UndefinedValue();
+    RootedValue value(cx, (args.length() > 1) ? args[1] : UndefinedValue());
 
     Rooted<JSObject*> thisObj(cx, &args.thisv().toObject());
     ObjectValueMap *map = GetObjectMap(thisObj);
     if (!map) {
         map = cx->new_<ObjectValueMap>(cx, thisObj.get());
         if (!map->init()) {
             js_delete(map);
             JS_ReportOutOfMemory(cx);
@@ -317,18 +317,19 @@ WeakMap_set_impl(JSContext *cx, CallArgs
 JSBool
 WeakMap_set(JSContext *cx, unsigned argc, Value *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
     return CallNonGenericMethod<IsWeakMap, WeakMap_set_impl>(cx, args);
 }
 
 JS_FRIEND_API(JSBool)
-JS_NondeterministicGetWeakMapKeys(JSContext *cx, JSObject *obj, JSObject **ret)
+JS_NondeterministicGetWeakMapKeys(JSContext *cx, JSObject *objArg, JSObject **ret)
 {
+    RootedObject obj(cx, objArg);
     obj = UnwrapObject(obj);
     if (!obj || !obj->isWeakMap()) {
         *ret = NULL;
         return true;
     }
     RootedObject arr(cx, NewDenseEmptyArray(cx));
     if (!arr)
         return false;