Bug 1528184: Fix two Coverity warnings in the wasm directory; r=lhansen
authorBenjamin Bouvier <benj@benj.me>
Fri, 15 Feb 2019 10:09:30 +0000
changeset 459540 d4e4095c9584edc865fdd924c389429980992bd9
parent 459539 317b67e93f3712bc573aa3fa46fecf2e30efe1f6
child 459541 25e2d821be0762477db0e87b5bc601a0b6e10b61
push id111964
push usercsabou@mozilla.com
push dateFri, 15 Feb 2019 18:54:44 +0000
treeherdermozilla-inbound@db3c4f905082 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerslhansen
bugs1528184
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1528184: Fix two Coverity warnings in the wasm directory; r=lhansen - Initialize numStackArgsWords_ in the StackMapGenerator ctor; - Make it clear that StartUnwinding can only return true if it found a codeRange. Differential Revision: https://phabricator.services.mozilla.com/D19914
js/src/wasm/WasmBaselineCompile.cpp
js/src/wasm/WasmFrameIter.cpp
--- a/js/src/wasm/WasmBaselineCompile.cpp
+++ b/js/src/wasm/WasmBaselineCompile.cpp
@@ -2135,16 +2135,17 @@ struct StackMapGenerator {
 
   StackMapGenerator(StackMaps* stackMaps, const MachineState& trapExitLayout,
                     const size_t trapExitLayoutNumWords,
                     const MacroAssembler& masm)
       : trapExitLayout_(trapExitLayout),
         trapExitLayoutNumWords_(trapExitLayoutNumWords),
         stackMaps_(stackMaps),
         masm_(masm),
+        numStackArgWords_(0),
         memRefsOnStk_(0) {}
 
   // At the beginning of a function, we may have live roots in registers (as
   // arguments) at the point where we perform a stack overflow check.  This
   // method generates the "extra" stackmap entries to describe that, in the
   // case that the check fails and we wind up calling into the wasm exit
   // stub, as generated by GenerateTrapExit().
   //
--- a/js/src/wasm/WasmFrameIter.cpp
+++ b/js/src/wasm/WasmFrameIter.cpp
@@ -1118,25 +1118,27 @@ ProfilingFrameIterator::ProfilingFrameIt
 
   bool unwoundCaller;
   UnwindState unwindState;
   if (!StartUnwinding(state, &unwindState, &unwoundCaller)) {
     MOZ_ASSERT(done());
     return;
   }
 
+  MOZ_ASSERT(unwindState.codeRange);
+
   if (unwoundCaller) {
     callerFP_ = unwindState.fp;
     callerPC_ = unwindState.pc;
     // In the case of a function call, if the original FP value is tagged,
     // then we're being called through a direct JIT call (the interpreter
     // and the jit entry don't set FP's low bit). We can't observe
     // transient tagged values of FP (during wasm::SetExitFP) here because
     // StartUnwinding would not have unwound then.
-    if (unwindState.codeRange && unwindState.codeRange->isFunction() &&
+    if (unwindState.codeRange->isFunction() &&
         (uintptr_t(state.fp) & ExitOrJitEntryFPTag)) {
       unwoundIonCallerFP_ = (uint8_t*)callerFP_;
     }
   } else {
     callerFP_ = unwindState.fp->callerFP;
     callerPC_ = unwindState.fp->returnAddress;
     // See comment above. The only way to get a tagged FP here means that
     // the caller is a fast JIT caller which called into a wasm function.