Bug 1451198 part 2 - Annotate maybeUninitialized reads in GetUnboxedValue. r=bhackett
authorJan de Mooij <jdemooij@mozilla.com>
Sun, 22 Apr 2018 12:13:48 +0200
changeset 468529 6c222e89103d4c70c58bf1955ab81cef8e8b62e1
parent 468528 5f017a1dc4a9f6b1631787aa7bb6b13352f8c3af
child 468530 116a49e26695aab8fb9c5b241da2067c3c7cd8a8
push id9165
push userasasaki@mozilla.com
push dateThu, 26 Apr 2018 21:04:54 +0000
treeherdermozilla-beta@064c3804de2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs1451198
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1451198 part 2 - Annotate maybeUninitialized reads in GetUnboxedValue. r=bhackett
js/src/vm/UnboxedObject.cpp
--- a/js/src/vm/UnboxedObject.cpp
+++ b/js/src/vm/UnboxedObject.cpp
@@ -1,16 +1,18 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "vm/UnboxedObject-inl.h"
 
+#include "mozilla/MemoryChecking.h"
+
 #include "jit/BaselineIC.h"
 #include "jit/ExecutableAllocator.h"
 #include "jit/JitCommon.h"
 #include "jit/Linker.h"
 
 #include "gc/Nursery-inl.h"
 #include "jit/MacroAssembler-inl.h"
 #include "vm/JSObject-inl.h"
@@ -306,26 +308,34 @@ UnboxedLayout::detachFromCompartment()
         remove();
 }
 
 static Value
 GetUnboxedValue(uint8_t* p, JSValueType type, bool maybeUninitialized)
 {
     switch (type) {
       case JSVAL_TYPE_BOOLEAN:
+        if (maybeUninitialized) {
+            // Squelch Valgrind/MSan errors.
+            MOZ_MAKE_MEM_DEFINED(p, 1);
+        }
         return BooleanValue(*p != 0);
 
       case JSVAL_TYPE_INT32:
+        if (maybeUninitialized)
+            MOZ_MAKE_MEM_DEFINED(p, sizeof(int32_t));
         return Int32Value(*reinterpret_cast<int32_t*>(p));
 
       case JSVAL_TYPE_DOUBLE: {
         // During unboxed plain object creation, non-GC thing properties are
         // left uninitialized. This is normally fine, since the properties will
         // be filled in shortly, but if they are read before that happens we
         // need to make sure that doubles are canonical.
+        if (maybeUninitialized)
+            MOZ_MAKE_MEM_DEFINED(p, sizeof(double));
         double d = *reinterpret_cast<double*>(p);
         if (maybeUninitialized)
             return DoubleValue(JS::CanonicalizeNaN(d));
         return DoubleValue(d);
       }
 
       case JSVAL_TYPE_STRING:
         return StringValue(*reinterpret_cast<JSString**>(p));