Bug 1366083 - Diagnostic assert for ObjectValue(nullptr), r=jonco
authorSteve Fink <sfink@mozilla.com>
Tue, 21 Nov 2017 17:04:22 -0800
changeset 457576 c28735015441a504cdba617b65c2aed51f4e25c5
parent 457575 7a9f2cf4ca3fa16ac9b2691c127ad6fa3d9fc6e7
child 457577 2d3891634ce0a8e76af0e7227ff36ebbeae124d2
push id8799
push usermtabara@mozilla.com
push dateThu, 01 Mar 2018 16:46:23 +0000
treeherdermozilla-beta@15334014dc67 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1366083
milestone60.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1366083 - Diagnostic assert for ObjectValue(nullptr), r=jonco
js/public/Value.h
--- a/js/public/Value.h
+++ b/js/public/Value.h
@@ -384,16 +384,27 @@ class MOZ_NON_PARAM alignas(8) Value
 
     void setSymbol(JS::Symbol* sym) {
         MOZ_ASSERT(js::gc::IsCellPointerValid(sym));
         data.asBits = bitsFromTagAndPayload(JSVAL_TAG_SYMBOL, PayloadType(sym));
     }
 
     void setObject(JSObject& obj) {
         MOZ_ASSERT(js::gc::IsCellPointerValid(&obj));
+
+        // This should not be possible and is undefined behavior, but some
+        // ObjectValue(nullptr) are sneaking in. Try to catch them here, if
+        // indeed they are going through this code. I tested gcc, and it at
+        // least will *not* elide the null check even though it would be
+        // permitted according to the spec. The temporary is necessary to
+        // prevent gcc from helpfully pointing out that this code makes no
+        // sense.
+        JSObject* testObj = &obj;
+        MOZ_DIAGNOSTIC_ASSERT(testObj != nullptr);
+
 #if defined(JS_PUNBOX64)
         // VisualStudio cannot contain parenthesized C++ style cast and shift
         // inside decltype in template parameter:
         //   AssertionConditionType<decltype((uintptr_t(x) >> 1))>
         // It throws syntax error.
         MOZ_ASSERT((((uintptr_t)&obj) >> JSVAL_TAG_SHIFT) == 0);
 #endif
         setObjectNoCheck(&obj);