WebKit Bugzilla
Attachment 343029 Details for
Bug 186798
: [JSC] Coverity scan issues
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186798-20180619102200.patch (text/plain), 14.28 KB, created by
Tomas Popela
on 2018-06-19 01:22:02 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tomas Popela
Created:
2018-06-19 01:22:02 PDT
Size:
14.28 KB
patch
obsolete
>Subversion Revision: 232929 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 81f49f6df83e75abf4ed7f9954708a631bc212de..4c8e467f826ab5e231d9185ff73541070986c1a6 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,32 @@ >+2018-06-19 Tomas Popela <tpopela@redhat.com> >+ >+ [JSC] Coverity scan issues >+ https://bugs.webkit.org/show_bug.cgi?id=186798 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * b3/air/AirAllocateRegistersByGraphColoring.cpp: Initialize the >+ variable. >+ * bytecode/PolymorphicAccess.h: Ditto. >+ * dfg/DFGOSRExit.h: Ditto. >+ * inspector/agents/InspectorDebuggerAgent.cpp: Check the return value >+ of getString(). >+ (Inspector::InspectorDebuggerAgent::setBreakpoint): Initialize the >+ variable. >+ * runtime/CodeCache.cpp: Ditto. >+ (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): Ditto. >+ * runtime/ConfigFile.cpp: Ditto. >+ * runtime/JSBigInt.h: Ditto. >+ * runtime/PropertySlot.h: Ditto. >+ * wasm/WasmB3IRGenerator.cpp: Ditto. >+ * wasm/WasmFormat.h: Ditto. >+ * wasm/WasmFunctionParser.h: Ditto. >+ * wasm/WasmTierUpCount.h: Ditto. >+ * wasm/WasmValidate.cpp: Ditto. >+ * wasm/js/WasmToJS.cpp: Ditto. >+ (JSC::Wasm::wasmToJS): Ditto. >+ * yarr/YarrJIT.h: Ditto. >+ > 2018-06-16 Michael Catanzaro <mcatanzaro@igalia.com> > > REGRESSION(r227717): Hardcoded page size causing JSC crashes on platforms with page size bigger than 16 KB >diff --git a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp >index 26acffc77926a65e6ecccf786ed6e1206818555d..47e9dfdb6df2b40c13cb4d0a1b6171037591f4af 100644 >--- a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp >+++ b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp >@@ -876,7 +876,7 @@ protected: > } > > private: >- unsigned m_positionInMoveList; >+ unsigned m_positionInMoveList { 0 }; > Vector<unsigned, 0, UnsafeVectorOverflow> m_moveList; > Vector<unsigned, 0, UnsafeVectorOverflow> m_lowPriorityMoveList; > }; >diff --git a/Source/JavaScriptCore/bytecode/PolymorphicAccess.h b/Source/JavaScriptCore/bytecode/PolymorphicAccess.h >index 30558551cbcab019f458f739d569ceee1c0462ae..5e72eaa8dbe5f1dea53aa81a743f587526f25be3 100644 >--- a/Source/JavaScriptCore/bytecode/PolymorphicAccess.h >+++ b/Source/JavaScriptCore/bytecode/PolymorphicAccess.h >@@ -122,7 +122,7 @@ public: > } > > private: >- Kind m_kind; >+ Kind m_kind { MadeNoChanges }; > MacroAssemblerCodePtr<JITStubRoutinePtrTag> m_code; > Vector<std::pair<InlineWatchpointSet&, StringFireDetail>> m_watchpointsToFire; > }; >diff --git a/Source/JavaScriptCore/dfg/DFGOSRExit.h b/Source/JavaScriptCore/dfg/DFGOSRExit.h >index 4554975913a88b5e2c702332ce70df64c4ba883d..4c1a2c8ed871a731b87cacf383c3f251765c05ef 100644 >--- a/Source/JavaScriptCore/dfg/DFGOSRExit.h >+++ b/Source/JavaScriptCore/dfg/DFGOSRExit.h >@@ -131,7 +131,7 @@ struct OSRExitState : RefCounted<OSRExitState> { > void* jumpTarget; > ArrayProfile* arrayProfile; > >- ExtraInitializationLevel extraInitializationLevel; >+ ExtraInitializationLevel extraInitializationLevel { }; > Profiler::OSRExit* profilerExit { nullptr }; > }; > >diff --git a/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp b/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp >index 20e4ecb22653c388378c3d337f520c1bbf2fd00e..22d0d1d28a25573630a7103a2e6dd9ef5f76c4bb 100644 >--- a/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp >+++ b/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp >@@ -508,7 +508,8 @@ void InspectorDebuggerAgent::setBreakpoint(ErrorString& errorString, const JSON: > unsigned ignoreCount = 0; > RefPtr<JSON::Array> actions; > if (options) { >- options->getString(ASCIILiteral("condition"), condition); >+ if (!options->getString(ASCIILiteral("condition"), condition)) >+ return; > options->getBoolean(ASCIILiteral("autoContinue"), autoContinue); > options->getArray(ASCIILiteral("actions"), actions); > options->getInteger(ASCIILiteral("ignoreCount"), ignoreCount); >diff --git a/Source/JavaScriptCore/runtime/CodeCache.cpp b/Source/JavaScriptCore/runtime/CodeCache.cpp >index 00a827a986acd99356ffad1ec1136d816d10aa2c..5497b914867e0e7094fa6859c84ab6a64fcc2cee 100644 >--- a/Source/JavaScriptCore/runtime/CodeCache.cpp >+++ b/Source/JavaScriptCore/runtime/CodeCache.cpp >@@ -129,7 +129,7 @@ UnlinkedFunctionExecutable* CodeCache::getUnlinkedGlobalFunctionExecutable(VM& v > // This function assumes an input string that would result in a single function declaration. > StatementNode* statement = program->singleStatement(); > if (UNLIKELY(!statement)) { >- JSToken token; >+ JSToken token = { }; > error = ParserError(ParserError::SyntaxError, ParserError::SyntaxErrorIrrecoverable, token, "Parser error", -1); > return nullptr; > } >@@ -137,7 +137,7 @@ UnlinkedFunctionExecutable* CodeCache::getUnlinkedGlobalFunctionExecutable(VM& v > > StatementNode* funcDecl = static_cast<BlockNode*>(statement)->singleStatement(); > if (UNLIKELY(!funcDecl)) { >- JSToken token; >+ JSToken token = { }; > error = ParserError(ParserError::SyntaxError, ParserError::SyntaxErrorIrrecoverable, token, "Parser error", -1); > return nullptr; > } >diff --git a/Source/JavaScriptCore/runtime/ConfigFile.cpp b/Source/JavaScriptCore/runtime/ConfigFile.cpp >index 98c196f82f6851bdf70ef8d6223b5a169129362f..7f4fbe0317f40e11db8364690f2a80744aa491a2 100644 >--- a/Source/JavaScriptCore/runtime/ConfigFile.cpp >+++ b/Source/JavaScriptCore/runtime/ConfigFile.cpp >@@ -233,7 +233,7 @@ private: > > const char* m_filename; > unsigned m_lineNumber; >- FILE* m_file; >+ FILE* m_file { nullptr }; > char m_buffer[BUFSIZ]; > char* m_srcPtr; > char* m_bufferEnd; >diff --git a/Source/JavaScriptCore/runtime/JSBigInt.h b/Source/JavaScriptCore/runtime/JSBigInt.h >index 4af7a5f7f24366c37450c9642e412605b06043d5..5be93b9b652be84b2e1953f8ecea4ed16862d9e5 100644 >--- a/Source/JavaScriptCore/runtime/JSBigInt.h >+++ b/Source/JavaScriptCore/runtime/JSBigInt.h >@@ -81,7 +81,7 @@ public: > > std::optional<uint8_t> singleDigitValueForString(); > String toString(ExecState*, unsigned radix); >- >+ > enum class ComparisonMode { > LessThan, > LessThanOrEqual >@@ -93,7 +93,7 @@ public: > GreaterThan, > LessThan > }; >- >+ > JS_EXPORT_PRIVATE static bool equals(JSBigInt*, JSBigInt*); > bool equalsToNumber(JSValue); > static ComparisonResult compare(JSBigInt* x, JSBigInt* y); >@@ -104,7 +104,7 @@ public: > JSObject* toObject(ExecState*, JSGlobalObject*) const; > > static JSBigInt* multiply(ExecState*, JSBigInt* x, JSBigInt* y); >- >+ > ComparisonResult static compareToDouble(JSBigInt* x, double y); > > static JSBigInt* add(VM&, JSBigInt* x, JSBigInt* y); >@@ -112,7 +112,7 @@ public: > static JSBigInt* divide(ExecState*, JSBigInt* x, JSBigInt* y); > static JSBigInt* remainder(ExecState*, JSBigInt* x, JSBigInt* y); > static JSBigInt* unaryMinus(VM&, JSBigInt* x); >- >+ > private: > > using Digit = uintptr_t; >@@ -121,26 +121,26 @@ private: > static constexpr unsigned halfDigitBits = digitBits / 2; > static constexpr Digit halfDigitMask = (1ull << halfDigitBits) - 1; > static constexpr int maxInt = 0x7FFFFFFF; >- >+ > // The maximum length that the current implementation supports would be > // maxInt / digitBits. However, we use a lower limit for now, because > // raising it later is easier than lowering it. > // Support up to 1 million bits. > static constexpr unsigned maxLength = 1024 * 1024 / (sizeof(void*) * bitsPerByte); >- >+ > static uint64_t calculateMaximumCharactersRequired(unsigned length, unsigned radix, Digit lastDigit, bool sign); >- >+ > static ComparisonResult absoluteCompare(JSBigInt* x, JSBigInt* y); > static void absoluteDivWithDigitDivisor(VM&, JSBigInt* x, Digit divisor, JSBigInt** quotient, Digit& remainder); > static void internalMultiplyAdd(JSBigInt* source, Digit factor, Digit summand, unsigned, JSBigInt* result); > static void multiplyAccumulate(JSBigInt* multiplicand, Digit multiplier, JSBigInt* accumulator, unsigned accumulatorIndex); > static void absoluteDivWithBigIntDivisor(VM&, JSBigInt* dividend, JSBigInt* divisor, JSBigInt** quotient, JSBigInt** remainder); >- >+ > enum class LeftShiftMode { > SameSizeResult, > AlwaysAddOneDigit > }; >- >+ > static JSBigInt* absoluteLeftShiftAlwaysCopy(VM&, JSBigInt* x, unsigned shift, LeftShiftMode); > static bool productGreaterThan(Digit factor1, Digit factor2, Digit high, Digit low); > >@@ -173,16 +173,16 @@ private: > void inplaceMultiplyAdd(Digit multiplier, Digit part); > static JSBigInt* absoluteAdd(VM&, JSBigInt* x, JSBigInt* y, bool resultSign); > static JSBigInt* absoluteSub(VM&, JSBigInt* x, JSBigInt* y, bool resultSign); >- >+ > static size_t allocationSize(unsigned length); > static size_t offsetOfData(); > Digit* dataStorage(); > > Digit digit(unsigned); > void setDigit(unsigned, Digit); >- >- unsigned m_length; >- bool m_sign; >+ >+ unsigned m_length { 0 }; >+ bool m_sign { false }; > }; > > inline JSBigInt* asBigInt(JSValue value) >diff --git a/Source/JavaScriptCore/runtime/PropertySlot.h b/Source/JavaScriptCore/runtime/PropertySlot.h >index 066978de972347a716e847da71752532a29d6485..5101504b7da80f0f178fe7be2ed55ed15804dcb6 100644 >--- a/Source/JavaScriptCore/runtime/PropertySlot.h >+++ b/Source/JavaScriptCore/runtime/PropertySlot.h >@@ -370,7 +370,7 @@ private: > JS_EXPORT_PRIVATE JSValue customGetter(ExecState*, PropertyName) const; > JS_EXPORT_PRIVATE JSValue customAccessorGetter(ExecState*, PropertyName) const; > >- unsigned m_attributes; >+ unsigned m_attributes { 0 }; > union { > EncodedJSValue value; > struct { >diff --git a/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp b/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp >index 107336b880be054976e118eeded0eb1b35c354e5..c09c5efe696c3213dbf33a8bbad45f117f8518c9 100644 >--- a/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp >+++ b/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp >@@ -148,10 +148,10 @@ public: > > private: > friend class B3IRGenerator; >- BlockType blockType; >- BasicBlock* continuation; >- BasicBlock* special; >- ResultList result; >+ BlockType blockType { }; >+ BasicBlock* continuation { nullptr }; >+ BasicBlock* special { nullptr }; >+ ResultList result { }; > }; > > typedef Value* ExpressionType; >diff --git a/Source/JavaScriptCore/wasm/WasmFormat.h b/Source/JavaScriptCore/wasm/WasmFormat.h >index 2784e90af3841a02e5873332cff8bb06487e33de..c77fb1cee5925fae3c9ca79a625d861b65c57f4a 100644 >--- a/Source/JavaScriptCore/wasm/WasmFormat.h >+++ b/Source/JavaScriptCore/wasm/WasmFormat.h >@@ -226,7 +226,7 @@ public: > std::optional<uint32_t> maximum() const { return m_maximum; } > > private: >- uint32_t m_initial; >+ uint32_t m_initial { 0 }; > std::optional<uint32_t> m_maximum; > bool m_isImport { false }; > bool m_isValid { false }; >diff --git a/Source/JavaScriptCore/wasm/WasmFunctionParser.h b/Source/JavaScriptCore/wasm/WasmFunctionParser.h >index 8735ce8e6accb38e84c84b7b8e11d53379ab8dbe..a4f33e82fdf7e5268f75487cf9def4fd2f15f033 100644 >--- a/Source/JavaScriptCore/wasm/WasmFunctionParser.h >+++ b/Source/JavaScriptCore/wasm/WasmFunctionParser.h >@@ -87,7 +87,7 @@ private: > const Signature& m_signature; > const ModuleInformation& m_info; > >- OpType m_currentOpcode; >+ OpType m_currentOpcode { }; > size_t m_currentOpcodeStartingOffset { 0 }; > > unsigned m_unreachableBlocks { 0 }; >diff --git a/Source/JavaScriptCore/wasm/WasmTierUpCount.h b/Source/JavaScriptCore/wasm/WasmTierUpCount.h >index a989b367e6defe71041afd77fadb3af040183b05..7368ff8600bb26fb355aa9a05e51c4f0e6ac2b9b 100644 >--- a/Source/JavaScriptCore/wasm/WasmTierUpCount.h >+++ b/Source/JavaScriptCore/wasm/WasmTierUpCount.h >@@ -65,7 +65,7 @@ public: > > private: > uint32_t m_count; >- Atomic<bool> m_tierUpStarted; >+ Atomic<bool> m_tierUpStarted { false }; > }; > > } } // namespace JSC::Wasm >diff --git a/Source/JavaScriptCore/wasm/WasmValidate.cpp b/Source/JavaScriptCore/wasm/WasmValidate.cpp >index 116f9d209adf1c185b5ceeafa2725962c27b9b8b..59b2cd3ffd663b72483e74581739609989b52dec 100644 >--- a/Source/JavaScriptCore/wasm/WasmValidate.cpp >+++ b/Source/JavaScriptCore/wasm/WasmValidate.cpp >@@ -72,8 +72,8 @@ public: > Type signature() const { return m_signature; } > Type branchTargetSignature() const { return type() == BlockType::Loop ? Void : signature(); } > private: >- BlockType m_blockType; >- Type m_signature; >+ BlockType m_blockType { }; >+ Type m_signature { }; > }; > typedef String ErrorType; > typedef Unexpected<ErrorType> UnexpectedResult; >diff --git a/Source/JavaScriptCore/wasm/js/WasmToJS.cpp b/Source/JavaScriptCore/wasm/js/WasmToJS.cpp >index 7cdce40d94bc5ee6d14d0225e72d1ff643b3c309..15632e9bcaafb187404d4f679f2d92af6310b9c5 100644 >--- a/Source/JavaScriptCore/wasm/js/WasmToJS.cpp >+++ b/Source/JavaScriptCore/wasm/js/WasmToJS.cpp >@@ -264,7 +264,7 @@ Expected<MacroAssemblerCodeRef<WasmEntryPtrTag>, BindingFailure> wasmToJS(VM* vm > JSValue result = call(exec, callee, callType, callData, jsUndefined(), args); > RETURN_IF_EXCEPTION(throwScope, 0); > >- uint64_t realResult; >+ uint64_t realResult = 0; > switch (signature.returnType()) { > case Func: > case Anyfunc: >diff --git a/Source/JavaScriptCore/yarr/YarrJIT.h b/Source/JavaScriptCore/yarr/YarrJIT.h >index 07d39983a7d74ddf0650a1ac9642ae8138a2bde4..e0b5e8a84e64a3ec194af11fd9d4eeaff5ecb1a3 100644 >--- a/Source/JavaScriptCore/yarr/YarrJIT.h >+++ b/Source/JavaScriptCore/yarr/YarrJIT.h >@@ -201,7 +201,7 @@ private: > MacroAssemblerCodeRef<YarrMatchOnly8BitPtrTag> m_matchOnly8; > MacroAssemblerCodeRef<YarrMatchOnly16BitPtrTag> m_matchOnly16; > #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS) >- bool m_usesPatternContextBuffer; >+ bool m_usesPatternContextBuffer { false }; > #endif > std::optional<JITFailureReason> m_failureReason; > };
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343029">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186798
:
343029
|
343036
|
343040
|
343042
|
345837
|
367411