Valgrind shows me 2 uninitalised value problem: Conditional jump or move depends on uninitialised value(s) at 0x51BBB60: cti_vm_lazyLinkCall (JITStubs.cpp:1679) by 0x51B0102: JSC::TrampolineStructure::TrampolineStructure() (JITStubs.h:76) by 0x5173A5C: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (JITCode.h:77) ... Conditional jump or move depends on uninitialized value(s) at 0x513E0DF: JSC::BytecodeGenerator::createArgumentsIfNecessary() (BytecodeGenerator.cpp:1391) by 0x5147EE7: JSC::BytecodeGenerator::emitPushNewScope(JSC::RegisterID*, JSC::Identifier const&, JSC::RegisterID*) BytecodeGenerator.cpp:1882) by 0x5154205: JSC::TryNode::emitBytecode(JSC::BytecodeGenerator&, JSC::RegisterID*) (NodesCodegen.cpp:1890) ... These are caused by incomplete member initializer lists. I think the second could be dangerous. Fortunately we can solve it by an easy fix.
Created attachment 52025 [details] proposed patch
Comment on attachment 52025 [details] proposed patch Why does this need to be changed? Is there a symptom to having these uninitialized? Are they ever used uninitialized?
The backtraces above shows exactly where are they used uninitialized.
Comment on attachment 52025 [details] proposed patch r=me
Comment on attachment 52025 [details] proposed patch Clearing flags on attachment: 52025 Committed r57054: <http://trac.webkit.org/changeset/57054>
All reviewed patches have been landed. Closing bug.