corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 833396 - Fix some rooting issues found by static analysis r=sphink

Browse Source
This commit is contained in:
Jon Coppeard
2013-01-21 17:41:49 +00:00
parent ecde34505e
commit f416dc4f7a
12 changed files with 89 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
js/src/jsdbgapi.cpp
View File

@@ -86,8 +86,8 @@ js::ScriptDebugPrologue(JSContext *cx, AbstractFramePtr frame)
cx->runtime->debugHooks.callHookData)); cx->runtime->debugHooks.callHookData));
} }
Value rval; RootedValue rval(cx);
JSTrapStatus status = Debugger::onEnterFrame(cx, &rval); JSTrapStatus status = Debugger::onEnterFrame(cx, rval.address());
switch (status) { switch (status) {
case JSTRAP_CONTINUE: case JSTRAP_CONTINUE:
break; break;
@@ -206,9 +206,11 @@ CheckDebugMode(JSContext *cx)
} }
JS_PUBLIC_API(JSBool) JS_PUBLIC_API(JSBool)
JS_SetSingleStepMode(JSContext *cx, JSScript *script, JSBool singleStep) JS_SetSingleStepMode(JSContext *cx, JSScript *scriptArg, JSBool singleStep)
{ {
RootedScript script(cx, scriptArg);
assertSameCompartment(cx, script); assertSameCompartment(cx, script);
if (!CheckDebugMode(cx)) if (!CheckDebugMode(cx))
return JS_FALSE; return JS_FALSE;
@@ -216,8 +218,10 @@ JS_SetSingleStepMode(JSContext *cx, JSScript *script, JSBool singleStep)
} }
JS_PUBLIC_API(JSBool) JS_PUBLIC_API(JSBool)
JS_SetTrap(JSContext *cx, JSScript *script, jsbytecode *pc, JSTrapHandler handler, jsval closure) JS_SetTrap(JSContext *cx, JSScript *scriptArg, jsbytecode *pc, JSTrapHandler handler, jsval closureArg)
{ {
RootedScript script(cx, scriptArg);
RootedValue closure(cx, closureArg);
assertSameCompartment(cx, script, closure); assertSameCompartment(cx, script, closure);
if (!CheckDebugMode(cx)) if (!CheckDebugMode(cx))
@@ -286,10 +290,8 @@ JS_SetWatchPoint(JSContext *cx, JSObject *obj_, jsid id,
{ {
assertSameCompartment(cx, obj_); assertSameCompartment(cx, obj_);
RootedObject obj(cx, obj_), closure(cx, closure_); RootedObject origobj(cx, obj_), closure(cx, closure_);
RootedObject obj(cx, GetInnerObject(cx, origobj));
JSObject *origobj = obj;
obj = GetInnerObject(cx, obj);
if (!obj) if (!obj)
return false; return false;
@@ -831,7 +833,7 @@ GetPropertyDesc(JSContext *cx, JSObject *obj_, HandleShape shape, JSPropertyDesc
RootedObject obj(cx, obj_); RootedObject obj(cx, obj_);
JSBool wasThrowing = cx->isExceptionPending(); JSBool wasThrowing = cx->isExceptionPending();
Value lastException = UndefinedValue(); RootedValue lastException(cx, UndefinedValue());
if (wasThrowing) if (wasThrowing)
lastException = cx->getPendingException(); lastException = cx->getPendingException();
cx->clearPendingException(); cx->clearPendingException();
@@ -918,7 +920,12 @@ JS_GetPropertyDescArray(JSContext *cx, JSObject *obj_, JSPropertyDescArray *pda)
pd = cx->pod_malloc<JSPropertyDesc>(obj->propertyCount()); pd = cx->pod_malloc<JSPropertyDesc>(obj->propertyCount());
if (!pd) if (!pd)
return false; return false;
for (Shape::Range r = obj->lastProperty()->all(); !r.empty(); r.popFront()) {
{
Shape::Range r(obj->lastProperty()->all());
Shape::Range::AutoRooter rooter(cx, &r);
RootedShape shape(cx);
for (; !r.empty(); r.popFront()) {
pd[i].id = JSVAL_NULL; pd[i].id = JSVAL_NULL;
pd[i].value = JSVAL_NULL; pd[i].value = JSVAL_NULL;
pd[i].alias = JSVAL_NULL; pd[i].alias = JSVAL_NULL;
@@ -926,7 +933,7 @@ JS_GetPropertyDescArray(JSContext *cx, JSObject *obj_, JSPropertyDescArray *pda)
goto bad; goto bad;
if (!js_AddRoot(cx, &pd[i].value, NULL)) if (!js_AddRoot(cx, &pd[i].value, NULL))
goto bad; goto bad;
RootedShape shape(cx, const_cast<Shape *>(&r.front())); shape = const_cast<Shape *>(&r.front());
if (!GetPropertyDesc(cx, obj, shape, &pd[i])) if (!GetPropertyDesc(cx, obj, shape, &pd[i]))
goto bad; goto bad;
if ((pd[i].flags & JSPD_ALIAS) && !js_AddRoot(cx, &pd[i].alias, NULL)) if ((pd[i].flags & JSPD_ALIAS) && !js_AddRoot(cx, &pd[i].alias, NULL))
@@ -934,6 +941,8 @@ JS_GetPropertyDescArray(JSContext *cx, JSObject *obj_, JSPropertyDescArray *pda)
if (++i == obj->propertyCount()) if (++i == obj->propertyCount())
break; break;
} }
}
pda->length = i; pda->length = i;
pda->array = pd; pda->array = pd;
return true; return true;

17
js/src/jsfun.cpp
View File

@@ -824,7 +824,7 @@ fun_toSource(JSContext *cx, unsigned argc, Value *vp)
JSBool JSBool
js_fun_call(JSContext *cx, unsigned argc, Value *vp) js_fun_call(JSContext *cx, unsigned argc, Value *vp)
{ {
Value fval = vp[1]; RootedValue fval(cx, vp[1]);
if (!js_IsCallable(fval)) { if (!js_IsCallable(fval)) {
ReportIncompatibleMethod(cx, CallReceiverFromVp(vp), &FunctionClass); ReportIncompatibleMethod(cx, CallReceiverFromVp(vp), &FunctionClass);
@@ -832,10 +832,8 @@ js_fun_call(JSContext *cx, unsigned argc, Value *vp)
} }
Value *argv = vp + 2; Value *argv = vp + 2;
Value thisv; RootedValue thisv(cx, UndefinedValue());
if (argc == 0) { if (argc != 0) {
thisv.setUndefined();
} else {
thisv = argv[0]; thisv = argv[0];
argc--; argc--;
@@ -1061,7 +1059,7 @@ JSFunction::initializeLazyScript(JSContext *cx)
JSBool JSBool
js::CallOrConstructBoundFunction(JSContext *cx, unsigned argc, Value *vp) js::CallOrConstructBoundFunction(JSContext *cx, unsigned argc, Value *vp)
{ {
JSFunction *fun = vp[0].toObject().toFunction(); RootedFunction fun(cx, vp[0].toObject().toFunction());
JS_ASSERT(fun->isBoundFunction()); JS_ASSERT(fun->isBoundFunction());
bool constructing = IsConstructing(vp); bool constructing = IsConstructing(vp);
@@ -1380,8 +1378,6 @@ js::Function(JSContext *cx, unsigned argc, Value *vp)
} }
#endif #endif
JS::Anchor<JSString *> strAnchor(NULL);
RootedString str(cx); RootedString str(cx);
if (!args.length()) if (!args.length())
str = cx->runtime->emptyString; str = cx->runtime->emptyString;
@@ -1392,7 +1388,8 @@ js::Function(JSContext *cx, unsigned argc, Value *vp)
JSStableString *stable = str->ensureStable(cx); JSStableString *stable = str->ensureStable(cx);
if (!stable) if (!stable)
return false; return false;
strAnchor.set(str);
JS::Anchor<JSString *> strAnchor(str);
StableCharPtr chars = stable->chars(); StableCharPtr chars = stable->chars();
size_t length = stable->length(); size_t length = stable->length();
@@ -1571,7 +1568,7 @@ js_DefineFunction(JSContext *cx, HandleObject obj, HandleId id, Native native,
void void
js::ReportIncompatibleMethod(JSContext *cx, CallReceiver call, Class *clasp) js::ReportIncompatibleMethod(JSContext *cx, CallReceiver call, Class *clasp)
{ {
Value thisv = call.thisv(); RootedValue thisv(cx, call.thisv());
#ifdef DEBUG #ifdef DEBUG
if (thisv.isObject()) { if (thisv.isObject()) {

5
js/src/jsinfer.cpp
View File

@@ -1050,8 +1050,8 @@ GetSingletonPropertyType(JSContext *cx, RawObject rawObjArg, HandleId id)
if (!obj->isNative()) if (!obj->isNative())
return Type::UnknownType(); return Type::UnknownType();
Value v; RootedValue v(cx);
if (HasDataProperty(cx, obj, id, &v)) { if (HasDataProperty(cx, obj, id, v.address())) {
if (v.isUndefined()) if (v.isUndefined())
return Type::UnknownType(); return Type::UnknownType();
return GetValueType(cx, v); return GetValueType(cx, v);
@@ -2404,7 +2404,6 @@ TypeCompartment::addAllocationSiteTypeObject(JSContext *cx, AllocationSiteKey ke
if (!js_GetClassPrototype(cx, key.kind, &proto, NULL)) if (!js_GetClassPrototype(cx, key.kind, &proto, NULL))
return NULL; return NULL;
RootedScript keyScript(cx, key.script);
Rooted<TaggedProto> tagged(cx, TaggedProto(proto)); Rooted<TaggedProto> tagged(cx, TaggedProto(proto));
res = newTypeObject(cx, GetClassForProtoKey(key.kind), tagged); res = newTypeObject(cx, GetClassForProtoKey(key.kind), tagged);
if (!res) { if (!res) {

6
js/src/jsiter.cpp
View File

@@ -55,6 +55,8 @@ using namespace js::gc;
using mozilla::ArrayLength; using mozilla::ArrayLength;
typedef Rooted<PropertyIteratorObject*> RootedPropertyIteratorObject;
static const gc::AllocKind ITERATOR_FINALIZE_KIND = gc::FINALIZE_OBJECT2; static const gc::AllocKind ITERATOR_FINALIZE_KIND = gc::FINALIZE_OBJECT2;
void void
@@ -1074,7 +1076,7 @@ template<typename StringPredicate>
static bool static bool
SuppressDeletedPropertyHelper(JSContext *cx, HandleObject obj, StringPredicate predicate) SuppressDeletedPropertyHelper(JSContext *cx, HandleObject obj, StringPredicate predicate)
{ {
PropertyIteratorObject *iterobj = cx->enumerators; RootedPropertyIteratorObject iterobj(cx, cx->enumerators);
while (iterobj) { while (iterobj) {
again: again:
NativeIterator *ni = iterobj->getNativeIterator(); NativeIterator *ni = iterobj->getNativeIterator();
@@ -1561,7 +1563,7 @@ SendToGenerator(JSContext *cx, JSGeneratorOp op, HandleObject obj,
gen->regs = cx->regs(); gen->regs = cx->regs();
cx->enterGenerator(gen); /* OOM check above. */ cx->enterGenerator(gen); /* OOM check above. */
PropertyIteratorObject *enumerators = cx->enumerators; RootedPropertyIteratorObject enumerators(cx, cx->enumerators);
cx->enumerators = gen->enumerators; cx->enumerators = gen->enumerators;
RootedScript script(cx, fp->script()); RootedScript script(cx, fp->script());

20
js/src/jsobj.cpp
View File

@@ -1062,6 +1062,7 @@ JSObject::sealOrFreeze(JSContext *cx, HandleObject obj, ImmutabilityType it)
for (size_t i = 0; i < shapes.length(); i++) { for (size_t i = 0; i < shapes.length(); i++) {
StackShape child(shapes[i]); StackShape child(shapes[i]);
StackShape::AutoRooter rooter(cx, &child);
child.attrs |= getSealedOrFrozenAttributes(child.attrs, it); child.attrs |= getSealedOrFrozenAttributes(child.attrs, it);
if (!JSID_IS_EMPTY(child.propid)) if (!JSID_IS_EMPTY(child.propid))
@@ -1591,9 +1592,10 @@ JSObject::deleteByValue(JSContext *cx, HandleObject obj,
} }
JS_FRIEND_API(bool) JS_FRIEND_API(bool)
JS_CopyPropertiesFrom(JSContext *cx, JSObject *targetArg, JSObject *obj) JS_CopyPropertiesFrom(JSContext *cx, JSObject *targetArg, JSObject *objArg)
{ {
RootedObject target(cx, targetArg); RootedObject target(cx, targetArg);
RootedObject obj(cx, objArg);
// If we're not native, then we cannot copy properties. // If we're not native, then we cannot copy properties.
JS_ASSERT(target->isNative() == obj->isNative()); JS_ASSERT(target->isNative() == obj->isNative());
@@ -1631,7 +1633,7 @@ JS_CopyPropertiesFrom(JSContext *cx, JSObject *targetArg, JSObject *obj)
} }
static bool static bool
CopySlots(JSContext *cx, JSObject *from, JSObject *to) CopySlots(JSContext *cx, HandleObject from, HandleObject to)
{ {
JS_ASSERT(!from->isNative() && !to->isNative()); JS_ASSERT(!from->isNative() && !to->isNative());
JS_ASSERT(from->getClass() == to->getClass()); JS_ASSERT(from->getClass() == to->getClass());
@@ -1663,8 +1665,8 @@ js::CloneObject(JSContext *cx, HandleObject obj, Handle<js::TaggedProto> proto,
JSMSG_CANT_CLONE_OBJECT); JSMSG_CANT_CLONE_OBJECT);
return NULL; return NULL;
} }
JSObject *clone = NewObjectWithGivenProto(cx, obj->getClass(), RootedObject clone(cx, NewObjectWithGivenProto(cx, obj->getClass(),
proto, parent, obj->getAllocKind()); proto, parent, obj->getAllocKind()));
if (!clone) if (!clone)
return NULL; return NULL;
if (obj->isNative()) { if (obj->isNative()) {
@@ -1721,9 +1723,11 @@ struct JSObject::TradeGutsReserved {
}; };
bool bool
JSObject::ReserveForTradeGuts(JSContext *cx, JSObject *a, JSObject *b, JSObject::ReserveForTradeGuts(JSContext *cx, JSObject *aArg, JSObject *bArg,
TradeGutsReserved &reserved) TradeGutsReserved &reserved)
{ {
RootedObject a(cx, aArg);
RootedObject b(cx, bArg);
AssertCanGC(); AssertCanGC();
JS_ASSERT(a->compartment() == b->compartment()); JS_ASSERT(a->compartment() == b->compartment());
AutoCompartment ac(cx, a); AutoCompartment ac(cx, a);
@@ -1751,15 +1755,13 @@ JSObject::ReserveForTradeGuts(JSContext *cx, JSObject *a, JSObject *b,
* Swap prototypes and classes on the two objects, so that TradeGuts can * Swap prototypes and classes on the two objects, so that TradeGuts can
* preserve the types of the two objects. * preserve the types of the two objects.
*/ */
RootedObject na(cx, a);
RootedObject nb(cx, b);
Class *aClass = a->getClass(); Class *aClass = a->getClass();
Class *bClass = b->getClass(); Class *bClass = b->getClass();
Rooted<TaggedProto> aProto(cx, a->getTaggedProto()); Rooted<TaggedProto> aProto(cx, a->getTaggedProto());
Rooted<TaggedProto> bProto(cx, b->getTaggedProto()); Rooted<TaggedProto> bProto(cx, b->getTaggedProto());
if (!SetClassAndProto(cx, na, bClass, bProto, false)) if (!SetClassAndProto(cx, a, bClass, bProto, false))
return false; return false;
if (!SetClassAndProto(cx, nb, aClass, aProto, false)) if (!SetClassAndProto(cx, b, aClass, aProto, false))
return false; return false;
if (a->sizeOfThis() == b->sizeOfThis()) if (a->sizeOfThis() == b->sizeOfThis())

4
js/src/jsobj.h
View File

@@ -810,11 +810,11 @@ class JSObject : public js::ObjectImpl
/* Change the given property into a sibling with the same id in this scope. */ /* Change the given property into a sibling with the same id in this scope. */
static js::UnrootedShape changeProperty(JSContext *cx, js::HandleObject obj, static js::UnrootedShape changeProperty(JSContext *cx, js::HandleObject obj,
js::RawShape shape, unsigned attrs, unsigned mask, js::HandleShape shape, unsigned attrs, unsigned mask,
JSPropertyOp getter, JSStrictPropertyOp setter); JSPropertyOp getter, JSStrictPropertyOp setter);
static inline bool changePropertyAttributes(JSContext *cx, js::HandleObject obj, static inline bool changePropertyAttributes(JSContext *cx, js::HandleObject obj,
js::Shape *shape, unsigned attrs); js::HandleShape shape, unsigned attrs);
/* Remove the property named by id from this object. */ /* Remove the property named by id from this object. */
bool removeProperty(JSContext *cx, jsid id); bool removeProperty(JSContext *cx, jsid id);

2
js/src/jsobjinlines.h
View File

@@ -157,7 +157,7 @@ JSObject::setSpecialAttributes(JSContext *cx, js::HandleObject obj,
/* static */ inline bool /* static */ inline bool
JSObject::changePropertyAttributes(JSContext *cx, js::HandleObject obj, JSObject::changePropertyAttributes(JSContext *cx, js::HandleObject obj,
js::Shape *shape, unsigned attrs) js::HandleShape shape, unsigned attrs)
{ {
return !!changeProperty(cx, obj, shape, attrs, 0, shape->getter(), shape->setter()); return !!changeProperty(cx, obj, shape, attrs, 0, shape->getter(), shape->setter());
} }

6
js/src/json.cpp
View File

@@ -682,13 +682,13 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp
/* Step 5. */ /* Step 5. */
if (space.isObject()) { if (space.isObject()) {
JSObject &spaceObj = space.toObject(); RootedObject spaceObj(cx, &space.toObject());
if (ObjectClassIs(spaceObj, ESClass_Number, cx)) { if (ObjectClassIs(*spaceObj, ESClass_Number, cx)) {
double d; double d;
if (!ToNumber(cx, space, &d)) if (!ToNumber(cx, space, &d))
return false; return false;
space = NumberValue(d); space = NumberValue(d);
} else if (ObjectClassIs(spaceObj, ESClass_String, cx)) { } else if (ObjectClassIs(*spaceObj, ESClass_String, cx)) {
JSString *str = ToStringSlow(cx, space); JSString *str = ToStringSlow(cx, space);
if (!str) if (!str)
return false; return false;

36
js/src/jsopcode.cpp
View File

@@ -1683,12 +1683,12 @@ DecompileSwitch(SprintStack *ss, TableEntry *table, unsigned tableLength,
ptrdiff_t off, off2, diff, caseExprOff, todo; ptrdiff_t off, off2, diff, caseExprOff, todo;
const char *rval; const char *rval;
unsigned i; unsigned i;
jsval key;
JSString *str; JSString *str;
cx = ss->sprinter.context; cx = ss->sprinter.context;
jp = ss->printer; jp = ss->printer;
RootedValue key(cx);
jsbytecode *lvalpc; jsbytecode *lvalpc;
const char *lval = PopStr(ss, JSOP_NOP, &lvalpc); const char *lval = PopStr(ss, JSOP_NOP, &lvalpc);
@@ -2610,7 +2610,7 @@ InitSprintStack(JSContext *cx, SprintStack *ss, JSPrinter *jp, unsigned depth)
static jsbytecode * static jsbytecode *
Decompile(SprintStack *ss, jsbytecode *pc, int nb) Decompile(SprintStack *ss, jsbytecode *pc, int nb)
{ {
JSContext *cx; JSContext *cx = ss->sprinter.context;
JSPrinter *jp, *jp2; JSPrinter *jp, *jp2;
jsbytecode *startpc, *endpc, *pc2, *done, *lvalpc, *rvalpc, *xvalpc; jsbytecode *startpc, *endpc, *pc2, *done, *lvalpc, *rvalpc, *xvalpc;
ptrdiff_t tail, todo, len, oplen, cond, next; ptrdiff_t tail, todo, len, oplen, cond, next;
@@ -2620,9 +2620,9 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
const char *lval, *rval, *xval, *fmt, *token; const char *lval, *rval, *xval, *fmt, *token;
unsigned nuses; unsigned nuses;
int i, argc; int i, argc;
JSAtom *atom; RootedAtom atom(cx);
JSObject *obj; JSObject *obj;
JSFunction *fun = NULL; /* init to shut GCC up */ RootedFunction fun(cx);
JSString *str; JSString *str;
JSBool ok; JSBool ok;
JSBool foreach; JSBool foreach;
@@ -2722,7 +2722,6 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
jsbytecode *lastlvalpc = NULL, *lastrvalpc = NULL; jsbytecode *lastlvalpc = NULL, *lastrvalpc = NULL;
cx = ss->sprinter.context;
JS_CHECK_RECURSION(cx, return NULL); JS_CHECK_RECURSION(cx, return NULL);
jp = ss->printer; jp = ss->printer;
@@ -3615,7 +3614,7 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
case JSOP_GETALIASEDVAR: case JSOP_GETALIASEDVAR:
case JSOP_CALLLOCAL: case JSOP_CALLLOCAL:
case JSOP_GETLOCAL: case JSOP_GETLOCAL:
if (IsVarSlot(jp, pc, &atom, &i)) if (IsVarSlot(jp, pc, atom.address(), &i))
goto do_name; goto do_name;
LOCAL_ASSERT((unsigned)i < ss->top); LOCAL_ASSERT((unsigned)i < ss->top);
sn = js_GetSrcNote(cx, jp->script, pc); sn = js_GetSrcNote(cx, jp->script, pc);
@@ -3648,7 +3647,7 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
case JSOP_SETALIASEDVAR: case JSOP_SETALIASEDVAR:
case JSOP_SETLOCAL: case JSOP_SETLOCAL:
if (IsVarSlot(jp, pc, &atom, &i)) if (IsVarSlot(jp, pc, atom.address(), &i))
goto do_setname; goto do_setname;
lval = GetLocal(ss, i); lval = GetLocal(ss, i);
rval = PopStrDupe(ss, op, &rvalpc); rval = PopStrDupe(ss, op, &rvalpc);
@@ -3656,7 +3655,7 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
case JSOP_INCALIASEDVAR: case JSOP_INCALIASEDVAR:
case JSOP_DECALIASEDVAR: case JSOP_DECALIASEDVAR:
if (IsVarSlot(jp, pc, &atom, &i)) if (IsVarSlot(jp, pc, atom.address(), &i))
goto do_incatom; goto do_incatom;
lval = GetLocal(ss, i); lval = GetLocal(ss, i);
goto do_inclval; goto do_inclval;
@@ -3665,14 +3664,14 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
case JSOP_DECLOCAL: case JSOP_DECLOCAL:
/* INCLOCAL/DECLOCAL are followed by GETLOCAL containing the slot. */ /* INCLOCAL/DECLOCAL are followed by GETLOCAL containing the slot. */
JS_ASSERT(pc[JSOP_INCLOCAL_LENGTH] == JSOP_GETLOCAL); JS_ASSERT(pc[JSOP_INCLOCAL_LENGTH] == JSOP_GETLOCAL);
if (IsVarSlot(jp, pc + JSOP_INCLOCAL_LENGTH, &atom, &i)) if (IsVarSlot(jp, pc + JSOP_INCLOCAL_LENGTH, atom.address(), &i))
goto do_incatom; goto do_incatom;
lval = GetLocal(ss, i); lval = GetLocal(ss, i);
goto do_inclval; goto do_inclval;
case JSOP_ALIASEDVARINC: case JSOP_ALIASEDVARINC:
case JSOP_ALIASEDVARDEC: case JSOP_ALIASEDVARDEC:
if (IsVarSlot(jp, pc, &atom, &i)) if (IsVarSlot(jp, pc, atom.address(), &i))
goto do_atominc; goto do_atominc;
lval = GetLocal(ss, i); lval = GetLocal(ss, i);
goto do_lvalinc; goto do_lvalinc;
@@ -3681,7 +3680,7 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
case JSOP_LOCALDEC: case JSOP_LOCALDEC:
/* LOCALINC/LOCALDEC are followed by GETLOCAL containing the slot. */ /* LOCALINC/LOCALDEC are followed by GETLOCAL containing the slot. */
JS_ASSERT(pc[JSOP_LOCALINC_LENGTH] == JSOP_GETLOCAL); JS_ASSERT(pc[JSOP_LOCALINC_LENGTH] == JSOP_GETLOCAL);
if (IsVarSlot(jp, pc + JSOP_LOCALINC_LENGTH, &atom, &i)) if (IsVarSlot(jp, pc + JSOP_LOCALINC_LENGTH, atom.address(), &i))
goto do_atominc; goto do_atominc;
lval = GetLocal(ss, i); lval = GetLocal(ss, i);
goto do_lvalinc; goto do_lvalinc;
@@ -4765,10 +4764,11 @@ Decompile(SprintStack *ss, jsbytecode *pc, int nb)
sn = js_GetSrcNote(cx, jp->script, pc); sn = js_GetSrcNote(cx, jp->script, pc);
if (sn && SN_TYPE(sn) == SRC_GENEXP) { if (sn && SN_TYPE(sn) == SRC_GENEXP) {
BindingVector *outerLocalNames; BindingVector *outerLocalNames;
JSScript *inner, *outer; JSScript *inner;
RootedScript outer(cx);
Vector<DecompiledOpcode> *decompiledOpcodes; Vector<DecompiledOpcode> *decompiledOpcodes;
SprintStack ss2(cx); SprintStack ss2(cx);
JSFunction *outerfun; RootedFunction outerfun(cx);
fun = jp->script->getFunction(GET_UINT32_INDEX(pc)); fun = jp->script->getFunction(GET_UINT32_INDEX(pc));
@@ -5536,7 +5536,7 @@ DecompileCode(JSPrinter *jp, JSScript *script, jsbytecode *pc, unsigned len,
} }
/* Call recursive subroutine to do the hard work. */ /* Call recursive subroutine to do the hard work. */
JSScript *oldscript = jp->script; RootedScript oldscript(cx, jp->script);
BindingVector *oldLocalNames = jp->localNames; BindingVector *oldLocalNames = jp->localNames;
if (!SetPrinterLocalNames(cx, script, jp)) if (!SetPrinterLocalNames(cx, script, jp))
return false; return false;
@@ -5980,7 +5980,7 @@ ExpressionDecompiler::decompilePC(jsbytecode *pc)
case JSOP_LENGTH: case JSOP_LENGTH:
case JSOP_GETPROP: case JSOP_GETPROP:
case JSOP_CALLPROP: { case JSOP_CALLPROP: {
JSAtom *prop = (op == JSOP_LENGTH) ? cx->names().length : loadAtom(pc); RootedAtom prop(cx, (op == JSOP_LENGTH) ? cx->names().length : loadAtom(pc));
if (!decompilePC(pcstack[-1])) if (!decompilePC(pcstack[-1]))
return false; return false;
if (IsIdentifier(prop)) { if (IsIdentifier(prop)) {
@@ -6914,8 +6914,8 @@ js::GetPCCountScriptSummary(JSContext *cx, size_t index)
return NULL; return NULL;
} }
ScriptAndCounts sac = (*rt->scriptAndCountsVector)[index]; const ScriptAndCounts &sac = (*rt->scriptAndCountsVector)[index];
JSScript *script = sac.script; RootedScript script(cx, sac.script);
/* /*
* OOM on buffer appends here will not be caught immediately, but since * OOM on buffer appends here will not be caught immediately, but since
@@ -7027,7 +7027,7 @@ struct AutoDestroyPrinter
static bool static bool
GetPCCountJSON(JSContext *cx, const ScriptAndCounts &sac, StringBuffer &buf) GetPCCountJSON(JSContext *cx, const ScriptAndCounts &sac, StringBuffer &buf)
{ {
JSScript *script = sac.script; RootedScript script(cx, sac.script);
buf.append('{'); buf.append('{');
AppendJSONProperty(buf, "text", NO_COMMA); AppendJSONProperty(buf, "text", NO_COMMA);

6
js/src/jsproxy.cpp
View File

@@ -3236,17 +3236,17 @@ proxy_createFunction(JSContext *cx, unsigned argc, Value *vp)
"createFunction", "1", ""); "createFunction", "1", "");
return false; return false;
} }
JSObject *handler = NonNullObject(cx, vp[2]); RootedObject handler(cx, NonNullObject(cx, vp[2]));
if (!handler) if (!handler)
return false; return false;
JSObject *proto, *parent; RootedObject proto(cx), parent(cx);
parent = vp[0].toObject().getParent(); parent = vp[0].toObject().getParent();
proto = parent->global().getOrCreateFunctionPrototype(cx); proto = parent->global().getOrCreateFunctionPrototype(cx);
if (!proto) if (!proto)
return false; return false;
parent = proto->getParent(); parent = proto->getParent();
JSObject *call = ValueToCallable(cx, &vp[3]); RootedObject call(cx, ValueToCallable(cx, &vp[3]));
if (!call) if (!call)
return false; return false;
JSObject *construct = NULL; JSObject *construct = NULL;

4
js/src/jsscope.cpp
View File

@@ -735,8 +735,8 @@ JSObject::putProperty(JSContext *cx, HandleObject obj, HandleId id,
} }
/* static */ UnrootedShape /* static */ UnrootedShape
JSObject::changeProperty(JSContext *cx, HandleObject obj, RawShape shape, unsigned attrs, unsigned mask, JSObject::changeProperty(JSContext *cx, HandleObject obj, HandleShape shape, unsigned attrs,
PropertyOp getter, StrictPropertyOp setter) unsigned mask, PropertyOp getter, StrictPropertyOp setter)
{ {
JS_ASSERT(obj->nativeContains(cx, shape)); JS_ASSERT(obj->nativeContains(cx, shape));

4
js/src/jsscript.cpp
View File

@@ -50,6 +50,8 @@ using namespace js;
using namespace js::gc; using namespace js::gc;
using namespace js::frontend; using namespace js::frontend;
typedef Rooted<GlobalObject *> RootedGlobalObject;
/* static */ unsigned /* static */ unsigned
Bindings::argumentsVarIndex(JSContext *cx, InternalBindingsHandle bindings) Bindings::argumentsVarIndex(JSContext *cx, InternalBindingsHandle bindings)
{ {
@@ -2368,7 +2370,7 @@ js::CloneFunctionScript(JSContext *cx, HandleFunction original, HandleFunction c
clone->setScript(cscript); clone->setScript(cscript);
cscript->setFunction(clone); cscript->setFunction(clone);
GlobalObject *global = script->compileAndGo ? &script->global() : NULL; RootedGlobalObject global(cx, script->compileAndGo ? &script->global() : NULL);
script = clone->nonLazyScript(); script = clone->nonLazyScript();
CallNewScriptHook(cx, script, clone); CallNewScriptHook(cx, script, clone);