Bug 634417 - Remove inappropriate uses of vanilla malloc/calloc/realloc/free/strdup from SpiderMonkey. r=luke.

--HG--
extra : rebase_source : 4470cdf58a482eb05f94cd00a9800d8e6a0d2252

js/public/Utility.h

@@ -100,6 +100,8 @@ PrintBacktrace()
         fprintf(stderr, "#%d %s\n", OOM_traceIdx, OOM_traceSymbols[OOM_traceIdx]);
     }
 
+    // This must be free(), not js_free(), because backtrace_symbols()
+    // allocates with malloc().
     free(OOM_traceSymbols);
 }
 

js/src/TraceLogging.cpp

@@ -109,7 +109,7 @@ TraceLogging::~TraceLogging()
 {
     if (entries) {
         flush();
-        free(entries);
+        js_free(entries);
         entries = nullptr;
     }
 
@@ -122,7 +122,7 @@ TraceLogging::~TraceLogging()
 void
 TraceLogging::grow()
 {
-    Entry* nentries = (Entry*) realloc(entries, numEntries*2*sizeof(Entry));
+    Entry* nentries = (Entry*) js_realloc(entries, numEntries*2*sizeof(Entry));
 
     // Allocating a bigger array failed.
     // Keep using the current storage, but remove all entries by flushing them.
@@ -142,7 +142,7 @@ TraceLogging::log(Type type, const char* text /* = nullptr */, unsigned int numb
 
     // Create array containing the entries if not existing.
     if (!entries) {
-        entries = (Entry*) malloc(numEntries*sizeof(Entry));
+        entries = (Entry*) js_malloc(numEntries*sizeof(Entry));
         if (!entries)
             return;
     }
@@ -248,7 +248,7 @@ TraceLogging::flush()
         }
 
         if (entries[i].text() != nullptr) {
-            free(entries[i].text());
+            js_free(entries[i].text());
             entries[i].text_ = nullptr;
         }
     }

js/src/assembler/assembler/AssemblerBuffer.h

@@ -70,7 +70,7 @@ namespace JSC {
         ~AssemblerBuffer()
         {
             if (m_buffer != m_inlineBuffer)
-                free(m_buffer);
+                js_free(m_buffer);
         }
 
         void ensureSpace(int space)
@@ -222,7 +222,7 @@ namespace JSC {
             }
 
             if (m_buffer == m_inlineBuffer) {
-                newBuffer = static_cast<char*>(malloc(newCapacity));
+                newBuffer = static_cast<char*>(js_malloc(newCapacity));
                 if (!newBuffer) {
                     m_size = 0;
                     m_oom = true;
@@ -230,7 +230,7 @@ namespace JSC {
                 }
                 memcpy(newBuffer, m_buffer, m_size);
             } else {
-                newBuffer = static_cast<char*>(realloc(m_buffer, newCapacity));
+                newBuffer = static_cast<char*>(js_realloc(m_buffer, newCapacity));
                 if (!newBuffer) {
                     m_size = 0;
                     m_oom = true;

js/src/assembler/assembler/AssemblerBufferWithConstantPool.h

@@ -106,14 +106,14 @@ public:
         , m_lastConstDelta(0)
         , m_flushCount(0)
     {
-        m_pool = static_cast<uint32_t*>(malloc(maxPoolSize));
-        m_mask = static_cast<char*>(malloc(maxPoolSize / sizeof(uint32_t)));
+        m_pool = static_cast<uint32_t*>(js_malloc(maxPoolSize));
+        m_mask = static_cast<char*>(js_malloc(maxPoolSize / sizeof(uint32_t)));
     }
 
     ~AssemblerBufferWithConstantPool()
     {
-        free(m_mask);
-        free(m_pool);
+        js_free(m_mask);
+        js_free(m_pool);
     }
 
     void ensureSpace(int space)

js/src/builtin/Profilers.cpp

@@ -519,10 +519,15 @@ bool js_StartPerf()
             flags = "--call-graph";
         }
 
-        // Split |flags| on spaces.  (Don't bother to free it -- we're going to
+        char *flags2 = (char *)js_malloc(strlen(flags) + 1);
+        if (!flags2)
+            return false;
+        strcpy(flags2, flags);
+
+        // Split |flags2| on spaces.  (Don't bother to free it -- we're going to
         // exec anyway.)
         char *toksave;
-        char *tok = strtok_r(strdup(flags), " ", &toksave);
+        char *tok = strtok_r(flags2, " ", &toksave);
         while (tok) {
             args.append(tok);
             tok = strtok_r(nullptr, " ", &toksave);

js/src/jit/AsmJS.cpp

@@ -1323,7 +1323,7 @@ class MOZ_STACK_CLASS ModuleCompiler
         JS_ASSERT(errorOffset_ == UINT32_MAX);
         JS_ASSERT(str);
         errorOffset_ = offset;
-        errorString_ = strdup(str);
+        errorString_ = js_strdup(cx_, str);
         return false;
     }
 

js/src/jit/AsmJSModule.cpp

@@ -731,9 +731,11 @@ GetCPUID(uint32_t *cpuId)
 class MachineId
 {
     uint32_t cpuId_;
-    mozilla::Vector<char> buildId_;
+    js::Vector<char> buildId_;
 
   public:
+    MachineId(ExclusiveContext *cx) : buildId_(cx) {}
+
     bool extractCurrentState(ExclusiveContext *cx) {
         if (!cx->asmJSCacheOps().buildId)
             return false;
@@ -913,7 +915,7 @@ js::StoreAsmJSModuleInCache(AsmJSParser &parser,
                             const AsmJSStaticLinkData &linkData,
                             ExclusiveContext *cx)
 {
-    MachineId machineId;
+    MachineId machineId(cx);
     if (!machineId.extractCurrentState(cx))
         return;
 
@@ -968,7 +970,7 @@ js::LookupAsmJSModuleInCache(ExclusiveContext *cx,
 {
     int64_t usecBefore = PRMJ_Now();
 
-    MachineId machineId;
+    MachineId machineId(cx);
     if (!machineId.extractCurrentState(cx))
         return true;
 
@@ -982,7 +984,7 @@ js::LookupAsmJSModuleInCache(ExclusiveContext *cx,
 
     const uint8_t *cursor = entry.memory;
 
-    MachineId cachedMachineId;
+    MachineId cachedMachineId(cx);
     cursor = cachedMachineId.deserialize(cx, cursor);
     if (!cursor)
         return false;

js/src/jit/MIR.cpp

@@ -818,7 +818,7 @@ MPhi::reserveLength(size_t length)
 {
     // Initializes a new MPhi to have an Operand vector of at least the given
     // capacity. This permits use of addInput() instead of addInputSlow(), the
-    // latter of which may call realloc().
+    // latter of which may call realloc_().
     JS_ASSERT(numOperands() == 0);
 #if DEBUG
     capacity_ = length;
@@ -968,7 +968,7 @@ MPhi::addInputSlow(MDefinition *ins, bool *ptypeChange)
     uint32_t index = inputs_.length();
     bool performingRealloc = !inputs_.canAppendWithoutRealloc(1);
 
-    // Remove all MUses from all use lists, in case realloc() moves.
+    // Remove all MUses from all use lists, in case realloc_() moves.
     if (performingRealloc) {
         for (uint32_t i = 0; i < index; i++) {
             MUse *use = &inputs_[i];

js/src/jit/MIR.h

@@ -4316,7 +4316,7 @@ class MPhi MOZ_FINAL : public MDefinition, public InlineForwardListNode<MPhi>
     // Use only if capacity has been reserved by reserveLength
     void addInput(MDefinition *ins);
 
-    // Appends a new input to the input vector. May call realloc().
+    // Appends a new input to the input vector. May call realloc_().
     // Prefer reserveLength() and addInput() instead, where possible.
     bool addInputSlow(MDefinition *ins, bool *ptypeChange = nullptr);
 

js/src/jsapi.h

@@ -4416,7 +4416,7 @@ typedef void
 // engine, it is critical that the buildId shall change for each new build of
 // the JS engine.
 typedef bool
-(* BuildIdOp)(mozilla::Vector<char> *buildId);
+(* BuildIdOp)(js::Vector<char> *buildId);
 
 struct AsmJSCacheOps
 {

js/src/jsprf.cpp

@@ -370,7 +370,7 @@ cvt_ws(SprintfState *ss, const jschar *ws, int width, int prec, int flags)
     int result;
     /*
      * Supply nullptr as the JSContext; errors are not reported,
-     * and malloc() is used to allocate the buffer buffer.
+     * and js_malloc() is used to allocate the buffer.
      */
     if (ws) {
         size_t wslen = js_strlen(ws);
@@ -445,7 +445,7 @@ static struct NumArgState* BuildArgArray( const char *fmt, va_list ap, int* rv,
 
 
     if( number > NAS_DEFAULT_NUM ){
-        nas = (struct NumArgState*)malloc( number * sizeof( struct NumArgState ) );
+        nas = (struct NumArgState*)js_malloc( number * sizeof( struct NumArgState ) );
         if( !nas ){
             *rv = -1;
             return nullptr;
@@ -1040,7 +1040,7 @@ JS_PUBLIC_API(uint32_t) JS_vsxprintf(JSStuffFunc func, void *arg,
 }
 
 /*
-** Stuff routine that automatically grows the malloc'd output buffer
+** Stuff routine that automatically grows the js_malloc'd output buffer
 ** before it overflows.
 */
 static int GrowStuff(SprintfState *ss, const char *sp, uint32_t len)
@@ -1073,7 +1073,7 @@ static int GrowStuff(SprintfState *ss, const char *sp, uint32_t len)
 }
 
 /*
-** sprintf into a malloc'd buffer
+** sprintf into a js_malloc'd buffer
 */
 JS_PUBLIC_API(char *) JS_smprintf(const char *fmt, ...)
 {

js/src/shell/js.cpp

@@ -291,7 +291,7 @@ GetLine(FILE *file, const char * prompt)
         }
         if (len + 1 == size) {
             size = size * 2;
-            char *tmp = (char *) realloc(buffer, size);
+            char *tmp = (char *) js_realloc(buffer, size);
             if (!tmp) {
                 free(buffer);
                 return nullptr;
@@ -336,7 +336,7 @@ NewContextData()
         return nullptr;
 
     JSShellContextData *data = (JSShellContextData *)
-                               calloc(sizeof(JSShellContextData), 1);
+                               js_calloc(sizeof(JSShellContextData), 1);
     if (!data)
         return nullptr;
     data->startTime = PRMJ_Now();
@@ -5169,12 +5169,12 @@ ShellCloseAsmJSCacheEntryForWrite(HandleObject global, size_t serializedSize, ui
 }
 
 static bool
-ShellBuildId(mozilla::Vector<char> *buildId)
+ShellBuildId(js::Vector<char> *buildId)
 {
     // The browser embeds the date into the buildid and the buildid is embedded
     // in the binary, so every 'make' necessarily builds a new firefox binary.
     // Fortunately, the actual firefox executable is tiny -- all the code is in
-    // libxul.so and other shared modules -- so this isn't a big deal. No so
+    // libxul.so and other shared modules -- so this isn't a big deal. Not so
     // for the statically-linked JS shell. To avoid recompmiling js.cpp and
     // re-linking 'js' on every 'make', we use a constant buildid and rely on
     // the shell user to manually clear the cache (deleting the dir passed to