[Webkit-unassigned] [Bug 239299] New: GCC 12 -Wdangling-pointer warning spam from AbstractSlotVisitorInlines.h

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 13 13:06:52 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=239299

            Bug ID: 239299
           Summary: GCC 12 -Wdangling-pointer warning spam from
                    AbstractSlotVisitorInlines.h
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org

GCC 12 has added a -Wdangling-pointer warning, which surprisingly WebKit survives quite well. It only trips once in JavaScriptCore at AbstractSlotVisitorInlines.h:77. Sadly, that's a header file, so it creates a huge warning spam as the warning gets printed again for every translation unit that includes AbstractSlotVisitorInlines.h. The full warning is:

In file included from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/SlotVisitorInlines.h:28,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSCellInlines.h:45,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSCJSValueInlines.h:35,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/StructureInlines.h:30,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/ArrayStorageInlines.h:29,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/ButterflyInlines.h:28,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSObjectInlines.h:28,
                 from /home/mcatanzaro/Projects/WebKit/Source/WebCore/bindings/js/JSDOMGlobalObject.h:32,
                 from /home/mcatanzaro/Projects/WebKit/Source/WebCore/bindings/js/JSDOMWrapper.h:24,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/WebCore/DerivedSources/JSDeprecatedCSSOMRect.h:24,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/WebCore/DerivedSources/JSDeprecatedCSSOMRect.cpp:22,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/WebCore/DerivedSources/unified-sources/UnifiedSource-3a52ce78-34.cpp:1:
In constructor ‘JSC::AbstractSlotVisitor::ReferrerContext::ReferrerContext(JSC::AbstractSlotVisitor&, JSC::AbstractSlotVisitor::ReferrerToken)’,
    inlined from ‘static void JSC::JSCell::visitOutputConstraints(JSC::JSCell*, JSC::AbstractSlotVisitor&)’ at /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSCellInlines.h:158:1:
/home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/AbstractSlotVisitorInlines.h:77:25: warning: storing the address of local variable ‘context’ in ‘*visitor.JSC::AbstractSlotVisitor::m_context’ [-Wdangling-pointer=]
   77 |     m_visitor.m_context = this;
      |     ~~~~~~~~~~~~~~~~~~~~^~~~~~
In file included from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSCell.h:35,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSArray.h:26,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/ArrayAllocationProfile.h:29,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSGlobalObject.h:24,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/InternalFunctionAllocationProfile.h:28,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/FunctionRareData.h:28,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSFunction.h:26,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/WebCore/DerivedSources/JSDOMBindingInternalsBuiltins.h:35,
                 from /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/WebCore/DerivedSources/WebCoreJSBuiltinInternals.h:38,
                 from /home/mcatanzaro/Projects/WebKit/Source/WebCore/bindings/js/JSDOMGlobalObject.h:29:
/home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/JSCellInlines.h: In static member function ‘static void JSC::JSCell::visitOutputConstraints(JSC::JSCell*, JSC::AbstractSlotVisitor&)’:
/home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/SlotVisitorMacros.h:104:46: note: ‘context’ declared here
  104 |         AbstractSlotVisitor::ReferrerContext context(visitor, cell); \
      |                                              ^~~~~~~
/home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/SlotVisitorMacros.h:104:46: note: in definition of macro ‘DEFINE_VISIT_OUTPUT_CONSTRAINTS_WITH_MODIFIER’
  104 |         AbstractSlotVisitor::ReferrerContext context(visitor, cell); \
      |                                              ^~~~~~~
/home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/SlotVisitorMacros.h:104:46: note: ‘visitor’ declared here
  104 |         AbstractSlotVisitor::ReferrerContext context(visitor, cell); \
      |                                              ^~~~~~~
/home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME-gtk3/JavaScriptCore/PrivateHeaders/JavaScriptCore/SlotVisitorMacros.h:104:46: note: in definition of macro ‘DEFINE_VISIT_OUTPUT_CONSTRAINTS_WITH_MODIFIER’
  104 |         AbstractSlotVisitor::ReferrerContext context(visitor, cell); \
      |                                              ^~~~~~~

I'll attach a patch to suppress the warning -- since it makes it difficult to see any other warnings -- but review from JSC devs would be appreciated, because frankly I have no clue whether this is a disaster or (more likely?) just a false positive. I guess the purported dangling pointer is the AbstractSlotVisitor::ReferrerContext declared in DEFINE_VISIT_OUTPUT_CONSTRAINTS_WITH_MODIFIER and used in JSCellInlines.h, but I don't see where it gets stored as part of the AbstractSlotVisitor::ReferrerContext object and certainly don't understand why that would be done.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220413/fe43410c/attachment-0001.htm>

More information about the webkit-unassigned mailing list