Bug 1461556 - Don't use mozilla::PodZero in a bunch of places to initialize values of non-trivial type. r=jandem

js/public/MemoryMetrics.h

@@ -11,7 +11,6 @@
 // at your own risk.
 
 #include "mozilla/MemoryReporting.h"
-#include "mozilla/PodOperations.h"
 #include "mozilla/TypeTraits.h"
 
 #include <string.h>
@@ -74,15 +73,7 @@ struct ServoSizes
         Ignore
     };
 
-    ServoSizes()
+    ServoSizes() = default;
-      : gcHeapUsed(0)
-      , gcHeapUnused(0)
-      , gcHeapAdmin(0)
-      , gcHeapDecommitted(0)
-      , mallocHeap(0)
-      , nonHeap(0)
-    {
-    }
 
     void add(Kind kind, size_t n) {
         switch (kind) {
@@ -97,12 +88,12 @@ struct ServoSizes
         }
     }
 
-    size_t gcHeapUsed;
+    size_t gcHeapUsed = 0;
-    size_t gcHeapUnused;
+    size_t gcHeapUnused = 0;
-    size_t gcHeapAdmin;
+    size_t gcHeapAdmin = 0;
-    size_t gcHeapDecommitted;
+    size_t gcHeapDecommitted = 0;
-    size_t mallocHeap;
+    size_t mallocHeap = 0;
-    size_t nonHeap;
+    size_t nonHeap = 0;
 };
 
 } // namespace JS

js/src/builtin/RegExp.cpp

@@ -1178,11 +1178,11 @@ using CapturesVector = GCVector<Value, 4>;
 
 struct JSSubString
 {
-    JSLinearString* base;
+    JSLinearString* base = nullptr;
-    size_t          offset;
+    size_t offset = 0;
-    size_t          length;
+    size_t length = 0;
 
-    JSSubString() { mozilla::PodZero(this); }
+    JSSubString() = default;
 
     void initEmpty(JSLinearString* base) {
         this->base = base;

js/src/gc/GCInternals.h

@@ -13,7 +13,6 @@
 
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/Maybe.h"
-#include "mozilla/PodOperations.h"
 
 #include "gc/RelocationOverlay.h"
 #include "gc/Zone.h"
@@ -158,9 +157,9 @@ struct TenureCountCache
     static const size_t EntryShift = 4;
     static const size_t EntryCount = 1 << EntryShift;
 
-    TenureCount entries[EntryCount];
+    TenureCount entries[EntryCount] = {}; // zeroes
 
-    TenureCountCache() { mozilla::PodZero(this); }
+    TenureCountCache() = default;
 
     HashNumber hash(ObjectGroup* group) {
 #if JS_BITS_PER_WORD == 32

js/src/gc/Statistics.h

@@ -11,7 +11,6 @@
 #include "mozilla/Atomics.h"
 #include "mozilla/EnumeratedArray.h"
 #include "mozilla/IntegerRange.h"
-#include "mozilla/PodOperations.h"
 #include "mozilla/TimeStamp.h"
 
 #include "jspubtd.h"
@@ -50,33 +49,31 @@ enum Stat {
 struct ZoneGCStats
 {
     /* Number of zones collected in this GC. */
-    int collectedZoneCount;
+    int collectedZoneCount = 0;
 
     /* Number of zones that could have been collected in this GC. */
-    int collectableZoneCount;
+    int collectableZoneCount = 0;
 
     /* Total number of zones in the Runtime at the start of this GC. */
-    int zoneCount;
+    int zoneCount = 0;
 
     /* Number of zones swept in this GC. */
-    int sweptZoneCount;
+    int sweptZoneCount = 0;
 
     /* Total number of compartments in all zones collected. */
-    int collectedCompartmentCount;
+    int collectedCompartmentCount = 0;
 
     /* Total number of compartments in the Runtime at the start of this GC. */
-    int compartmentCount;
+    int compartmentCount = 0;
 
     /* Total number of compartments swept by this GC. */
-    int sweptCompartmentCount;
+    int sweptCompartmentCount = 0;
 
     bool isFullCollection() const {
         return collectedZoneCount == collectableZoneCount;
     }
 
-    ZoneGCStats() {
+    ZoneGCStats() = default;
-        mozilla::PodZero(this);
-    }
 };
 
 #define FOR_EACH_GC_PROFILE_TIME(_)                                           \

js/src/jit/IonCode.h

@@ -9,7 +9,6 @@
 
 #include "mozilla/Atomics.h"
 #include "mozilla/MemoryReporting.h"
-#include "mozilla/PodOperations.h"
 
 #include "jstypes.h"
 
@@ -677,17 +676,14 @@ struct IonScriptCounts
 {
   private:
     // Any previous invalidated compilation(s) for the script.
-    IonScriptCounts* previous_;
+    IonScriptCounts* previous_ = nullptr;
 
     // Information about basic blocks in this script.
-    size_t numBlocks_;
+    size_t numBlocks_ = 0;
-    IonBlockCounts* blocks_;
+    IonBlockCounts* blocks_ = nullptr;
 
   public:
-
+    IonScriptCounts() = default;
-    IonScriptCounts() {
-        mozilla::PodZero(this);
-    }
 
     ~IonScriptCounts() {
         for (size_t i = 0; i < numBlocks_; i++)

js/src/jit/shared/Assembler-shared.h

@@ -8,7 +8,6 @@
 #define jit_shared_Assembler_shared_h
 
 #include "mozilla/CheckedInt.h"
-#include "mozilla/PodOperations.h"
 
 #include <limits.h>
 
@@ -597,10 +596,10 @@ typedef Vector<CodeLabel, 0, SystemAllocPolicy> CodeLabelVector;
 
 class CodeOffsetJump
 {
-    size_t offset_;
+    size_t offset_ = 0;
 
 #ifdef JS_SMALL_BRANCH
-    size_t jumpTableIndex_;
+    size_t jumpTableIndex_ = 0;
 #endif
 
   public:
@@ -616,9 +615,7 @@ class CodeOffsetJump
     explicit CodeOffsetJump(size_t offset) : offset_(offset) {}
 #endif
 
-    CodeOffsetJump() {
+    CodeOffsetJump() = default;
-        mozilla::PodZero(this);
-    }
 
     size_t offset() const {
         return offset_;

js/src/vm/Caches.h

@@ -7,6 +7,8 @@
 #ifndef vm_Caches_h
 #define vm_Caches_h
 
+#include <new>
+
 #include "jsmath.h"
 
 #include "frontend/SourceNotes.h"
@@ -142,14 +144,20 @@ class NewObjectCache
         char templateObject[MAX_OBJ_SIZE];
     };
 
-    Entry entries[41];  // TODO: reconsider size
+    using EntryArray = Entry[41]; // TODO: reconsider size;
+    EntryArray entries;
 
   public:
 
-    typedef int EntryIndex;
+    using EntryIndex = int;
 
-    NewObjectCache() { mozilla::PodZero(this); }
+    NewObjectCache()
-    void purge() { mozilla::PodZero(this); }
+      : entries{} // zeroes out the array
+    {}
+
+    void purge() {
+        new (&entries) EntryArray{}; // zeroes out the array
+    }
 
     /* Remove any cached items keyed on moved objects. */
     void clearNurseryObjects(JSRuntime* rt);

js/src/vm/Runtime.h

@@ -14,11 +14,11 @@
 #include "mozilla/Maybe.h"
 #include "mozilla/MaybeOneOf.h"
 #include "mozilla/MemoryReporting.h"
-#include "mozilla/PodOperations.h"
 #include "mozilla/Scoped.h"
 #include "mozilla/ThreadLocal.h"
 #include "mozilla/Vector.h"
 
+#include <algorithm>
 #include <setjmp.h>
 
 #include "builtin/AtomicsObject.h"
@@ -1093,20 +1093,21 @@ class MOZ_RAII AutoUnlockGC
 static MOZ_ALWAYS_INLINE void
 MakeRangeGCSafe(Value* vec, size_t len)
 {
-    mozilla::PodZero(vec, len);
+    // Don't PodZero here because JS::Value is non-trivial.
+    for (size_t i = 0; i < len; i++)
+        vec[i].setDouble(+0.0);
 }
 
 static MOZ_ALWAYS_INLINE void
 MakeRangeGCSafe(Value* beg, Value* end)
 {
-    mozilla::PodZero(beg, end - beg);
+    MakeRangeGCSafe(beg, end - beg);
 }
 
 static MOZ_ALWAYS_INLINE void
 MakeRangeGCSafe(jsid* beg, jsid* end)
 {
-    for (jsid* id = beg; id != end; ++id)
+    std::fill(beg, end, INT_TO_JSID(0));
-        *id = INT_TO_JSID(0);
 }
 
 static MOZ_ALWAYS_INLINE void
@@ -1118,13 +1119,13 @@ MakeRangeGCSafe(jsid* vec, size_t len)
 static MOZ_ALWAYS_INLINE void
 MakeRangeGCSafe(Shape** beg, Shape** end)
 {
-    mozilla::PodZero(beg, end - beg);
+    std::fill(beg, end, nullptr);
 }
 
 static MOZ_ALWAYS_INLINE void
 MakeRangeGCSafe(Shape** vec, size_t len)
 {
-    mozilla::PodZero(vec, len);
+    MakeRangeGCSafe(vec, vec + len);
 }
 
 static MOZ_ALWAYS_INLINE void

js/src/vm/StringType.h

@@ -8,7 +8,6 @@
 #define vm_StringType_h
 
 #include "mozilla/MemoryReporting.h"
-#include "mozilla/PodOperations.h"
 #include "mozilla/Range.h"
 #include "mozilla/TextUtils.h"
 
@@ -1280,19 +1279,17 @@ class StaticStrings
     static const size_t SMALL_CHAR_LIMIT    = 128U;
     static const size_t NUM_SMALL_CHARS     = 64U;
 
-    JSAtom* length2StaticTable[NUM_SMALL_CHARS * NUM_SMALL_CHARS];
+    JSAtom* length2StaticTable[NUM_SMALL_CHARS * NUM_SMALL_CHARS] = {}; // zeroes
 
   public:
     /* We keep these public for the JITs. */
     static const size_t UNIT_STATIC_LIMIT   = 256U;
-    JSAtom* unitStaticTable[UNIT_STATIC_LIMIT];
+    JSAtom* unitStaticTable[UNIT_STATIC_LIMIT] = {}; // zeroes
 
     static const size_t INT_STATIC_LIMIT    = 256U;
-    JSAtom* intStaticTable[INT_STATIC_LIMIT];
+    JSAtom* intStaticTable[INT_STATIC_LIMIT] = {}; // zeroes
 
-    StaticStrings() {
+    StaticStrings() = default;
-        mozilla::PodZero(this);
-    }
 
     bool init(JSContext* cx);
     void trace(JSTracer* trc);

js/src/vm/TypeInference.h

@@ -957,12 +957,10 @@ class PreliminaryObjectArray
   private:
     // All objects with the type which have been allocated. The pointers in
     // this array are weak.
-    JSObject* objects[COUNT];
+    JSObject* objects[COUNT] = {}; // zeroes
 
   public:
-    PreliminaryObjectArray() {
+    PreliminaryObjectArray() = default;
-        mozilla::PodZero(this);
-    }
 
     void registerNewObject(PlainObject* res);
     void unregisterObject(PlainObject* obj);
@@ -1056,11 +1054,11 @@ class TypeNewScript
 
   private:
     // Scripted function which this information was computed for.
-    HeapPtr<JSFunction*> function_;
+    HeapPtr<JSFunction*> function_ = {};
 
     // Any preliminary objects with the type. The analyses are not performed
     // until this array is cleared.
-    PreliminaryObjectArray* preliminaryObjects;
+    PreliminaryObjectArray* preliminaryObjects = nullptr;
 
     // After the new script properties analyses have been performed, a template
     // object to use for newly constructed objects. The shape of this object
@@ -1068,7 +1066,7 @@ class TypeNewScript
     // allocation kind to use. This is null if the new objects have an unboxed
     // layout, in which case the UnboxedLayout provides the initial structure
     // of the object.
-    HeapPtr<PlainObject*> templateObject_;
+    HeapPtr<PlainObject*> templateObject_ = {};
 
     // Order in which definite properties become initialized. We need this in
     // case the definite properties are invalidated (such as by adding a setter
@@ -1078,21 +1076,21 @@ class TypeNewScript
     // shape. Property assignments in inner frames are preceded by a series of
     // SETPROP_FRAME entries specifying the stack down to the frame containing
     // the write.
-    Initializer* initializerList;
+    Initializer* initializerList = nullptr;
 
     // If there are additional properties found by the acquired properties
     // analysis which were not found by the definite properties analysis, this
     // shape contains all such additional properties (plus the definite
     // properties). When an object of this group acquires this shape, it is
     // fully initialized and its group can be changed to initializedGroup.
-    HeapPtr<Shape*> initializedShape_;
+    HeapPtr<Shape*> initializedShape_ = {};
 
     // Group with definite properties set for all properties found by
     // both the definite and acquired properties analyses.
-    HeapPtr<ObjectGroup*> initializedGroup_;
+    HeapPtr<ObjectGroup*> initializedGroup_ = {};
 
   public:
-    TypeNewScript() { mozilla::PodZero(this); }
+    TypeNewScript() = default;
     ~TypeNewScript() {
         js_delete(preliminaryObjects);
         js_free(initializerList);

js/src/wasm/WasmModule.h

@@ -43,11 +43,11 @@ struct CompileArgs;
 
 struct LinkDataTierCacheablePod
 {
-    uint32_t outOfBoundsOffset;
+    uint32_t outOfBoundsOffset = 0;
-    uint32_t unalignedAccessOffset;
+    uint32_t unalignedAccessOffset = 0;
-    uint32_t trapOffset;
+    uint32_t trapOffset = 0;
 
-    LinkDataTierCacheablePod() { mozilla::PodZero(this); }
+    LinkDataTierCacheablePod() = default;
 };
 
 struct LinkDataTier : LinkDataTierCacheablePod