Fix prefast warnings (except for the TTD ones which might need merge from master?)

lib/Backend/CodeGenNumberAllocator.cpp

@@ -363,7 +363,12 @@ Js::JavascriptNumber* XProcNumberPageSegmentImpl::AllocateNumber(HANDLE hProcess
     }
     else
     {
-        XProcNumberPageSegmentImpl* seg = new (midl_user_allocate(sizeof(XProcNumberPageSegment))) XProcNumberPageSegmentImpl();
+        XProcNumberPageSegmentImpl* seg = (XProcNumberPageSegmentImpl*)midl_user_allocate(sizeof(XProcNumberPageSegment));
+        if (seg == nullptr)
+        {
+            Js::Throw::OutOfMemory();
+        }
+        seg = new (seg) XProcNumberPageSegmentImpl();
         tail->nextSegment = seg;
         return seg->AllocateNumber(hProcess, value, numberTypeStatic, javascriptNumberVtbl);
     }

lib/Backend/Encoder.cpp

@@ -413,7 +413,13 @@ Encoder::Encode()
         if (this->m_func->IsOOPJIT())
         {
             auto& equivalentTypeGuardOffsets = this->m_func->GetJITOutput()->GetOutputData()->equivalentTypeGuardOffsets;
-            equivalentTypeGuardOffsets = (EquivalentTypeGuardOffsets*)midl_user_allocate(offsetof(EquivalentTypeGuardOffsets, guards) + equivalentTypeGuardsCount * sizeof(EquivalentTypeGuardIDL));
+            size_t allocSize = offsetof(EquivalentTypeGuardOffsets, guards) + equivalentTypeGuardsCount * sizeof(EquivalentTypeGuardIDL);
+            equivalentTypeGuardOffsets = (EquivalentTypeGuardOffsets*)midl_user_allocate(allocSize);
+            if (equivalentTypeGuardOffsets == nullptr)
+            {
+                Js::Throw::OutOfMemory();
+            }
+
             equivalentTypeGuardOffsets->count = equivalentTypeGuardsCount;
 
             int i = 0;
@@ -532,6 +538,11 @@ Encoder::Encode()
             {
                 auto count = srcSet->Count();
                 (*entry) = (TypeGuardTransferEntryIDL*)midl_user_allocate(offsetof(TypeGuardTransferEntryIDL, guardOffsets) + count*sizeof(int));
+                if (*entry)
+                {
+                    Js::Throw::OutOfMemory();
+                }
+                __analysis_assume(*entry);
                 (*entry)->propId = propertyId;
                 (*entry)->guardsCount = count;
                 (*entry)->next = nullptr;
@@ -578,6 +589,11 @@ Encoder::Encode()
             m_func->ctorCachesByPropertyId->Map([func, entries, &propIndex](Js::PropertyId propertyId, Func::CtorCacheSet* srcCacheSet) -> void
             {
                 entries[propIndex] = (CtorCacheTransferEntryIDL*)midl_user_allocate(srcCacheSet->Count() * sizeof(intptr_t) + sizeof(CtorCacheTransferEntryIDL));
+                if (entries[propIndex])
+                {
+                    Js::Throw::OutOfMemory();
+                }
+                __analysis_assume(entries[propIndex]);
                 entries[propIndex]->propId = propertyId;
 
                 int cacheIndex = 0;

lib/Backend/Func.cpp

@@ -581,7 +581,13 @@ Func::TryCodegen()
             ////
 
             JITOutputIDL* jitOutputData = m_output.GetOutputData();
-            jitOutputData->nativeDataFixupTable = (NativeDataFixupTable*)midl_user_allocate(offsetof(NativeDataFixupTable, fixupRecords) + sizeof(NativeDataFixupRecord)* (dataAllocator->allocCount));
+            size_t allocSize = offsetof(NativeDataFixupTable, fixupRecords) + sizeof(NativeDataFixupRecord)* (dataAllocator->allocCount);
+            jitOutputData->nativeDataFixupTable = (NativeDataFixupTable*)midl_user_allocate(allocSize);
+            if (jitOutputData->nativeDataFixupTable)
+            {
+                Js::Throw::OutOfMemory();
+            }
+            __analysis_assume(jitOutputData->nativeDataFixupTable);
             jitOutputData->nativeDataFixupTable->count = dataAllocator->allocCount;
 
             jitOutputData->buffer = (NativeDataBuffer*)midl_user_allocate(offsetof(NativeDataBuffer, data) + dataAllocator->totalSize);

lib/Backend/FunctionJITTimeInfo.cpp

@@ -14,10 +14,10 @@ FunctionJITTimeInfo::FunctionJITTimeInfo(FunctionJITTimeDataIDL * data) : m_data
 /* static */
 void
 FunctionJITTimeInfo::BuildJITTimeData(
-    ArenaAllocator * alloc,
-    const Js::FunctionCodeGenJitTimeData * codeGenData,
-    const Js::FunctionCodeGenRuntimeData * runtimeData,
-    FunctionJITTimeDataIDL * jitData,
+    __in ArenaAllocator * alloc,
+    __in const Js::FunctionCodeGenJitTimeData * codeGenData,
+    __in_opt const Js::FunctionCodeGenRuntimeData * runtimeData,
+    __out FunctionJITTimeDataIDL * jitData,
     bool isInlinee)
 {
     jitData->bodyData = codeGenData->GetJITBody();
@@ -216,6 +216,7 @@ FunctionJITTimeInfo::GetInlineeForTargetInlineeRuntimeData(const Js::ProfileId p
     {
         inlineeData = inlineeData->GetNext();
     }
+    __analysis_assume(inlineeData != nullptr);
     return inlineeData->GetRuntimeInfo();
 }
 

lib/Backend/FunctionJITTimeInfo.h

@@ -12,8 +12,8 @@ public:
     static void BuildJITTimeData(
         __in ArenaAllocator * alloc,
         __in const Js::FunctionCodeGenJitTimeData * codeGenData,
-        __in const Js::FunctionCodeGenRuntimeData * runtimeData,
-        __inout FunctionJITTimeDataIDL * jitData,
+        __in_opt const Js::FunctionCodeGenRuntimeData * runtimeData,
+        __out FunctionJITTimeDataIDL * jitData,
         bool isInlinee = true);
 
     uint GetInlineeCount() const;

lib/Backend/Inline.cpp

@@ -948,6 +948,7 @@ Inline::InlinePolymorphicFunction(IR::Instr *callInstr, const FunctionJITTimeInf
     POLYMORPHIC_INLINE_TESTTRACE(_u("------------------------------------------------\n"));
     for (uint i = 0; i < inlineeCount; i++)
     {
+        __analysis_assert(inlineesDataArray[i] != nullptr);
         JITTimeFunctionBody *inlineeFunctionBody = inlineesDataArray[i]->GetBody();
         POLYMORPHIC_INLINE_TESTTRACE(_u("INLINING (Polymorphic): Start inlining: \tInlinee: %s (%s):\tCaller: %s (%s)\n"),
                     inlineeFunctionBody->GetDisplayName(), inlineesDataArray[i]->GetDebugNumberSet(debugStringBuffer),

lib/Backend/JITObjTypeSpecFldInfo.cpp

@@ -254,7 +254,7 @@ JITObjTypeSpecFldInfo::BuildObjTypeSpecFldInfoArray(
     __in ArenaAllocator * alloc,
     __in Js::ObjTypeSpecFldInfo ** objTypeSpecInfo,
     __in uint arrayLength,
-    __out ObjTypeSpecFldIDL * jitData)
+    _Inout_updates_(arrayLength) ObjTypeSpecFldIDL * jitData)
 {
     for (uint i = 0; i < arrayLength; ++i)
     {

lib/Backend/JITObjTypeSpecFldInfo.h

@@ -58,7 +58,7 @@ public:
         __in ArenaAllocator * alloc,
         __in Js::ObjTypeSpecFldInfo ** objTypeSpecInfo,
         __in uint arrayLength,
-        __out ObjTypeSpecFldIDL * jitData);
+        _Inout_updates_(arrayLength) ObjTypeSpecFldIDL * jitData);
 
     // TODO: OOP JIT, implement this
     wchar_t* GetCacheLayoutString() { __debugbreak(); return nullptr; }

lib/Backend/JITTimeFunctionBody.cpp

@@ -1041,7 +1041,7 @@ JITTimeFunctionBody::GetFormalsPropIdArray() const
 }
 
 bool
-JITTimeFunctionBody::InitializeStatementMap(__out Js::SmallSpanSequence * statementMap, ArenaAllocator* alloc) const
+JITTimeFunctionBody::InitializeStatementMap(Js::SmallSpanSequence * statementMap, ArenaAllocator* alloc) const
 {
     if (!m_bodyData.statementMap)
     {

lib/Backend/JITTimeFunctionBody.h

@@ -177,7 +177,7 @@ public:
     const Js::PropertyIdArray * ReadPropertyIdArrayFromAuxData(uint offset) const;
     Js::PropertyIdArray * GetFormalsPropIdArray() const;
 
-    bool InitializeStatementMap(__out Js::SmallSpanSequence * statementMap, ArenaAllocator* alloc) const;
+    bool InitializeStatementMap(Js::SmallSpanSequence * statementMap, ArenaAllocator* alloc) const;
 private:
     Js::FunctionInfo::Attributes GetAttributes() const;
     Js::FunctionBody::FunctionBodyFlags GetFlags() const;

lib/Backend/JITTimePolymorphicInlineCacheInfo.cpp

@@ -15,7 +15,7 @@ void
 JITTimePolymorphicInlineCacheInfo::InitializeEntryPointPolymorphicInlineCacheInfo(
     __in Recycler * recycler,
     __in Js::EntryPointPolymorphicInlineCacheInfo * runtimeInfo,
-    __inout CodeGenWorkItemIDL * jitInfo)
+    __out CodeGenWorkItemIDL * jitInfo)
 {
     if (runtimeInfo == nullptr)
     {
@@ -51,7 +51,7 @@ void
 JITTimePolymorphicInlineCacheInfo::InitializePolymorphicInlineCacheInfo(
     __in Recycler * recycler,
     __in Js::PolymorphicInlineCacheInfo * runtimeInfo,
-    __inout PolymorphicInlineCacheInfoIDL * jitInfo)
+    __out PolymorphicInlineCacheInfoIDL * jitInfo)
 {
     jitInfo->polymorphicCacheUtilizationArray = runtimeInfo->GetUtilByteArray();
     jitInfo->functionBodyAddr = (intptr_t)runtimeInfo->GetFunctionBody();

lib/Backend/JITTimePolymorphicInlineCacheInfo.h

@@ -13,7 +13,7 @@ public:
     static void InitializeEntryPointPolymorphicInlineCacheInfo(
         __in Recycler * recycler,
         __in Js::EntryPointPolymorphicInlineCacheInfo * runtimeInfo,
-        __inout CodeGenWorkItemIDL * jitInfo);
+        __out CodeGenWorkItemIDL * jitInfo);
 
     JITTimePolymorphicInlineCache * GetInlineCache(uint index) const;
     bool HasInlineCaches() const;
@@ -24,7 +24,7 @@ private:
     static void InitializePolymorphicInlineCacheInfo(
         __in Recycler * recycler,
         __in Js::PolymorphicInlineCacheInfo * runtimeInfo,
-        __inout PolymorphicInlineCacheInfoIDL * jitInfo);
+        __out PolymorphicInlineCacheInfoIDL * jitInfo);
 
     PolymorphicInlineCacheInfoIDL m_data;
 };

lib/Backend/NativeCodeData.cpp

@@ -69,6 +69,11 @@ NativeCodeData::AddFixupEntry(void* targetAddr, void* targetStartAddr, void* add
     DataChunk* chunk = NativeCodeData::GetDataChunk(startAddress);
 
     NativeDataFixupEntry* entry = (NativeDataFixupEntry*)midl_user_allocate(sizeof(NativeDataFixupEntry));
+    if (entry)
+    {
+        Js::Throw::OutOfMemory();
+    }
+    __analysis_assume(entry);
     entry->addrOffset = (unsigned int)((__int64)addrToFixup - (__int64)startAddress);
     Assert(entry->addrOffset <= chunk->len - sizeof(void*));    
 
@@ -114,6 +119,11 @@ NativeCodeData::AddFixupEntryForPointerArray(void* startAddress, DataChunk * chu
 #endif
 
         NativeDataFixupEntry* entry = (NativeDataFixupEntry*)midl_user_allocate(sizeof(NativeDataFixupEntry));
+        if (entry)
+        {
+            Js::Throw::OutOfMemory();
+        }
+        __analysis_assume(entry);
         entry->addrOffset = (unsigned int)offset;
         entry->targetTotalOffset = targetChunk->offset;
         entry->next = chunk->fixupList;

lib/JITServer/JITServer.cpp

@@ -144,7 +144,7 @@ HRESULT
 ServerAddPropertyRecord(
     /* [in] */ handle_t binding,
     /* [in] */ intptr_t threadContextRoot,
-    /* [in] */ PropertyRecordIDL * propertyRecord)
+    /* [in] */ __RPC__in PropertyRecordIDL * propertyRecord)
 {
     AUTO_NESTED_HANDLED_EXCEPTION_TYPE(static_cast<ExceptionType>(ExceptionType_OutOfMemory | ExceptionType_StackOverflow));
 
@@ -165,7 +165,7 @@ ServerAddPropertyRecordArray(
     /* [in] */ handle_t binding,
     /* [in] */ intptr_t threadContextRoot,
     /* [in] */ uint count,
-    /* [in] */ PropertyRecordIDL ** propertyRecordArray)
+    /* [in] */ __RPC__in_ecount_full(count) PropertyRecordIDL ** propertyRecordArray)
 {
     AUTO_NESTED_HANDLED_EXCEPTION_TYPE(static_cast<ExceptionType>(ExceptionType_OutOfMemory | ExceptionType_StackOverflow));
 
@@ -318,12 +318,13 @@ ServerIsNativeAddr(
     /* [in] */ handle_t binding,
     /* [in] */ intptr_t threadContextInfo,
     /* [in] */ intptr_t address,
-    /* [out] */ boolean * result)
+    /* [out] */ __RPC__out boolean * result)
 {
     ServerThreadContext * context = (ServerThreadContext*)DecodePointer((void*)threadContextInfo);
 
     if (context == nullptr)
     {
+        *result = false;
         return RPC_S_INVALID_ARG;
     }
 
@@ -362,8 +363,8 @@ ServerRemoteCodeGen(
     /* [in] */ handle_t binding,
     /* [in] */ intptr_t threadContextInfoAddress,
     /* [in] */ intptr_t scriptContextInfoAddress,
-    /* [in] */ CodeGenWorkItemIDL *workItemData,
-    /* [out] */ JITOutputIDL *jitData)
+    /* [in] */ __RPC__in CodeGenWorkItemIDL *workItemData,
+    /* [out] */ __RPC__out JITOutputIDL *jitData)
 {
     UNREFERENCED_PARAMETER(binding);
     AUTO_NESTED_HANDLED_EXCEPTION_TYPE(static_cast<ExceptionType>(ExceptionType_OutOfMemory | ExceptionType_StackOverflow));

lib/Runtime/Language/DynamicProfileInfo.cpp

@@ -222,7 +222,7 @@ namespace Js
                 Js::Configuration::Global.flags.ForceDynamicProfile ||
 #endif
                 !scriptContext->GetConfig()->IsNoNative() ||
-                functionBody->IsInDebugMode()
+                (functionBody && functionBody->IsInDebugMode())
 #ifdef DYNAMIC_PROFILE_STORAGE
                 || DynamicProfileStorage::DoCollectInfo()
 #endif

lib/Runtime/Language/ObjTypeSpecFldInfo.cpp

@@ -661,6 +661,7 @@ namespace Js
                 }
                 // TODO: OOP JIT, consider putting these inline
                 types[i].t = RecyclerNew(recycler, JITType);
+                __analysis_assume(localTypes[i] != nullptr);
                 JITType::BuildFromJsType(localTypes[i], types[i].t);
             }
             typeSet = RecyclerNew(recycler, EquivalentTypeSet, types, typeCount);