Closed Bug 1250400 Opened 9 years ago Closed 6 years ago

ARM/AARCH64: Javascript engine crash

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.8 Branch
Platform:
ARM64
Linux
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1143022

People

(Reporter: panny.wang, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 Steps to reproduce: Download the source code of mozjs from http://archive.ubuntu.com/ubuntu/pool/universe/m/mozjs/mozjs_1.8.5-1.0.0+dfsg.orig.tar.gz Compile the source with debug mode on our arm machine running on Linux arm64 4.2.0-19.20-generic #23+thunder.2-Ubuntu SMP Wed Dec 2 18:41:32 UTC 2015 aarch64 aarch64 aarch64 GNU/Linux Execute the command 'jsapi-tests' and got core dumped Actual results: root@arm64:~/tmp/mozjs-1.8.5-1.0.0+dfsg/js/src# ./jsapi-tests/jsapi-tests testCustomIterator_bug612523 Assertion failure: (objBits >> JSVAL_TAG_SHIFT) == 0, at jsval.h:706 Aborted (core dumped) root@arm64:~/tmp/mozjs-1.8.5-1.0.0+dfsg/js/src# gdb jsapi-tests/jsapi-tests GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "aarch64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from jsapi-tests/jsapi-tests...done. (gdb) run Starting program: /mnt/root/tmp/mozjs-1.8.5-1.0.0+dfsg/js/src/jsapi-tests/jsapi-tests [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". testCustomIterator_bug612523 Assertion failure: (objBits >> JSVAL_TAG_SHIFT) == 0, at jsval.h:706 Program received signal SIGABRT, Aborted. 0x0000ffffb7fb903c in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 37 ../nptl/sysdeps/unix/sysv/linux/pt-raise.c: No such file or directory. (gdb) bt #0 0x0000ffffb7fb903c in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 #1 0x00000000005ccd80 in JS_Assert (s=0x609b88 "(objBits >> JSVAL_TAG_SHIFT) == 0", file=0x609ab8 "jsval.h", ln=706) at jsutil.cpp:83 #2 0x0000000000413ab8 in OBJECT_TO_JSVAL_IMPL (obj=0xffffb7703090) at jsval.h:706 #3 0x00000000004340bc in js::Value::setObject (this=0xfffffffff388, obj=...) at jsvalue.h:380 #4 0x000000000041430c in js::ObjectValue (obj=...) at jsvalue.h:805 #5 0x000000000042b490 in JS_NewGlobalObject (cx=0x6b8cc0, clasp=0x695280 <JSAPITest::basicGlobalClass()::c>) at jsapi.cpp:3080 #6 0x000000000042b588 in JS_NewCompartmentAndGlobalObject (cx=0x6b8cc0, clasp=0x695280 <JSAPITest::basicGlobalClass()::c>, principals=0x0) at jsapi.cpp:3098 #7 0x0000000000405160 in JSAPITest::createGlobal (this=0x6a2b90 <cls_testCustomIterator_bug612523_instance>) at tests.h:296 #8 0x0000000000404874 in JSAPITest::init (this=0x6a2b90 <cls_testCustomIterator_bug612523_instance>) at tests.h:134 #9 0x00000000004035bc in main (argc=1, argv=0xfffffffff658) at tests.cpp:62
Severity: normal → blocker
OS: Unspecified → Linux
Hardware: Unspecified → ARM
SpiderMonkey 1.8.5 is way too old. Can you test with SpiderMonkey 38.2.1 rc0 [1] or mozilla-central [2]? also, as the assertion failure mentions JSVAL_TAG_SHIFT, it might be related to bug 1143022. [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Releases/38 [2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Build_Documentation
Flags: needinfo?(panny.wang)
Hi Tooru, Because of using CouchDB 1.5.0, the SpiderMonkey 1.8.5 is the suggested one. Thus, we are focusing on it. Is there any way, we can back port the patch to SpiderMonkey 1.8.5 if bug 1143022 does fixed. Thanks
Flags: needinfo?(panny.wang)
The problem is in the allocator that is linked to SpiderMonkey. SpiderMonkey is doing some boxing which assumes that the high bits of pointers are always zeros. So, technically this should work, as the problem is easier to fix outside SpiderMonkey.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
I've download the source from SpiderMonkey 38.2.1 rc0 [1] or mozilla-central [2]. But I still got the same result? Is there any patch I have to applied to before compile the source? The patch in bug 910845 looks not suitable for the current source of mozilla-central. The function "MapMemory()" looks different in the patch and the current source of mozilla-central
compile the source from mozilla-central and run the jsapi-test Program received signal SIGSEGV, Segmentation fault. 0x000000000043f6fc in OBJECT_TO_JSVAL_IMPL (obj=0xffffa9e22060) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:864 864 MOZ_ASSERT((objBits >> JSVAL_TAG_SHIFT) == 0); (gdb) bt full #0 0x000000000043f6fc in OBJECT_TO_JSVAL_IMPL (obj=0xffffa9e22060) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:864 l = {asBits = 281474976706448, debugView = {payload47 = 140737488351120, tag = 1}, s = {payload = {i32 = -4208, u32 = 4294963088, why = 4294963088}}, asDouble = 1.3906711615462106e-309, asPtr = 0xffffffffef90, asWord = 281474976706448, asUIntPtr = 281474976706448} objBits = 281473531912288 #1 0x0000000000440eb4 in JS::Value::setObject (this=0xffffffffefc8, obj=...) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:1098 No locals. #2 0x0000000000c21dbc in JS::ObjectValue (obj=...) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:1536 v = {data = {asBits = 281474976706552, debugView = {payload47 = 140737488351224, tag = 1}, s = {payload = {i32 = -4104, u32 = 4294963192, why = 4294963192}}, asDouble = 1.3906711615467244e-309, asPtr = 0xffffffffeff8, asWord = 281474976706552, asUIntPtr = 281474976706552}} #3 0x0000000000c2c3b4 in js::ClonedBlockObject::create (cx=0xffffb7a61800, block=..., enclosing=...) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/ScopeObject.cpp:956 group = {<js::RootedBase<js::ObjectGroup*>> = {<No data fields>}, stack = 0xffffb7a61838, prev = 0x0, ptr = 0xffffa9e1f0d0} shape = {<js::RootedBase<js::Shape*>> = {<No data fields>}, stack = 0xffffb7a61848, prev = 0x0, ptr = 0xffffa9e21060} allocKind = js::gc::OBJECT2_BACKGROUND obj = {<js::RootedBase<js::NativeObject*>> = {<No data fields>}, stack = 0xffffb7a61830, prev = 0xfffffffff0d0, ptr = 0xffffa9e23070} res = 0xfffff050 #4 0x0000000000c2c604 in js::ClonedBlockObject::createGlobal (cx=0xffffb7a61800, global=...) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/ScopeObject.cpp:987 staticLexical = {<js::RootedBase<js::StaticBlockScope*>> = {<No data fields>}, stack = 0xffffb7a61830, prev = 0xfffffffff150, ptr = 0xffffa9e23040} lexical = {<js::RootedBase<js::ClonedBlockObject*>> = {<No data fields>}, stack = 0xffffa9e23040, prev = 0xfffffffff150, ptr = 0xfffffffff138} #5 0x0000000000ac4a80 in js::GlobalObject::createInternal (cx=0xffffb7a61800, clasp=0x1d585d0 <JSRuntime::createSelfHostingGlobal(JSContext*)::shgClass>) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/GlobalObject.cpp:291 obj = 0xffffa9e22060 global = {<js::RootedBase<js::GlobalObject*>> = {<No data fields>}, stack = 0xffffb7a61830, prev = 0x0, ptr = 0xffffa9e22060} lexical = {<js::RootedBase<js::ClonedBlockObject*>> = {<No data fields>}, stack = 0xffffa9e22060, prev = 0xffffb7a61800, ptr = 0xfffffffff1c8} #6 0x0000000000c3d63c in JSRuntime::createSelfHostingGlobal (cx=0xffffb7a61800) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/SelfHosting.cpp:2071 shgClass = {name = 0x1236168 "self-hosting-global", flags = 177664, addProperty = 0x0, delProperty = 0x0, getProperty = 0x0, setProperty = 0x0, enumerate = 0x0, resolve = 0x0, mayResolve = 0x0, finalize = 0x0, call = 0x0, hasInstance = 0x0, construct = 0x0, trace = 0x8dc6bc <JS_GlobalObjectTraceHook(JSTracer*, JSObject*)>, spec = {createConstructor_ = 0x0, createPrototype_ = 0x0, constructorFunctions_ = 0x0, constructorProperties_ = 0x0, prototypeFunctions_ = 0x0, prototypeProperties_ = 0x0, finishInit_ = 0x0, flags = 0, static ParentKeyWidth = 6, static ParentKeyMask = 63, static DontDefineConstructor = 64, static IsDelegated = 128}, ext = {isWrappedNative = false, weakmapKeyDelegateOp = 0x0, objectMovedOp = 0x0}, ops = {lookupProperty = 0x0, defineProperty = 0x0, hasProperty = 0x0, getProperty = 0x0, setProperty = 0x0, getOwnPropertyDescriptor = 0x0, deleteProperty = 0x0, watch = 0x0, unwatch = 0x0, getElements = 0x0, enumerate = 0x0, funToString = 0x0}, static NON_NATIVE = 262144} ac = {cx_ = 0xffffb7a61800, origin_ = 0x0} options = {creationOptions_ = {addonId_ = 0x0, traceGlobal_ = 0x0, zone_ = {spec = JS::FreshZone, pointer = 0xffff00000000}, invisibleToDebugger_ = false, mergeable_ = false, preserveJitCode_ = false, cloneSingletons_ = false, experimentalDateTimeFormatFormatToPartsEnabled_ = false, sharedMemoryAndAtomics_ = false}, behaviors_ = {version_ = JSVERSION_UNKNOWN, discardSource_ = true, disableLazyParsing_ = false, extraWarningsOverride_ = {mode_ = JS::CompartmentBehaviors::Override::Default}, singletonsAsTemplates_ = true}} compartment = 0xffffb7a14800 shg = {<js::RootedBase<js::GlobalObject*>> = {<No data fields>}, stack = 0xffffb7a905d0, prev = 0xfffffffff200, ptr = 0x975bc8 <JS::AutoDisableGenerationalGC::AutoDisableGenerationalGC(JSRuntime*)+44>} #7 0x0000000000c3d818 in JSRuntime::initSelfHosting (this=0xffffb7a90000, cx=0xffffb7a61800) ---Type <return> to continue, or q <return> to quit--- at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/SelfHosting.cpp:2103 ac = {cx_ = 0xfffffffff2f0, oldCompartment_ = 0xffffa9e1e070, _mCheckNotUsedAsTemporary = {mStatementDone = 32}} rv = {<js::RootedBase<JS::Value>> = {<js::MutableValueOperations<JS::Rooted<JS::Value> >> = {<js::ValueOperations<JS::Rooted<JS::Value> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0xffffa9efffe8, prev = 0xfffffffff300, ptr = {data = {asBits = 5760576, debugView = { payload47 = 5760576, tag = 0}, s = {payload = {i32 = 5760576, u32 = 5760576, why = 5760576}}, asDouble = 2.8461027018575847e-317, asPtr = 0x57e640 <js::ImmutableTenuredPtr<JS::Symbol*>::init(JS::Symbol*)+24>, asWord = 5760576, asUIntPtr = 5760576}}} ok = false disable = {gc = 0xffffb7a90430} shg = {<js::RootedBase<js::GlobalObject*>> = {<No data fields>}, stack = 0x57b0c4 <JSRuntime::initializeAtoms(JSContext*)+1076>, prev = 0xfffffffff2e0, ptr = 0x4326ec <js::gc::Cell::isTenured() const+20>} options = {<JS::ReadOnlyCompileOptions> = {<JS::TransitiveCompileOptions> = {_vptr.TransitiveCompileOptions = 0xfffffffff301, mutedErrors_ = 112, filename_ = 0xfffffffff320 "\220\363\377\377\377\377", introducerFilename_ = 0x57b0fc <JSRuntime::initializeAtoms(JSContext*)+1132> "\240'", <incomplete sequence \371>, sourceMapURL_ = 0xffffa9e1e070 u"\003", version = -1213919368, versionSet = 255, utf8 = 255, selfHostingMode = false, canLazilyParse = false, strictOption = 144, extraWarningsOption = 243, werrorOption = 255, asmJSOption = (JS::Disabled | JS::DisabledByDebugger | unknown: 252), throwOnAsmJSValidationFailureOption = 255, forceAsync = 255, installedFile = false, sourceIsLazy = false, introductionType = 0x8ebf44 <js::NewContext(JSRuntime*, unsigned long)+180> "\240\277", introductionLineno = 0, introductionOffset = 0, hasIntroductionInfo = false}, lineno = 65535, column = 3081115648, isRunOnce = 255, forEval = 255, noScriptRval = false}, elementRoot = {<js::RootedBase<JSObject*>> = {<No data fields>}, stack = 0xffffb7a90000, prev = 0xffffb7a61800, ptr = 0xffffa9f12a60}, elementAttributeNameRoot = {<js::RootedBase<JSString*>> = {<No data fields>}, stack = 0x14c, prev = 0x4, ptr = 0xffffa9e1d640}, introductionScriptRoot = {<js::RootedBase<JSScript*>> = {<No data fields>}, stack = 0xffffa9f128b0, prev = 0xffffb7a50f60, ptr = 0xffffa9e1e070}} oldReporter = 0xfffffffff2a0 filename = 0xc92dec <JS::Symbol::new_(js::ExclusiveContext*, JS::SymbolCode, JSString*)+240> "\340\003\023\252\363\v@\371\375{Ȩ\300\003_\326\375{\267\251\375\003" #8 0x00000000008ebf60 in js::NewContext (rt=0xffffb7a90000, stackChunkSize=8192) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jscntxt.cpp:121 ok = true cx = 0xffffb7a61800 cxCallback = 0xffffb7a90000 #9 0x00000000008d9374 in JS_NewContext (rt=0xffffb7a90000, stackChunkSize=8192) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi.cpp:574 No locals. #10 0x0000000000433e50 in JSAPITest::createContext (this=0x1d6edc8 <cls_testXDR_sourceMap_instance>) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi-tests/tests.h:306 No locals. #11 0x000000000050933c in JSAPITest::init (this=0x1d6edc8 <cls_testXDR_sourceMap_instance>) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi-tests/tests.cpp:21 No locals. #12 0x00000000005099b4 in main (argc=1, argv=0xfffffffff608) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi-tests/tests.cpp:118 name = 0x1138fb0 "testXDR_sourceMap" test = 0x1d6edc8 <cls_testXDR_sourceMap_instance> total = 1 failures = 0 filter = 0x0
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
If this is really a duplicate of bug 1143022, the issue is not yet fixed in SpiderMonkey. Just for confirmation, you're using 48 bit virtual addresses, right? I don't know much about it tho, is there any way to switch to 47 bit?
Tried to add the define for aarch64 according to comment #3 of bug 1143022 as follows. > We have a check for this at [1] (and [2]). It sounds like those #ifdefs need > to be updated to include 64-bit ARM. > > [1] https://dxr.mozilla.org/mozilla-central/source/js/src/gc/Memory.cpp#405 > [2] https://dxr.mozilla.org/mozilla-central/source/js/src/gc/Memory.cpp#382 compile the source from mozilla-central and run the jsapi-test: # ./dist/bin/jsapi-tests testXDR_sourceMap TEST-UNEXPECTED-FAIL | testXDR_sourceMap | Failed to initialize. testXDR_source TEST-UNEXPECTED-FAIL | testXDR_source | Failed to initialize. testXDR_bug516827 TEST-UNEXPECTED-FAIL | testXDR_bug516827 | Failed to initialize. testXDR_bug506491 TEST-UNEXPECTED-FAIL | testXDR_bug506491 | Failed to initialize. testWeakMap_keyDelegates TEST-UNEXPECTED-FAIL | testWeakMap_keyDelegates | Failed to initialize. testWeakMap_basicOperations TEST-UNEXPECTED-FAIL | testWeakMap_basicOperations | Failed to initialize. testWasmLEB128_invalid_decoding TEST-UNEXPECTED-FAIL | testWasmLEB128_invalid_decoding | Failed to initialize. testWasmLEB128_valid_decoding TEST-UNEXPECTED-FAIL | testWasmLEB128_valid_decoding | Failed to initialize. testWasmLEB128_encoding TEST-UNEXPECTED-FAIL | testWasmLEB128_encoding | Failed to initialize. testUncaughtError TEST-UNEXPECTED-FAIL | testUncaughtError | Failed to initialize. test_JS_ubi_ShortestPaths_multiple_edges_to_target TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_multiple_edges_to_target | Failed to initialize. test_JS_ubi_ShortestPaths_more_paths_than_max TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_more_paths_than_max | Failed to initialize. test_JS_ubi_ShortestPaths_multiple_paths TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_multiple_paths | Failed to initialize. test_JS_ubi_ShortestPaths_one_path TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_one_path | Failed to initialize. test_JS_ubi_ShortestPaths_no_path TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_no_path | Failed to initialize. test_JS_ubi_Node_scriptFilename TEST-UNEXPECTED-FAIL | test_JS_ubi_Node_scriptFilename | Failed to initialize. test_JS_ubi_DominatorTree TEST-UNEXPECTED-FAIL | test_JS_ubi_DominatorTree | Failed to initialize. test_ubiPostOrder TEST-UNEXPECTED-FAIL | test_ubiPostOrder | Failed to initialize. test_ubiCoarseType TEST-UNEXPECTED-FAIL | test_ubiCoarseType | Failed to initialize. test_ubiStackFrame TEST-UNEXPECTED-FAIL | test_ubiStackFrame | Failed to initialize. test_ubiNodeJSObjectConstructorName TEST-UNEXPECTED-FAIL | test_ubiNodeJSObjectConstructorName | Failed to initialize. test_ubiNodeCompartment TEST-UNEXPECTED-FAIL | test_ubiNodeCompartment | Failed to initialize. test_ubiNodeZone TEST-UNEXPECTED-FAIL | test_ubiNodeZone | Failed to initialize. testUTF8_badSurrogate TEST-UNEXPECTED-FAIL | testUTF8_badSurrogate | Failed to initialize. testUTF8_bigUTF8 TEST-UNEXPECTED-FAIL | testUTF8_bigUTF8 | Failed to initialize. testUTF8_badUTF8 TEST-UNEXPECTED-FAIL | testUTF8_badUTF8 | Failed to initialize. testTypedArrays TEST-UNEXPECTED-FAIL | testTypedArrays | Failed to initialize. testToUint64Large TEST-UNEXPECTED-FAIL | testToUint64Large | Failed to initialize. testToUint32Large TEST-UNEXPECTED-FAIL | testToUint32Large | Failed to initialize. testToInt8 TEST-UNEXPECTED-FAIL | testToInt8 | Failed to initialize. testToUint8TwiceUint8Range TEST-UNEXPECTED-FAIL | testToUint8TwiceUint8Range | Failed to initialize. testSymbol_GetWellKnownSymbol TEST-UNEXPECTED-FAIL | testSymbol_GetWellKnownSymbol | Failed to initialize. testSymbol_GetSymbolFor TEST-UNEXPECTED-FAIL | testSymbol_GetSymbolFor | Failed to initialize. testSymbol_New TEST-UNEXPECTED-FAIL | testSymbol_New | Failed to initialize. testStructuredClone_SavedFrame TEST-UNEXPECTED-FAIL | testStructuredClone_SavedFrame | Failed to initialize. testStructuredClone_string TEST-UNEXPECTED-FAIL | testStructuredClone_string | Failed to initialize. testStructuredClone_object TEST-UNEXPECTED-FAIL | testStructuredClone_object | Failed to initialize. testStringBuffer_finishString TEST-UNEXPECTED-FAIL | testStringBuffer_finishString | Failed to initialize. testBug795104 TEST-UNEXPECTED-FAIL | testBug795104 | Failed to initialize. testSetPropertyIgnoringNamedGetter_direct TEST-UNEXPECTED-FAIL | testSetPropertyIgnoringNamedGetter_direct | Failed to initialize. testSetProperty_InheritedGlobalSetter TEST-UNEXPECTED-FAIL | testSetProperty_InheritedGlobalSetter | Failed to initialize. testSetProperty_NativeGetterStubSetter TEST-UNEXPECTED-FAIL | testSetProperty_NativeGetterStubSetter | Failed to initialize. bug438633_JS_CompileFileHandleForPrincipals TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFileHandleForPrincipals | Failed to initialize. bug438633_JS_CompileFileHandle_empty TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFileHandle_empty | Failed to initialize. bug438633_JS_CompileFileHandle TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFileHandle | Failed to initialize. bug438633_JS_CompileFile_empty TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFile_empty | Failed to initialize. bug438633_JS_CompileFile TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFile | Failed to initialize. bug438633_JS_CompileUCScriptForPrincipals TEST-UNEXPECTED-FAIL | bug438633_JS_CompileUCScriptForPrincipals | Failed to initialize. bug438633_JS_CompileUCScript_empty TEST-UNEXPECTED-FAIL | bug438633_JS_CompileUCScript_empty | Failed to initialize. bug438633_JS_CompileUCScript TEST-UNEXPECTED-FAIL | bug438633_JS_CompileUCScript | Failed to initialize. bug438633_CompileScriptForPrincipals TEST-UNEXPECTED-FAIL | bug438633_CompileScriptForPrincipals | Failed to initialize. bug438633_CompileScript_empty TEST-UNEXPECTED-FAIL | bug438633_CompileScript_empty | Failed to initialize. bug438633_CompileScript TEST-UNEXPECTED-FAIL | bug438633_CompileScript | Failed to initialize. testScriptInfo TEST-UNEXPECTED-FAIL | testScriptInfo | Failed to initialize. testSavedStacks_selfHostedFrames TEST-UNEXPECTED-FAIL | testSavedStacks_selfHostedFrames | Failed to initialize. testSavedStacks_RangeBasedForLoops TEST-UNEXPECTED-FAIL | testSavedStacks_RangeBasedForLoops | Failed to initialize. testSavedStacks_ApiDefaultValues TEST-UNEXPECTED-FAIL | testSavedStacks_ApiDefaultValues | Failed to initialize. testSavedStacks_withNoStack TEST-UNEXPECTED-FAIL | testSavedStacks_withNoStack | Failed to initialize. testSameValue TEST-UNEXPECTED-FAIL | testSameValue | Failed to initialize. testResolveRecursion_InitStandardClasses TEST-UNEXPECTED-FAIL | testResolveRecursion_InitStandardClasses | Failed to initialize. testResolveRecursion TEST-UNEXPECTED-FAIL | testResolveRecursion | Failed to initialize. testGetRegExpSource TEST-UNEXPECTED-FAIL | testGetRegExpSource | Failed to initialize. testGetRegExpFlags TEST-UNEXPECTED-FAIL | testGetRegExpFlags | Failed to initialize. testObjectIsRegExp TEST-UNEXPECTED-FAIL | testObjectIsRegExp | Failed to initialize. testPropCache_bug505798 TEST-UNEXPECTED-FAIL | testPropCache_bug505798 | Failed to initialize. testProfileStrings_worksWhenEnabledOnTheFly TEST-UNEXPECTED-FAIL | testProfileStrings_worksWhenEnabledOnTheFly | Failed to initialize. testProfileStrings_isCalledWhenError TEST-UNEXPECTED-FAIL | testProfileStrings_isCalledWhenError | Failed to initialize. testProfileStrings_isCalledWithJIT TEST-UNEXPECTED-FAIL | testProfileStrings_isCalledWithJIT | Failed to initialize. testProfileStrings_isCalledWithInterpreter TEST-UNEXPECTED-FAIL | testProfileStrings_isCalledWithInterpreter | Failed to initialize. test_PreserveJitCode TEST-UNEXPECTED-FAIL | test_PreserveJitCode | Failed to initialize. test_GlobalPersistentRooted TEST-UNEXPECTED-FAIL | test_GlobalPersistentRooted | Failed to initialize. test_PersistentRootedAssign TEST-UNEXPECTED-FAIL | test_PersistentRootedAssign | Failed to initialize. test_PersistentRootedCopy TEST-UNEXPECTED-FAIL | test_PersistentRootedCopy | Failed to initialize. test_PersistentRootedNull TEST-UNEXPECTED-FAIL | test_PersistentRootedNull | Failed to initialize. test_PersistentRooted TEST-UNEXPECTED-FAIL | test_PersistentRooted | Failed to initialize. testParseJSON_reviver TEST-UNEXPECTED-FAIL | testParseJSON_reviver | Failed to initialize. testParseJSON_error TEST-UNEXPECTED-FAIL | testParseJSON_error | Failed to initialize. testParseJSON_success TEST-UNEXPECTED-FAIL | testParseJSON_success | Failed to initialize. testObjectEmulatingUndefined_equal TEST-UNEXPECTED-FAIL | testObjectEmulatingUndefined_equal | Failed to initialize. testObjectEmulatingUndefined_truthy TEST-UNEXPECTED-FAIL | testObjectEmulatingUndefined_truthy | Failed to initialize. testNewRuntime TEST-UNEXPECTED-FAIL | testNewRuntime | Failed to initialize. testOOM TEST-UNEXPECTED-FAIL | testOOM | Failed to initialize. testNullRoot TEST-UNEXPECTED-FAIL | testNullRoot | Failed to initialize. testNewTargetInvokeConstructor TEST-UNEXPECTED-FAIL | testNewTargetInvokeConstructor | Failed to initialize. testNewObject_1 TEST-UNEXPECTED-FAIL | testNewObject_1 | Failed to initialize. testMutedErrors TEST-UNEXPECTED-FAIL | testMutedErrors | Failed to initialize. testMappedArrayBuffer_bug945152 TEST-UNEXPECTED-FAIL | testMappedArrayBuffer_bug945152 | Failed to initialize. test_undef_leq_null TEST-UNEXPECTED-FAIL | test_undef_leq_null | Failed to initialize. test_null_leq_undef TEST-UNEXPECTED-FAIL | test_null_leq_undef | Failed to initialize. test_nz_leq_pz TEST-UNEXPECTED-FAIL | test_nz_leq_pz | Failed to initialize. test_pz_leq_nz TEST-UNEXPECTED-FAIL | test_pz_leq_nz | Failed to initialize. test_leq_same_nums TEST-UNEXPECTED-FAIL | test_leq_same_nums | Failed to initialize. test_all_nleq_nan TEST-UNEXPECTED-FAIL | test_all_nleq_nan | Failed to initialize. test_nan_nleq_all TEST-UNEXPECTED-FAIL | test_nan_nleq_all | Failed to initialize. test_null_leq_null TEST-UNEXPECTED-FAIL | test_null_leq_null | Failed to initialize. test_undef_leq_undef TEST-UNEXPECTED-FAIL | test_undef_leq_undef | Failed to initialize. testLookup_bug570195 TEST-UNEXPECTED-FAIL | testLookup_bug570195 | Failed to initialize. testLookup_bug522590 TEST-UNEXPECTED-FAIL | testLookup_bug522590 | Failed to initialize. testJSEvaluateScript TEST-UNEXPECTED-FAIL | testJSEvaluateScript | Failed to initialize. testIsInsideNursery TEST-UNEXPECTED-FAIL | testIsInsideNursery | Failed to initialize. testIntlAvailableLocales TEST-UNEXPECTED-FAIL | testIntlAvailableLocales | Failed to initialize. testPinAcrossGC TEST-UNEXPECTED-FAIL | testPinAcrossGC | Failed to initialize. testAtomizedIsNotPinned TEST-UNEXPECTED-FAIL | testAtomizedIsNotPinned | Failed to initialize. testIntTypesABI TEST-UNEXPECTED-FAIL | testIntTypesABI | Failed to initialize. testIntString_bug515273 TEST-UNEXPECTED-FAIL | testIntString_bug515273 | Failed to initialize. testStringToPropertyName TEST-UNEXPECTED-FAIL | testStringToPropertyName | Failed to initialize. testStringIsIndex TEST-UNEXPECTED-FAIL | testStringIsIndex | Failed to initialize. testIndexToString TEST-UNEXPECTED-FAIL | testIndexToString | Failed to initialize. testHashMapLookupWithDefaultOOM TEST-UNEXPECTED-FAIL | testHashMapLookupWithDefaultOOM | Failed to initialize. testHashSetOfMoveOnlyType TEST-UNEXPECTED-FAIL | testHashSetOfMoveOnlyType | Failed to initialize. testHashRekeyManualRemoval TEST-UNEXPECTED-FAIL | testHashRekeyManualRemoval | Failed to initialize. testHashRekeyManual TEST-UNEXPECTED-FAIL | testHashRekeyManual | Failed to initialize. test_GetPropertyDescriptor TEST-UNEXPECTED-FAIL | test_GetPropertyDescriptor | Failed to initialize. testGCWeakRef TEST-UNEXPECTED-FAIL | testGCWeakRef | Failed to initialize. testGCUID TEST-UNEXPECTED-FAIL | testGCUID | Failed to initialize. testGCStoreBufferRemoval TEST-UNEXPECTED-FAIL | testGCStoreBufferRemoval | Failed to initialize. testGCOutOfMemory TEST-PASS | testGCOutOfMemory | ok testTracingIncomingCCWs TEST-UNEXPECTED-FAIL | testTracingIncomingCCWs | Failed to initialize. testGCHeapPostBarriers TEST-UNEXPECTED-FAIL | testGCHeapPostBarriers | Failed to initialize. testGCFinalizeCallback TEST-UNEXPECTED-FAIL | testGCFinalizeCallback | Failed to initialize. testGCHandleVector TEST-UNEXPECTED-FAIL | testGCHandleVector | Failed to initialize. testTraceableFifo TEST-UNEXPECTED-FAIL | testTraceableFifo | Failed to initialize. testGCRootedVector TEST-UNEXPECTED-FAIL | testGCRootedVector | Failed to initialize. testGCHandleHashMap TEST-UNEXPECTED-FAIL | testGCHandleHashMap | Failed to initialize. testGCRootedHashMap TEST-UNEXPECTED-FAIL | testGCRootedHashMap | Failed to initialize. testGCPersistentRootedTraceableCannotOutliveRuntime TEST-UNEXPECTED-FAIL | testGCPersistentRootedTraceableCannotOutliveRuntime | Failed to initialize. testGCPersistentRootedOutlivesRuntime TEST-UNEXPECTED-FAIL | testGCPersistentRootedOutlivesRuntime | Failed to initialize. testGCRootedStaticStructInternalStackStorageAugmented TEST-UNEXPECTED-FAIL | testGCRootedStaticStructInternalStackStorageAugmented | Failed to initialize. testGCSuppressions TEST-UNEXPECTED-FAIL | testGCSuppressions | Failed to initialize. testGCExactRooting TEST-UNEXPECTED-FAIL | testGCExactRooting | Failed to initialize. testGCChunkPool TEST-UNEXPECTED-FAIL | testGCChunkPool | Failed to initialize. testGCCellPtr TEST-UNEXPECTED-FAIL | testGCCellPtr | Failed to initialize. testGCAllocator TEST-UNEXPECTED-FAIL | testGCAllocator | Failed to initialize. testFunctionProperties TEST-UNEXPECTED-FAIL | testFunctionProperties | Failed to initialize. testRedefineGlobalEval TEST-UNEXPECTED-FAIL | testRedefineGlobalEval | Failed to initialize. testForwardSetProperty TEST-UNEXPECTED-FAIL | testForwardSetProperty | Failed to initialize. testForceLexicalInitialization TEST-UNEXPECTED-FAIL | testForceLexicalInitialization | Failed to initialize. testForOfIterator_bug515273_part2 TEST-UNEXPECTED-FAIL | testForOfIterator_bug515273_part2 | Failed to initialize. testForOfIterator_bug515273_part1 TEST-UNEXPECTED-FAIL | testForOfIterator_bug515273_part1 | Failed to initialize. testForOfIterator_basicNonIterable TEST-UNEXPECTED-FAIL | testForOfIterator_basicNonIterable | Failed to initialize. testFindSCCsStackLimit TEST-UNEXPECTED-FAIL | testFindSCCsStackLimit | Failed to initialize. testFindSCCs TEST-UNEXPECTED-FAIL | testFindSCCs | Failed to initialize. testExternalStrings TEST-UNEXPECTED-FAIL | testExternalStrings | Failed to initialize. testException_bug860435 TEST-UNEXPECTED-FAIL | testException_bug860435 | Failed to initialize. testErrorCopying_columnCopied TEST-UNEXPECTED-FAIL | testErrorCopying_columnCopied | Failed to initialize. test_enclosingFunction TEST-UNEXPECTED-FAIL | test_enclosingFunction | Failed to initialize. testDifferentNewTargetInvokeConstructor TEST-UNEXPECTED-FAIL | testDifferentNewTargetInvokeConstructor | Failed to initialize. testDefinePropertyIgnoredAttributes TEST-UNEXPECTED-FAIL | testDefinePropertyIgnoredAttributes | Failed to initialize. testDefineProperty_bug564344 TEST-UNEXPECTED-FAIL | testDefineProperty_bug564344 | Failed to initialize. testDefineGetterSetterNonEnumerable TEST-UNEXPECTED-FAIL | testDefineGetterSetterNonEnumerable | Failed to initialize. testDeepFreeze_loop TEST-UNEXPECTED-FAIL | testDeepFreeze_loop | Failed to initialize. testDeepFreeze_deep TEST-UNEXPECTED-FAIL | testDeepFreeze_deep | Failed to initialize. testDeepFreeze_bug535703 TEST-UNEXPECTED-FAIL | testDeepFreeze_bug535703 | Failed to initialize. testDebugger_newScriptHook TEST-UNEXPECTED-FAIL | testDebugger_newScriptHook | Failed to initialize. testDateToLocaleString TEST-UNEXPECTED-FAIL | testDateToLocaleString | Failed to initialize. testContexts_bug563735 TEST-UNEXPECTED-FAIL | testContexts_bug563735 | Failed to initialize. testContexts_IsRunning TEST-UNEXPECTED-FAIL | testContexts_IsRunning | Failed to initialize. test_cloneScriptWithPrincipals TEST-UNEXPECTED-FAIL | test_cloneScriptWithPrincipals | Failed to initialize. test_cloneScript TEST-UNEXPECTED-FAIL | test_cloneScript | Failed to initialize. testClassGetter_isCalled TEST-UNEXPECTED-FAIL | testClassGetter_isCalled | Failed to initialize. testChromeBuffer TEST-UNEXPECTED-FAIL | testChromeBuffer | Failed to initialize. test_CallNonGenericMethodOnProxy TEST-UNEXPECTED-FAIL | test_CallNonGenericMethodOnProxy | Failed to initialize. testBug604087 TEST-UNEXPECTED-FAIL | testBug604087 | Failed to initialize. testArrayBufferView_type TEST-UNEXPECTED-FAIL | testArrayBufferView_type | Failed to initialize. testArrayBuffer_bug720949_viewList TEST-UNEXPECTED-FAIL | testArrayBuffer_bug720949_viewList | Failed to initialize. testArrayBuffer_bug720949_steal TEST-UNEXPECTED-FAIL | testArrayBuffer_bug720949_steal | Failed to initialize. testArgumentsObject TEST-UNEXPECTED-FAIL | testArgumentsObject | Failed to initialize. testAddPropertyHook TEST-UNEXPECTED-FAIL | testAddPropertyHook | Failed to initialize. selfTest_NaNsAreSame TEST-UNEXPECTED-FAIL | selfTest_NaNsAreSame | Failed to initialize. testAssemblerBuffer_AssemblerBufferWithConstantPools_ShortBranch TEST-UNEXPECTED-FAIL | testAssemblerBuffer_AssemblerBufferWithConstantPools_ShortBranch | Failed to initialize. testAssemblerBuffer_AssemblerBufferWithConstantPools TEST-UNEXPECTED-FAIL | testAssemblerBuffer_AssemblerBufferWithConstantPools | Failed to initialize. testAssemblerBuffer_BranchDeadlineSet TEST-UNEXPECTED-FAIL | testAssemblerBuffer_BranchDeadlineSet | Failed to initialize. testAssemblerBuffer_AssemblerBuffer TEST-UNEXPECTED-FAIL | testAssemblerBuffer_AssemblerBuffer | Failed to initialize. testAssemblerBuffer_BufferOffset TEST-UNEXPECTED-FAIL | testAssemblerBuffer_BufferOffset | Failed to initialize. 173 unexpected failures.
(In reply to Tooru Fujisawa [:arai] from comment #6) > If this is really a duplicate of bug 1143022, the issue is not yet fixed in > SpiderMonkey. > Just for confirmation, you're using 48 bit virtual addresses, right? > I don't know much about it tho, is there any way to switch to 47 bit? There is a simple way, which consist to mmap all the pages which are not supposed to be allocatable. You might have issues with the stack, thus you might have to relocate the stack with a setjump/longjmp (even if I don't think we ever pack stack pointers in Values). This would caused false reports in the virtual memory used by the program, but should have no impact as long as you do not commit the pages, by writing in them.
(In reply to Tooru Fujisawa [:arai] from comment #6) > If this is really a duplicate of bug 1143022, the issue is not yet fixed in > SpiderMonkey. > Just for confirmation, you're using 48 bit virtual addresses, right? > I don't know much about it tho, is there any way to switch to 47 bit? Thanks for the hint. Yes, the machine we use does have 48 bit on as indicating in the boot config as follows. CONFIG_ARM64_VA_BITS_48=y CONFIG_ARM64_VA_BITS=48 Turn the 48 bit off does help but we are wondering if there's any side effect.
Summary: ARM/AARACH64: Javascript engine crash → ARM/AARCH64: Javascript engine crash
Hardware: ARM → ARM64
47-bit address space bug 1143022 has been fixed. Resolving this bug as a duplicate as per comment 3 and comment 6.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.