Closed Bug 1250400 Opened 8 years ago Closed 6 years ago

ARM/AARCH64: Javascript engine crash

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.8 Branch
Platform:
ARM64
Linux
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1143022

People

(Reporter: panny.wang, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36

Steps to reproduce:

Download the source code of mozjs from http://archive.ubuntu.com/ubuntu/pool/universe/m/mozjs/mozjs_1.8.5-1.0.0+dfsg.orig.tar.gz

Compile the source with debug mode on our arm machine running on Linux arm64 4.2.0-19.20-generic #23+thunder.2-Ubuntu SMP Wed Dec 2 18:41:32 UTC 2015 aarch64 aarch64 aarch64 GNU/Linux 

Execute the command 'jsapi-tests'  and got core dumped


Actual results:

root@arm64:~/tmp/mozjs-1.8.5-1.0.0+dfsg/js/src# ./jsapi-tests/jsapi-tests 
testCustomIterator_bug612523
Assertion failure: (objBits >> JSVAL_TAG_SHIFT) == 0, at jsval.h:706
Aborted (core dumped)


root@arm64:~/tmp/mozjs-1.8.5-1.0.0+dfsg/js/src# gdb jsapi-tests/jsapi-tests 
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from jsapi-tests/jsapi-tests...done.
(gdb) run
Starting program: /mnt/root/tmp/mozjs-1.8.5-1.0.0+dfsg/js/src/jsapi-tests/jsapi-tests 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
testCustomIterator_bug612523
Assertion failure: (objBits >> JSVAL_TAG_SHIFT) == 0, at jsval.h:706

Program received signal SIGABRT, Aborted.
0x0000ffffb7fb903c in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
37      ../nptl/sysdeps/unix/sysv/linux/pt-raise.c: No such file or directory.
(gdb) bt
#0  0x0000ffffb7fb903c in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
#1  0x00000000005ccd80 in JS_Assert (s=0x609b88 "(objBits >> JSVAL_TAG_SHIFT) == 0", file=0x609ab8 "jsval.h", ln=706) at jsutil.cpp:83
#2  0x0000000000413ab8 in OBJECT_TO_JSVAL_IMPL (obj=0xffffb7703090) at jsval.h:706
#3  0x00000000004340bc in js::Value::setObject (this=0xfffffffff388, obj=...) at jsvalue.h:380
#4  0x000000000041430c in js::ObjectValue (obj=...) at jsvalue.h:805
#5  0x000000000042b490 in JS_NewGlobalObject (cx=0x6b8cc0, clasp=0x695280 <JSAPITest::basicGlobalClass()::c>) at jsapi.cpp:3080
#6  0x000000000042b588 in JS_NewCompartmentAndGlobalObject (cx=0x6b8cc0, clasp=0x695280 <JSAPITest::basicGlobalClass()::c>, principals=0x0)
    at jsapi.cpp:3098
#7  0x0000000000405160 in JSAPITest::createGlobal (this=0x6a2b90 <cls_testCustomIterator_bug612523_instance>) at tests.h:296
#8  0x0000000000404874 in JSAPITest::init (this=0x6a2b90 <cls_testCustomIterator_bug612523_instance>) at tests.h:134
#9  0x00000000004035bc in main (argc=1, argv=0xfffffffff658) at tests.cpp:62
Severity: normal → blocker
OS: Unspecified → Linux
Hardware: Unspecified → ARM
SpiderMonkey 1.8.5 is way too old.
Can you test with SpiderMonkey 38.2.1 rc0 [1] or mozilla-central [2]?

also, as the assertion failure mentions JSVAL_TAG_SHIFT, it might be related to bug 1143022.

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Releases/38
[2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Build_Documentation
Flags: needinfo?(panny.wang)
Hi Tooru,

Because of using CouchDB 1.5.0, the SpiderMonkey 1.8.5 is the suggested one. Thus, we are focusing on it.
Is there any way, we can back port the patch to SpiderMonkey 1.8.5 if bug 1143022 does fixed.

Thanks
Flags: needinfo?(panny.wang)
The problem is in the allocator that is linked to SpiderMonkey.  SpiderMonkey is doing some boxing which assumes that the high bits of pointers are always zeros.  So, technically this should work, as the problem is easier to fix outside SpiderMonkey.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
I've download the source from SpiderMonkey 38.2.1 rc0 [1] or mozilla-central [2]. But I still got the same result? Is there any patch I have to applied to before compile the source?

The patch in bug 910845 looks not suitable for the current source of mozilla-central. The function "MapMemory()" looks different in the patch and the current source of mozilla-central
compile the source from mozilla-central and run the jsapi-test

Program received signal SIGSEGV, Segmentation fault.
0x000000000043f6fc in OBJECT_TO_JSVAL_IMPL (obj=0xffffa9e22060) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:864
864         MOZ_ASSERT((objBits >> JSVAL_TAG_SHIFT) == 0);
(gdb) bt full
#0  0x000000000043f6fc in OBJECT_TO_JSVAL_IMPL (obj=0xffffa9e22060)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:864
        l = {asBits = 281474976706448, debugView = {payload47 = 140737488351120, tag = 1}, s = {payload = {i32 = -4208, u32 = 4294963088, 
              why = 4294963088}}, asDouble = 1.3906711615462106e-309, asPtr = 0xffffffffef90, asWord = 281474976706448, asUIntPtr = 281474976706448}
        objBits = 281473531912288
#1  0x0000000000440eb4 in JS::Value::setObject (this=0xffffffffefc8, obj=...)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:1098
No locals.
#2  0x0000000000c21dbc in JS::ObjectValue (obj=...) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/dist/include/js/Value.h:1536
        v = {data = {asBits = 281474976706552, debugView = {payload47 = 140737488351224, tag = 1}, s = {payload = {i32 = -4104, u32 = 4294963192, 
                why = 4294963192}}, asDouble = 1.3906711615467244e-309, asPtr = 0xffffffffeff8, asWord = 281474976706552, asUIntPtr = 281474976706552}}
#3  0x0000000000c2c3b4 in js::ClonedBlockObject::create (cx=0xffffb7a61800, block=..., enclosing=...)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/ScopeObject.cpp:956
        group = {<js::RootedBase<js::ObjectGroup*>> = {<No data fields>}, stack = 0xffffb7a61838, prev = 0x0, ptr = 0xffffa9e1f0d0}
        shape = {<js::RootedBase<js::Shape*>> = {<No data fields>}, stack = 0xffffb7a61848, prev = 0x0, ptr = 0xffffa9e21060}
        allocKind = js::gc::OBJECT2_BACKGROUND
        obj = {<js::RootedBase<js::NativeObject*>> = {<No data fields>}, stack = 0xffffb7a61830, prev = 0xfffffffff0d0, ptr = 0xffffa9e23070}
        res = 0xfffff050
#4  0x0000000000c2c604 in js::ClonedBlockObject::createGlobal (cx=0xffffb7a61800, global=...)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/ScopeObject.cpp:987
        staticLexical = {<js::RootedBase<js::StaticBlockScope*>> = {<No data fields>}, stack = 0xffffb7a61830, prev = 0xfffffffff150, ptr = 0xffffa9e23040}
        lexical = {<js::RootedBase<js::ClonedBlockObject*>> = {<No data fields>}, stack = 0xffffa9e23040, prev = 0xfffffffff150, ptr = 0xfffffffff138}
#5  0x0000000000ac4a80 in js::GlobalObject::createInternal (cx=0xffffb7a61800, clasp=0x1d585d0 <JSRuntime::createSelfHostingGlobal(JSContext*)::shgClass>)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/GlobalObject.cpp:291
        obj = 0xffffa9e22060
        global = {<js::RootedBase<js::GlobalObject*>> = {<No data fields>}, stack = 0xffffb7a61830, prev = 0x0, ptr = 0xffffa9e22060}
        lexical = {<js::RootedBase<js::ClonedBlockObject*>> = {<No data fields>}, stack = 0xffffa9e22060, prev = 0xffffb7a61800, ptr = 0xfffffffff1c8}
#6  0x0000000000c3d63c in JSRuntime::createSelfHostingGlobal (cx=0xffffb7a61800)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/SelfHosting.cpp:2071
        shgClass = {name = 0x1236168 "self-hosting-global", flags = 177664, addProperty = 0x0, delProperty = 0x0, getProperty = 0x0, setProperty = 0x0, 
          enumerate = 0x0, resolve = 0x0, mayResolve = 0x0, finalize = 0x0, call = 0x0, hasInstance = 0x0, construct = 0x0, trace = 0x8dc6bc
     <JS_GlobalObjectTraceHook(JSTracer*, JSObject*)>, spec = {createConstructor_ = 0x0, createPrototype_ = 0x0, constructorFunctions_ = 0x0, 
            constructorProperties_ = 0x0, prototypeFunctions_ = 0x0, prototypeProperties_ = 0x0, finishInit_ = 0x0, flags = 0, static ParentKeyWidth = 6, 
            static ParentKeyMask = 63, static DontDefineConstructor = 64, static IsDelegated = 128}, ext = {isWrappedNative = false, 
            weakmapKeyDelegateOp = 0x0, objectMovedOp = 0x0}, ops = {lookupProperty = 0x0, defineProperty = 0x0, hasProperty = 0x0, getProperty = 0x0, 
            setProperty = 0x0, getOwnPropertyDescriptor = 0x0, deleteProperty = 0x0, watch = 0x0, unwatch = 0x0, getElements = 0x0, enumerate = 0x0, 
            funToString = 0x0}, static NON_NATIVE = 262144}
        ac = {cx_ = 0xffffb7a61800, origin_ = 0x0}
        options = {creationOptions_ = {addonId_ = 0x0, traceGlobal_ = 0x0, zone_ = {spec = JS::FreshZone, pointer = 0xffff00000000}, 
            invisibleToDebugger_ = false, mergeable_ = false, preserveJitCode_ = false, cloneSingletons_ = false, 
            experimentalDateTimeFormatFormatToPartsEnabled_ = false, sharedMemoryAndAtomics_ = false}, behaviors_ = {version_ = JSVERSION_UNKNOWN, 
            discardSource_ = true, disableLazyParsing_ = false, extraWarningsOverride_ = {mode_ = JS::CompartmentBehaviors::Override::Default}, 
            singletonsAsTemplates_ = true}}
        compartment = 0xffffb7a14800
        shg = {<js::RootedBase<js::GlobalObject*>> = {<No data fields>}, stack = 0xffffb7a905d0, prev = 0xfffffffff200, ptr = 0x975bc8
     <JS::AutoDisableGenerationalGC::AutoDisableGenerationalGC(JSRuntime*)+44>}
#7  0x0000000000c3d818 in JSRuntime::initSelfHosting (this=0xffffb7a90000, cx=0xffffb7a61800)
---Type <return> to continue, or q <return> to quit---
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/vm/SelfHosting.cpp:2103
        ac = {cx_ = 0xfffffffff2f0, oldCompartment_ = 0xffffa9e1e070, _mCheckNotUsedAsTemporary = {mStatementDone = 32}}
        rv = {<js::RootedBase<JS::Value>> = {<js::MutableValueOperations<JS::Rooted<JS::Value> >> = {<js::ValueOperations<JS::Rooted<JS::Value> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0xffffa9efffe8, prev = 0xfffffffff300, ptr = {data = {asBits = 5760576, debugView = {
                payload47 = 5760576, tag = 0}, s = {payload = {i32 = 5760576, u32 = 5760576, why = 5760576}}, asDouble = 2.8461027018575847e-317, 
              asPtr = 0x57e640 <js::ImmutableTenuredPtr<JS::Symbol*>::init(JS::Symbol*)+24>, asWord = 5760576, asUIntPtr = 5760576}}}
        ok = false
        disable = {gc = 0xffffb7a90430}
        shg = {<js::RootedBase<js::GlobalObject*>> = {<No data fields>}, stack = 0x57b0c4 <JSRuntime::initializeAtoms(JSContext*)+1076>, 
          prev = 0xfffffffff2e0, ptr = 0x4326ec <js::gc::Cell::isTenured() const+20>}
        options = {<JS::ReadOnlyCompileOptions> = {<JS::TransitiveCompileOptions> = {_vptr.TransitiveCompileOptions = 0xfffffffff301, mutedErrors_ = 112, 
              filename_ = 0xfffffffff320 "\220\363\377\377\377\377", 
              introducerFilename_ = 0x57b0fc <JSRuntime::initializeAtoms(JSContext*)+1132> "\240'", <incomplete sequence \371>, 
              sourceMapURL_ = 0xffffa9e1e070 u"\003", version = -1213919368, versionSet = 255, utf8 = 255, selfHostingMode = false, canLazilyParse = false, 
              strictOption = 144, extraWarningsOption = 243, werrorOption = 255, asmJSOption = (JS::Disabled | JS::DisabledByDebugger | unknown: 252), 
              throwOnAsmJSValidationFailureOption = 255, forceAsync = 255, installedFile = false, sourceIsLazy = false, 
              introductionType = 0x8ebf44 <js::NewContext(JSRuntime*, unsigned long)+180> "\240\277", introductionLineno = 0, introductionOffset = 0, 
              hasIntroductionInfo = false}, lineno = 65535, column = 3081115648, isRunOnce = 255, forEval = 255, noScriptRval = false}, 
          elementRoot = {<js::RootedBase<JSObject*>> = {<No data fields>}, stack = 0xffffb7a90000, prev = 0xffffb7a61800, ptr = 0xffffa9f12a60}, 
          elementAttributeNameRoot = {<js::RootedBase<JSString*>> = {<No data fields>}, stack = 0x14c, prev = 0x4, ptr = 0xffffa9e1d640}, 
          introductionScriptRoot = {<js::RootedBase<JSScript*>> = {<No data fields>}, stack = 0xffffa9f128b0, prev = 0xffffb7a50f60, ptr = 0xffffa9e1e070}}
        oldReporter = 0xfffffffff2a0
        filename = 0xc92dec
     <JS::Symbol::new_(js::ExclusiveContext*, JS::SymbolCode, JSString*)+240> "\340\003\023\252\363\v@\371\375{Ȩ\300\003_\326\375{\267\251\375\003"
#8  0x00000000008ebf60 in js::NewContext (rt=0xffffb7a90000, stackChunkSize=8192)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jscntxt.cpp:121
        ok = true
        cx = 0xffffb7a61800
        cxCallback = 0xffffb7a90000
#9  0x00000000008d9374 in JS_NewContext (rt=0xffffb7a90000, stackChunkSize=8192) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi.cpp:574
No locals.
#10 0x0000000000433e50 in JSAPITest::createContext (this=0x1d6edc8 <cls_testXDR_sourceMap_instance>)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi-tests/tests.h:306
No locals.
#11 0x000000000050933c in JSAPITest::init (this=0x1d6edc8 <cls_testXDR_sourceMap_instance>)
    at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi-tests/tests.cpp:21
No locals.
#12 0x00000000005099b4 in main (argc=1, argv=0xfffffffff608) at /mnt/root/temp/mozilla/mozilla-central-5b2baa5e9356/js/src/jsapi-tests/tests.cpp:118
        name = 0x1138fb0 "testXDR_sourceMap"
        test = 0x1d6edc8 <cls_testXDR_sourceMap_instance>
        total = 1
        failures = 0
        filter = 0x0
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
If this is really a duplicate of bug 1143022, the issue is not yet fixed in SpiderMonkey.
Just for confirmation, you're using 48 bit virtual addresses, right?
I don't know much about it tho, is there any way to switch to 47 bit?
Tried to add the define for aarch64 according to comment #3 of bug 1143022 as follows.
> We have a check for this at [1] (and [2]). It sounds like those #ifdefs need
> to be updated to include 64-bit ARM.
> 
> [1] https://dxr.mozilla.org/mozilla-central/source/js/src/gc/Memory.cpp#405
> [2] https://dxr.mozilla.org/mozilla-central/source/js/src/gc/Memory.cpp#382

compile the source from mozilla-central and run the jsapi-test:

# ./dist/bin/jsapi-tests 
testXDR_sourceMap
TEST-UNEXPECTED-FAIL | testXDR_sourceMap | Failed to initialize.
testXDR_source
TEST-UNEXPECTED-FAIL | testXDR_source | Failed to initialize.
testXDR_bug516827
TEST-UNEXPECTED-FAIL | testXDR_bug516827 | Failed to initialize.
testXDR_bug506491
TEST-UNEXPECTED-FAIL | testXDR_bug506491 | Failed to initialize.
testWeakMap_keyDelegates
TEST-UNEXPECTED-FAIL | testWeakMap_keyDelegates | Failed to initialize.
testWeakMap_basicOperations
TEST-UNEXPECTED-FAIL | testWeakMap_basicOperations | Failed to initialize.
testWasmLEB128_invalid_decoding
TEST-UNEXPECTED-FAIL | testWasmLEB128_invalid_decoding | Failed to initialize.
testWasmLEB128_valid_decoding
TEST-UNEXPECTED-FAIL | testWasmLEB128_valid_decoding | Failed to initialize.
testWasmLEB128_encoding
TEST-UNEXPECTED-FAIL | testWasmLEB128_encoding | Failed to initialize.
testUncaughtError
TEST-UNEXPECTED-FAIL | testUncaughtError | Failed to initialize.
test_JS_ubi_ShortestPaths_multiple_edges_to_target
TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_multiple_edges_to_target | Failed to initialize.
test_JS_ubi_ShortestPaths_more_paths_than_max
TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_more_paths_than_max | Failed to initialize.
test_JS_ubi_ShortestPaths_multiple_paths
TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_multiple_paths | Failed to initialize.
test_JS_ubi_ShortestPaths_one_path
TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_one_path | Failed to initialize.
test_JS_ubi_ShortestPaths_no_path
TEST-UNEXPECTED-FAIL | test_JS_ubi_ShortestPaths_no_path | Failed to initialize.
test_JS_ubi_Node_scriptFilename
TEST-UNEXPECTED-FAIL | test_JS_ubi_Node_scriptFilename | Failed to initialize.
test_JS_ubi_DominatorTree
TEST-UNEXPECTED-FAIL | test_JS_ubi_DominatorTree | Failed to initialize.
test_ubiPostOrder
TEST-UNEXPECTED-FAIL | test_ubiPostOrder | Failed to initialize.
test_ubiCoarseType
TEST-UNEXPECTED-FAIL | test_ubiCoarseType | Failed to initialize.
test_ubiStackFrame
TEST-UNEXPECTED-FAIL | test_ubiStackFrame | Failed to initialize.
test_ubiNodeJSObjectConstructorName
TEST-UNEXPECTED-FAIL | test_ubiNodeJSObjectConstructorName | Failed to initialize.
test_ubiNodeCompartment
TEST-UNEXPECTED-FAIL | test_ubiNodeCompartment | Failed to initialize.
test_ubiNodeZone
TEST-UNEXPECTED-FAIL | test_ubiNodeZone | Failed to initialize.
testUTF8_badSurrogate
TEST-UNEXPECTED-FAIL | testUTF8_badSurrogate | Failed to initialize.
testUTF8_bigUTF8
TEST-UNEXPECTED-FAIL | testUTF8_bigUTF8 | Failed to initialize.
testUTF8_badUTF8
TEST-UNEXPECTED-FAIL | testUTF8_badUTF8 | Failed to initialize.
testTypedArrays
TEST-UNEXPECTED-FAIL | testTypedArrays | Failed to initialize.
testToUint64Large
TEST-UNEXPECTED-FAIL | testToUint64Large | Failed to initialize.
testToUint32Large
TEST-UNEXPECTED-FAIL | testToUint32Large | Failed to initialize.
testToInt8
TEST-UNEXPECTED-FAIL | testToInt8 | Failed to initialize.
testToUint8TwiceUint8Range
TEST-UNEXPECTED-FAIL | testToUint8TwiceUint8Range | Failed to initialize.
testSymbol_GetWellKnownSymbol
TEST-UNEXPECTED-FAIL | testSymbol_GetWellKnownSymbol | Failed to initialize.
testSymbol_GetSymbolFor
TEST-UNEXPECTED-FAIL | testSymbol_GetSymbolFor | Failed to initialize.
testSymbol_New
TEST-UNEXPECTED-FAIL | testSymbol_New | Failed to initialize.
testStructuredClone_SavedFrame
TEST-UNEXPECTED-FAIL | testStructuredClone_SavedFrame | Failed to initialize.
testStructuredClone_string
TEST-UNEXPECTED-FAIL | testStructuredClone_string | Failed to initialize.
testStructuredClone_object
TEST-UNEXPECTED-FAIL | testStructuredClone_object | Failed to initialize.
testStringBuffer_finishString
TEST-UNEXPECTED-FAIL | testStringBuffer_finishString | Failed to initialize.
testBug795104
TEST-UNEXPECTED-FAIL | testBug795104 | Failed to initialize.
testSetPropertyIgnoringNamedGetter_direct
TEST-UNEXPECTED-FAIL | testSetPropertyIgnoringNamedGetter_direct | Failed to initialize.
testSetProperty_InheritedGlobalSetter
TEST-UNEXPECTED-FAIL | testSetProperty_InheritedGlobalSetter | Failed to initialize.
testSetProperty_NativeGetterStubSetter
TEST-UNEXPECTED-FAIL | testSetProperty_NativeGetterStubSetter | Failed to initialize.
bug438633_JS_CompileFileHandleForPrincipals
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFileHandleForPrincipals | Failed to initialize.
bug438633_JS_CompileFileHandle_empty
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFileHandle_empty | Failed to initialize.
bug438633_JS_CompileFileHandle
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFileHandle | Failed to initialize.
bug438633_JS_CompileFile_empty
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFile_empty | Failed to initialize.
bug438633_JS_CompileFile
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileFile | Failed to initialize.
bug438633_JS_CompileUCScriptForPrincipals
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileUCScriptForPrincipals | Failed to initialize.
bug438633_JS_CompileUCScript_empty
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileUCScript_empty | Failed to initialize.
bug438633_JS_CompileUCScript
TEST-UNEXPECTED-FAIL | bug438633_JS_CompileUCScript | Failed to initialize.
bug438633_CompileScriptForPrincipals
TEST-UNEXPECTED-FAIL | bug438633_CompileScriptForPrincipals | Failed to initialize.
bug438633_CompileScript_empty
TEST-UNEXPECTED-FAIL | bug438633_CompileScript_empty | Failed to initialize.
bug438633_CompileScript
TEST-UNEXPECTED-FAIL | bug438633_CompileScript | Failed to initialize.
testScriptInfo
TEST-UNEXPECTED-FAIL | testScriptInfo | Failed to initialize.
testSavedStacks_selfHostedFrames
TEST-UNEXPECTED-FAIL | testSavedStacks_selfHostedFrames | Failed to initialize.
testSavedStacks_RangeBasedForLoops
TEST-UNEXPECTED-FAIL | testSavedStacks_RangeBasedForLoops | Failed to initialize.
testSavedStacks_ApiDefaultValues
TEST-UNEXPECTED-FAIL | testSavedStacks_ApiDefaultValues | Failed to initialize.
testSavedStacks_withNoStack
TEST-UNEXPECTED-FAIL | testSavedStacks_withNoStack | Failed to initialize.
testSameValue
TEST-UNEXPECTED-FAIL | testSameValue | Failed to initialize.
testResolveRecursion_InitStandardClasses
TEST-UNEXPECTED-FAIL | testResolveRecursion_InitStandardClasses | Failed to initialize.
testResolveRecursion
TEST-UNEXPECTED-FAIL | testResolveRecursion | Failed to initialize.
testGetRegExpSource
TEST-UNEXPECTED-FAIL | testGetRegExpSource | Failed to initialize.
testGetRegExpFlags
TEST-UNEXPECTED-FAIL | testGetRegExpFlags | Failed to initialize.
testObjectIsRegExp
TEST-UNEXPECTED-FAIL | testObjectIsRegExp | Failed to initialize.
testPropCache_bug505798
TEST-UNEXPECTED-FAIL | testPropCache_bug505798 | Failed to initialize.
testProfileStrings_worksWhenEnabledOnTheFly
TEST-UNEXPECTED-FAIL | testProfileStrings_worksWhenEnabledOnTheFly | Failed to initialize.
testProfileStrings_isCalledWhenError
TEST-UNEXPECTED-FAIL | testProfileStrings_isCalledWhenError | Failed to initialize.
testProfileStrings_isCalledWithJIT
TEST-UNEXPECTED-FAIL | testProfileStrings_isCalledWithJIT | Failed to initialize.
testProfileStrings_isCalledWithInterpreter
TEST-UNEXPECTED-FAIL | testProfileStrings_isCalledWithInterpreter | Failed to initialize.
test_PreserveJitCode
TEST-UNEXPECTED-FAIL | test_PreserveJitCode | Failed to initialize.
test_GlobalPersistentRooted
TEST-UNEXPECTED-FAIL | test_GlobalPersistentRooted | Failed to initialize.
test_PersistentRootedAssign
TEST-UNEXPECTED-FAIL | test_PersistentRootedAssign | Failed to initialize.
test_PersistentRootedCopy
TEST-UNEXPECTED-FAIL | test_PersistentRootedCopy | Failed to initialize.
test_PersistentRootedNull
TEST-UNEXPECTED-FAIL | test_PersistentRootedNull | Failed to initialize.
test_PersistentRooted
TEST-UNEXPECTED-FAIL | test_PersistentRooted | Failed to initialize.
testParseJSON_reviver
TEST-UNEXPECTED-FAIL | testParseJSON_reviver | Failed to initialize.
testParseJSON_error
TEST-UNEXPECTED-FAIL | testParseJSON_error | Failed to initialize.
testParseJSON_success
TEST-UNEXPECTED-FAIL | testParseJSON_success | Failed to initialize.
testObjectEmulatingUndefined_equal
TEST-UNEXPECTED-FAIL | testObjectEmulatingUndefined_equal | Failed to initialize.
testObjectEmulatingUndefined_truthy
TEST-UNEXPECTED-FAIL | testObjectEmulatingUndefined_truthy | Failed to initialize.
testNewRuntime
TEST-UNEXPECTED-FAIL | testNewRuntime | Failed to initialize.
testOOM
TEST-UNEXPECTED-FAIL | testOOM | Failed to initialize.
testNullRoot
TEST-UNEXPECTED-FAIL | testNullRoot | Failed to initialize.
testNewTargetInvokeConstructor
TEST-UNEXPECTED-FAIL | testNewTargetInvokeConstructor | Failed to initialize.
testNewObject_1
TEST-UNEXPECTED-FAIL | testNewObject_1 | Failed to initialize.
testMutedErrors
TEST-UNEXPECTED-FAIL | testMutedErrors | Failed to initialize.
testMappedArrayBuffer_bug945152
TEST-UNEXPECTED-FAIL | testMappedArrayBuffer_bug945152 | Failed to initialize.
test_undef_leq_null
TEST-UNEXPECTED-FAIL | test_undef_leq_null | Failed to initialize.
test_null_leq_undef
TEST-UNEXPECTED-FAIL | test_null_leq_undef | Failed to initialize.
test_nz_leq_pz
TEST-UNEXPECTED-FAIL | test_nz_leq_pz | Failed to initialize.
test_pz_leq_nz
TEST-UNEXPECTED-FAIL | test_pz_leq_nz | Failed to initialize.
test_leq_same_nums
TEST-UNEXPECTED-FAIL | test_leq_same_nums | Failed to initialize.
test_all_nleq_nan
TEST-UNEXPECTED-FAIL | test_all_nleq_nan | Failed to initialize.
test_nan_nleq_all
TEST-UNEXPECTED-FAIL | test_nan_nleq_all | Failed to initialize.
test_null_leq_null
TEST-UNEXPECTED-FAIL | test_null_leq_null | Failed to initialize.
test_undef_leq_undef
TEST-UNEXPECTED-FAIL | test_undef_leq_undef | Failed to initialize.
testLookup_bug570195
TEST-UNEXPECTED-FAIL | testLookup_bug570195 | Failed to initialize.
testLookup_bug522590
TEST-UNEXPECTED-FAIL | testLookup_bug522590 | Failed to initialize.
testJSEvaluateScript
TEST-UNEXPECTED-FAIL | testJSEvaluateScript | Failed to initialize.
testIsInsideNursery
TEST-UNEXPECTED-FAIL | testIsInsideNursery | Failed to initialize.
testIntlAvailableLocales
TEST-UNEXPECTED-FAIL | testIntlAvailableLocales | Failed to initialize.
testPinAcrossGC
TEST-UNEXPECTED-FAIL | testPinAcrossGC | Failed to initialize.
testAtomizedIsNotPinned
TEST-UNEXPECTED-FAIL | testAtomizedIsNotPinned | Failed to initialize.
testIntTypesABI
TEST-UNEXPECTED-FAIL | testIntTypesABI | Failed to initialize.
testIntString_bug515273
TEST-UNEXPECTED-FAIL | testIntString_bug515273 | Failed to initialize.
testStringToPropertyName
TEST-UNEXPECTED-FAIL | testStringToPropertyName | Failed to initialize.
testStringIsIndex
TEST-UNEXPECTED-FAIL | testStringIsIndex | Failed to initialize.
testIndexToString
TEST-UNEXPECTED-FAIL | testIndexToString | Failed to initialize.
testHashMapLookupWithDefaultOOM
TEST-UNEXPECTED-FAIL | testHashMapLookupWithDefaultOOM | Failed to initialize.
testHashSetOfMoveOnlyType
TEST-UNEXPECTED-FAIL | testHashSetOfMoveOnlyType | Failed to initialize.
testHashRekeyManualRemoval
TEST-UNEXPECTED-FAIL | testHashRekeyManualRemoval | Failed to initialize.
testHashRekeyManual
TEST-UNEXPECTED-FAIL | testHashRekeyManual | Failed to initialize.
test_GetPropertyDescriptor
TEST-UNEXPECTED-FAIL | test_GetPropertyDescriptor | Failed to initialize.
testGCWeakRef
TEST-UNEXPECTED-FAIL | testGCWeakRef | Failed to initialize.
testGCUID
TEST-UNEXPECTED-FAIL | testGCUID | Failed to initialize.
testGCStoreBufferRemoval
TEST-UNEXPECTED-FAIL | testGCStoreBufferRemoval | Failed to initialize.
testGCOutOfMemory
TEST-PASS | testGCOutOfMemory | ok
testTracingIncomingCCWs
TEST-UNEXPECTED-FAIL | testTracingIncomingCCWs | Failed to initialize.
testGCHeapPostBarriers
TEST-UNEXPECTED-FAIL | testGCHeapPostBarriers | Failed to initialize.
testGCFinalizeCallback
TEST-UNEXPECTED-FAIL | testGCFinalizeCallback | Failed to initialize.
testGCHandleVector
TEST-UNEXPECTED-FAIL | testGCHandleVector | Failed to initialize.
testTraceableFifo
TEST-UNEXPECTED-FAIL | testTraceableFifo | Failed to initialize.
testGCRootedVector
TEST-UNEXPECTED-FAIL | testGCRootedVector | Failed to initialize.
testGCHandleHashMap
TEST-UNEXPECTED-FAIL | testGCHandleHashMap | Failed to initialize.
testGCRootedHashMap
TEST-UNEXPECTED-FAIL | testGCRootedHashMap | Failed to initialize.
testGCPersistentRootedTraceableCannotOutliveRuntime
TEST-UNEXPECTED-FAIL | testGCPersistentRootedTraceableCannotOutliveRuntime | Failed to initialize.
testGCPersistentRootedOutlivesRuntime
TEST-UNEXPECTED-FAIL | testGCPersistentRootedOutlivesRuntime | Failed to initialize.
testGCRootedStaticStructInternalStackStorageAugmented
TEST-UNEXPECTED-FAIL | testGCRootedStaticStructInternalStackStorageAugmented | Failed to initialize.
testGCSuppressions
TEST-UNEXPECTED-FAIL | testGCSuppressions | Failed to initialize.
testGCExactRooting
TEST-UNEXPECTED-FAIL | testGCExactRooting | Failed to initialize.
testGCChunkPool
TEST-UNEXPECTED-FAIL | testGCChunkPool | Failed to initialize.
testGCCellPtr
TEST-UNEXPECTED-FAIL | testGCCellPtr | Failed to initialize.
testGCAllocator
TEST-UNEXPECTED-FAIL | testGCAllocator | Failed to initialize.
testFunctionProperties
TEST-UNEXPECTED-FAIL | testFunctionProperties | Failed to initialize.
testRedefineGlobalEval
TEST-UNEXPECTED-FAIL | testRedefineGlobalEval | Failed to initialize.
testForwardSetProperty
TEST-UNEXPECTED-FAIL | testForwardSetProperty | Failed to initialize.
testForceLexicalInitialization
TEST-UNEXPECTED-FAIL | testForceLexicalInitialization | Failed to initialize.
testForOfIterator_bug515273_part2
TEST-UNEXPECTED-FAIL | testForOfIterator_bug515273_part2 | Failed to initialize.
testForOfIterator_bug515273_part1
TEST-UNEXPECTED-FAIL | testForOfIterator_bug515273_part1 | Failed to initialize.
testForOfIterator_basicNonIterable
TEST-UNEXPECTED-FAIL | testForOfIterator_basicNonIterable | Failed to initialize.
testFindSCCsStackLimit
TEST-UNEXPECTED-FAIL | testFindSCCsStackLimit | Failed to initialize.
testFindSCCs
TEST-UNEXPECTED-FAIL | testFindSCCs | Failed to initialize.
testExternalStrings
TEST-UNEXPECTED-FAIL | testExternalStrings | Failed to initialize.
testException_bug860435
TEST-UNEXPECTED-FAIL | testException_bug860435 | Failed to initialize.
testErrorCopying_columnCopied
TEST-UNEXPECTED-FAIL | testErrorCopying_columnCopied | Failed to initialize.
test_enclosingFunction
TEST-UNEXPECTED-FAIL | test_enclosingFunction | Failed to initialize.
testDifferentNewTargetInvokeConstructor
TEST-UNEXPECTED-FAIL | testDifferentNewTargetInvokeConstructor | Failed to initialize.
testDefinePropertyIgnoredAttributes
TEST-UNEXPECTED-FAIL | testDefinePropertyIgnoredAttributes | Failed to initialize.
testDefineProperty_bug564344
TEST-UNEXPECTED-FAIL | testDefineProperty_bug564344 | Failed to initialize.
testDefineGetterSetterNonEnumerable
TEST-UNEXPECTED-FAIL | testDefineGetterSetterNonEnumerable | Failed to initialize.
testDeepFreeze_loop
TEST-UNEXPECTED-FAIL | testDeepFreeze_loop | Failed to initialize.
testDeepFreeze_deep
TEST-UNEXPECTED-FAIL | testDeepFreeze_deep | Failed to initialize.
testDeepFreeze_bug535703
TEST-UNEXPECTED-FAIL | testDeepFreeze_bug535703 | Failed to initialize.
testDebugger_newScriptHook
TEST-UNEXPECTED-FAIL | testDebugger_newScriptHook | Failed to initialize.
testDateToLocaleString
TEST-UNEXPECTED-FAIL | testDateToLocaleString | Failed to initialize.
testContexts_bug563735
TEST-UNEXPECTED-FAIL | testContexts_bug563735 | Failed to initialize.
testContexts_IsRunning
TEST-UNEXPECTED-FAIL | testContexts_IsRunning | Failed to initialize.
test_cloneScriptWithPrincipals
TEST-UNEXPECTED-FAIL | test_cloneScriptWithPrincipals | Failed to initialize.
test_cloneScript
TEST-UNEXPECTED-FAIL | test_cloneScript | Failed to initialize.
testClassGetter_isCalled
TEST-UNEXPECTED-FAIL | testClassGetter_isCalled | Failed to initialize.
testChromeBuffer
TEST-UNEXPECTED-FAIL | testChromeBuffer | Failed to initialize.
test_CallNonGenericMethodOnProxy
TEST-UNEXPECTED-FAIL | test_CallNonGenericMethodOnProxy | Failed to initialize.
testBug604087
TEST-UNEXPECTED-FAIL | testBug604087 | Failed to initialize.
testArrayBufferView_type
TEST-UNEXPECTED-FAIL | testArrayBufferView_type | Failed to initialize.
testArrayBuffer_bug720949_viewList
TEST-UNEXPECTED-FAIL | testArrayBuffer_bug720949_viewList | Failed to initialize.
testArrayBuffer_bug720949_steal
TEST-UNEXPECTED-FAIL | testArrayBuffer_bug720949_steal | Failed to initialize.
testArgumentsObject
TEST-UNEXPECTED-FAIL | testArgumentsObject | Failed to initialize.
testAddPropertyHook
TEST-UNEXPECTED-FAIL | testAddPropertyHook | Failed to initialize.
selfTest_NaNsAreSame
TEST-UNEXPECTED-FAIL | selfTest_NaNsAreSame | Failed to initialize.
testAssemblerBuffer_AssemblerBufferWithConstantPools_ShortBranch
TEST-UNEXPECTED-FAIL | testAssemblerBuffer_AssemblerBufferWithConstantPools_ShortBranch | Failed to initialize.
testAssemblerBuffer_AssemblerBufferWithConstantPools
TEST-UNEXPECTED-FAIL | testAssemblerBuffer_AssemblerBufferWithConstantPools | Failed to initialize.
testAssemblerBuffer_BranchDeadlineSet
TEST-UNEXPECTED-FAIL | testAssemblerBuffer_BranchDeadlineSet | Failed to initialize.
testAssemblerBuffer_AssemblerBuffer
TEST-UNEXPECTED-FAIL | testAssemblerBuffer_AssemblerBuffer | Failed to initialize.
testAssemblerBuffer_BufferOffset
TEST-UNEXPECTED-FAIL | testAssemblerBuffer_BufferOffset | Failed to initialize.

173 unexpected failures.
(In reply to Tooru Fujisawa [:arai] from comment #6)
> If this is really a duplicate of bug 1143022, the issue is not yet fixed in
> SpiderMonkey.
> Just for confirmation, you're using 48 bit virtual addresses, right?
> I don't know much about it tho, is there any way to switch to 47 bit?

There is a simple way, which consist to mmap all the pages which are not supposed to be allocatable.  You might have issues with the stack, thus you might have to relocate the stack with a setjump/longjmp (even if I don't think we ever pack stack pointers in Values).

This would caused false reports in the virtual memory used by the program, but should have no impact as long as you do not commit the pages, by writing in them.
(In reply to Tooru Fujisawa [:arai] from comment #6)
> If this is really a duplicate of bug 1143022, the issue is not yet fixed in
> SpiderMonkey.
> Just for confirmation, you're using 48 bit virtual addresses, right?
> I don't know much about it tho, is there any way to switch to 47 bit?

Thanks for the hint.
Yes, the machine we use does have 48 bit on as indicating in the boot config as follows.
 CONFIG_ARM64_VA_BITS_48=y
 CONFIG_ARM64_VA_BITS=48

Turn the 48 bit off does help but we are wondering if there's any side effect.
Summary: ARM/AARACH64: Javascript engine crash → ARM/AARCH64: Javascript engine crash
Hardware: ARM → ARM64
47-bit address space bug 1143022 has been fixed. Resolving this bug as a duplicate as per comment 3 and comment 6.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.