Closed Bug 1405156 Opened 7 years ago Closed 7 years ago

fsanitize=enum (ubsan) runtime error for js::jit::ABIArgType

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla58

Tracking Flags:

Tracking

Status

firefox58

---

fixed

People

(Reporter: arthur, Assigned: arthur)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor])

Attachments

(1 file)

0001-Bug-1405156-Fix-ubsan-runtime-error-for-js-jit-ABIAr.patch 7 years ago Arthur Edelstein [:arthur] 1.28 KB, patch	bbouvier : review+	Details \| Diff \| Splinter Review

Arthur Edelstein [:arthur]

Assignee

Description

•

7 years ago

When I run clang -fsanitize=enum on linux64-asan automated tests, I see errors like the following (with stack trace):

[task 2017-10-02T07:15:55.652Z] 07:15:55     INFO - TEST-START | dom/asmjscache/test/test_cachingBasic.html
[task 2017-10-02T07:15:57.716Z] 07:15:57     INFO - GECKO(1255) | /builds/worker/workspace/build/src/js/src/jit/MacroAssembler.h:2329:13: runtime error: load of value 18, which is not a valid value for type 'js::jit::ABIArgType'
[task 2017-10-02T07:15:57.738Z] 07:15:57     INFO - GECKO(1255) |     #0 0x7fba7d93e6b1 in ToMIRType /builds/worker/workspace/build/src/js/src/jit/MacroAssembler.h:2329:13
[task 2017-10-02T07:15:57.740Z] 07:15:57     INFO - GECKO(1255) |     #1 0x7fba7d93e6b1 in operator[] /builds/worker/workspace/build/src/js/src/wasm/WasmStubs.cpp:950
[task 2017-10-02T07:15:57.745Z] 07:15:57     INFO - GECKO(1255) |     #2 0x7fba7d93e6b1 in js::jit::ABIArgIter<ABIFunctionArgs>::settle() /builds/worker/workspace/build/src/js/src/jit/MacroAssembler.h:2346
[task 2017-10-02T07:15:57.747Z] 07:15:57     INFO - GECKO(1255) |     #3 0x7fba7d8bf978 in ABIArgIter /builds/worker/workspace/build/src/js/src/jit/MacroAssembler.h:2349:69
[task 2017-10-02T07:15:57.749Z] 07:15:57     INFO - GECKO(1255) |     #4 0x7fba7d8bf978 in StackArgBytes<ABIFunctionArgs> /builds/worker/workspace/build/src/js/src/wasm/WasmStubs.cpp:67
[task 2017-10-02T07:15:57.753Z] 07:15:57     INFO - GECKO(1255) |     #5 0x7fba7d8bf978 in StackDecrementForCall<ABIFunctionArgs> /builds/worker/workspace/build/src/js/src/wasm/WasmStubs.cpp:78
[task 2017-10-02T07:15:57.755Z] 07:15:57     INFO - GECKO(1255) |     #6 0x7fba7d8bf978 in js::wasm::GenerateBuiltinThunk(js::jit::MacroAssembler&, js::jit::ABIFunctionType, js::wasm::ExitReason, void*, js::wasm::CallableOffsets*) /builds/worker/workspace/build/src/js/src/wasm/WasmStubs.cpp:961
[task 2017-10-02T07:15:57.776Z] 07:15:57     INFO - GECKO(1255) |     #7 0x7fba7d77f069 in js::wasm::EnsureBuiltinThunksInitialized() /builds/worker/workspace/build/src/js/src/wasm/WasmBuiltins.cpp:840:14
[task 2017-10-02T07:15:57.777Z] 07:15:57     INFO - GECKO(1255) |     #8 0x7fba7d786ed4 in StaticallyLink /builds/worker/workspace/build/src/js/src/wasm/WasmCode.cpp:97:10
[task 2017-10-02T07:15:57.779Z] 07:15:57     INFO - GECKO(1255) |     #9 0x7fba7d786ed4 in js::wasm::CodeSegment::initialize(js::wasm::Tier, mozilla::UniquePtr<unsigned char, js::wasm::CodeSegment::FreeCode>, unsigned int, js::wasm::ShareableBytes const&, js::wasm::LinkDataTier const&, js::wasm::Metadata const&) /builds/worker/workspace/build/src/js/src/wasm/WasmCode.cpp:278
[task 2017-10-02T07:15:57.782Z] 07:15:57     INFO - GECKO(1255) |     #10 0x7fba7d78621e in js::wasm::CodeSegment::create(js::wasm::Tier, mozilla::UniquePtr<unsigned char, js::wasm::CodeSegment::FreeCode>, unsigned int, js::wasm::ShareableBytes const&, js::wasm::LinkDataTier const&, js::wasm::Metadata const&) /builds/worker/workspace/build/src/js/src/wasm/WasmCode.cpp:252:14
[task 2017-10-02T07:15:57.786Z] 07:15:57     INFO - GECKO(1255) |     #11 0x7fba7d785efb in js::wasm::CodeSegment::create(js::wasm::Tier, js::jit::MacroAssembler&, js::wasm::ShareableBytes const&, js::wasm::LinkDataTier const&, js::wasm::Metadata const&) /builds/worker/workspace/build/src/js/src/wasm/WasmCode.cpp:210:12
[task 2017-10-02T07:15:57.829Z] 07:15:57     INFO - GECKO(1255) |     #12 0x7fba7d7fd525 in js::wasm::ModuleGenerator::finishCodeSegment(js::wasm::ShareableBytes const&) /builds/worker/workspace/build/src/js/src/wasm/WasmGenerator.cpp:950:12
[task 2017-10-02T07:15:57.832Z] 07:15:57     INFO - GECKO(1255) |     #13 0x7fba7d7fd6b5 in js::wasm::ModuleGenerator::finishModule(js::wasm::ShareableBytes const&) /builds/worker/workspace/build/src/js/src/wasm/WasmGenerator.cpp:978:42
[task 2017-10-02T07:15:57.854Z] 07:15:57     INFO - GECKO(1255) |     #14 0x7fba7d6d0ac2 in ModuleValidator::finish() /builds/worker/workspace/build/src/js/src/wasm/AsmJS.cpp:2490:19
[task 2017-10-02T07:15:57.857Z] 07:15:57     INFO - GECKO(1255) |     #15 0x7fba7d678b25 in CheckModule(JSContext*, js::frontend::Parser<js::frontend::FullParseHandler, char16_t>&, js::frontend::ParseNode*, unsigned int*) /builds/worker/workspace/build/src/js/src/wasm/AsmJS.cpp:7469:29
[task 2017-10-02T07:15:57.861Z] 07:15:57     INFO - GECKO(1255) |     #16 0x7fba7d667a8b in js::CompileAsmJS(JSContext*, js::frontend::Parser<js::frontend::FullParseHandler, char16_t>&, js::frontend::ParseNode*, bool*) /builds/worker/workspace/build/src/js/src/wasm/AsmJS.cpp:8769:18
[task 2017-10-02T07:15:57.879Z] 07:15:57     INFO - GECKO(1255) |     #17 0x7fba7db6d751 in asmJS /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:4075:10
[task 2017-10-02T07:15:57.881Z] 07:15:57     INFO - GECKO(1255) |     #18 0x7fba7db6d751 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::maybeParseDirective(js::frontend::ParseNode*, js::frontend::ParseNode*, bool*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:4160
[task 2017-10-02T07:15:57.883Z] 07:15:57     INFO - GECKO(1255) |     #19 0x7fba7db3ff4c in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::statementList(js::frontend::YieldHandling) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:4223:18
[task 2017-10-02T07:15:57.885Z] 07:15:57     INFO - GECKO(1255) |     #20 0x7fba7db67571 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::functionBody(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::FunctionSyntaxKind, js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::FunctionBodyType) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:2735:14
[task 2017-10-02T07:15:57.895Z] 07:15:57     INFO - GECKO(1255) |     #21 0x7fba7db632a1 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::functionFormalParametersAndBody(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::ParseNode*, js::frontend::FunctionSyntaxKind, mozilla::Maybe<unsigned int> const&, bool) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:3819:16
[task 2017-10-02T07:15:57.900Z] 07:15:57     INFO - GECKO(1255) |     #22 0x7fba7db619b9 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::innerFunction(js::frontend::ParseNode*, js::frontend::ParseContext*, js::frontend::FunctionBox*, unsigned int, js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::FunctionSyntaxKind, js::frontend::Directives, js::frontend::Directives*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:3601:10
[task 2017-10-02T07:15:57.908Z] 07:15:57     INFO - GECKO(1255) |     #23 0x7fba7dbb2c71 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::innerFunction(js::frontend::ParseNode*, js::frontend::ParseContext*, JS::Handle<JSFunction*>, unsigned int, js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::FunctionSyntaxKind, js::GeneratorKind, js::FunctionAsyncKind, bool, js::frontend::Directives, js::frontend::Directives*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:3630:10
[task 2017-10-02T07:15:57.917Z] 07:15:57     INFO - GECKO(1255) |     #24 0x7fba7db9f05e in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::trySyntaxParseInnerFunction(js::frontend::ParseNode*, JS::Handle<JSFunction*>, unsigned int, js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::FunctionSyntaxKind, js::GeneratorKind, js::FunctionAsyncKind, bool, js::frontend::Directives, js::frontend::Directives*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:3561:12
[task 2017-10-02T07:15:57.920Z] 07:15:57     INFO - GECKO(1255) |     #25 0x7fba7db6be5b in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::functionDefinition(js::frontend::ParseNode*, unsigned int, js::frontend::InHandling, js::frontend::YieldHandling, JS::Handle<JSAtom*>, js::frontend::FunctionSyntaxKind, js::GeneratorKind, js::FunctionAsyncKind, bool) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:3459:13
[task 2017-10-02T07:15:57.921Z] 07:15:57     INFO - GECKO(1255) |     #26 0x7fba7db4a157 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::functionStmt(unsigned int, js::frontend::YieldHandling, js::frontend::DefaultHandling, js::FunctionAsyncKind) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:3964:12
[task 2017-10-02T07:15:57.929Z] 07:15:57     INFO - GECKO(1255) |     #27 0x7fba7db45910 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::statementListItem(js::frontend::YieldHandling, bool) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:7809:24
[task 2017-10-02T07:15:57.930Z] 07:15:57     INFO - GECKO(1255) |     #28 0x7fba7db3fe5d in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::statementList(js::frontend::YieldHandling) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:4203:21
[task 2017-10-02T07:15:57.932Z] 07:15:57     INFO - GECKO(1255) |     #29 0x7fba7dc1e755 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::globalBody(js::frontend::GlobalSharedContext*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:2245:23
[task 2017-10-02T07:15:57.949Z] 07:15:57     INFO - GECKO(1255) |     #30 0x7fba7d13a65a in BytecodeCompiler::compileScript(JS::Handle<JSObject*>, js::frontend::SharedContext*) /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:348:26
[task 2017-10-02T07:15:57.951Z] 07:15:57     INFO - GECKO(1255) |     #31 0x7fba7d13ec6f in compileGlobalScript /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:394:12
[task 2017-10-02T07:15:57.953Z] 07:15:57     INFO - GECKO(1255) |     #32 0x7fba7d13ec6f in js::frontend::CompileGlobalScript(JSContext*, js::LifoAlloc&, js::ScopeKind, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, js::ScriptSourceObject**) /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:592
[task 2017-10-02T07:15:57.955Z] 07:15:57     INFO - GECKO(1255) |     #33 0x7fba7d35f896 in js::ScriptParseTask::parse(JSContext*) /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:505:24
[task 2017-10-02T07:15:57.971Z] 07:15:57     INFO - GECKO(1255) |     #34 0x7fba7d36c728 in js::HelperThread::handleParseWorkload(js::AutoLockHelperThreadState&) /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:1984:15
[task 2017-10-02T07:15:57.973Z] 07:15:57     INFO - GECKO(1255) |     #35 0x7fba7d36ada7 in js::HelperThread::threadLoop() /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:2270:13
[task 2017-10-02T07:15:57.975Z] 07:15:57     INFO - GECKO(1255) |     #36 0x7fba7d374475 in callMain<0> /builds/worker/workspace/build/src/js/src/threading/Thread.h:234:5
[task 2017-10-02T07:15:57.977Z] 07:15:57     INFO - GECKO(1255) |     #37 0x7fba7d374475 in js::detail::ThreadTrampoline<void (&)(void*), js::HelperThread*>::Start(void*) /builds/worker/workspace/build/src/js/src/threading/Thread.h:227
[task 2017-10-02T07:15:57.979Z] 07:15:57     INFO - GECKO(1255) |     #38 0x7fba90b8d6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2017-10-02T07:15:57.982Z] 07:15:57     INFO - GECKO(1255) |     #39 0x7fba8fc163dc in clone /build/glibc-bfm8X4/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Arthur Edelstein [:arthur]

Assignee

Updated

•

7 years ago

Blocks: 1404547

Arthur Edelstein [:arthur]

Assignee

Comment 1

•

7 years ago

Attached patch 0001-Bug-1405156-Fix-ubsan-runtime-error-for-js-jit-ABIAr.patch — Details — Splinter Review

try results:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=89882c1c5243&selectedJob=134528150
(third patch from top; talos failures are presumably unrelated)

Attachment #8914594 - Flags: review?(bbouvier)

Benjamin Bouvier [:bbouvier] (inactive)

Comment 2

•

7 years ago

Comment on attachment 8914594 [details] [diff] [review]
0001-Bug-1405156-Fix-ubsan-runtime-error-for-js-jit-ABIAr.patch

Review of attachment 8914594 [details] [diff] [review]:
-----------------------------------------------------------------

That looks indeed better, thank you for the patch!

Attachment #8914594 - Flags: review?(bbouvier) → review+

Benjamin Bouvier [:bbouvier] (inactive)

Updated

•

7 years ago

Blocks: 1284975

Benjamin Bouvier [:bbouvier] (inactive)

Updated

•

7 years ago

Assignee: nobody → arthuredelstein

Status: NEW → ASSIGNED

Arthur Edelstein [:arthur]

Assignee

Comment 3

•

7 years ago

Thanks for the review!

Keywords: checkin-needed

Pulsebot

Comment 4

•

7 years ago

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1693c7ab7478
Fix ubsan runtime error for js::jit::ABIArgType. r=bbouvier

Keywords: checkin-needed

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 5

•

7 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/1693c7ab7478

Status: ASSIGNED → RESOLVED

Closed: 7 years ago

status-firefox58: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla58

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

fsanitize=enum (ubsan) runtime error for js::jit::ABIArgType

Categories

(Core :: JavaScript Engine: JIT, defect)

Tracking

()

People

(Reporter: arthur, Assigned: arthur)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Updated

Updated

Comment 3

Comment 4

Comment 5

Attachment

General

Description

File Name

Content Type