1432332 - UBsan: value is outside the range of representable values of type 'int' in /include/mozilla/FloatingPoint.h:348

Status: RESOLVED DUPLICATE of bug 744965

(Core :: MFBT, defect, P1)

Description

[Tyson Smith [:tsmith]]

This is triggered on startup when built with -fsanitize=float-cast-overflow

changeset: 400160:20e194b34185

/objdir-ff-ubsan/dist/include/mozilla/FloatingPoint.h:348:39: runtime error: 9.0072e+15 is outside the range of representable values of type 'int'
    #0 0x7fb9692afa00 in NumberEqualsInt32<double> /objdir-ff-ubsan/dist/include/mozilla/FloatingPoint.h:348:39
    #1 0x7fb9692afa00 in NumberIsInt32<double> /objdir-ff-ubsan/dist/include/mozilla/FloatingPoint.h:362
    #2 0x7fb9692afa00 in js::frontend::BytecodeEmitter::emitNumberOp(double) /js/src/frontend/BytecodeEmitter.cpp:4366
    #3 0x7fb9692ad54f in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10913:14
    #4 0x7fb9692cdbaf in js::frontend::BytecodeEmitter::emitCallOrNew(js::frontend::ParseNode*, js::frontend::ValueUsage) /js/src/frontend/BytecodeEmitter.cpp:9281:18
    #5 0x7fb9692ad25c in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10844:14
    #6 0x7fb9692c83e8 in js::frontend::BytecodeEmitter::emitReturn(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:8207:14
    #7 0x7fb9692ad80f in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10660:14
    #8 0x7fb9692ca756 in js::frontend::BytecodeEmitter::emitStatementList(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:8659:14
    #9 0x7fb9692ad6c0 in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10690:14
    #10 0x7fb9692bfa67 in js::frontend::BytecodeEmitter::emitLexicalScope(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:6797:16
    #11 0x7fb9692ad900 in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10849:14
    #12 0x7fb9692d3e7b in js::frontend::BytecodeEmitter::emitFunctionBody(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:10282:10
    #13 0x7fb9692d2413 in js::frontend::BytecodeEmitter::emitFunctionFormalParametersAndBody(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:10094:10
    #14 0x7fb9692ad754 in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10600:14
    #15 0x7fb96929525a in js::frontend::BytecodeEmitter::emitFunctionScript(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:4944:10
    #16 0x7fb9692c3b8a in js::frontend::BytecodeEmitter::emitFunction(js::frontend::ParseNode*, bool) /js/src/frontend/BytecodeEmitter.cpp:7786:23
    #17 0x7fb9692ad7f5 in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10595:14
    #18 0x7fb9692ca756 in js::frontend::BytecodeEmitter::emitStatementList(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:8659:14
    #19 0x7fb9692ad6c0 in js::frontend::BytecodeEmitter::emitTree(js::frontend::ParseNode*, js::frontend::ValueUsage, js::frontend::BytecodeEmitter::EmitLineNumberNote) /js/src/frontend/BytecodeEmitter.cpp:10690:14
    #20 0x7fb969292d2c in js::frontend::BytecodeEmitter::emitScript(js::frontend::ParseNode*) /js/src/frontend/BytecodeEmitter.cpp:4882:14
    #21 0x7fb969292443 in BytecodeCompiler::compileScript(JS::Handle<JSObject*>, js::frontend::SharedContext*) /js/src/frontend/BytecodeCompiler.cpp:345:27
    #22 0x7fb9692933c9 in BytecodeCompiler::compileGlobalScript(js::ScopeKind) /js/src/frontend/BytecodeCompiler.cpp:379:12
    #23 0x7fb969295782 in js::frontend::CompileGlobalScript(JSContext*, js::LifoAlloc&, js::ScopeKind, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, js::ScriptSourceObject**) /js/src/frontend/BytecodeCompiler.cpp:577:21
    #24 0x7fb968fb8e63 in Evaluate(JSContext*, js::ScopeKind, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, JS::MutableHandle<JS::Value>) /js/src/jsapi.cpp:4797:29
    #25 0x7fb968fb897d in JS::Evaluate(JSContext*, JS::ReadOnlyCompileOptions const&, char const*, unsigned long, JS::MutableHandle<JS::Value>) /js/src/jsapi.cpp:4842:15
    #26 0x7fb96957f787 in JSRuntime::initSelfHosting(JSContext*) /js/src/vm/SelfHosting.cpp:2793:10
    #27 0x7fb968f90d4d in JS::InitSelfHostedCode(JSContext*) /js/src/jsapi.cpp:622:14
    #28 0x7fb95c0dab98 in nsXPConnect::InitStatics() /js/xpconnect/src/nsXPConnect.cpp:137:10
    #29 0x7fb95c03a058 in xpcModuleCtor() /js/xpconnect/src/XPCModule.cpp:13:5
    #30 0x7fb963eba9f7 in Initialize() /layout/build/nsLayoutModule.cpp:311:8
    #31 0x7fb9591ed2f9 in nsComponentManagerImpl::KnownModule::Load() /xpcom/components/nsComponentManager.cpp:763:21
    #32 0x7fb9591ee7e2 in nsFactoryEntry::GetFactory() /xpcom/components/nsComponentManager.cpp:1785:19
    #33 0x7fb9591efc79 in nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) /xpcom/components/nsComponentManager.cpp:1083:41
    #34 0x7fb9591e7b4d in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) /xpcom/components/nsComponentManager.cpp:1446:10
    #35 0x7fb9591f601c in nsGetServiceByContractID::operator()(nsID const&, void**) const /xpcom/components/nsComponentManagerUtils.cpp:280:21
    #36 0x7fb95902a014 in nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID const&) /xpcom/base/nsCOMPtr.cpp:95:7
    #37 0x7fb959303e11 in NS_InitXPCOM2 /xpcom/build/XPCOMInit.cpp:700:5
    #38 0x7fb968019fe6 in ScopedXPCOMStartup::Initialize() /toolkit/xre/nsAppRunner.cpp:1567:8
    #39 0x7fb96802cc4c in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /toolkit/xre/nsAppRunner.cpp:4837:22
    #40 0x7fb96802dc41 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /toolkit/xre/nsAppRunner.cpp:4933:21
    #41 0x518e1e in do_main(int, char**, char**) /browser/app/nsBrowserApp.cpp:231:22
    #42 0x5183ac in main /browser/app/nsBrowserApp.cpp:304:16
    #43 0x7fb98f92c1c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
    #44 0x420c99 in _start (/objdir-ff-ubsan/dist/bin/firefox+0x420c99)

Comment 1

[Jason Orendorff [:jorendorff]]

Jeff, please take a look!

Comment 2

[Jeff Walden [:Waldo]]

Already filed years ago, apparently even with a patch I wrote!  :-D  Tho dunno if the implementation approach in that patch is better or worse than doing it with inline assembly or so.