Closed Bug 1434726 Opened 2 years ago Closed 10 months ago

Early startup crash on Linux sparc64 in HashIIDPtrKey (Bus Error)

Categories

(Core :: XPConnect, defect, P2)

59 Branch
Other
All
defect

Tracking

()

RESOLVED FIXED
mozilla68
Tracking Status
firefox68 --- fixed

People

(Reporter: glaubitz, Assigned: petr.sumbera)

Details

(Keywords: crash)

Attachments

(2 files, 2 obsolete files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Build ID: 20180123231643

Steps to reproduce:

Firefox 59 built on Linux (Debian unstable) with rustc 1.25.0-dev:

glaubitz@deb4g:~$ uname -a
Linux deb4g 4.14.0-3-sparc64-smp #1 SMP Debian 4.14.12-2 (2018-01-06) sparc64 GNU/Linux
glaubitz@deb4g:~$ firefox --version
Mozilla Firefox 59.0
glaubitz@deb4g:~$

Crashes very early with bus error, no graphical output:

glaubitz@deb4g:~$ firefox --help
Usage: firefox [ options ... ] [URL]
       where options include:

X11 options
  --display=DISPLAY  X display to use
  --sync             Make X calls synchronous
  --g-fatal-warnings Make all warnings fatal

Firefox options
  -h or --help       Print this message.
  -v or --version    Print Firefox version.
  -P <profile>       Start with <profile>.
  --profile <path>   Start with profile at <path>.
  --migration        Start with migration wizard.
  --ProfileManager   Start with ProfileManager.
  --no-remote        Do not accept or send remote commands; implies
                     --new-instance.
  --new-instance     Open new instance, not a new window in running instance.
  --UILocale <locale> Start with <locale> resources as UI Locale.
  --safe-mode        Disables extensions and themes for this session.
  --headless         Run without a GUI.
Bus error
glaubitz@deb4g:~$

Backtrace in gdb:

glaubitz@deb4g:~$ gdb /usr/bin/firefox
GNU gdb (Debian 7.12-6+b1) 7.12.0.20161007-git                                                                                                                              
Copyright (C) 2016 Free Software Foundation, Inc.                                                                                                                           
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>                                                                                               
This is free software: you are free to change and redistribute it.                                                                                                          
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"                                                                                                  
and "show warranty" for details.
This GDB was configured as "sparc64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/firefox...Reading symbols from /usr/lib/debug/.build-id/57/f016f2995d43315f81892ee8e920f236dc07d2.debug...done.
done.
(gdb) r --help
Starting program: /usr/bin/firefox --help
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
Usage: /usr/bin/firefox [ options ... ] [URL]
       where options include:

X11 options
  --display=DISPLAY  X display to use
  --sync             Make X calls synchronous
  --g-fatal-warnings Make all warnings fatal

Firefox options
  -h or --help       Print this message.
  -v or --version    Print Firefox version.
  -P <profile>       Start with <profile>.
  --profile <path>   Start with profile at <path>.
  --migration        Start with migration wizard.
  --ProfileManager   Start with ProfileManager.
  --no-remote        Do not accept or send remote commands; implies
                     --new-instance.
  --new-instance     Open new instance, not a new window in running instance.
  --UILocale <locale> Start with <locale> resources as UI Locale.
  --safe-mode        Disables extensions and themes for this session.
  --headless         Run without a GUI.
[New Thread 0xfff800010d07f910 (LWP 209866)]
[New Thread 0xfff8000110bf9910 (LWP 209867)]
[Thread 0xfff8000110bf9910 (LWP 209867) exited]
[New Thread 0xfff8000110bf9910 (LWP 209868)]
[New Thread 0xfff8000111f09910 (LWP 209869)]
[New Thread 0xfff8000112709910 (LWP 209870)]
[New Thread 0xfff8000112f09910 (LWP 209871)]
[New Thread 0xfff8000113109910 (LWP 209872)]
[New Thread 0xfff8000113309910 (LWP 209873)]
[New Thread 0xfff8000113509910 (LWP 209874)]
[New Thread 0xfff8000113709910 (LWP 209875)]
[New Thread 0xfff8000113909910 (LWP 209876)]
[New Thread 0xfff8000113b09910 (LWP 209877)]
[New Thread 0xfff8000113d09910 (LWP 209878)]
[New Thread 0xfff8000113f09910 (LWP 209879)]
[New Thread 0xfff8000114109910 (LWP 209880)]
[New Thread 0xfff8000114309910 (LWP 209881)]
[New Thread 0xfff8000114509910 (LWP 209882)]
[New Thread 0xfff8000114709910 (LWP 209883)]
[New Thread 0xfff8000114f09910 (LWP 209884)]

Thread 1 "firefox" received signal SIGBUS, Bus error.
HashIIDPtrKey (key=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCMaps.cpp:26
26          return HashGeneric(*((uintptr_t*)key));
(gdb) bt
#0  0xfff8000106ff4e5c in HashIIDPtrKey(void const*) (key=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCMaps.cpp:26
#1  0xfff800010689d474 in PLDHashTable::ComputeKeyHash(void const*) (aKey=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>, this=0x7000026a2a0)
    at /srv/glaubitz/firefox-59.0~b4/xpcom/ds/PLDHashTable.cpp:519
#2  0xfff800010689d474 in PLDHashTable::Search(void const*) (this=this@entry=0x7000026a2a0, aKey=aKey@entry=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>) at /srv/glaubitz/firefox-59.0~b4/xpcom/ds/PLDHashTable.cpp:539
#3  0xfff8000107044788 in IID2NativeInterfaceMap::Find(nsID const&) (iid=..., this=0x7000026a2a0) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCMaps.h:237
#4  0xfff8000107044788 in XPCNativeInterface::GetNewOrUsed(nsID const*) (iid=iid@entry=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNativeInfo.cpp:128
#5  0xfff8000107024074 in XPCConvert::NativeInterface2JSObject(JS::MutableHandle<JS::Value>, xpcObjectHelper&, nsID const*, bool, nsresult*) (d=..., aHelper=..., iid=iid@entry=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>, allowNativeWrapper=allowNativeWrapper@entry=true, pErr=pErr@entry=0x7feffff8c0c)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCConvert.cpp:797
#6  0xfff800010702c6ac in NativeInterface2JSObject(JS::HandleObject, nsISupports*, nsWrapperCache*, nsIID const*, bool, JS::MutableHandleValue) (aScope=..., aCOMObj=aCOMObj@entry=0x700009ff820, aCache=aCache@entry=0x0, aIID=aIID@entry=0xfff800010a5962bc <nsIJSIID::COMTypeInfo<nsIJSIID, void>::kIID>, aAllowWrapping=aAllowWrapping@entry=true, aVal=...) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/nsXPConnect.cpp:603
#7  0xfff800010702c838 in nsXPConnect::WrapNative(JSContext*, JSObject*, nsISupports*, nsID const&, JSObject**) (this=0x700002f9fe0, aJSContext=aJSContext@entry=0x70000131000, aScopeArg=0x7000058b100, aCOMObj=aCOMObj@entry=0x700009ff820, aIID=..., aRetVal=aRetVal@entry=0x7feffff8ec0)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/nsXPConnect.cpp:626
#8  0xfff8000107020a90 in nsXPCComponents_Interfaces::Resolve(nsIXPConnectWrappedNative*, JSContext*, JSObject*, jsid, bool*, bool*) (this=<optimized out>, wrapper=<optimized out>, cx=0x70000131000, objArg=<optimized out>, idArg=..., resolvedp=0x7feffff8fcf, _retval=0x7feffff8fce)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCComponents.cpp:284
#9  0xfff800010704ced8 in XPC_WN_Helper_Resolve(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, bool*) (cx=0x70000131000, obj=..., id=..., resolvedp=0x7feffff9168)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:770
#10 0xfff80001099cc86c in js::CallResolveOp (recursedp=<synthetic pointer>, propp=..., id=..., obj=..., cx=0x70000131000)
    at /srv/glaubitz/firefox-59.0~b4/js/src/vm/NativeObject-inl.h:798
#11 0xfff80001099cc86c in js::LookupOwnPropertyInline<(js::AllowGC)1> (donep=<synthetic pointer>, propp=..., id=..., obj=..., cx=0x70000131000)
    at /srv/glaubitz/firefox-59.0~b4/js/src/vm/NativeObject-inl.h:870
#12 0xfff80001099cc86c in NativeGetPropertyInline<(js::AllowGC)1> (vp=..., nameLookup=NotNameLookup, id=..., receiver=..., obj=..., cx=0x70000131000)
    at /srv/glaubitz/firefox-59.0~b4/js/src/vm/NativeObject.cpp:2389
#13 0xfff80001099cc86c in js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) (cx=0x70000131000, obj=..., receiver=..., id=..., vp=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/NativeObject.cpp:2437
#14 0xfff80001096c65a0 in js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) (vp=..., id=..., receiver=..., obj=..., cx=0x70000131000) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/NativeObject.h:1620
#15 0xfff80001096c65a0 in js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::PropertyName*, JS::MutableHandle<JS::Value>) (vp=..., name=<optimized out>, receiver=..., obj=..., cx=0x70000131000) at /srv/glaubitz/firefox-59.0~b4/js/src/jsobj.h:804
#16 0xfff80001096c65a0 in js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) (cx=0x70000131000, v=..., name=..., vp=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:4405
#17 0xfff80001096d4f28 in GetPropertyOperation (vp=..., lval=..., pc=<optimized out>, script=..., fp=<optimized out>, cx=<optimized out>)
    at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:219
#18 0xfff80001096d4f28 in Interpret(JSContext*, js::RunState&) (cx=0x70000131000, state=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:2815
#19 0xfff80001096dfc34 in js::RunScript(JSContext*, js::RunState&) (cx=cx@entry=0x70000131000, state=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:423
#20 0xfff80001096e1bc4 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::AbstractFramePtr, JS::Value*) (cx=cx@entry=0x70000131000, script=..., envChainArg=..., newTargetValue=..., evalInFrame=..., result=result@entry=0x7feffff9a60) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:706
#21 0xfff80001096e2b58 in ExecuteInExtensibleLexicalEnvironment(JSContext*, JS::HandleScript, JS::HandleObject) (cx=cx@entry=0x70000131000, scriptArg=..., env=...)
---Type <return> to continue, or q <return> to quit---
    at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:462
#22 0xfff80001096e9a7c in js::ExecuteInJSMEnvironment(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::AutoObjectVector&) (cx=cx@entry=0x70000131000, scriptArg=..., varEnv=..., targetObj=...) at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:547
#23 0xfff80001096e9b8c in js::ExecuteInJSMEnvironment(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>) (cx=cx@entry=0x70000131000, scriptArg=..., varEnv=...)
    at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:505
#24 0xfff8000106fdf72c in mozJSComponentLoader::ObjectForLocation(ComponentLoaderInfo&, nsIFile*, JS::MutableHandle<JSObject*>, JS::MutableHandle<JSScript*>, char**, bool, JS::MutableHandle<JS::Value>) (this=this@entry=0x70000117300, aInfo=..., aComponentFile=<optimized out>, aObject=..., aTableScript=..., aLocation=aLocation@entry=0x700006f8c88, aPropagateExceptions=<optimized out>, aException=...) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:877
#25 0xfff8000106fe1178 in mozJSComponentLoader::ImportInto(nsTSubstring<char> const&, JS::Handle<JSObject*>, JSContext*, JS::MutableHandle<JSObject*>) (this=this@entry=0x70000117300, aLocation=..., targetObj=..., callercx=callercx@entry=0x70000131000, vp=...) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:1161
#26 0xfff8000106fe1d1c in mozJSComponentLoader::Import(nsTSubstring<char> const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) (this=this@entry=0x70000117300, registryLocation=..., targetValArg=..., cx=cx@entry=0x70000131000, optionalArgc=optionalArgc@entry=0 '\000', retval=...)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:972
#27 0xfff8000107023150 in nsXPCComponents_Utils::Import(nsTSubstring<char> const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) (this=0x700009d5120, registryLocation=..., targetObj=..., cx=0x70000131000, optionalArgc=<optimized out>, retval=...)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCComponents.cpp:2297
#28 0xfff8000106902ef4 in NS_InvokeByIndex () at /srv/glaubitz/firefox-59.0~b4/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_sparc64_openbsd.s:80
#29 0xfff800010703bbb0 in CallMethodHelper::Invoke() (this=0x7feffffa788) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNative.cpp:1948
#30 0xfff800010703bbb0 in CallMethodHelper::Call() (this=0x7feffffa788) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNative.cpp:1267
#31 0xfff800010703bbb0 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNative.cpp:1234
#32 0xfff8000107044008 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) (cx=0x70000131000, argc=<optimized out>, vp=0x7000080c130)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:929
#33 0xfff80001096e0058 in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (args=..., native=0xfff8000107043ddc <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, cx=0x70000131000) at /srv/glaubitz/firefox-59.0~b4/js/src/jscntxtinlines.h:291
#34 0xfff80001096e0058 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=0x70000131000, args=..., construct=<optimized out>)
    at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:473
#35 0xfff80001096d40f4 in js::CallFromStack(JSContext*, JS::CallArgs const&) (args=..., cx=<optimized out>) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:528
#36 0xfff80001096d40f4 in Interpret(JSContext*, js::RunState&) (cx=0x70000131000, state=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:3096
#37 0xfff80001096dfc34 in js::RunScript(JSContext*, js::RunState&) (cx=cx@entry=0x70000131000, state=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:423
#38 0xfff80001096e1bc4 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::AbstractFramePtr, JS::Value*) (cx=cx@entry=0x70000131000, script=..., envChainArg=..., newTargetValue=..., evalInFrame=..., result=result@entry=0x7feffffb2f0) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:706
#39 0xfff80001096e2b58 in ExecuteInExtensibleLexicalEnvironment(JSContext*, JS::HandleScript, JS::HandleObject) (cx=cx@entry=0x70000131000, scriptArg=..., env=...)
    at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:462
#40 0xfff80001096e9a7c in js::ExecuteInJSMEnvironment(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::AutoObjectVector&) (cx=cx@entry=0x70000131000, scriptArg=..., varEnv=..., targetObj=...) at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:547
#41 0xfff80001096e9b8c in js::ExecuteInJSMEnvironment(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>) (cx=cx@entry=0x70000131000, scriptArg=..., varEnv=...)
    at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:505
#42 0xfff8000106fdf72c in mozJSComponentLoader::ObjectForLocation(ComponentLoaderInfo&, nsIFile*, JS::MutableHandle<JSObject*>, JS::MutableHandle<JSScript*>, char**, bool, JS::MutableHandle<JS::Value>) (this=this@entry=0x70000117300, aInfo=..., aComponentFile=<optimized out>, aObject=..., aTableScript=..., aLocation=aLocation@entry=0x700006f8788, aPropagateExceptions=<optimized out>, aException=...) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:877
#43 0xfff8000106fe1178 in mozJSComponentLoader::ImportInto(nsTSubstring<char> const&, JS::Handle<JSObject*>, JSContext*, JS::MutableHandle<JSObject*>) (this=this@entry=0x70000117300, aLocation=..., targetObj=..., callercx=callercx@entry=0x70000131000, vp=...) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:1161
#44 0xfff8000106fe1d1c in mozJSComponentLoader::Import(nsTSubstring<char> const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) (this=this---Type <return> to continue, or q <return> to quit---
@entry=0x70000117300, registryLocation=..., targetValArg=..., cx=cx@entry=0x70000131000, optionalArgc=optionalArgc@entry=0 '\000', retval=...)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:972
#45 0xfff8000107023150 in nsXPCComponents_Utils::Import(nsTSubstring<char> const&, JS::Handle<JS::Value>, JSContext*, unsigned char, JS::MutableHandle<JS::Value>) (this=0x700009d5120, registryLocation=..., targetObj=..., cx=0x70000131000, optionalArgc=<optimized out>, retval=...)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCComponents.cpp:2297
#46 0xfff8000106902ef4 in NS_InvokeByIndex () at /srv/glaubitz/firefox-59.0~b4/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_sparc64_openbsd.s:80
#47 0xfff800010703bbb0 in CallMethodHelper::Invoke() (this=0x7feffffc018) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNative.cpp:1948
#48 0xfff800010703bbb0 in CallMethodHelper::Call() (this=0x7feffffc018) at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNative.cpp:1267
#49 0xfff800010703bbb0 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNative.cpp:1234
#50 0xfff8000107044008 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) (cx=0x70000131000, argc=<optimized out>, vp=0x7000080c090)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:929
#51 0xfff80001096e0058 in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (args=..., native=0xfff8000107043ddc <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, cx=0x70000131000) at /srv/glaubitz/firefox-59.0~b4/js/src/jscntxtinlines.h:291
#52 0xfff80001096e0058 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=0x70000131000, args=..., construct=<optimized out>)
    at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:473
#53 0xfff80001096d40f4 in js::CallFromStack(JSContext*, JS::CallArgs const&) (args=..., cx=<optimized out>) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:528
#54 0xfff80001096d40f4 in Interpret(JSContext*, js::RunState&) (cx=0x70000131000, state=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:3096
#55 0xfff80001096dfc34 in js::RunScript(JSContext*, js::RunState&) (cx=cx@entry=0x70000131000, state=...) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:423
#56 0xfff80001096e1bc4 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::AbstractFramePtr, JS::Value*) (cx=cx@entry=0x70000131000, script=..., envChainArg=..., newTargetValue=..., evalInFrame=..., result=result@entry=0x7feffffcb80) at /srv/glaubitz/firefox-59.0~b4/js/src/vm/Interpreter.cpp:706
#57 0xfff80001096e2b58 in ExecuteInExtensibleLexicalEnvironment(JSContext*, JS::HandleScript, JS::HandleObject) (cx=cx@entry=0x70000131000, scriptArg=..., env=...)
    at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:462
#58 0xfff80001096e9a7c in js::ExecuteInJSMEnvironment(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::AutoObjectVector&) (cx=cx@entry=0x70000131000, scriptArg=..., varEnv=..., targetObj=...) at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:547
#59 0xfff80001096e9b8c in js::ExecuteInJSMEnvironment(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>) (cx=cx@entry=0x70000131000, scriptArg=..., varEnv=...)
    at /srv/glaubitz/firefox-59.0~b4/js/src/builtin/Eval.cpp:505
#60 0xfff8000106fdf72c in mozJSComponentLoader::ObjectForLocation(ComponentLoaderInfo&, nsIFile*, JS::MutableHandle<JSObject*>, JS::MutableHandle<JSScript*>, char**, bool, JS::MutableHandle<JS::Value>) (this=this@entry=0x70000117300, aInfo=..., aComponentFile=aComponentFile@entry=
    0x7000019b100, aObject=..., aTableScript=..., aLocation=aLocation@entry=0x700006f8468, aPropagateExceptions=<optimized out>, aException=...)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:877
#61 0xfff8000106fe0200 in mozJSComponentLoader::LoadModule(mozilla::FileLocation&) (this=0x70000117300, aFile=...)
    at /srv/glaubitz/firefox-59.0~b4/js/xpconnect/loader/mozJSComponentLoader.cpp:397
#62 0xfff80001068cfcfc in nsComponentManagerImpl::KnownModule::Load() (this=0x700003f3cc0) at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManager.cpp:754
#63 0xfff80001068d04e8 in nsFactoryEntry::GetFactory() (this=0x700002f95e0) at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManager.cpp:1785
#64 0xfff80001068d0c40 in nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) (this=this@entry=0x700001f8100, aContractID=aContractID@entry=0x7000096c1d0 "@mozilla.org/remote/marionette;1", aDelegate=aDelegate@entry=0x0, aIID=..., aResult=0x7feffffd810, this=<optimized out>)
    at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManager.cpp:1083
#65 0xfff80001068d5fd4 in nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) (aResult=<optimized out>, aIID=..., aDelegate=0x0, aContractID=0x7000096c1d0 "@mozilla.org/remote/marionette;1", this=0x700001f8100, this=<optimized out>)
    at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManager.cpp:1059
#66 0xfff80001068d5fd4 in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) (this=0x700001f8100, aContractID=0x7000096c1d0 "@mozilla.org/remote/marionette;1", aIID=..., aResult=aResult@entry=0x7feffffd990) at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManager.cpp:1446
#67 0xfff80001068d64ac in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) (aResult=0x7feffffd990, aIID=..., aContractID=<optimized out>, th---Type <return> to continue, or q <return> to quit---
is=<optimized out>) at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManager.cpp:1367
#68 0xfff80001068d64ac in CallGetService(char const*, nsID const&, void**) (aResult=0x7feffffd990, aIID=..., aContractID=<optimized out>)
    at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManagerUtils.cpp:69
#69 0xfff80001068d64ac in nsGetServiceByContractID::operator()(nsID const&, void**) const (this=this@entry=0x7feffffda28, aIID=..., aInstancePtr=aInstancePtr@entry=0x7feffffd990) at /srv/glaubitz/firefox-59.0~b4/xpcom/components/nsComponentManagerUtils.cpp:280
#70 0xfff800010687106c in nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID const&) (this=this@entry=0x7feffffda98, aGS=..., aIID=...)
    at /srv/glaubitz/firefox-59.0~b4/xpcom/base/nsCOMPtr.cpp:95
#71 0xfff80001094a7e3c in nsCOMPtr<nsICommandLineHandler>::nsCOMPtr(nsGetServiceByContractID) (aGS=..., this=0x7feffffda98)
    at /srv/glaubitz/firefox-59.0~b4/build-browser/dist/include/nsCOMPtr.h:577
#72 0xfff80001094a7e3c in nsCommandLine::EnumerateHandlers(nsresult (*)(nsICommandLineHandler*, nsICommandLine*, void*), void*) (this=0x700009db580, aCallback=0xfff80001094a69e4 <EnumHelp(nsICommandLineHandler*, nsICommandLine*, void*)>, aClosure=aClosure@entry=0x7feffffdd08)
    at /srv/glaubitz/firefox-59.0~b4/toolkit/components/commandlines/nsCommandLine.cpp:524
#73 0xfff80001094a8114 in nsCommandLine::GetHelpText(nsTSubstring<char>&) (this=<optimized out>, aResult=...)
    at /srv/glaubitz/firefox-59.0~b4/toolkit/components/commandlines/nsCommandLine.cpp:633
#74 0xfff800010962c280 in DumpArbitraryHelp (this=<optimized out>) at /srv/glaubitz/firefox-59.0~b4/toolkit/xre/nsAppRunner.cpp:1716
#75 0xfff800010962c280 in DumpHelp () at /srv/glaubitz/firefox-59.0~b4/toolkit/xre/nsAppRunner.cpp:1764
#76 0xfff800010962c280 in XREMain::XRE_mainInit(bool*) (this=this@entry=0x7feffffdf18, aExitFlag=aExitFlag@entry=0x7feffffde48)
    at /srv/glaubitz/firefox-59.0~b4/toolkit/xre/nsAppRunner.cpp:3624
#77 0xfff8000109631510 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) (this=this@entry=0x7feffffdf18, argc=argc@entry=2, argv=argv@entry=0x7fefffff5b8, aConfig=...) at /srv/glaubitz/firefox-59.0~b4/toolkit/xre/nsAppRunner.cpp:4821
#78 0xfff8000109631c5c in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=<optimized out>, argv=0x7fefffff5b8, aConfig=...)
    at /srv/glaubitz/firefox-59.0~b4/toolkit/xre/nsAppRunner.cpp:4933
#79 0x000001000000598c in do_main(int, char**, char**) (argc=<optimized out>, argv=0x7fefffff5b8, envp=0x7fefffff5d0)
    at /srv/glaubitz/firefox-59.0~b4/browser/app/nsBrowserApp.cpp:231
#80 0x0000010000005250 in main(int, char**, char**) (argc=<optimized out>, argv=0x7fefffff5b8, envp=0x7fefffff5d0)
    at /srv/glaubitz/firefox-59.0~b4/browser/app/nsBrowserApp.cpp:304
(gdb)
As the backtrace (actually frame 0) clearly indicates:

HashIIDKeyPtr is invoked with a pointer that points to an address on a 32-bit boundary, but not on a 64-bit boundary. This is a perfectly valid alignment for an nsID, because it has no 64-bit members.

Inside HashIIDKeyPtr, the first 32 or 64 bit (depending on platform pointer size) are extracted as one pointer-sized int which is subsequently hashed. On sparc64, the pointer-sized int is 64 bit, but the alignment of struct nsID is not strict enough. I see two valid approaches to this problem

1) Align nsID structures to the requirement of uintptr_t, so the cast in HashIIDKeyPtr gets (nearly) safe, even if it still violates the strict aliasing rules.
2) Always has just 32 bits, even on 64-bit platforms. This reduces the quality of the returned hash values, but if the IIDs inside Mozilla are random, the quality of the hash function should not matter significantly.

A non-solution from my assessment is
3) Use a misalignment-safe way to obtain the first 64 bits. As indicated in 2, I don't think the quality of the hash value does actually matter *if* the IIDs are random. The collision rate should be determined mostly by the actual hash table size and not by the collision rate of the hash function. I do think that the overhead of a split 32+32 read on platforms with strict alignment requirements on the other hand does matter.

If you are goint to implement suggestion 2, I propose to use
    HashGeneric(((nsID*)key)->m0)

This avoids any possibly problematic casts. The only cast in this expression casts the void pointer back to its original type, which is always safe.
I have just re-compiled Firefox with the change suggested in 2), i.e. using HashGeneric(((nsID*)key)->m0) and I can confirm that Firefox now starts properly on sparc64.

Unfortunately, Firefox is still crashing for me due to #1269654 [1].

> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1269654
Suggested patch by Michael Karcher which fixes the issue.
Attachment #8947275 - Flags: review?(mh+mozilla)
Severity: normal → critical
Component: Untriaged → XPConnect
Product: Firefox → Core
Attachment #8947275 - Flags: review?(mh+mozilla) → review?(bobbyholley)
Attachment #8947275 - Flags: review?(bobbyholley) → review?(continuation)
Comment on attachment 8947275 [details] [diff] [review]
0001-Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-.patch

Sorry for passing the buck again, but Nathan has a better understanding of hash functions and alignment than me...
Attachment #8947275 - Flags: review?(continuation) → review?(nfroyd)
Comment on attachment 8947275 [details] [diff] [review]
0001-Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-.patch

Review of attachment 8947275 [details] [diff] [review]:
-----------------------------------------------------------------

I have no objection to fixing this, but I would like to see as few behavior changes as possible.

::: js/xpconnect/src/XPCMaps.cpp
@@ +23,4 @@
>  static PLDHashNumber
>  HashIIDPtrKey(const void* key)
>  {
> +    return HashGeneric(((nsID*)key)->m0);

I am suspicious of casual arguments that say, "oh, we'll hash fewer bits, it will work out OK."  Why not just:

  uintptr_t v;
  memcpy(&v, key, sizeof(v));  // maybe static_cast<const nsID*>(key)
  return HashGeneric(v);

which should result in the same code for most of our currently supported platforms, and be more conformant besides?
Attachment #8947275 - Flags: review?(nfroyd)
It's not just a casual argument, but assuming that the keys are used for indexing hash tables, it is not important to hash as many bits as possible, but just to get an even spread over the buckets of the hash table. As currently UUIDs are usually generated by using good random numbers, the first 32 bits of an UUID should already spread out evenly across all possible values, so the output of AddU32ToHash is already evenly distributed across the whole spectum of possible 32 bit values using only the first 32 bits, so there is nothing to gain by using 64 bits. The actual collision rate in a hash table of nsIDs is thus not determined by the 32 bit value spectrum returned from the hash function, but from the bucket count which is way lower.

On the other hand, after observing the implementation of HashGeneric for 64 bit pointers, fetching the 64 bits as two 32-bit halves should be no problem. We should "just" avoid putting it into an uintptr_t just to split it again in AddUIntPtrToHash<8>, so a reasonable implementation would be

static PLDHashNumber
HashIIDPtrKey(const void* key)
{
    // key actually is an nsID which contains an uint32_t as first member,
    // so casting it to uint32_t should not result in alignment violations
    uint32_t* key_u32 = static_cast<uint32_t*>(key);
    return HashGeneric(HashGeneric(key[0]), key[1]);
}

This will use the same hashing algorithm on all platforms, including 32-bit ones, and indeed include 64 bits in the hash everywhere (even if I consider that pointless for actual random UUIDs).
(In reply to Michael Karcher from comment #6)
> On the other hand, after observing the implementation of HashGeneric for 64
> bit pointers, fetching the 64 bits as two 32-bit halves should be no
> problem. We should "just" avoid putting it into an uintptr_t just to split
> it again in AddUIntPtrToHash<8>

The compiler is able to inline and fold everything together properly, so using a 64-bit memcpy works just fine.

> This will use the same hashing algorithm on all platforms, including 32-bit
> ones, and indeed include 64 bits in the hash everywhere (even if I consider
> that pointless for actual random UUIDs).

I understand the objection here.  But the core issue here is that the code today, as written, does not work on UltraSPARC machines.  A fix has been proposed.  Fixing the UltraSPARC issue is a fine thing, we're happy to take patches to platforms that are not our core focus.  But the fix being proposed is an actual behavioral change: the function in question demonstrably does not produce the same results before and after the change.  Maybe there is no "real" change as a result of this fix.  But given the platform that's being fixed and the location of this code being some very core code to Firefox, I'm going to ask that the minimally invasive change be done.
FWIW, I prefer the memcpy() aproach as well.
(In reply to Nathan Froyd [:froydnj] from comment #7)
> (In reply to Michael Karcher from comment #6)
> > On the other hand, after observing the implementation of HashGeneric for 64
> > bit pointers, fetching the 64 bits as two 32-bit halves should be no
> > problem. We should "just" avoid putting it into an uintptr_t just to split
> > it again in AddUIntPtrToHash<8>
> The compiler is able to inline and fold everything together properly, so
> using a 64-bit memcpy works just fine.
Well, on platforms with strict alignment requirements (like UltraSparc), the
memcpy has to assume the operands are completely unaligned. My proposed patch
would still give the opportunity to optimize based on the knowledge that the
nsIDs are always 32-bit aligned. I would expect that to help, especially as the
algorithm to hash 64-bit values is basically treating it as two 32-bit parts.
Unfortunately, I don't have the time to back up this claim with disassembly
now, so let's drop this assumption-


> > This will use the same hashing algorithm on all platforms, including 32-bit
> > ones, and indeed include 64 bits in the hash everywhere (even if I consider
> > that pointless for actual random UUIDs).
> patches to platforms that are not our core focus.  But the fix being
> proposed is an actual behavioral change: the function in question
> demonstrably does not produce the same results before and after the change.
I accept yout reasoning, but the first patch I proposed shows no behavioral
change against the current firefox behaviour on 32-bit platforms (like x86),
and the second idea I sketched (although the code is wrong in using HashGeneric
instead of AddToHash for the outer call) was intended to show no behavioral
change against the current implementation on 64-bit platforms (like x86-64).
So the resulting behaviour in either case would already have been tested on
widely available platforms.
 
> core code to Firefox, I'm going to ask that the minimally invasive change be
> done.

(In reply to Martin Husemann from comment #8)
> FWIW, I prefer the memcpy() aproach as well.

I personally consider using memcpy to copy single integer values a kludge, except
for the case of buffers with completely uncontrolled alignment (like for interfacing
with streams containing elements of mixed size without padding). That's why I first
provided a way that does away with all casting, so should be perfectly safe to compile
everywhere and after that proposed a patch that casts the pointer value in a way that
should be safe everywhere. If both of you prefer memcpy, go with it.

Adrian, can you prepare a patch as suggested in comment 5 and obsolete the current one?
(In reply to Michael Karcher from comment #9)
> I personally consider using memcpy to copy single integer values a kludge, except
> for the case of buffers with completely uncontrolled alignment (like for interfacing
> with streams containing elements of mixed size without padding).

I understand your view.

With the static_cast<nsID*>(key) (like in the comment in the code in comment 5) the compiler should figure out all the details (including real alignment) and do the memcpy inline with optimal code for the architecture.

Or maybe something like:

// probably exists already with some reasonable name
#define aligned(N) __attribute__((__aligned__(N)))

struct HashIdKeyAligned : public HashIdKey {} aligned(alignmentof(nsID));

and then:

HashIdKey key = *(HashIdKeyAligned*)v;
HashGeneric(&key);

(untested and IMHO ugly too)
Priority: -- → P2

Let's fix this. More optimal solution can be done later if needed.

(In reply to Petr Sumbera from comment #11)

Created attachment 9054501 [details]
Bug 1434726 - Avoid SIGBUS on SPARC systems in HashIIDPtrKey

Let's fix this. More optimal solution can be done later if needed.

This patch apparently does not have proper author information to land automatically. Could you please fix that?

https://wiki.mozilla.org/Phabricator/FAQ#Lando

Assignee: nobody → petr.sumbera
Severity: critical → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(petr.sumbera)
OS: Unspecified → All
Hardware: Unspecified → Other

Do I really need to resubmit the patch using arcanist? I did just uploaded it into Phabriactor. It's my first push using it (I will have to find out where to get arcanist on Solaris first).

Flags: needinfo?(petr.sumbera)

Thanks for fixing this, Petr. I got a bit slow regarding Firefox patches, so it's great you're picking this one up.

Btw, did you find a suitable way to avoid Node on Solaris/sparc64? In NetBSD, they're cross-compiling the Javascript stuff using Node on an x86_64 host, but I haven't come up with a nice solution for Debian yet.

Attachment #9054532 - Attachment is obsolete: true
Attachment #9054501 - Attachment is obsolete: true
Keywords: checkin-needed

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3b847ff23be2
Avoid SIGBUS on SPARC systems in HashIIDPtrKey r=froydnj

Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Keywords: crash
You need to log in before you can comment on or make changes to this bug.