Barista-3 segfaults with x64-Ion, but only sometimes
Categories
(Core :: JavaScript: WebAssembly, defect, P2)
Tracking
()
People
(Reporter: jseward, Unassigned)
References
Details
Attachments
(1 file)
|
6.76 KB,
application/octet-stream
|
Details |
I'm seeing a bunch of segfaults which I suspect have the same origin. They
happen when running Barista-3 on x64-Linux with Ion, but not with baseline.
They are all characterised by having a null JSObject* (or one of its child
classes) passed to various bits of the GC machinery.
The problem seems to be timing dependent. I can reproduce easily with a build
with --enable-debug --enable-optimize="-g -Og". At -O0 I unfortunately can't
reproduce it. A --disable-debug --enable-optimize="-g -O2" build also fails
to show it .. except when run on "valgrind --tool=none", which majorly slows
it down.
Builds with --enable-debug --enable-optimize="-g -Og" using clang vs gcc both
segfault, but at different places. This might be because gcc's -Og code runs
slower than clang's.
STR:
build: --enable-debug --enable-optimize="-g -Og"
run: /nfs/compx/MC_PERF/js/BUILDX64DOG/dist/bin/js --no-threads --no-ion
--wasm-compiler=ion --wasm-function-references --wasm-gc
./sm_run_wasm.js
Into main: 1681472640254
main: 0
First frame: 313
Segmentation fault (core dumped)
See comment 1 for crash stacks.
|
Reporter | |
Comment 1•2 years ago
|
||
|
|
Reporter | |
Comment 3•2 years ago
|
||
No, it was fixed by your patch for bug 1820163. Thanks. I'll close this as a dup.
Description
•