Open Bug 1863936 Opened 1 year ago Updated 1 year ago

Failure to initializing self hosting stencil causes crash trying to reporting the error

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

People

(Reporter: jonco, Unassigned)

References

(Blocks 1 open bug)

Details

Some of my changes caused self hosting initialization to fail, and rather than report the error the shell crashed.

This is happening because JSRuntime::initSelfHostingStencil happens before the atoms table has been initialized and something called under JS_ReportErrorUTF8 is trying to access it:

https://searchfox.org/mozilla-central/source/js/src/vm/Initialization.cpp#231-237

Stack trace:

Thread 1 "js" received signal SIGSEGV, Segmentation fault.
JS::shadow::Zone::isAtomsZone (this=0x0) at /home/jon/clone/marking/shell-build/dist/include/js/shadow/Zone.h:111
111	  bool isAtomsZone() const { return kind_ == AtomsZone; }
bt
js/src/gdb/mozilla/asmjs.py: Allowing WasmTrapHandler to run.

Thread 1 "js" received signal SIGSEGV, Segmentation fault.
JS::shadow::Zone::isAtomsZone (this=0x0) at /home/jon/clone/marking/shell-build/dist/include/js/shadow/Zone.h:111
111	  bool isAtomsZone() const { return kind_ == AtomsZone; }
(gdb) bt
#0  JS::shadow::Zone::isAtomsZone() const (this=0x0) at /home/jon/clone/marking/shell-build/dist/include/js/shadow/Zone.h:111
#1  0x0000555557e4060b in JSLinearString::newValidLength<(js::AllowGC)1, unsigned char>(JSContext*, mozilla::UniquePtr<unsigned char [], JS::FreePolicy>, unsigned long, js::gc::Heap) (cx=0x7ffff6432200, chars=[(unsigned char *) 0x7ffff4d032b0 "Can't open"...], length=40, heap=js::gc::Heap::Default)
    at /home/jon/clone/marking/js/src/vm/StringType-inl.h:320
#2  0x0000555557e40570 in js::NewStringCopyNDontDeflateNonStaticValidLength<(js::AllowGC)1, unsigned char>(JSContext*, unsigned char const*, unsigned long, js::gc::Heap) (cx=0x7ffff6432200, s=0x7ffff641b3c0 "Can't open"..., n=40, heap=js::gc::Heap::Default)
    at /home/jon/clone/marking/js/src/vm/StringType.cpp:1702
#3  0x0000555557e40b66 in js::NewStringCopyNDontDeflate<(js::AllowGC)1, unsigned char>(JSContext*, unsigned char const*, unsigned long, js::gc::Heap)
    (cx=0x7ffff6432200, s=0x7ffff641b3c0 "Can't open"..., n=40, heap=js::gc::Heap::Default) at /home/jon/clone/marking/js/src/vm/StringType.cpp:1722
#4  0x0000555557e40ebe in js::NewStringCopyN<(js::AllowGC)1, unsigned char>(JSContext*, unsigned char const*, unsigned long, js::gc::Heap)
    (cx=0x7ffff6432200, s=0x7ffff641b3c0 "Can't open"..., n=40, heap=js::gc::Heap::Default) at /home/jon/clone/marking/js/src/vm/StringType.cpp:1761
#5  0x0000555557e326eb in js::NewStringCopyUTF8N(JSContext*, JS::UTF8Chars, js::gc::Heap) (cx=0x7ffff6432200, utf8=..., heap=js::gc::Heap::Default)
    at /home/jon/clone/marking/js/src/vm/StringType.cpp:1835
#6  0x000055555772d684 in js::NewStringCopyUTF8Z(JSContext*, JS::ConstUTF8CharsZ, js::gc::Heap)
    (cx=0x7ffff6432200, utf8=..., heap=js::gc::Heap::Default) at /home/jon/clone/marking/js/src/vm/StringType.h:1532
#7  0x000055555807a0d6 in JS_NewStringCopyUTF8Z(JSContext*, JS::ConstUTF8CharsZ) (cx=0x7ffff6432200, s=...)
    at /home/jon/clone/marking/js/src/jsapi.cpp:3109
#8  0x000055555807f54e in JSErrorBase::newMessageString(JSContext*) (this=0x7fffffffdce0, cx=0x7ffff6432200)
    at /home/jon/clone/marking/js/src/jsapi.cpp:3985
#9  0x0000555558087c54 in js::ErrorToException(JSContext*, JSErrorReport*, JSErrorFormatString const* (*)(void*, unsigned int), void*)
    (cx=0x7ffff6432200, reportp=0x7fffffffdce0, callback=0x555557aae9c0 <js::GetErrorMessage(void*, unsigned int)>, userRef=0x0)
    at /home/jon/clone/marking/js/src/jsexn.cpp:322
#10 0x0000555557ab4aa9 in ReportError(JSContext*, JSErrorReport*, JSErrorFormatString const* (*)(void*, unsigned int), void*)
    (cx=0x7ffff6432200, reportp=0x7fffffffdce0, callback=0x0, userRef=0x0) at /home/jon/clone/marking/js/src/vm/ErrorReporting.cpp:173
#11 0x0000555557ab5271 in js::ReportErrorVA(JSContext*, js::IsWarning, char const*, js::ErrorArgumentsType, __va_list_tag*)
    (cx=0x7ffff6432200, isWarning=js::IsWarning::No, format=0x5555559d80f6 "Can't open"..., argumentsType=js::ArgumentsAreUTF8, ap=0x7fffffffde10)
    at /home/jon/clone/marking/js/src/vm/ErrorReporting.cpp:581
#12 0x000055555807e2e4 in JS_ReportErrorUTF8(JSContext*, char const*, ...) (cx=0x7ffff6432200, format=0x5555559d80f6 "Can't open"...)
    at /home/jon/clone/marking/js/src/jsapi.cpp:3716
#13 0x00005555576b2b33 in WriteSelfHostedXDRFile(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>)
    (cx=0x7ffff6432200, buffer=...) at /home/jon/clone/marking/js/src/shell/js.cpp:11292
#14 0x0000555557db9eeb in JSRuntime::initSelfHostingStencil(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>, bool (*)(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>))
    (this=0x7ffff6423000, cx=0x7ffff6432200, xdrCache=..., xdrWriter=0x5555576b2ad0 <WriteSelfHostedXDRFile(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>)>) at /home/jon/clone/marking/js/src/vm/SelfHosting.cpp:2611
#15 0x0000555557b295f0 in JS::InitSelfHostedCode(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>, bool (*)(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>))
    (cx=0x7ffff6432200, cache=..., writer=0x5555576b2ad0 <WriteSelfHostedXDRFile(JSContext*, mozilla::Span<unsigned char const, 18446744073709551615ul>)>) at /home/jon/clone/marking/js/src/vm/Initialization.cpp:231
#16 0x00005555576ae364 in main(int, char**) (argc=17, argv=0x7fffffffe708) at /home/jon/clone/marking/js/src/shell/js.cpp:11518
Blocks: sm-runtime
Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.