Open
Bug 1973016
Opened 17 hours ago
Updated 8 hours ago
crash at firefox startup on OpenBSD/arm64 since updating from llvm 16 to 19
Categories
(Core :: XPConnect, defect)
Tracking
()
NEW
People
(Reporter: gaston, Unassigned)
Details
be it with 140rc1, or 139.0.4, since OpenBSD moved from llvm 16 to llvm 19, there's a fully reproducible crash at startup, full trace below:
(gdb) bt
#0 thrkill () at /tmp/-:3
#1 0x00000013194a5d3c in nsProfileLock::FatalSignalHandler (signo=11, info=0x7fcd4dc468, context=0x7fcd4dc348) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/toolkit/profile/nsProfileLock.cpp:177
#2 0x0000001319ef40d8 [PAC] in WasmTrapHandler (signum=11, info=0x7fcd4dc468, context=0x7fcd4dc348) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/wasm/WasmSignalHandlers.cpp:790
#3 <signal handler called>
#4 js::gc::detail::ChunkPtrHasStoreBuffer (ptr=0x2) at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/js/HeapAPI.h:669
#5 js::gc::IsInsideNursery (cell=0x2) at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/js/HeapAPI.h:676
#6 js::gc::IsInsideNursery (obj=0x2) at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/js/HeapAPI.h:696
#7 js::gc::EdgeNeedsSweepUnbarriered (objp=0x7fcd4dc4f8) at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/js/HeapAPI.h:877
#8 nsWrapperCache::GetWrapperPreserveColor (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/nsWrapperCacheInlines.h:16
#9 nsWrapperCache::GetWrapper (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/nsWrapperCacheInlines.h:28
#10 0x0000001315cf3354 [PAC] in XPCConvert::NativeInterface2JSObject (cx=0x125fbb15f0, d=..., aHelper=..., iid=0x7fcd4dc980, allowNativeWrapper=true, pErr=0x0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCConvert.cpp:881
#11 0x0000001315cf2b34 [PAC] in XPCConvert::NativeData2JS (cx=0x125fbb15f0, d=..., s=<optimized out>, type=..., iid=0x7fcd4dc980, arrlen=<optimized out>, pErr=0x0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCConvert.cpp:321
#12 0x0000001315d1a7f0 [PAC] in nsXPCWrappedJS::CallMethod (this=<optimized out>, methodIndex=<optimized out>, info=0x1312a74298 <xpt::detail::sMethods+6504>, nativeParams=0x7fcd4dca00)
at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedJSClass.cpp:870
#13 0x00000013155cfbc0 [PAC] in PrepareAndDispatch (self=0x12a009a320, methodIndex=7, args=<optimized out>, gprData=0x7fcd4dcaf0, fprData=0x7fcd4dcab0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcstubs_aarch64.cpp:190
#14 0x0000001313a1725c [PAC] in SharedStub () at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcstubs_asm_aarch64.S:47
#15 0x0000001315df717c in nsExternalHelperAppService::GetFromTypeAndExtension (this=<optimized out>, aMIMEType=..., aFileExt=..., _retval=0x7fcd4dce48) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/uriloader/exthandler/nsExternalHelperAppService.cpp:2839
#16 0x0000001313a1720c [PAC] in _NS_InvokeByIndex () at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_aarch64.S:74
#17 0x0000001315d206d8 in NS_InvokeByIndex (that=0x2, methodIndex=1606096368, paramCount=<optimized out>, params=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcinvoke_aarch64.cpp:167
#18 CallMethodHelper::Invoke (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNative.cpp:1620
#19 CallMethodHelper::Call (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNative.cpp:1174
#20 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNative.cpp:1120
#21 0x0000001315d21478 [PAC] in XPC_WN_CallMethod (cx=0x125fbb15f0, argc=2, vp=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:966
#22 0x0000001319599814 [PAC] in CallJSNative (cx=0x125fbb15f0, native=<optimized out>, reason=<optimized out>, args=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:494
#23 js::InternalCallOrConstruct (cx=0x125fbb15f0, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:590
#24 0x00000013195a1214 [PAC] in InternalCall (cx=0x125fbb15f0, args=..., reason=3444427136) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:657
#25 js::CallFromStack (cx=0x125fbb15f0, args=..., reason=3444427136) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:662
#26 js::Interpret (cx=0x125fbb15f0, state=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:3286
#27 0x0000001319599644 [PAC] in MaybeEnterInterpreterTrampoline (cx=0x125fbb15f0, state=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:395
#28 js::RunScript (cx=0x125fbb15f0, state=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:464
#29 0x0000001319599aa0 [PAC] in js::InternalCallOrConstruct (cx=0x125fbb15f0, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:622
#30 0x0000001319599f7c [PAC] in InternalCall (cx=0x2, args=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:657
#31 js::Call (cx=<optimized out>, fval=..., thisv=..., args=..., rval=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:689
#32 0x000000131960aae8 [PAC] in JS_CallFunctionValue (cx=0x2, obj=..., fval=..., args=..., rval=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/CallAndConstruct.cpp:55
#33 0x0000001315d1ac68 [PAC] in nsXPCWrappedJS::CallMethod (this=<optimized out>, methodIndex=<optimized out>, info=0x1312a75718 <xpt::detail::sMethods+11752>, nativeParams=0x7fcd4ddd20)
at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedJSClass.cpp:918
#34 0x00000013155cfbc0 [PAC] in PrepareAndDispatch (self=0x123bbe1420, methodIndex=3, args=<optimized out>, gprData=0x7fcd4dde10, fprData=0x7fcd4dddd0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcstubs_aarch64.cpp:190
#35 0x0000001313a1725c [PAC] in SharedStub () at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcstubs_asm_aarch64.S:47
#36 0x00000013155442c0 in nsObserverList::NotifyObservers (this=<optimized out>, aSubject=0x0, aTopic=0x1294d6bd80 "handlersvc-store-initialized", someData=0x0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/ds/nsObserverList.cpp:71
#37 nsObserverService::NotifyObservers (this=<optimized out>, aSubject=0x0, aTopic=0x1294d6bd80 "handlersvc-store-initialized", aSomeData=0x0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/ds/nsObserverService.cpp:288
#38 0x0000001313a1720c [PAC] in _NS_InvokeByIndex () at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_aarch64.S:74
#39 0x0000001315d206d8 in NS_InvokeByIndex (that=0x2, methodIndex=1606096368, paramCount=<optimized out>, params=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/reflect/xptcall/md/unix/xptcinvoke_aarch64.cpp:167
#40 CallMethodHelper::Invoke (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNative.cpp:1620
#41 CallMethodHelper::Call (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNative.cpp:1174
#42 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNative.cpp:1120
#43 0x0000001315d21478 [PAC] in XPC_WN_CallMethod (cx=0x125fbb15f0, argc=2, vp=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:966
#44 0x0000001319599814 [PAC] in CallJSNative (cx=0x125fbb15f0, native=<optimized out>, reason=<optimized out>, args=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:494
#45 js::InternalCallOrConstruct (cx=0x125fbb15f0, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:590
#46 0x00000013195a1214 [PAC] in InternalCall (cx=0x125fbb15f0, args=..., reason=3444427136) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:657
#47 js::CallFromStack (cx=0x125fbb15f0, args=..., reason=3444427136) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:662
#48 js::Interpret (cx=0x125fbb15f0, state=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:3286
#49 0x0000001319599644 [PAC] in MaybeEnterInterpreterTrampoline (cx=0x125fbb15f0, state=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:395
#50 js::RunScript (cx=0x125fbb15f0, state=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:464
#51 0x0000001319599aa0 [PAC] in js::InternalCallOrConstruct (cx=0x125fbb15f0, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:622
#52 0x0000001319599f7c [PAC] in InternalCall (cx=0x2, args=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:657
#53 js::Call (cx=<optimized out>, fval=..., thisv=..., args=..., rval=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:689
#54 0x00000013196c75a8 [PAC] in js::Call (cx=0x125fbb15f0, thisv=..., fval=..., arg0=..., rval=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.h:120
#55 PromiseReactionJob (cx=0x125fbb15f0, argc=<optimized out>, vp=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/builtin/Promise.cpp:2365
#56 0x0000001319599814 [PAC] in CallJSNative (cx=0x125fbb15f0, native=<optimized out>, reason=<optimized out>, args=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:494
#57 js::InternalCallOrConstruct (cx=0x125fbb15f0, args=..., construct=<optimized out>, reason=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:590
#58 0x0000001319599f7c [PAC] in InternalCall (cx=0x2, args=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:657
#59 js::Call (cx=<optimized out>, fval=..., thisv=..., args=..., rval=..., reason=js::CallReason::Call) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/Interpreter.cpp:689
#60 0x000000131960b14c [PAC] in JS::Call (cx=<optimized out>, thisv=..., fval=..., args=..., rval=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/src/vm/CallAndConstruct.cpp:119
#61 0x0000001315509d60 [PAC] in mozilla::PromiseJobRunnable::Call (this=0x1218221380) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/base/CycleCollectedJSContext.cpp:214
#62 mozilla::PromiseJobRunnable::Run (this=0x1218221380, aAso=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/base/CycleCollectedJSContext.cpp:237
#63 0x00000013154fd3d4 [PAC] in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint (this=0x12db5c1000, aForce=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/base/CycleCollectedJSContext.cpp:872
--Type <RET> for more, q to quit, c to continue without paging--
#64 0x00000013154fd7b0 [PAC] in mozilla::CycleCollectedJSContext::AfterProcessTask (this=0x12db5c1000, aRecursionDepth=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/base/CycleCollectedJSContext.cpp:646
#65 0x0000001315cf9790 [PAC] in XPCJSContext::AfterProcessTask (this=0x12db5c1000, aNewRecursionDepth=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCJSContext.cpp:1492
#66 0x00000013155b4b0c [PAC] in nsThread::ProcessNextEvent (this=0x1275aac3c0, aMayWait=<optimized out>, aResult=0x7fcd4df26c) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/threads/nsThread.cpp:1215
#67 0x00000013155b88e0 [PAC] in NS_ProcessNextEvent (aThread=0x2, aMayWait=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/xpcom/threads/nsThreadUtils.cpp:480
#68 0x0000001315c3b178 [PAC] in mozilla::ipc::MessagePump::Run (this=0x1275aa5d80, aDelegate=0x1275ab9140) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/ipc/glue/MessagePump.cpp:85
#69 0x0000001315be9708 [PAC] in MessageLoop::RunInternal (this=0x125fbb15f0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/ipc/chromium/src/base/message_loop.cc:369
#70 MessageLoop::RunHandler (this=0x125fbb15f0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/ipc/chromium/src/base/message_loop.cc:362
#71 MessageLoop::Run (this=0x125fbb15f0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/ipc/chromium/src/base/message_loop.cc:344
#72 0x0000001318a4afa8 [PAC] in nsBaseAppShell::Run (this=0x129efda480) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/widget/nsBaseAppShell.cpp:148
#73 0x0000001318aea768 [PAC] in nsAppShell::Run (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/widget/gtk/nsAppShell.cpp:471
#74 0x00000013193e0f00 [PAC] in nsAppStartup::Run (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/toolkit/components/startup/nsAppStartup.cpp:291
#75 0x00000013194bb460 [PAC] in XREMain::XRE_mainRun (this=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/toolkit/xre/nsAppRunner.cpp:5893
#76 0x00000013194be038 [PAC] in XREMain::XRE_main (this=0x7fcd4df600, argc=<optimized out>, argv=<optimized out>, aConfig=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/toolkit/xre/nsAppRunner.cpp:6138
#77 0x00000013194be4b8 [PAC] in XRE_main (argc=1606096368, argv=0x12f8a3e030, aConfig=...) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/toolkit/xre/nsAppRunner.cpp:6211
#78 0x0000000e1387ed98 [PAC] in do_main (argc=1, argv=0x7fcd4dfc88, envp=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/browser/app/nsBrowserApp.cpp:232
#79 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/browser/app/nsBrowserApp.cpp:464
(gdb) quit
since all this is voodoo to me, help is welcome. singlestepping within gdb, dereferencing objp in frame #7 (eg js::gc::EdgeNeedsSweepUnbarriered) shows 0x2.
the previous working build i had was 140.0b1 w/ llvm 16, didnt do other builds in the meantime on arm64, but i have zero issues on amd64 with the newer llvm 19 toolchain, afaict this corruption only shows on arm64. and that's not only on my machine, similar crashes at startup have been reported to me by at least two distinct users, with 139.0.
so far i've tried disabling wasm sandboxing but that didnt help. if given instructions, i can check that the js engine itself behaves fine or crashes, outside of the complete browser....
|
Reporter | |
Comment 1•17 hours ago
|
||
more data points:
- on another arm64 laptop still with the llvm 16 toolchain, 140.0b4 and esr 128.10.1 just work fine
- on the arm64 laptop crossed over the llvm 19 toolchain, firefox-esr 128.11.0 also crashes at startup (like 140.0rc1)
|
||
Comment 2•13 hours ago
|
||
singlestepping within gdb, dereferencing objp in frame #7 (eg js::gc::EdgeNeedsSweepUnbarriered) shows 0x2.
This indicates that a bad pointer is being passed into the GC code, so to start with I'll move this one level up to XPConnect. Of course, it could be a GC issue after all.
if given instructions, i can check that the js engine itself
Can you build the JS engine and run the JIT tests using the instructions here: https://firefox-source-docs.mozilla.org/js/build.html ? Thanks.
Component: JavaScript: GC → XPConnect
|
|
Reporter | |
Comment 3•12 hours ago
|
||
for the higher level frames:
#8 nsWrapperCache::GetWrapperPreserveColor (this=<optimized out>)
at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/nsWrapperCacheInlines.h:16
16 if (obj && js::gc::EdgeNeedsSweepUnbarriered(&obj)) {
(gdb) p obj
$1 = (JSObject *) 0x2
(gdb) up
#9 nsWrapperCache::GetWrapper (this=<optimized out>)
at /usr/obj/ports/firefox-140.0rc1/build-aarch64/dist/include/nsWrapperCacheInlines.h:28
28 JSObject* obj = GetWrapperPreserveColor();
(gdb) p obj
$2 = <optimized out>
(gdb) up
#10 0x00000023eff18d9c [PAC] in XPCConvert::NativeInterface2JSObject (cx=0x240be9e5f0, d=..., aHelper=..., iid=0x6d35852460,
allowNativeWrapper=true, pErr=0x0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCConvert.cpp:881
881 RootedObject flat(cx, cache ? cache->GetWrapper() : nullptr);
(gdb) p cx
$3 = (JSContext *) 0x240be9e5f0
(gdb) p cache
$4 = (nsWrapperCache *) 0x243b49bbe0
(gdb) up
#11 0x00000023eff1857c [PAC] in XPCConvert::NativeData2JS (cx=0x240be9e5f0, d=..., s=<optimized out>, type=..., iid=0x6d35852460,
arrlen=<optimized out>, pErr=0x0) at /usr/obj/ports/firefox-140.0rc1/firefox-140.0/js/xpconnect/src/XPCConvert.cpp:321
321 return NativeInterface2JSObject(cx, d, helper, iid, true, pErr);
(gdb) p cx
$5 = (JSContext *) 0x240be9e5f0
(gdb) p d
$6 = {<js::MutableHandleOperations<JS::Value, JS::MutableHandle<JS::Value> >> = {<js::MutableWrappedPtrOperations<JS::Value, JS::MutableHandle<JS::Value> >> = {<js::WrappedPtrOperations<JS::Value, JS::MutableHandle<JS::Value>, void>> = {<No data fields>}, <No data fields>}, <No data fields>}, ptr = 0x6d358521c8}
(gdb) p helper
$7 = {mObject = 0x243b49bbe0, mCache = 0x243b49bbe0, mClassInfo = {mRawPtr = 0x0}}
(gdb) p iid
$8 = (const nsID *) 0x6d35852460
i can of course print more from the coredump..
i'll try to build js standalone (should be easy) and run the js tests, but iirc on tier3 platforms it was painful.
|
|
Reporter | |
Comment 4•11 hours ago
|
||
i'm afraid this is related to llvm19 on OpenBSD/arm64 miscompiling something, because even js128 from ESR blows on a basic test, and shows no useful trace.
Reading symbols from /usr/local/bin/js128...
Reading symbols from /usr/local/bin/.debug/js128.dbg...
(gdb) r tests/basic/arrayProto.js
Starting program: /usr/local/bin/js128 tests/basic/arrayProto.js
[New thread 571688 of process 18083]
[New thread 383780 of process 18083]
[New thread 481927 of process 18083]
[New thread 250632 of process 18083]
[New thread 561331 of process 18083]
[New thread 497675 of process 18083]
[New thread 441250 of process 18083]
[New thread 365024 of process 18083]
Thread 1 received signal SIGILL, Illegal instruction.
0x00000013d4e20580 in ?? ()
(gdb) bt
#0 0x00000013d4e20580 in ?? ()
#1 0x0000000000000098 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
running mach jit-test /usr/local/bin/js128 fails all tests:
Exit code: -4
FAIL - arguments/defaults-basic.js
[ 0| 1| 0| 0] 0% > | 0.3s
Exit code: -4
FAIL - basic/array-concat-spreadable.js
[ 0| 2| 0| 0] 0% > | 0.4s
Exit code: -4
FAIL - arguments/rest-basic.js
[ 0| 3| 0| 0] 0% > | 0.5s
|
|
Reporter | |
Comment 5•10 hours ago
•
|
||
whoops, sorry, retracting my previous comment, in fact there was an issue in the way our js128 package was built that made it blow on arm64 hardware with CFI protection enabled, which triggered the SIGILL. Once fixed, all basic jit tests pass:
/usr/obj/ports/firefox-128.11.0esr.source/firefox-128.11.0/js/src/jit-test/ $
python3 jit_test.py ../../../../build-aarch64/dist/bin/js basic
[1479| 0| 0| 0] 100% ==========================================>| 21.8s
PASSED ALL
will run 'all' jit tests, but in the end that doesnt seem a JS engine issue (for now?) and more an xpcom issue with llvm19 ?
|
|
Reporter | |
Comment 6•10 hours ago
|
||
some tests failed, but mostly due to OOM afaict:
[11512| 36| 0| 0] 100% ======================================>| 234.4s
FAILURES:
ctypes/conversion-native-function.js
ctypes/function-definition.js
heap-analysis/byteSize-of-scripts.js
--wasm-compiler=optimizing wasm/atomic.js
--test-wasm-await-tier2 wasm/atomic.js
--wasm-compiler=baseline wasm/atomic.js
wasm/atomic.js
--wasm-compiler=optimizing --no-avx wasm/atomic.js
--setpref=wasm_test_serialization=true wasm/atomic.js
wasm/baseline-abs-addr-opt.js
--wasm-compiler=optimizing wasm/baseline-abs-addr-opt.js
--wasm-compiler=baseline wasm/baseline-abs-addr-opt.js
--test-wasm-await-tier2 wasm/baseline-abs-addr-opt.js
--wasm-compiler=optimizing --no-avx wasm/baseline-abs-addr-opt.js
--setpref=wasm_test_serialization=true wasm/baseline-abs-addr-opt.js
wasm/bce.js
--wasm-compiler=optimizing wasm/bce.js
--wasm-compiler=baseline wasm/bce.js
--setpref=wasm_test_serialization=true wasm/bce.js
--test-wasm-await-tier2 wasm/bce.js
--wasm-compiler=optimizing --no-avx wasm/bce.js
wasm/float-unaligned.js
--wasm-compiler=optimizing wasm/float-unaligned.js
--test-wasm-await-tier2 wasm/float-unaligned.js
--setpref=wasm_test_serialization=true wasm/float-unaligned.js
--wasm-compiler=baseline wasm/float-unaligned.js
--wasm-compiler=optimizing --no-avx wasm/float-unaligned.js
wasm/memory.js
--wasm-compiler=optimizing wasm/memory.js
--wasm-compiler=baseline wasm/memory.js
--test-wasm-await-tier2 wasm/memory.js
--wasm-compiler=optimizing --no-avx wasm/memory.js
--setpref=wasm_test_serialization=true wasm/memory.js
--wasm-compiler=baseline wasm/multi-value/random-tests.js
--wasm-compiler=optimizing wasm/multi-value/random-tests.js
--setpref=wasm_test_serialization=true wasm/multi-value/random-tests.js
i'll have to rerun some testbuilds, since this now-working build (which i'll use as my baseline now) was done with llvm 16.
|
|
Reporter | |
Comment 7•8 hours ago
|
||
more or less the same amount of tests fail when built with llvm19:
[11511| 37| 0| 0] 100% ======================================>| 234.4s
FAILURES:
ctypes/conversion-native-function.js
ctypes/function-definition.js
heap-analysis/byteSize-of-scripts.js
wasm/atomic.js
--wasm-compiler=optimizing wasm/atomic.js
--wasm-compiler=baseline wasm/atomic.js
--test-wasm-await-tier2 wasm/atomic.js
--setpref=wasm_test_serialization=true wasm/atomic.js
--wasm-compiler=optimizing --no-avx wasm/atomic.js
wasm/baseline-abs-addr-opt.js
--wasm-compiler=optimizing wasm/baseline-abs-addr-opt.js
--test-wasm-await-tier2 wasm/baseline-abs-addr-opt.js
--wasm-compiler=baseline wasm/baseline-abs-addr-opt.js
--setpref=wasm_test_serialization=true wasm/baseline-abs-addr-opt.js
--wasm-compiler=optimizing --no-avx wasm/baseline-abs-addr-opt.js
--wasm-compiler=optimizing wasm/bce.js
wasm/bce.js
--test-wasm-await-tier2 wasm/bce.js
--wasm-compiler=baseline wasm/bce.js
--setpref=wasm_test_serialization=true wasm/bce.js
--wasm-compiler=optimizing --no-avx wasm/bce.js
wasm/float-unaligned.js
--wasm-compiler=optimizing wasm/float-unaligned.js
--test-wasm-await-tier2 wasm/float-unaligned.js
--wasm-compiler=baseline wasm/float-unaligned.js
--setpref=wasm_test_serialization=true wasm/float-unaligned.js
--wasm-compiler=optimizing --no-avx wasm/float-unaligned.js
wasm/memory.js
--wasm-compiler=optimizing wasm/memory.js
--wasm-compiler=baseline wasm/memory.js
--test-wasm-await-tier2 wasm/memory.js
--setpref=wasm_test_serialization=true wasm/memory.js
--wasm-compiler=optimizing --no-avx wasm/memory.js
--wasm-compiler=baseline wasm/multi-value/random-tests.js
--wasm-compiler=optimizing wasm/multi-value/random-tests.js
--setpref=wasm_test_serialization=true wasm/multi-value/random-tests.js
--test-wasm-await-tier2 wasm/multi-value/random-tests.js
so that probably rules out problems in the JS engine itself. not that this was done with js128 and not m-c/140, but since the firefox crash at startup i'm seeing is the same on firefox 128 an on 140
You need to log in
before you can comment on or make changes to this bug.
Description
•