Closed Bug 282994 Opened 19 years ago Closed 4 months ago

Crash in debug build if I press submit button. Problem is with PR_dtoa function on ARM without FP unit.

Categories

(NSPR :: NSPR, defect)

Product:
NSPR
Component:
NSPR
Platform:
Other
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: tmarn, Unassigned)

References

(
URL
)

Details

Attachments

(6 files)

gziped prdtoa.i file.
180.71 KB, text/plain
Details
gziped prdtoa.i file.
180.71 KB, application/x-gzip
Details
source code to reproduce the same error.
1.15 KB, text/plain
Details
This is a patch for nspr detection workaround on ARM
1.00 KB, patch
Details | Diff | Splinter Review
Another patch to workaround a dtoa on ARM
955 bytes, patch
Details | Diff | Splinter Review
dtoa and jsdtoa workaround for ARM linux
5.16 KB, patch
wtc
: review-
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050110 Firefox/1.0 (Debian package 1.0+dfsg.1-2)
Build Identifier: CVS Source : Stable Mozilla 1.7.5 - Released December 17, 2004

Problem is with a PR_dtoa function in mozilla/nsprpub/pr/src/misc/prdtoa.c
Converting from double to string produce memory leak. Minimo crash will with
Assertion failure: lock != NULL, at ptsynch.c:206

 PR_dtoa is quite broken on ARM platform (PXA255-400Mhz version without FP
unit), Minimo (from mozilla source 1.7.5) is compiled with softfloat compiler
(gcc version 3.3.3/glibc 2.3.2, from www.kegel.org).

The reason is because ARM platform (little endian) use (mixed endian) when
manipulating with float numbers. Maybe the prdtoa.c functions are not compliant
with that arhitecture.

I also found the same problem in
http://lists.debian.org/debian-arm/2003/10/msg00028.html

Reproducible: Always

Steps to Reproduce:
1. build debug version of Minimo. (release version will skip assert checking and
"submit" will not be executed and not action forward to server :( ).
2. ./Minimo www.google.com
3. Enter something "test" into search textbox
4. Press "Google search"
5. Nothing happend after submit in release version.
   Crash in debug version: Assertion failure: lock != NULL, at ptsynch.c:206
Actual Results:  
Because pow5mult called from PR_dtoa is extremly slow you will got an error
after 1 minute:
Assertion failure: lock != NULL, at ptsynch.c:206



Expected Results:  
Function should convert double value to string, returns and than submit the
entered text forward (I guess).


Look into prdtoa.c: 
function static Bigint *mult(CONST Bigint *a, CONST Bigint *b) which is called
from pow5mult generates list with numbers of multiply of 5. 
Set breakpoint into line 678 of mult function and print return c variable ,
The table which generates here must have numbers ( 5 25 125 625 3125 15626 ... }

gdb: print *c

Next nubmer which is generated is 78125, which is OK  ( 5 * 15625)
OK $2 = {next = 0xffffffff, k = 1, maxwds = 2, sign = 0, wds = 1, x = {78125}}

Next nubmer is 390625, OK too. ( 5 * 78125)
$4 = {next = 0x0, k = 1, maxwds = 2, sign = 0, wds = 1, x = {390625}}

Than instead of 1953125 value of x is {2264035265}, IS THIS WRONG ????
$5 = {next = 0xffffffff, k = 1, maxwds = 2, sign = 0, wds = 2, x = {2264035265}}

gdb: bt

#0  mult (a=0x1f88c0, b=0x1f88c0) at prdtoa.c:678
#1  0x404933a4 in pow5mult (b=0x1f8900, k=77644143) at prdtoa.c:739
#2  0x40497294 in $a () at prdtoa.c:2341

Before the assertion happens in ptsynch.c:206 call stack is:

(gdb) bt
#0  PR_Unlock (lock=0x0) at ptsynch.c:206
#1  0x404926e4 in Balloc (k=16) at prdtoa.c:418
#2  0x40492ea0 in mult (a=0x424ab008, b=0x424ab008) at prdtoa.c:620
#3  0x404933a4 in pow5mult (b=0x424cc008, k=2369) at prdtoa.c:739
#4  0x40497294 in $a () at prdtoa.c:2341

Also, maybe something is wrong (Kmax) in Balloc function which generates
freelist[k] table with pointers on allocated memory where converted numbers will
be stored. (guess)
Tom, could you find out the CVS revision of
prdtoa.c?  You can find that out with the
following commands:

  cd mozilla/nsprpub/pr/src/misc
  cvs status prdtoa.c

In the current version of prdtoa.c, we have
the following code that tries to handle ARM:

#if defined(__arm) || defined(__arm__) || defined(__arm26__) \
    || defined(__arm32__)
#define IEEE_ARM
#elif defined(IS_LITTLE_ENDIAN)
#define IEEE_8087
#else
#define IEEE_MC68k
#endif

This code was added by Darin Fisher to fix bug 209814.
Does your prdtoa.c have this code?  Could you find
out if the above code causes IEEE_ARM to be defined
in your environment?

(In reply to comment #1)
> Tom, could you find out the CVS revision of
> prdtoa.c?  You can find that out with the
> following commands:
> 
>   cd mozilla/nsprpub/pr/src/misc
>   cvs status prdtoa.c
> 
> In the current version of prdtoa.c, we have
> the following code that tries to handle ARM:
> 
> #if defined(__arm) || defined(__arm__) || defined(__arm26__) \
>     || defined(__arm32__)
> #define IEEE_ARM
> #elif defined(IS_LITTLE_ENDIAN)
> #define IEEE_8087
> #else
> #define IEEE_MC68k
> #endif
> 
> This code was added by Darin Fisher to fix bug 209814.
> Does your prdtoa.c have this code?  Could you find
> out if the above code causes IEEE_ARM to be defined
> in your environment?
> 

Hi, CVS Revision status of prdtoa.c that you ask for is:

File: prdtoa.c          Status: Up-to-date

   Working revision:    3.7.4.4
   Repository revision: 3.7.4.4 /cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v
   Sticky Tag:          MOZILLA_1_7_5_RELEASE (revision: 3.7.4.4)
   Sticky Date:         (none)
   Sticky Options:      (none)


#define's are there but nothing helps, i also try with the newest 1.8.X
(11.feb.2005), but problem still remains.

File: prdtoa.c          Status: Up-to-date

   Working revision:    3.7.4.7
   Repository revision: 3.7.4.7 /cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v
   Sticky Tag:          NSPRPUB_PRE_4_2_CLIENT_BRANCH (branch: 3.7.4)
   Sticky Date:         (none)
   Sticky Options:      (none)

Just ask, I will check anything to solve this problem.
Tom: thanks for the cvs revision info.
Your file (rev. 3.7.4.4, MOZILLA_1_7_5_RELEASE)
has Darin's fix.

Could you confirm that prdtoa.c defines
IEEE_ARM?  (which means one of the following
macros: __arm, __arm__, __arm26__, __arm32__
is defined)

If so, this means Darin's fix does not address
your problem.  In that case I'll need to have
Doug Turner take on this bug.
Tom:

Specifically, please perform the following experiment:

Edit prdtoa.c and add the following line

  #error "IEEE_ARM is defined"

after the line

  #define IEEE_ARM

and then go to the nsprpub/pr/src/misc directory
in your build tree and do a "make".  See if the
compilation succeeds or fails.
alternatively, could you attach the file generated by:
make prdtoa.i (make from the directory that has prdtoa.o)
(In reply to comment #4)
> Tom:
> 
> Specifically, please perform the following experiment:
> 
> Edit prdtoa.c and add the following line
> 
>   #error "IEEE_ARM is defined"
> 

Yes it fails after make, I confirming that IEEE_ARM define is use.

prdtoa.c:138:2: #error IEEE_ARM
make: *** [prdtoa.o] Error 1
Attached file gziped prdtoa.i file. 

    
    

    
  

      
      
      
      

        Attached file
          
        gziped prdtoa.i file.
      

    


  

    
    

    
  


  
This is the code (see attachment) for reproduce the same error. 
Just wait 30 seconds and you will get the same assertion as in the mozilla
minimo browser.
Assertion failure: lock != NULL, at ptsynch.c:206
Aborted

copy code into mozilla/nsprpub/pr/tests/testdtoa.c 
and change Makefile (see testdtoa.c for details).

    
    

    
  


  
I found the location where PR_dtoa crashes. It is in a whatnspr.c file 
set_whatnspr function. Instead of returning from PR_dtoa with -1 value function
dies. Patch skips fault version detection of nspr library and forces to setup
correct nspr version with r = 0. See attached patch.
tom

    
    

    
  


  
Replacing dtoa with sprintf in nsStringObsolite.cpp:Modified_cnvtf(char *buf,
int bufsz, int prcsn, double fval) method. Note that this is just a workaround
until dtoa is not fixed.
tom

    
    

    
  
I am not seeing this problem on either Linux ARM or on WinCE ARM.  

    
    

    
  
(In reply to comment #12)
> I am not seeing this problem on either Linux ARM or on WinCE ARM.  

The problem is with Linux ARM without FPU (tested on PXA255) and Minimo compiled
with softfloat compiler (for faster code) and with disabled kernel FastFPU
emulation of course.
I did workaround hacks, i can send you patches which work without crashing on my
platform.
The problem was with functions that call PR_dtoa.

    
    

    
  


  
PR_dtoa workaround (with debug printf's, just to see fixed locations.)

    
  
Assignee: dougt → nobody

    
  
Assignee: nobody → dougt
Component: General → NSPR
Product: Minimo → NSPR
Version: unspecified → 3.0

    
  

        Attachment #190515 -
        Flags: review?(wtchang)

    
    

    
  
Comment on attachment 190515 [details] [diff] [review]
dtoa and jsdtoa workaround for ARM linux

Tom, thanks for the patch.

I will attach a better patch for
mozilla/security/nss/lib/base/whatnspr.c.
In short, the code that's causing problem for
ARM in that file is obsolete, so the better fix
is to simply delete that code.

Your changes for the other files in this patch
have two problems:
- You use the C++ comment delimiter //, which is
  not supported by all C compilers yet.
- You need to code these changes with ifdefs so
  that we continue to use the original code on
  other platforms.

        Attachment #190515 -
        Flags: review?(wtchang) → review-

    
    

    
  
Tom, I decided to open bug 317052 to deal with
mozilla/security/nss/lib/base/whatnspr.c, so the
patch for that file will be in that bug report.
Depends on: 317052

    
    

    
  
(In reply to comment #16)
> Tom, I decided to open bug 317052 to deal with
> mozilla/security/nss/lib/base/whatnspr.c, so the
> patch for that file will be in that bug report.
> 

Ok, I agree. I sent previous patches just for demonstration purpose where the bugs occured, and how to overcome the problems. I didn't pay attention on coding syntax. The patches were sent because of Doug Turner comment #12.

    
    

    
  
(In reply to comment #14)
> Created an attachment (id=190515) [edit]
> dtoa and jsdtoa workaround for ARM linux
> 
> PR_dtoa workaround (with debug printf's, just to see fixed locations.)

Tom, I have some question about the patch of hack4 in jsnum.c

+	double num = (jsdouble)d;
+	char temp[255];
+	printf("DOUBLE:%f\n",num);
+	sprintf(temp,"%f",(int)num);

num will be casted to integer, if num is not an integer, like 3.5, cast will create 0.0.
why not just use sprintf(temp,"%f",num) instead?

+	printf("CONVERTED:%s\n", temp);
+	numStr = temp;

    
    

    
  
eh? No, that would just truncate the value, yielding 3. but printing that as a %f is probably not such a good idea...

    
    

    
  
(In reply to comment #19)
> eh? No, that would just truncate the value, yielding 3. but printing that as a
> %f is probably not such a good idea...
> 

It's strange, when I use TestGtkEmbed to open http://maps.google.com , the message makes me confused:

== start of message ==

jsnum.c: Calling hack4 for JS_dtostr(buf, sizeof numBuf, DTOSTR_STANDARD, 0, d=3.500000)
DOUBLE:3.500000
CONVERTED:0.000000
jsnum.c: Calling hack4 for JS_dtostr(buf, sizeof numBuf, DTOSTR_STANDARD, 0, d=5.500000)
DOUBLE:5.500000
CONVERTED:0.000000
jsnum.c: Calling hack4 for JS_dtostr(buf, sizeof numBuf, DTOSTR_STANDARD, 0, d=5.500000)
DOUBLE:5.500000
CONVERTED:0.000000
jsnum.c: Calling hack4 for JS_dtostr(buf, sizeof numBuf, DTOSTR_STANDARD, 0, d=5.500000)
DOUBLE:5.500000
CONVERTED:0.000000
jsnum.c: Calling hack4 for JS_dtostr(buf, sizeof numBuf, DTOSTR_STANDARD, 0, d=0.000000)
DOUBLE:0.000000
CONVERTED:0.000000

== End of messages ==

This is the reason I remove the cast of num in hack 4. But even the convert look correct, my google map also can't show anything :-(

    
  
QA Contact: chofmann → nspr

    
    

    
  
mass reassigning to nobody.
Assignee: dougt → nobody

    
    

    
  
Reporter is gone.


Is there a way to determine whether this issue still exists?


Flags: needinfo?(kaie)

    
    

    
  
Are there any recent crash reports pointing to PR_dtoa ?


Flags: needinfo?(kaie)

    
    

    
  
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.


Severity: major → --

    
    

    
  
The severity field is not set for this bug.

:KaiE, could you have a look please?


For more information, please visit BugBot documentation.


Flags: needinfo?(kaie)

    
  
Severity: -- → S3
Flags: needinfo?(kaie)

    
  
Status: NEW → RESOLVED
Closed: 4 months ago
Resolution: --- → WONTFIX

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: