Open Bug 626635 Opened 15 years ago Updated 3 years ago

Firefox throws alignment errors on ARM

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Version:
1.9.2 Branch
Platform:
ARM
Linux
Type:
defect

Tracking

()

People

(Reporter: mcepl, Unassigned)

References

Details

Attachments

(1 file)

dmesg grep of alignment traps tripped in the firefox process
138.28 KB, application/octet-stream
Details
(originally filed as https://bugzilla.redhat.com/show_bug.cgi?id=670349) Description of problem: Firefox is throwing alignment errors on the ARM platform. Version-Release number of selected component (if applicable): firefox-3.5.4-1.fc12.armv5tel How reproducible: Every time. Steps to Reproduce: 1. Boot the system with kernel boot parameter alignment=3 to enable fixup+warn 2. Start Firefox 3. Browse a few pages, open a few links in new tabs, close a few old tabs. 4. Check dmesg to see the alignment errors reported. Actual results: Here is what gets reported in the system log when alignment warnings are enabled: ... Alignment trap: firefox (2983) PC=0x4094ebc4 Instr=0xe1c1a0f0 Address=0xbeb5bcbc FSR 0x801 Alignment trap: firefox (2983) PC=0x4094eef4 Instr=0xe1cd01d8 Address=0xbeb5bcbc FSR 0x001 ... This is only a small example - typically 2-4 thousand of errors like these will get logged within seconds. Expected results: No alignment warnings. Additional info: Recent ARMv7 chips includes automatic alignment fix-up in hardware, so testing for this has to be done on ARMv6 or earlier.
Hardware: x86_64 → ARM
See Also: → https://bugzilla.redhat.com/show_bug.cgi?id=670349
Does this happen with a recent Gecko too? At what code locations?
Unfortunately there is no visibility of where in the code specifically the error occurs, but considering that just starting up firefox throws about 1500 of these errors (which almost certainly cause data corruption without the expensive fixup being enabled in the kernel) it's not an isolated incident. Don't know about more recent versions than the one I posted, I will try to build 4.0b9 on ARM next week and see what happens. It's also worth noting that the above version of Firefox is also very unstable on ARM even with the fixup for the alignment errors.
> It's not an isolated incident Or it's a single line of code (or a few of them) that's called a bunch....
It could be worthy to emphasize that this is real Firefox (or XULRunner) on real computer, not Fennec on a phone.
This also happens with the following, more recent version of Firefox: firefox-3.6.3-4.fc13.armv5tel. Will attach the alignment trap log separately.
Is there any way at all you can get a stack for any of those?
Hmm... I could get it to core dump on alignment failure instead of fixing alignment, and see if I can get a backtrace from that. I'll see what I can do.
Ah, it looks like the Fedora koji repository doesn't have debuginfo packages, which makes the cores pretty useless. I'll see if I can find the corresponding debuginfos.
Some of the debuginfo packages are still missing, but here is the backtrace I get at the moment: #0 PropertyProvider::GetSpacingInternal (this=0xbebc4ec0, aStart=0, aLength=8, aSpacing=0xbebc3954, aIgnoreTabs=1) at nsTextFrameThebes.cpp:2386 #1 0x40d36afc in PropertyProvider::GetSpacing (this=<value optimized out>, aStart=<value optimized out>, aLength=<value optimized out>, aSpacing=<value optimized out>) at nsTextFrameThebes.cpp:2366 #2 0x414d4530 in GetAdjustedSpacing (this=<value optimized out>, aStart=0, aEnd=8, aProvider=0xbebc4ec0, aSpacingStart=0, aSpacingEnd=8, aSpacing=0xbebc3948) at gfxFont.cpp:1998 #3 gfxTextRun::GetAdjustedSpacingArray (this=<value optimized out>, aStart=0, aEnd=8, aProvider=0xbebc4ec0, aSpacingStart=0, aSpacingEnd=8, aSpacing=0xbebc3948) at gfxFont.cpp:2029 #4 0x414d645c in gfxTextRun::AccumulateMetricsForRun (this=0x49816ac0, aFont=0x497d1e30, aStart=0, aEnd=8, aBoundingBoxType= gfxFont::LOOSE_INK_EXTENTS, aRefContext=0x4d081ef0, aProvider=0xbebc4ec0, aSpacingStart=0, aSpacingEnd=8, aMetrics=0xbebc4d48) at gfxFont.cpp:2331 #5 0x414d6838 in gfxTextRun::MeasureText (this=0x49816ac0, aStart=<value optimized out>, aLength=<value optimized out>, aBoundingBoxType=gfxFont::LOOSE_INK_EXTENTS, aRefContext=0x4d081ef0, aProvider=0xbebc4ec0) at gfxFont.cpp:2404 #6 0x414d6e50 in gfxTextRun::BreakAndMeasureText (this=0x49816ac0, aStart=3200012416, aMaxLength=3200012112, aLineBreakBefore=<value optimized out>, aWidth=27000, aProvider=0xbebc4ec0, aSuppressInitialBreak=1, aTrimWhitespace= 0xbebc5068, aMetrics=0xbebc4f50, aBoundingBoxType=gfxFont::LOOSE_INK_EXTENTS, aRefContext=0x4d081ef0, aUsedHyphenation= 0xbebc507c, aLastBreak=0xbebc5080, aCanWordWrap=0, aBreakPriority=0xbebc5078) at gfxFont.cpp:2562 #7 0x40d3b460 in nsTextFrame::Reflow (this=0x4d950c38, aPresContext=0x8, aMetrics=..., aReflowState=..., aStatus=@0xbebc5254) at nsTextFrameThebes.cpp:6214 #8 0x40d19ac0 in nsLineLayout::ReflowFrame (this=0xbebc532c, aFrame=0x4d950c38, aReflowStatus=@0x0, aMetrics=0x0, aPushedFrame= @0xbebc5250) at nsLineLayout.cpp:848 #9 0x40ce5b08 in nsBlockFrame::ReflowInlineFrame (this=0x4d950ab8, aState=..., aLineLayout=..., aLine=<value optimized out>, aFrame=0x4d950c38, aLineReflowStatus=0xbebc52c4) at nsBlockFrame.cpp:3758 #10 0x40ce8298 in nsBlockFrame::DoReflowInlineFrames (this=0x4d950ab8, aState=..., aLineLayout=..., aLine=..., aFloatAvailableSpace=..., aAvailableSpaceHeight=@0xbebc53d8, aFloatStateBeforeLine=0xbebc53cc, aKeepReflowGoing=0xbebc554c, aLineReflowStatus=0xbebc53dc, aAllowPullUp=1) at nsBlockFrame.cpp:3574 #11 0x40ce8620 in nsBlockFrame::ReflowInlineFrames (this=0xbebc562c, aState=..., aLine=..., aKeepReflowGoing=0xbebc554c) at nsBlockFrame.cpp:3424 #12 0x40ce88d0 in nsBlockFrame::ReflowLine (this=0x4d950ab8, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc554c) at nsBlockFrame.cpp:2463 #13 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4d950ab8, aState=...) at nsBlockFrame.cpp:1921 #14 0x40ce9660 in nsBlockFrame::Reflow (this=0x4d950ab8, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc59ec) at nsBlockFrame.cpp:991 #15 0x40cea158 in nsBlockReflowContext::ReflowBlock (this=0xbebc58f8, aSpace=<value optimized out>, aApplyTopMargin=<value optimized out>, aPrevMargin=<value optimized out>, aClearance=0, aIsAdjacentWithTop=1, aLine= 0x4d950e78, aFrameRS=..., aFrameReflowStatus=@0xbebc59ec, aState=...) at nsBlockReflowContext.cpp:310 #16 0x40ce6374 in nsBlockFrame::ReflowBlockFrame (this=0x4d9506d8, aState=..., aLine=..., aKeepReflowGoing=0x0) at nsBlockFrame.cpp:3141 #17 0x40ce874c in nsBlockFrame::ReflowLine (this=0x4d9506d8, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc5b64) at nsBlockFrame.cpp:2408 #18 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4d9506d8, aState=...) at nsBlockFrame.cpp:1921 #19 0x40ce9660 in nsBlockFrame::Reflow (this=0x4d9506d8, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc6244) at nsBlockFrame.cpp:991 #20 0x40cea158 in nsBlockReflowContext::ReflowBlock (this=0xbebc5e30, aSpace=<value optimized out>, aApplyTopMargin=<value optimized out>, aPrevMargin=<value optimized out>, aClearance=0, aIsAdjacentWithTop=1, aLine=0x0, aFrameRS=..., aFrameReflowStatus=@0xbebc6244, aState=...) at nsBlockReflowContext.cpp:310 #21 0x40ce334c in nsBlockFrame::ReflowFloat (this=0xbebc65a4, aState=..., aFloatAvailableSpace=<value optimized out>, aPlaceholder= 0x4d950730, aFloatMargin=..., aReflowStatus=@0xbebc6244) at nsBlockFrame.cpp:5910 #22 0x40cead0c in nsBlockReflowState::FlowAndPlaceFloat (this=0xbebc65a4, aFloatCache=<value optimized out>, aReflowStatus= @0xbebc6244, aForceFit=216) at nsBlockReflowState.cpp:812 #23 0x40ceb3ec in nsBlockReflowState::AddFloat (this=0xbebc65a4, aLineLayout=..., aPlaceholder=0x4d950730, aAvailableWidth=54780, aReflowStatus=@0xbebc6244) at nsBlockReflowState.cpp:610 #24 0x40d19b64 in AddFloat (this=0xbebc631c, aFrame=0x4d950730, aReflowStatus=@0x0, aMetrics=0x0, aPushedFrame=@0xbebc6240) at nsLineLayout.h:215 #25 nsLineLayout::ReflowFrame (this=0xbebc631c, aFrame=0x4d950730, aReflowStatus=@0x0, aMetrics=0x0, aPushedFrame=@0xbebc6240) at nsLineLayout.cpp:887 #26 0x40ce5b08 in nsBlockFrame::ReflowInlineFrame (this=0x4d950378, aState=..., aLineLayout=..., aLine=<value optimized out>, aFrame=0x4d950730, aLineReflowStatus=0xbebc62b4) at nsBlockFrame.cpp:3758 #27 0x40ce8298 in nsBlockFrame::DoReflowInlineFrames (this=0x4d950378, aState=..., aLineLayout=..., aLine=..., aFloatAvailableSpace=..., aAvailableSpaceHeight=@0xbebc63c8, aFloatStateBeforeLine=0xbebc63bc, aKeepReflowGoing=0xbebc653c, aLineReflowStatus=0xbebc63cc, aAllowPullUp=1) at nsBlockFrame.cpp:3574 #28 0x40ce8620 in nsBlockFrame::ReflowInlineFrames (this=0xbebc661c, aState=..., aLine=..., aKeepReflowGoing=0xbebc653c) at nsBlockFrame.cpp:3424 #29 0x40ce88d0 in nsBlockFrame::ReflowLine (this=0x4d950378, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc653c) at nsBlockFrame.cpp:2463 #30 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4d950378, aState=...) at nsBlockFrame.cpp:1921 #31 0x40ce9660 in nsBlockFrame::Reflow (this=0x4d950378, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc6c1c) at nsBlockFrame.cpp:991 #32 0x40cea158 in nsBlockReflowContext::ReflowBlock (this=0xbebc6808, aSpace=<value optimized out>, aApplyTopMargin=<value optimized out>, aPrevMargin=<value optimized out>, aClearance=0, aIsAdjacentWithTop=0, aLine=0x0, aFrameRS=..., aFrameReflowStatus=@0xbebc6c1c, aState=...) at nsBlockReflowContext.cpp:310 #33 0x40ce334c in nsBlockFrame::ReflowFloat (this=0xbebc6f7c, aState=..., aFloatAvailableSpace=<value optimized out>, aPlaceholder= 0x4d950470, aFloatMargin=..., aReflowStatus=@0xbebc6c1c) at nsBlockFrame.cpp:5910 #34 0x40cead0c in nsBlockReflowState::FlowAndPlaceFloat (this=0xbebc6f7c, aFloatCache=<value optimized out>, aReflowStatus= @0xbebc6c1c, aForceFit=-1094948008) at nsBlockReflowState.cpp:812 #35 0x40ceb3ec in nsBlockReflowState::AddFloat (this=0xbebc6f7c, aLineLayout=..., aPlaceholder=0x4d950470, aAvailableWidth=54780, aReflowStatus=@0xbebc6c1c) at nsBlockReflowState.cpp:610 #36 0x40d19b64 in AddFloat (this=0xbebc6cf4, aFrame=0x4d950470, aReflowStatus=@0xbebc6ca8, aMetrics=0x0, aPushedFrame=@0xbebc6c18) at nsLineLayout.h:215 #37 nsLineLayout::ReflowFrame (this=0xbebc6cf4, aFrame=0x4d950470, aReflowStatus=@0xbebc6ca8, aMetrics=0x0, aPushedFrame= @0xbebc6c18) at nsLineLayout.cpp:887 #38 0x40ce5b08 in nsBlockFrame::ReflowInlineFrame (this=0x4daa87c0, aState=..., aLineLayout=..., aLine=<value optimized out>, aFrame=0x4d950470, aLineReflowStatus=0xbebc6c8c) at nsBlockFrame.cpp:3758 #39 0x40ce8298 in nsBlockFrame::DoReflowInlineFrames (this=0x4daa87c0, aState=..., aLineLayout=..., aLine=..., aFloatAvailableSpace=..., aAvailableSpaceHeight=@0xbebc6da0, aFloatStateBeforeLine=0xbebc6d94, aKeepReflowGoing=0xbebc6f14, aLineReflowStatus=0xbebc6da4, aAllowPullUp=1) at nsBlockFrame.cpp:3574 #40 0x40ce8620 in nsBlockFrame::ReflowInlineFrames (this=0xbebc6ff4, aState=..., aLine=..., aKeepReflowGoing=0xbebc6f14) at nsBlockFrame.cpp:3424 #41 0x40ce88d0 in nsBlockFrame::ReflowLine (this=0x4daa87c0, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc6f14) at nsBlockFrame.cpp:2463 #42 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4daa87c0, aState=...) at nsBlockFrame.cpp:1921 #43 0x40ce9660 in nsBlockFrame::Reflow (this=0x4daa87c0, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc73b4) at nsBlockFrame.cpp:991 #44 0x40cea158 in nsBlockReflowContext::ReflowBlock (this=0xbebc72c0, aSpace=<value optimized out>, aApplyTopMargin=<value optimized out>, aPrevMargin=<value optimized out>, aClearance=0, aIsAdjacentWithTop=1, aLine= 0x4d960c78, aFrameRS=..., aFrameReflowStatus=@0xbebc73b4, aState=...) at nsBlockReflowContext.cpp:310 #45 0x40ce6374 in nsBlockFrame::ReflowBlockFrame (this=0x4daa8640, aState=..., aLine=..., aKeepReflowGoing=0x0) at nsBlockFrame.cpp:3141 #46 0x40ce874c in nsBlockFrame::ReflowLine (this=0x4daa8640, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc752c) at nsBlockFrame.cpp:2408 #47 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4daa8640, aState=...) at nsBlockFrame.cpp:1921 #48 0x40ce9660 in nsBlockFrame::Reflow (this=0x4daa8640, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc79cc) at nsBlockFrame.cpp:991 #49 0x40cea158 in nsBlockReflowContext::ReflowBlock (this=0xbebc78d8, aSpace=<value optimized out>, aApplyTopMargin=<value optimized out>, aPrevMargin=<value optimized out>, aClearance=0, aIsAdjacentWithTop=1, aLine= 0x4d960ca0, aFrameRS=..., aFrameReflowStatus=@0xbebc79cc, aState=...) at nsBlockReflowContext.cpp:310 #50 0x40ce6374 in nsBlockFrame::ReflowBlockFrame (this=0x4daa83b0, aState=..., aLine=..., aKeepReflowGoing=0x0) at nsBlockFrame.cpp:3141 #51 0x40ce874c in nsBlockFrame::ReflowLine (this=0x4daa83b0, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc7b44) at nsBlockFrame.cpp:2408 #52 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4daa83b0, aState=...) at nsBlockFrame.cpp:1921 #53 0x40ce9660 in nsBlockFrame::Reflow (this=0x4daa83b0, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc7fe4) at nsBlockFrame.cpp:991 #54 0x40cea158 in nsBlockReflowContext::ReflowBlock (this=0xbebc7ef0, aSpace=<value optimized out>, aApplyTopMargin=<value optimized out>, aPrevMargin=<value optimized out>, aClearance=0, aIsAdjacentWithTop=1, aLine= 0x4daa8408, aFrameRS=..., aFrameReflowStatus=@0xbebc7fe4, aState=...) at nsBlockReflowContext.cpp:310 #55 0x40ce6374 in nsBlockFrame::ReflowBlockFrame (this=0x4daa8010, aState=..., aLine=..., aKeepReflowGoing=0x0) at nsBlockFrame.cpp:3141 #56 0x40ce874c in nsBlockFrame::ReflowLine (this=0x4daa8010, aState=<value optimized out>, aLine=<value optimized out>, aKeepReflowGoing=0xbebc815c) at nsBlockFrame.cpp:2408 #57 0x40ce8c84 in nsBlockFrame::ReflowDirtyLines (this=0x4daa8010, aState=...) at nsBlockFrame.cpp:1921 #58 0x40ce9660 in nsBlockFrame::Reflow (this=0x4daa8010, aPresContext=0x4d0ed400, aMetrics=..., aReflowState=..., aStatus= @0xbebc8654) at nsBlockFrame.cpp:991 #59 0x40cf0898 in nsContainerFrame::ReflowChild (this=<value optimized out>, aKidFrame=0x4daa8010, aPresContext=0x4d0ed400, aDesiredSize=..., aReflowState=..., aX=0, aY=0, aFlags=0, aStatus=@0xbebc8654, aTracker=0x0) at nsContainerFrame.cpp:800 #60 0x40d0b128 in CanvasFrame::Reflow (this=0x4d0d0b78, aPresContext=0x4d0ed400, aDesiredSize=..., aReflowState=..., aStatus= @0xbebc8654) at nsHTMLFrame.cpp:549 #61 0x40cf0898 in nsContainerFrame::ReflowChild (this=<value optimized out>, aKidFrame=0x4d0d0b78, aPresContext=0x4d0ed400, aDesiredSize=..., aReflowState=..., aX=0, aY=0, aFlags=3, aStatus=@0xbebc8654, aTracker=0x0) at nsContainerFrame.cpp:800 #62 0x40d07428 in nsHTMLScrollFrame::ReflowScrolledFrame (this=0x4d0d0c88, aState=0xbebc8738, aAssumeHScroll=0, aAssumeVScroll= 75600, aMetrics=0xbebc8690, aFirstPass=1) at nsGfxScrollFrame.cpp:545 #63 0x40d078a0 in nsHTMLScrollFrame::ReflowContents (this=0x4d0d0c88, aState=0xbebc8738, aDesiredSize=<value optimized out>) at nsGfxScrollFrame.cpp:639 #64 0x40d07c60 in nsHTMLScrollFrame::Reflow (this=0x4d0d0c88, aPresContext=<value optimized out>, aDesiredSize=..., aReflowState= ..., aStatus=@0xbebc8b78) at nsGfxScrollFrame.cpp:840 #65 0x40cf0898 in nsContainerFrame::ReflowChild (this=<value optimized out>, aKidFrame=0x4d0d0c88, aPresContext=0x4d0ed400, aDesiredSize=..., aReflowState=..., aX=0, aY=0, aFlags=0, aStatus=@0xbebc8b78, aTracker=0x0) at nsContainerFrame.cpp:800 #66 0x40d40734 in ViewportFrame::Reflow (this=0x4d0d0628, aPresContext=0x4d0d04b8, aDesiredSize=..., aReflowState=..., aStatus= @0xbebc8b78) at nsViewportFrame.cpp:284 #67 0x40cce960 in PresShell::DoReflow (this=0x49606400, target=0x49818b00, aInterruptible=1) at nsPresShell.cpp:7285 #68 0x40cd2780 in PresShell::ResizeReflow (this=0x49606400, aWidth=75600, aHeight=<value optimized out>) at nsPresShell.cpp:2799 #69 0x40ccd9bc in PresShell::ResizeReflow (this=<value optimized out>, aView=<value optimized out>, aWidth=<value optimized out>, aHeight=<value optimized out>) at nsPresShell.cpp:6912 #70 0x40f8faec in nsViewManager::DoSetWindowDimensions (this=0x4d0eb3a0, aWidth=75600, aHeight=79380) at nsViewManager.h:278 #71 0x40f8d298 in nsViewManager::SetWindowDimensions (this=0x4d0eb3a0, aWidth=75600, aHeight=79380) at nsViewManager.cpp:359 #72 0x40f8ec5c in nsViewManager::DispatchEvent (this=0x4d0eb3a0, aEvent=0xbebc8d10, aView=0x4d0eb400, aStatus=0xbebc8cec)
Thanks for the stack! Is that a stack with 3.6.something, or with 4.0 betas?
Or possibly neither.... What does your debugger think is around line 2386 in nsTextFrameThebes.cpp?
The Firefox in question is 3.6.3 built from this source package: http://arm.koji.fedoraproject.org/packages/firefox/3.6.3/4.fc13/src/firefox-3.6.3-4.fc13.src.rpm The code at that location is a loop: 2384: PRUint32 index; 2385: for (index = 0; index < aLength; ++index) { 2386: aSpacing[index].mBefore = 0.0; 2387: aSpacing[index].mAfter = 0.0; 2388: }
Hmm. So in frame 2 above we have: aSpacing=0xbebc3948 and in frame 0 we have: aSpacing=0xbebc3954 but the value is just passed through directly from frame 2 to frame 0.... maybe just gdb being confused. In any case, the original source of that aSpacing is this (in gfxTextRun::AccumulateMetricsForRun): nsAutoTArray<PropertyProvider::Spacing,200> spacingBuffer; On trunk, the buffer of an nsAutoTArray is 8-byte-aligned. This was fixed after 1.9.2 branched, in bug 448658. Does applying the patch from that bug make things better?
Depends on: 448658
Version: 1.9.0 Branch → 1.9.2 Branch
I have seen exactly the same bug with fennec running on an iPAQ hx4700 (armv5te): Alignment trap: plugin-containe (625) PC=0x40f17cbc Instr=0xe1c423f0 Address=0xbe8af2b4 FSR 0x813 After much digging I found the problem. The bug is in ipdl auto-generated files such as PLayers.h, in class definitions such as SpecificLayerAttributes: 1943 class SpecificLayerAttributes MOZ_FINAL <snip> 1971 union Value { 1972 char Vnull_t[sizeof(null_t)]; 1973 char VThebesLayerAttributes[sizeof(ThebesLayerAttributes)]; 1974 char VContainerLayerAttributes[sizeof(ContainerLayerAttributes)]; 1975 char VColorLayerAttributes[sizeof(ColorLayerAttributes)]; 1976 char VCanvasLayerAttributes[sizeof(CanvasLayerAttributes)]; 1977 char VImageLayerAttributes[sizeof(ImageLayerAttributes)]; 1978 }; Because it is composed entirely of char arrays, union Value has no alignment requirements despite needing to hold structures which do. For example, ContainerLayerAttributes contains a FrameMetrics, and FrameMetrics contains a PRUint64 (unsigned long long). As soon as such a 64-bit field is accessed (as it is in SpecificLayerAttributes::operator=() for example) ARM will throw an alignment fault. The fix is to force all instances of union Value on to the most restrictive boundary: 1971 union Value { 1972 char Vnull_t[sizeof(null_t)]; 1973 char VThebesLayerAttributes[sizeof(ThebesLayerAttributes)]; 1974 char VContainerLayerAttributes[sizeof(ContainerLayerAttributes)]; 1975 char VColorLayerAttributes[sizeof(ColorLayerAttributes)]; 1976 char VCanvasLayerAttributes[sizeof(CanvasLayerAttributes)]; 1977 char VImageLayerAttributes[sizeof(ImageLayerAttributes)]; 1978 } __attribute__ ((aligned (__BIGGEST_ALIGNMENT__))); This fixed fennec on my iPAQ. Alternatively (and more portably), union Value could include a long long, double, or whatever type is suitable (though how this could be determined I don't know). I don't know python so I can't provide a patch for the ipdl auto-generation code; I just hacked all the target header files which contained union Value.
Should I file my previous fix as a new bug? It does need to be applied whether or not it is the same bug, and would seemingly benefit from more visibility than it has here.
I filed my previous fix as Bug 714516.
Given that the object in question is a union, wouldn't the simplest (and most portable) way to force alignment be to add otherwise unused members of the correct types? ie end up generating something like this: union Value { char Vnull_t[sizeof(null_t)]; char VThebesLayerAttributes[sizeof(ThebesLayerAttributes)]; char VContainerLayerAttributes[sizeof(ContainerLayerAttributes)]; char VColorLayerAttributes[sizeof(ColorLayerAttributes)]; char VCanvasLayerAttributes[sizeof(CanvasLayerAttributes)]; char VImageLayerAttributes[sizeof(ImageLayerAttributes)]; VThebesLayerAttributes align_ThebesLayerAttributes; VContainerLayerAttributes align_VContainerLayerAttributes; VColorLayerAttributes align_VColorLayerAttributes; VCanvasLayerAttributes align_VCanvasLayerAttributes; VImageLayerAttributes align_VImageLayerAttributes; }; [not tested] which will ensure the minimum alignment necessary but no further, and avoids gcc specific extensions.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: