Last Comment Bug 686283 - JSAPI Test "testScriptinfo" hangs on ARM.
: JSAPI Test "testScriptinfo" hangs on ARM.
Status: RESOLVED FIXED
[inbound]
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: ARM Linux
: -- major (vote)
: mozilla10
Assigned To: Mike Hommey [:glandium]
:
Mentors:
Depends on:
Blocks: 674283
  Show dependency treegraph
 
Reported: 2011-09-12 03:26 PDT by Jacob Bramley [:jbramley]
Modified: 2011-10-12 07:17 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
unaffected
affected
fixed


Attachments
Properly handle EOF in TokenStream::getAtSourceMappingURL on platforms with unsigned chars (1.08 KB, patch)
2011-10-10 01:58 PDT, Mike Hommey [:glandium]
luke: review+
Details | Diff | Splinter Review
Properly handle EOF in TokenStream::getAtSourceMappingURL on platforms with unsigned chars (1.09 KB, patch)
2011-10-10 09:03 PDT, Mike Hommey [:glandium]
luke: review+
blassey.bugs: approval‑mozilla‑aurora+
blassey.bugs: approval‑mozilla‑beta-
Details | Diff | Splinter Review

Description Jacob Bramley [:jbramley] 2011-09-12 03:26:25 PDT
When running jsapi-tests on an ARM build of the JS shell, the "testScriptInfo" test hangs for a while, then eventually fills the console with the following error:

    "<no filename>:0:out of memory"

The board is a Tegra-2 running Ubuntu Maverick. The same test works fine on my desktop (amd64).

I've seen this on a few recent mozilla-central builds, but most recently http://hg.mozilla.org/mozilla-central/rev/0c7303e897c5. The shell was built with "--enable-debug".
Comment 1 Jacob Bramley [:jbramley] 2011-09-12 03:55:59 PDT
A release build produces the same behaviour.
Comment 2 Jacob Bramley [:jbramley] 2011-09-12 07:39:36 PDT
Attempting to find similar symptoms in other tests, I stumbled across testDebugger. testDebugger and testScriptInfo are the only tests that include the "debugger" keyword. I don't know what that keyword does. (It might just be used to trigger a 'catch' clause.)

In testScriptInfo, I think I'm hitting an infinite loop of some kind, resulting in an out-of-memory condition.

In testDebugger, I hit an assertion:
Assertion failure: failed to find call site, at /work/moz/mc/js/src/methodjit/Retcon.cpp:117
(in Recompiler::patchCall)

Is it possible that we're trying to patch a call that doesn't exist, or is somehow invalid?
Comment 3 Jacob Bramley [:jbramley] 2011-09-13 03:05:18 PDT
(In reply to Jacob Bramley [:jbramley] from comment #2)
> In testDebugger, I hit an assertion:
> Assertion failure: failed to find call site, at
> /work/moz/mc/js/src/methodjit/Retcon.cpp:117
> (in Recompiler::patchCall)

I hit the same assertion with jit-tests, on debug/Frame-onStep-07.js. It might be a different bug.
Comment 4 Mike Hommey [:glandium] 2011-10-10 01:58:42 PDT
Created attachment 565882 [details] [diff] [review]
Properly handle EOF in TokenStream::getAtSourceMappingURL on platforms with unsigned chars

This actually happens on all architectures using unsigned chars. So at least powerpc, s390, arm and avr32.

It obviously happens on other architectures when building with -funsigned-char.
Comment 5 Mike Hommey [:glandium] 2011-10-10 02:19:41 PDT
Comment on attachment 565882 [details] [diff] [review]
Properly handle EOF in TokenStream::getAtSourceMappingURL on platforms with unsigned chars

Review of attachment 565882 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jsscan.cpp
@@ +1223,5 @@
>          tokenbuf.clear();
>  
>          jschar c;
>          while (!IsSpaceOrBOM2((c = getChar())) &&
>                 ((char) c) != '\0' &&

Note that this also looks wrong. It probably should be changed to c != 0 (or simply c)
Comment 6 Mike Hommey [:glandium] 2011-10-10 09:03:24 PDT
Created attachment 565952 [details] [diff] [review]
Properly handle EOF in TokenStream::getAtSourceMappingURL on platforms with unsigned chars
Comment 8 Marco Bonardo [::mak] (Away 6-20 Aug) 2011-10-11 02:40:25 PDT
https://hg.mozilla.org/mozilla-central/rev/3dfc425966f4
Comment 9 Mike Hommey [:glandium] 2011-10-11 06:14:56 PDT
Comment on attachment 565952 [details] [diff] [review]
Properly handle EOF in TokenStream::getAtSourceMappingURL on platforms with unsigned chars

I think there is a possibility of DoS on Android with sourceMappingURLs.
Comment 10 Mike Hommey [:glandium] 2011-10-12 07:15:35 PDT
http://hg.mozilla.org/releases/mozilla-aurora/rev/3ea3354a2d60

Note You need to log in before you can comment on or make changes to this bug.