Open Bug 714516 Opened 14 years ago Updated 3 years ago

ARM alignment trap caused by misaligned unions; fix provided

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Platform:
ARM
Linux
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: junkmailnotread, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Build ID: 20111220165912 Steps to reproduce: Alignment trap: plugin-containe (625) PC=0x40f17cbc Instr=0xe1c423f0 Address=0xbe8af2b4 FSR 0x813 After much digging I found the problem. The bug is in ipdl auto-generated files such as PLayers.h, in class definitions such as SpecificLayerAttributes: 1943 class SpecificLayerAttributes MOZ_FINAL <snip> 1971 union Value { 1972 char Vnull_t[sizeof(null_t)]; 1973 char VThebesLayerAttributes[sizeof(ThebesLayerAttributes)]; 1974 char VContainerLayerAttributes[sizeof(ContainerLayerAttributes)]; 1975 char VColorLayerAttributes[sizeof(ColorLayerAttributes)]; 1976 char VCanvasLayerAttributes[sizeof(CanvasLayerAttributes)]; 1977 char VImageLayerAttributes[sizeof(ImageLayerAttributes)]; 1978 }; Because it is composed entirely of char arrays, union Value has no alignment requirements despite needing to hold structures which do. For example, ContainerLayerAttributes contains a FrameMetrics, and FrameMetrics contains a PRUint64 (unsigned long long). As soon as such a 64-bit field is accessed (as it is in SpecificLayerAttributes::operator=() for example) ARM will throw an alignment fault. The fix is to force all instances of union Value on to the most restrictive boundary: 1971 union Value { 1972 char Vnull_t[sizeof(null_t)]; 1973 char VThebesLayerAttributes[sizeof(ThebesLayerAttributes)]; 1974 char VContainerLayerAttributes[sizeof(ContainerLayerAttributes)]; 1975 char VColorLayerAttributes[sizeof(ColorLayerAttributes)]; 1976 char VCanvasLayerAttributes[sizeof(CanvasLayerAttributes)]; 1977 char VImageLayerAttributes[sizeof(ImageLayerAttributes)]; 1978 } __attribute__ ((aligned (__BIGGEST_ALIGNMENT__))); This fixed fennec on my iPAQ hx4700 (armv5te). Alternatively (and more portably), union Value could include a long long, double, or whatever type is suitable (though how this could be determined I don't know). I don't know python so I can't provide a patch for the ipdl auto-generation code; I just hacked all the target header files which contained union Value. This bug may or may not be a duplicate of Bug 626635 (where I reported the above).
Hardware: x86_64 → ARM
Component: General → IPC
Product: Fennec Native → Core
QA Contact: general → ipc
Version: Firefox 11 → unspecified
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.