Closed
Bug 791462
Opened 12 years ago
Closed 12 years ago
IonMonkey: SIGILL in js::ion::Cannon on Snapdragon CPUs
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla18
People
(Reporter: scoobidiver, Assigned: mjrosenb)
References
Details
(4 keywords, Whiteboard: [native-crash][startupcrash][ion:p1:fx18])
Crash Data
Attachments
(1 file)
2.32 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
It first appeared in 18.0a1/20120915. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e5af3d785252&tochange=9fff2012b66c It's likely a regression from bug 789373. Signature js::ion::Cannon More Reports Search UUID 39a2278a-3db5-4697-8cb3-4d64c2120915 Date Processed 2012-09-15 13:58:12 Uptime 48 Last Crash 55 seconds before submission Install Age 1.8 minutes since version was first installed. Install Time 2012-09-15 13:56:10 Product FennecAndroid Version 18.0a1 Build ID 20120915030531 Release Channel nightly OS Linux OS Version 0.0.0 Linux 3.0.8+1.0.21100-30145-01956-g43358ca #1 SMP PREEMPT Mon Jul 30 13:29:45 2012 armv7l Build Architecture arm Build Architecture Info Crash Reason SIGILL Crash Address 0x7549fbec App Notes AdapterDescription: 'Qualcomm -- Adreno (TM) 220 -- OpenGL ES 2.0 2184622 -- Model: LT26i, Product: LT26i_1257-2015, Manufacturer: Sony Ericsson, Hardware: semc' EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ Sony Ericsson LT26i SEMC/LT26i_1257-2015/LT26i:4.0.4/6.1.A.2.45/0vd_zw:user/release-keys EMCheckCompatibility True Adapter Vendor ID Qualcomm Adapter Device ID Adreno (TM) 220 Device Sony Ericsson LT26i Android API Version 15 (REL) Android CPU ABI armeabi-v7a Frame Module Signature Source 0 @0x7549fbec 1 libxul.so js::ion::Cannon Ion.cpp:1325 2 libxul.so js::RunScript jsinterp.cpp:301 3 libxul.so js::InvokeGetterOrSetter jsinterp.cpp:378 4 libxul.so js_NativeGet jsscopeinlines.h:296 5 libxul.so js::NativeGet jsinterpinlines.h:175 6 libxul.so js::mjit::stubs::GetProp jsinterpinlines.h:268 7 libxul.so DisabledGetPropIC PolyIC.cpp:1971 8 libxul.so libxul.so@0xedb4a1 9 libxul.so libxul.so@0xf3ac4f 10 libxul.so js::mjit::JaegerShotAtSafePoint MethodJIT.cpp:1045 11 libxul.so js::Interpret jsinterp.cpp:1487 12 libxul.so js::RunScript jsinterp.cpp:324 13 libxul.so js::Invoke jsinterp.cpp:378 14 libxul.so JS_CallFunctionValue jsapi.cpp:5906 15 libxul.so mozilla::dom::workers::EventListenerManager::DispatchEvent EventListenerManager.cpp:405 16 libxul.so mozilla::dom::EventTargetBinding_workers::dispatchEvent EventTarget.h:52 17 libxul.so mozilla::dom::EventTargetBinding_workers::genericMethod EventTargetBinding.cpp:586 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Aion%3A%3ACannon
Reporter | ||
Comment 1•12 years ago
|
||
It's #1 top crasher in today's build.
tracking-firefox18:
--- → ?
Keywords: topcrash
Summary: crash in js::ion::Cannon → crash in js::ion::Cannon on custom kernels
Reporter | ||
Updated•12 years ago
|
Crash Signature: [@ js::ion::Cannon] → [@ js::ion::Cannon]
[@ arena_dalloc | __wrap_free | js::ion::Cannon ]
Reporter | ||
Updated•12 years ago
|
Crash Signature: [@ js::ion::Cannon]
[@ arena_dalloc | __wrap_free | js::ion::Cannon ] → [@ js::ion::Cannon]
[@ arena_dalloc | __wrap_free | js::ion::Cannon ]
[@ arena_dalloc | js::ion::Cannon]
[@ malloc_mutex_unlock | arena_dalloc | js::ion::Cannon]
[@ malloc_mutex_unlock | js::ion::Cannon]
Assignee | ||
Comment 2•12 years ago
|
||
js::ion::Cannon is just the entrypoint into IonMonkey. This just means we crashed *somewhere* in code generated by IonMonkey. I'm looking into it.
Assignee: general → mrosenberg
Thanks, Marty. This is causing a spike in the stability for the nightly.
Updated•12 years ago
|
Comment 4•12 years ago
|
||
Marty, I can repro this crash very easily just by opening this bug in Nightly. Let me know if there is anything I can do to help you with fixing this bug.
Updated•12 years ago
|
Keywords: reproducible
Updated•12 years ago
|
Summary: crash in js::ion::Cannon on custom kernels → IonMonkey: crash in js::ion::Cannon on custom kernels
Assignee | ||
Comment 5•12 years ago
|
||
AH-HAH! the issue is I emmitted |push sp|, wich the ARM spec has marked as "unpredictable" evidently on omap and tegra-based phones, that works fine on snapdragon-based phones, it raises SIGILL!
Updated•12 years ago
|
Whiteboard: [native-crash][startupcrash] → [native-crash][startupcrash][ion:p1:fx18]
Assignee | ||
Comment 7•12 years ago
|
||
That took a while. Turns out building fennec with 4 cores pegged at 800 mhz is much slower than when they are pegged at 2.3ghz
Attachment #663259 -
Flags: review?(dvander)
Comment on attachment 663259 [details] [diff] [review] /home/mrosenberg/patches/fix_qualcomm_push_sp-r0.patch Review of attachment 663259 [details] [diff] [review]: ----------------------------------------------------------------- sweeeeeet ::: js/src/ion/arm/Assembler-arm.h @@ +748,5 @@ > uint32 encode() { > return data; > } > + Register getBase() { > + return Register::FromCode((data >> 16) &0xf); nit: space after &
Attachment #663259 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 9•12 years ago
|
||
mostly landed on m-c: https://hg.mozilla.org/mozilla-central/rev/9ae014a115b2 I forgot to qrefresh after fixing the nit, so the nit is still in my queue. I'm planning on adding in that space after the m-i merge, since it seems kind of silly to push to m-c to fix a one character whitespace typo.
Comment 10•12 years ago
|
||
Comment on attachment 663259 [details] [diff] [review] /home/mrosenberg/patches/fix_qualcomm_push_sp-r0.patch Review of attachment 663259 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/ion/arm/Assembler-arm.cpp @@ +1377,1 @@ > JS_ASSERT(size == 32 || size == 8); When you push your nit patch, you might as well keep the opening paren of JS_ASSERT consistent between these two lines :)
SIGILL crashes from ion::Cannon have dropped off completely after the 9-20 build (yay), so I'm resolving this as fixed.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Summary: IonMonkey: crash in js::ion::Cannon on custom kernels → IonMonkey: SIGILL in js::ion::Cannon on Snapdragon CPUs
Updated•12 years ago
|
status-firefox18:
--- → fixed
Target Milestone: --- → mozilla18
You need to log in
before you can comment on or make changes to this bug.
Description
•