Closed Bug 832752 Opened 12 years ago Closed 12 years ago

pixman is not compatible with -mapcs-frame. (This causes B2G to segfault after unlocking the homescreen, when built with gcc4.6, -marm, -mapcs-frame)

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: justin.lebar+bug, Unassigned)

References

Details

Attachments

(1 file)

Patch, v1: Compile pixman without -mapcs-frame
957 bytes, patch
jrmuizel
: review+
glandium
: review+
Details | Diff | Splinter Review
This is similar to bug 832379, but a bit different. To summarize the situation: I need -marm -mapcs-frame for bug 831611. gcc 4.4 apparently mis-compiles the JS engine with -marm, but gcc 4.6 works fine. Unfortunately gcc 4.6 with -marm -mapcs-frame has a consistent crash when I unlock the homescreen. The stack appears to be JIT code: > Program received signal SIGSEGV, Segmentation fault. > 0x4195920c in ?? () > (gdb) bt > #0 0x4195920c in ?? () > #1 0x418fabfc in ?? () > #2 0x418aa980 in ?? () > #3 0x418ab64c in ?? () > #4 0x418c671c in ?? () > #5 0x418a3c24 in ?? () > #6 0x418908ec in ?? () > #7 0x417d5eb0 in ?? () > #8 0x417d86bc in ?? () > #9 0x417f600c in ?? () > #10 0x40bb119c in ?? () > #11 0x40ba88f0 in ?? () > #12 0x40bac2d4 in ?? () > #13 0x40c235c0 in ?? () > #14 0x40c237a0 in ?? () > #15 0x40bfc180 in ?? () > #16 0x40bfc9e4 in ?? () > #17 0x40bfcb38 in ?? () > #18 0x40c06d64 in ?? () > #19 0x40c06d8c in ?? () > #20 0x40bdd26c in ?? () > #21 0x41808204 in ?? () > #22 0x4180827c in ?? () > #23 0x41809b10 in ?? () > #24 0x00000000 in ?? () But unlike bug 832379, we pass all the JIT tests.
Hm, and the segfault only occurs with an opt build, of course. I wonder if this is yet another error in GCC.
Out of curiosity, can you x/40i $pc-80, and paste it? possibly x/40i $lr-80 as well. This should give a good idea of what on earth the jit was doing when it crashed. Since the top two stack frames appear to be in ARM mode, those should all be legit instructions (and gdb should decode them correctly by default)
> Program received signal SIGSEGV, Segmentation fault. > 0x4197a20c in ?? () > (gdb) bt > #0 0x4197a20c in ?? () > #1 0x4191bbfc in ?? () > #2 0x418cb980 in ?? () > #3 0x418cc64c in ?? () > #13 0x40c445c0 in ?? () > #14 0x40c447a0 in ?? () > #15 0x40c1d180 in ?? () > #16 0x40c1d9e4 in ?? () > #17 0x40c1db38 in ?? () > #18 0x40c27d64 in ?? () > #19 0x40c27d8c in ?? () > #20 0x40bfe26c in ?? () > #21 0x41829204 in ?? () > #22 0x4182927c in ?? () > #23 0x4182ab10 in ?? () > #24 0x00000000 in ?? () > (gdb) x/40i $pc-80 > 0x4197a1bc: sub r0, r9, #1 > 0x4197a1c0: ldr r9, [r1, #-92] ; 0x5c > 0x4197a1c4: str r0, [r1, #-136] ; 0x88 > 0x4197a1c8: mov r0, r7 > 0x4197a1cc: ldr r2, [r1, #-136] ; 0x88 > 0x4197a1d0: ldr r3, [r9, r2, lsl #2] > 0x4197a1d4: sub r9, r11, #24576 ; 0x6000 > 0x4197a1d8: sub r2, r11, #24576 ; 0x6000 > 0x4197a1dc: mov r10, r9 > 0x4197a1e0: sub r2, r2, #64 ; 0x40 > 0x4197a1e4: str r3, [r1, #-176] ; 0xb0 > 0x4197a1e8: sub r1, r11, #24576 ; 0x6000 > 0x4197a1ec: ldr r3, [r9, #-100] ; 0x64 > 0x4197a1f0: sub r1, r1, #72 ; 0x48 > 0x4197a1f4: ldr r9, [r9, #-176] ; 0xb0 > 0x4197a1f8: str r9, [r10, #-68] ; 0x44 > 0x4197a1fc: sub r10, r11, #44 ; 0x2c > 0x4197a200: str r9, [r10, r12] > 0x4197a204: sub r10, r11, #24576 ; 0x6000 > 0x4197a208: ldr r10, [r10, #-136] ; 0x88 > => 0x4197a20c: ldr r9, [r10, #-132] ; 0x84 > 0x4197a210: ldr r12, [r9, r10, lsl #2] > 0x4197a214: sub r9, r11, #44 ; 0x2c > 0x4197a218: str r4, [sp] > 0x4197a21c: sub r4, r11, #24576 ; 0x6000 > 0x4197a220: mov r10, #0 > 0x4197a224: str r10, [sp, #4] > 0x4197a228: str r12, [r4, #-60] ; 0x3c > 0x4197a22c: str r12, [r9, lr] > 0x4197a230: str r10, [sp, #8] > 0x4197a234: ldr r10, [r4, #-116] ; 0x74 > 0x4197a238: str r10, [sp, #12] > 0x4197a23c: bl 0x4198bee0 > 0x4197a240: sub r12, r11, #24576 ; 0x6000 > 0x4197a244: mov r3, #0 > 0x4197a248: mov r1, #1 > 0x4197a24c: ldr r0, [r12, #-116] ; 0x74 > 0x4197a250: ldr r2, [r12, #-168] ; 0xa8 > 0x4197a254: str r7, [sp] > 0x4197a258: str r3, [sp, #4] > (gdb) x/40i $lr-80 > 0xffff9f9c: Cannot access memory at address 0xffff9f9c > (gdb) info registers > r0 0xbeecffb0 -1091764304 > r1 0xbeecff94 -1091764332 > r2 0xbeecff9c -1091764324 > r3 0x40 64 > r4 0xc0 192 > r5 0x4a61c000 1247920128 > r6 0xa4000 671744 > r7 0xbeecffb0 -1091764304 > r8 0x4af5d000 1257623552 > r9 0xb2000000 -1308622848 > r10 0x13f 319 > r11 0xbeed5fdc -1091739684 > r12 0xffff9fe4 -24604 > sp 0xbeecff18 0xbeecff18 > lr 0xffff9fec -24596 > pc 0x4197a20c 0x4197a20c > cpsr 0x20000010 536870928 Obviously accessing r10 - 132 isn't going to end well. Is our mapcs-frame clobbering a register which the JIT assumes is callee-saved, perhaps?
I presume this is what you wanted with the |x/40i $lr - 80|? > (gdb) up > #1 0x4191bbfc in ?? () > (gdb) x/40i 0x4191bbfc - 80 > 0x4191bbac: str r3, [r11, #-80] ; 0x50 > 0x4191bbb0: ldr r3, [r4, #-12] > 0x4191bbb4: add r3, r6, r3 > 0x4191bbb8: rsb r3, r8, r3 > 0x4191bbbc: str r3, [r11, #-76] ; 0x4c > 0x4191bbc0: ldr r3, [r4, #-16] > 0x4191bbc4: str r3, [r11, #-72] ; 0x48 > 0x4191bbc8: ldr r3, [r4, #-12] > 0x4191bbcc: str r3, [r11, #-68] ; 0x44 > 0x4191bbd0: ldr r2, [r4, #-8] > 0x4191bbd4: ldr r3, [r4, #-16] > 0x4191bbd8: rsb r3, r3, r2 > 0x4191bbdc: str r3, [r11, #-64] ; 0x40 > 0x4191bbe0: ldr r2, [r4, #-4] > 0x4191bbe4: ldr r3, [r4, #-12] > 0x4191bbe8: add r4, r4, #16 > 0x4191bbec: rsb r3, r3, r2 > 0x4191bbf0: str r3, [r11, #-60] ; 0x3c > 0x4191bbf4: ldr r3, [r11, #-148] ; 0x94 > 0x4191bbf8: blx r3 > => 0x4191bbfc: ldr r3, [r11, #-144] ; 0x90 > 0x4191bc00: cmp r3, #0 > 0x4191bc04: sub r3, r3, #1 > 0x4191bc08: str r3, [r11, #-144] ; 0x90 > 0x4191bc0c: bne 0x4191bb78 > 0x4191bc10: b 0x4191b8c4 > 0x4191bc14: mov r0, r6 > 0x4191bc18: mov r7, r5 > 0x4191bc1c: bl 0x4195832c > 0x4191bc20: ldr r12, [r4, #100] ; 0x64 > 0x4191bc24: ldr r3, [r4, #96] ; 0x60 > 0x4191bc28: mov r2, #8192 ; 0x2000 > 0x4191bc2c: str r2, [r11, #-156] ; 0x9c > 0x4191bc30: str r12, [r11, #-180] ; 0xb4 > 0x4191bc34: ldr r12, [r6, #100] ; 0x64 > 0x4191bc38: str r3, [r11, #-160] ; 0xa0 > 0x4191bc3c: str r12, [r11, #-184] ; 0xb8 > 0x4191bc40: ldr r12, [r6, #96] ; 0x60 > 0x4191bc44: str r12, [r11, #-176] ; 0xb0 > 0x4191bc48: b 0x4191b86c
mjrosenb asked for more info about 0x4198bee0, which is called towards the bottom of the function in comment 3. > 0x4197a23c: bl 0x4198bee0 This is not from the same run as comment 3, but all the addresses are the same, afaict. > (gdb) x/40i 0x4198bee0 - 80 > 0x4198be90: vraddhn.i16 d30, q12, q13 > 0x4198be94: vqadd.u8 q0, q0, q14 > 0x4198be98: vqadd.u8 q1, q1, q15 > 0x4198be9c: vshll.i8 q15, d1, #8 > 0x4198bea0: vshll.i8 q14, d2, #8 > 0x4198bea4: vshll.i8 q3, d0, #8 > 0x4198bea8: vsri.16 q14, q15, #5 > 0x4198beac: vsri.16 q14, q3, #11 > 0x4198beb0: tst r0, #4 > 0x4198beb4: beq 0x4198bebc > 0x4198beb8: vst1.16 {d29}, [r1]! > 0x4198bebc: tst r0, #2 > 0x4198bec0: beq 0x4198becc > 0x4198bec4: vst1.16 {d28[2]}, [r1]! > 0x4198bec8: vst1.16 {d28[3]}, [r1]! > 0x4198becc: tst r0, #1 > 0x4198bed0: beq 0x4198bed8 > 0x4198bed4: vst1.16 {d28[1]}, [r1]! > 0x4198bed8: vpop {d8-d15} > 0x4198bedc: pop {r4, r5, r6, r7, r8, pc} > 0x4198bee0: mov r12, sp > 0x4198bee4: push {r4, r5, r6, r7, r8, r9} > 0x4198bee8: mov r7, #28 > 0x4198beec: ldm r12, {r4, r5, r6, r12} > 0x4198bef0: mul r7, r7, r6 > 0x4198bef4: sub r2, r2, r1 > 0x4198bef8: cmp r12, #0 > 0x4198befc: ble 0x4198c25c > 0x4198bf00: vdup.16 q12, r5 > 0x4198bf04: vdup.16 q13, r6 > 0x4198bf08: vdup.8 d28, r3 > 0x4198bf0c: vdup.8 d29, r4 > 0x4198bf10: vadd.i16 d25, d25, d26 > 0x4198bf14: cmp r12, #1 > 0x4198bf18: blt 0x4198bf64 > 0x4198bf1c: tst r0, #4 > 0x4198bf20: beq 0x4198bf64 > 0x4198bf24: vshr.u16 q15, q12, #8 > 0x4198bf28: vadd.i16 q12, q12, q13 > 0x4198bf2c: asr r3, r5, #16
I noticed when I ctrl-c my build, gdb doesn't translate any of the entries in the backtrace. So perhaps the assumption that this was JIT code was incorrect. It's not clear to me why gdb is unable to get symbols for the backtrace here, if we are in fact outside the JIT.
gdb's backtraces /do/ have symbols if I start b2g normally and then attach gdb to the existing process.
Backtrace with symbols below. Sorry for sending you on a snipe hunt here, Marty. I have no idea why I wasn't getting symbols with regular |./run-gdb.sh|; maybe -mapcs-frame messes something up. > #0 0x4195920c in fast_composite_scaled_bilinear_neon_8888_0565_pad_OVER (imp=<optimized out>, info=<optimized out>) at ../../../../../../ff-git2/src/gfx/cairo/libpixman/src/pixman-arm-neon.c:295 > #1 0x418fabfc in _moz_pixman_image_composite32 (op=<optimized out>, src=<optimized out>, mask=<optimized out>, dest=<optimized out>, src_x=0, src_y=10, mask_x=0, mask_y=0, dest_x=0, dest_y=0, width=640, height=920) at ../../../../../../ff-git2/src/gfx/cairo/libpixman/src/pixman.c:712 > #2 0x418aa980 in _composite_boxes (extents=0xbead5184, clip=0x0, antialias=CAIRO_ANTIALIAS_DEFAULT, boxes=0xbead53c8, pattern=0xbead56a8, op=CAIRO_OPERATOR_OVER, dst=0x4859c7a0) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo-image-surface.c:2995 > #3 _clip_and_composite_boxes (dst=0x4859c7a0, op=CAIRO_OPERATOR_OVER, src=0xbead56a8, boxes=0xbead53c8, antialias=CAIRO_ANTIALIAS_DEFAULT, extents=0xbead5184, clip=0x0) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo-image-surface.c:3034 > #4 0x418ab64c in _cairo_image_surface_paint (abstract_surface=0x4859c7a0, op=CAIRO_OPERATOR_OVER, source=0xbead56a8, clip=0x0) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo-image-surface.c:3282 > #5 0x418c671c in _cairo_surface_paint (clip=0xbead5680, source=0xbead56a8, op=CAIRO_OPERATOR_OVER, surface=0x4859c7a0) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo-surface.c:2109 > #6 _cairo_surface_paint (surface=0x4859c7a0, op=CAIRO_OPERATOR_OVER, source=0xbead56a8, clip=0xbead5680) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo-surface.c:2080 > #7 0x418a3c24 in _cairo_gstate_fill (gstate=0x42400e40, path=<optimized out>) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo-gstate.c:1285 > #8 0x418908ec in INT__moz_cairo_fill_preserve (cr=0x42400cc8) at ../../../../../../ff-git2/src/gfx/cairo/cairo/src/cairo.c:2459 > #9 0x417d5eb0 in gfxContext::Fill (this=0x47ea5120) at ../../../../ff-git2/src/gfx/thebes/gfxContext.cpp:304 > #10 0x417d86bc in gfxSurfaceDrawable::Draw (this=0x44451830, aContext=0x47ea5120, aFillRect=..., aRepeat=<optimized out>, aFilter=@0xbead5b18, aTransform=...) at ../../../../ff-git2/src/gfx/thebes/gfxDrawable.cpp:133 > #11 0x417f600c in gfxUtils::DrawPixelSnapped (aContext=0x47ea5120, aDrawable=0x44451830, aUserSpaceToImageSpace=..., aSubimage=<optimized out>, aSourceRect=..., aImageRect=..., aFill=..., aFormat=gfxASurface::ImageFormatARGB32, aFilter=gfxPattern::FILTER_GOOD, aImageFlags=0) at ../../../../ff-git2/src/gfx/thebes/gfxUtils.cpp:481 > #12 0x40bb119c in imgFrame::Draw (this=0x482929e0, aContext=0x47ea5120, aFilter=gfxPattern::FILTER_GOOD, aUserSpaceToImageSpace=<optimized out>, aFill=..., aPadding=..., aSubimage=..., aImageFlags=0) at ../../../../ff-git2/src/image/src/imgFrame.cpp:475 > #13 0x40ba88f0 in mozilla::image::RasterImage::DrawWithPreDownscaleIfNeeded (this=0x4951b860, aFrame=0x482929e0, aContext=0x47ea5120, aFilter=gfxPattern::FILTER_GOOD, aUserSpaceToImageSpace=..., aFill=..., aSubimage=...) at ../../../../ff-git2/src/image/src/RasterImage.cpp:3019 > #14 0x40bac2d4 in Draw (aFlags=8, aSubimage=..., aFill=..., aUserSpaceToImageSpace=..., aFilter=gfxPattern::FILTER_GOOD, aContext=0x47ea5120, this=0x4951b860) at ../../../../ff-git2/src/image/src/RasterImage.cpp:3093 > #15 mozilla::image::RasterImage::Draw (this=0x4951b860, aContext=0x47ea5120, aFilter=gfxPattern::FILTER_GOOD, aUserSpaceToImageSpace=..., aFill=..., aSubimage=..., aFlags=8) at ../../../../ff-git2/src/image/src/RasterImage.cpp:3031 > #16 0x40c235c0 in DrawImageInternal (aRenderingContext=<optimized out>, aImage=0x4951b860, aGraphicsFilter=gfxPattern::FILTER_GOOD, aDest=<optimized out>, aFill=..., aAnchor=..., aDirty=..., aImageSize=..., aImageFlags=8) at ../../../../ff-git2/src/layout/base/nsLayoutUtils.cpp:3945 > #17 0x40c237a0 in nsLayoutUtils::DrawBackgroundImage (aRenderingContext=0x45523be0, aImage=0x4951b860, aImageSize=..., aGraphicsFilter=gfxPattern::FILTER_GOOD, aDest=..., aFill=..., aAnchor=..., aDirty=..., aImageFlags=0) at ../../../../ff-git2/src/layout/base/nsLayoutUtils.cpp:4112 > #18 0x40bfc180 in nsImageRenderer::Draw (this=0xbead6088, aPresContext=<optimized out>, aRenderingContext=..., aDest=..., aFill=..., aAnchor=..., aDirty=...) at ../../../../ff-git2/src/layout/base/nsCSSRendering.cpp:4637 > #19 0x40bfc9e4 in nsCSSRendering::PaintBackgroundWithSC (aPresContext=0x47d31800, aRenderingContext=..., aForFrame=0x479ccc58, aDirtyRect=..., aBorderArea=..., aBackgroundSC=0x4950eae8, aBorder=..., aFlags=4, aBGClipRect=0x0, aLayer=0) at ../../../../ff-git2/src/layout/base/nsCSSRendering.cpp:2652 > #20 0x40bfcb38 in nsCSSRendering::PaintBackground (aPresContext=0x47d31800, aRenderingContext=..., aForFrame=0x479ccc58, aDirtyRect=..., aBorderArea=..., aFlags=4, aBGClipRect=0x0, aLayer=0) at ../../../../ff-git2/src/layout/base/nsCSSRendering.cpp:1562 > #21 0x40c06d64 in nsDisplayBackgroundImage::PaintInternal (this=0x441568b0, aBuilder=<optimized out>, aCtx=0x45523be0, aBounds=..., aClipRect=0x0) at ../../../../ff-git2/src/layout/base/nsDisplayList.cpp:2122 > #22 0x40c06d8c in nsDisplayBackgroundImage::Paint (this=<optimized out>, aBuilder=<optimized out>, aCtx=<optimized out>) at ../../../../ff-git2/src/layout/base/nsDisplayList.cpp:2108 #23 0x40bdd26c in mozilla::FrameLayerBuilder::DrawThebesLayer (aLayer=0x4431c000, aContext=0x47ea5120, aRegionToDraw=..., aRegionToInvalidate=..., aCallbackData=0xbead80f8) at ../../../../ff-git2/src/layout/base/FrameLayerBuilder.cpp:3341 > #24 0x41808204 in mozilla::layers::BasicThebesLayer::PaintBuffer (this=0x4431c000, aContext=<optimized out>, aRegionToDraw=<optimized out>, aExtendedRegionToDraw=..., aRegionToInvalidate=..., aDidSelfCopy=false, aCallback=0x40bdccd8 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*)>, aCallbackData=0xbead80f8) at ../../../../ff-git2/src/gfx/layers/basic/BasicThebesLayer.h:95 > #25 0x4180827c in mozilla::layers::BasicShadowableThebesLayer::PaintBuffer (this=0x4431c000, aContext=<optimized out>, aRegionToDraw=..., aExtendedRegionToDraw=<optimized out>, aRegionToInvalidate=..., aDidSelfCopy=false, aCallback=0x40bdccd8 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*)>, aCallbackData=0xbead80f8) at ../../../../ff-git2/src/gfx/layers/basic/BasicThebesLayer.cpp:403 > #26 0x41809b10 in mozilla::layers::BasicThebesLayer::PaintThebes (this=0x4431c000, aContext=0x4836d5f0, aMaskLayer=0x0, aCallback=0x40bdccd8 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*)>, aCallbackData=0xbead80f8, aReadback=0xbead6bf8) at ../../../../ff-git2/src/gfx/layers/basic/BasicThebesLayer.cpp:190 > #27 0x41809e64 in mozilla::layers::BasicShadowableThebesLayer::PaintThebes (this=0x4431c000, aContext=0x4836d5f0, aMaskLayer=0x0, aCallback=0x40bdccd8 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*)>, aCallbackData=0xbead80f8, aReadback=0xbead6bf8) at ../../../../ff-git2/src/gfx/layers/basic/BasicThebesLayer.cpp:307 > #28 0x41801fe4 in mozilla::layers::BasicLayerManager::PaintSelfOrChildren (this=0x47d97440, aPaintContext=..., aGroupTarget=0x4836d5f0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:821 > #29 0x4180235c in mozilla::layers::BasicLayerManager::PaintLayer (this=0x47d97440, aTarget=0x4836d5f0, aLayer=0x4431c000, aCallback=<optimized out>, aCallbackData=0xbead80f8, aReadback=0xbead6bf8) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:946 > #30 0x41802088 in mozilla::layers::BasicLayerManager::PaintSelfOrChildren (this=0x47d97440, aPaintContext=..., aGroupTarget=0x4836d5f0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:836 > #31 0x4180235c in mozilla::layers::BasicLayerManager::PaintLayer (this=0x47d97440, aTarget=0x4836d5f0, aLayer=0x4431bc00, aCallback=<optimized out>, aCallbackData=0xbead80f8, aReadback=0xbead6fe0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:946 > #32 0x41802088 in mozilla::layers::BasicLayerManager::PaintSelfOrChildren (this=0x47d97440, aPaintContext=..., aGroupTarget=0x4836d5f0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:836 > #33 0x4180235c in mozilla::layers::BasicLayerManager::PaintLayer (this=0x47d97440, aTarget=0x4836d5f0, aLayer=0x4431b800, aCallback=<optimized out>, aCallbackData=0xbead80f8, aReadback=0xbead73c8) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:946 > #34 0x41802088 in mozilla::layers::BasicLayerManager::PaintSelfOrChildren (this=0x47d97440, aPaintContext=..., aGroupTarget=0x4836d5f0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:836 > #35 0x4180235c in mozilla::layers::BasicLayerManager::PaintLayer (this=0x47d97440, aTarget=0x4836d5f0, aLayer=0x49541c00, aCallback=<optimized out>, aCallbackData=0xbead80f8, aReadback=0xbead77b0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:946 > #36 0x41802088 in mozilla::layers::BasicLayerManager::PaintSelfOrChildren (this=0x47d97440, aPaintContext=..., aGroupTarget=0x4836d5f0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:836 > #37 0x4180235c in mozilla::layers::BasicLayerManager::PaintLayer (this=0x47d97440, aTarget=0x4836d5f0, aLayer=0x49541000, aCallback=<optimized out>, aCallbackData=0xbead80f8, aReadback=0x0) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:946 > #38 0x41802d34 in mozilla::layers::BasicLayerManager::EndTransactionInternal (this=0x47d97440, aCallback=0x40bdccd8 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*)>, aCallbackData=0xbead80f8, aFlags=<optimized out>) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:590 > #39 0x41803170 in mozilla::layers::BasicShadowLayerManager::EndTransaction (this=0x47d97440, aCallback=0x40bdccd8 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*)>, aCallbackData=0xbead80f8, aFlags=mozilla::layers::LayerManager::END_NO_COMPOSITE) at ../../../../ff-git2/src/gfx/layers/basic/BasicLayerManager.cpp:1144 > #40 0x40c0ad0c in nsDisplayList::PaintForFrame (this=0xbead804c, aBuilder=0xbead80f8, aCtx=<optimized out>, aForFrame=<optimized out>, aFlags=13) at ../../../../ff-git2/src/layout/base/nsDisplayList.cpp:1169 > #41 0x40c0af4c in nsDisplayList::PaintRoot (this=0xbead804c, aBuilder=0xbead80f8, aCtx=0x0, aFlags=13) at ../../../../ff-git2/src/layout/base/nsDisplayList.cpp:1030 > #42 0x40c240d0 in nsLayoutUtils::PaintFrame (aRenderingContext=0x0, aFrame=0x4417c298, aDirtyRegion=<optimized out>, aBackstop=4294967295, aFlags=772) at ../../../../ff-git2/src/layout/base/nsLayoutUtils.cpp:1980 > #43 0x40c37a6c in PresShell::Paint (this=0x443699a0, aViewToPaint=0x46d6f790, aDirtyRegion=..., aFlags=<optimized out>) at ../../../../ff-git2/src/layout/base/nsPresShell.cpp:5400 > #44 0x40f8ff58 in ProcessPendingUpdatesForView (aView=0x46d6f790, this=0x46d7de20, aFlushDirtyRegion=<optimized out>) at ../../../../ff-git2/src/view/src/nsViewManager.cpp:402 > #45 nsViewManager::ProcessPendingUpdatesForView (this=0x46d7de20, aView=0x46d6f790, aFlushDirtyRegion=<optimized out>) at ../../../../ff-git2/src/view/src/nsViewManager.cpp:352 > #46 0x40c3f064 in nsRefreshDriver::Tick (this=<optimized out>, aNowEpoch=<optimized out>, aNowTime=...) at ../../../../ff-git2/src/layout/base/nsRefreshDriver.cpp:955 > #47 0x40c3f5d4 in TickDriver (now=<optimized out>, driver=<optimized out>, jsnow=1358891624915003) at ../../../../ff-git2/src/layout/base/nsRefreshDriver.cpp:164 > #48 Tick (this=<optimized out>) at ../../../../ff-git2/src/layout/base/nsRefreshDriver.cpp:156 > #49 mozilla::RefreshDriverTimer::TimerTick (aTimer=<optimized out>, aClosure=<optimized out>) at ../../../../ff-git2/src/layout/base/nsRefreshDriver.cpp:181 > #50 0x4176e494 in nsTimerImpl::Fire (this=0x45d4f5b0) at ../../../../ff-git2/src/xpcom/threads/nsTimerImpl.cpp:482 > #51 0x4176e5ec in nsTimerEvent::Run (this=<optimized out>) at ../../../../ff-git2/src/xpcom/threads/nsTimerImpl.cpp:565 > #52 0x4176adb8 in nsThread::ProcessNextEvent (this=0x40409880, mayWait=<optimized out>, result=0xbead878f) at ../../../../ff-git2/src/xpcom/threads/nsThread.cpp:627 > #53 0x4173711c in NS_ProcessNextEvent_P (thread=<optimized out>, mayWait=<optimized out>) at ../../../../ff-git2/src/xpcom/glue/nsThreadUtils.cpp:238 > #54 0x4152ddbc in mozilla::ipc::MessagePump::Run (this=0x40402400, aDelegate=0x4042d0c0) at ../../../../ff-git2/src/ipc/glue/MessagePump.cpp:117 > #55 0x417a2680 in MessageLoop::RunInternal (this=<optimized out>) at ../../../../ff-git2/src/ipc/chromium/src/base/message_loop.cc:215 > #56 0x417a281c in RunHandler (this=0x4042d0c0) at ../../../../ff-git2/src/ipc/chromium/src/base/message_loop.cc:208 > #57 MessageLoop::Run (this=0x4042d0c0) at ../../../../ff-git2/src/ipc/chromium/src/base/message_loop.cc:182 > #58 0x4146fb04 in nsBaseAppShell::Run (this=0x43222700) at ../../../../ff-git2/src/widget/xpwidgets/nsBaseAppShell.cpp:163 > #59 0x4136bc30 in nsAppStartup::Run (this=0x4325f400) at ../../../../../ff-git2/src/toolkit/components/startup/nsAppStartup.cpp:288 > #60 0x40a65f3c in XREMain::XRE_mainRun (this=0xbead89c4) at ../../../../ff-git2/src/toolkit/xre/nsAppRunner.cpp:3823 > #61 0x40a67968 in XREMain::XRE_main (this=0xbead89c4, argc=<optimized out>, argv=<optimized out>, aAppData=<optimized out>) at ../../../../ff-git2/src/toolkit/xre/nsAppRunner.cpp:3890 > #62 0x40a67b88 in XRE_main (argc=1, argv=0xbeadab74, aAppData=0x2ab48, aFlags=<optimized out>) at ../../../../ff-git2/src/toolkit/xre/nsAppRunner.cpp:4093 > #63 0x0000a32c in do_main (argv=0xbeadab74, argc=1) at ../../../../ff-git2/src/b2g/app/nsBrowserApp.cpp:164 > #64 main (argc=<optimized out>, argv=<optimized out>) at ../../../../ff-git2/src/b2g/app/nsBrowserApp.cpp:249
Assignee: general → nobody
Component: JavaScript Engine → General
Product: Core → Boot2Gecko
Version: Trunk → unspecified
Disabling -mapcs-frame in pixman fixes this crash, and with this the device seems to work (!).
Summary: B2G segfaults after unlocking the homescreen, when built with gcc4.6, -marm, -mapcs-frame → pixman is not compatible with -mapcs-frame. (This causes B2G to segfault after unlocking the homescreen, when built with gcc4.6, -marm, -mapcs-frame)
Attachment #705206 - Flags: review?(mh+mozilla)
Attachment #705206 - Flags: review?(mh+mozilla) → review+
Attachment #705206 - Flags: review?(jmuizelaar) → review+
https://hg.mozilla.org/mozilla-central/rev/baf15939cf45
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Interestingly, building for Thumb2 with GCC 4.4.3 and my patch to create APCS-like frames works fine, and perf gets reasonable stacks from the C code. It's (currently) exposed as a separate gcc option, so the change in comment #11 doesn't suppress it. However: the pixman asm code uses *all* the registers, including fp and lr, and I wonder if that might be related to the problems that were seen here. Just mentioning this in case things wind up breaking later on.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: