Segmentation fault in BaselineFrameInfo.h:91 when starting optimized Firefox or SeaMonkey clang builds

RESOLVED DUPLICATE of bug 860867

Status

()

Core
JavaScript Engine
--
major
RESOLVED DUPLICATE of bug 860867
5 years ago
5 years ago

People

(Reporter: Ian Neal, Unassigned)

Tracking

Trunk
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
STR
1/ Compile SeaMonkey from latest trunk on Fedora 18 x64 with clang and enable-optimizer="-O2 -gstabs+"
2/ Start SeaMonkey
3/ Select a profile

Expect Result
1/ SeaMonkey does not seg fault

Actual Rsult
1/ SeaMonkey seg faults

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffde6ff700 (LWP 19514)]
0x00007ffff5321f83 in peek (this=<optimized out>, index=<optimized out>, 
    index=<optimized out>, this=<optimized out>)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineFrameInfo.h:91
91	        return kind_;

backtrace is:
#0  0x00007ffff5321f83 in peek (this=<optimized out>, index=<optimized out>, 
    index=<optimized out>, this=<optimized out>)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineFrameInfo.h:91
#1  popn (this=<optimized out>, adjust=<optimized out>, n=<optimized out>, 
    this=<optimized out>, n=<optimized out>, adjust=<optimized out>)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineFrameInfo.h:234
#2  js::ion::BaselineCompiler::emitCall (this=0x7fffde6fb110)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineCompiler.cpp:2006
#3  0x00007ffff53185e8 in emit_JSOP_TABLESWITCH (this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>, this=<optimized out>, this=<optimized out>, 
    this=<optimized out>)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineCompiler.cpp:2014
#4  js::ion::BaselineCompiler::emitBody (this=0x7fffde6fb110)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineCompiler.cpp:585
#5  0x00007ffff5317b31 in js::ion::BaselineCompiler::compile (this=
    0x7fffde6fb110)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineCompiler.cpp:86
#6  0x00007ffff5213452 in BaselineCompile (cx=0x7ffff7d6ba60, script=...)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineJIT.cpp:218
#7  0x00007ffff52132ef in js::ion::CanEnterBaselineJIT (cx=0x7ffff7d6ba60, 
    scriptArg=<optimized out>, fp=<optimized out>, newType=<optimized out>)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineJIT.cpp:288
#8  0x00007ffff50b46b5 in js::RunScript (cx=0x7ffff7d6ba60, fp=0x7fffde0ff420)
    at /home/gizmo/central/comm-central/mozilla/js/src/jsinterp.cpp:348
#9  0x00007ffff50bda02 in js::Invoke (cx=0x7ffff7d6ba60, args=..., 
    construct=<optimized out>)
    at /home/gizmo/central/comm-central/mozilla/js/src/jsinterp.cpp:421
#10 0x00007ffff50bdd88 in js::Invoke (cx=0x7ffff7d6ba60, thisv=..., fval=..., 
    argc=<optimized out>, argv=<optimized out>, rval=0x7fffde6fc1a8)
    at /home/gizmo/central/comm-central/mozilla/js/src/jsinterp.cpp:454
#11 0x00007ffff51fea50 in js::ion::DoCallFallback (cx=0x7ffff7d6ba60, 
    frame=<optimized out>, stub=0x7fffe0140d20, argc=2, vp=0x7fffde6fc1f0, 
    res=...)
    at /home/gizmo/central/comm-central/mozilla/js/src/ion/BaselineIC.cpp:6855
#12 0x00007fffece0d323 in ?? ()
#13 0x00007fffde6fc248 in ?? ()
#14 0x00007fffde6fc1a8 in ?? ()
#15 0x00007fffde6fc210 in ?? ()
#16 0xfff9000000000000 in ?? ()
#17 0x00007ffff62579d0 in js::ion::DoCallNativeSetterInfo ()
   from /home/gizmo/central/sm-opt/mozilla/dist/bin/libxul.so
#18 0x00007fffddf3a9d0 in ?? ()
#19 0x00007fffece0f227 in ?? ()
#20 0x0000000000000502 in ?? ()
#21 0x00007fffde6fc258 in ?? ()
#22 0x00007fffe0140d20 in ?? ()
#23 0x0000000000000002 in ?? ()
#24 0x00007fffde6fc1f0 in ?? ()
#25 0xfffbffffdde51b80 in ?? ()
#26 0xfff9000000000000 in ?? ()
#27 0xfffbffffdde40980 in ?? ()
#28 0xfff9800000000001 in ?? ()
#29 0x00007fffde6fc2a0 in ?? ()
#30 0x00007fffe0140d20 in ?? ()
#31 0x00007fffece10438 in ?? ()
#32 0x0000000000000781 in ?? ()
#33 0xfff9800000000001 in ?? ()
#34 0xfffbffffdde40980 in ?? ()
#35 0xfff9000000000000 in ?? ()
#36 0xfffbffffdde51b80 in ?? ()
#37 0xfffbffffdde5c1c0 in ?? ()
#38 0x0000000000000095 in ?? ()
#39 0x0000000000000003 in ?? ()
#40 0x0000000000000078 in ?? ()
#41 0x00007fffdde4d100 in ?? ()
#42 0x00000000000000bf in ?? ()
#43 0x0000000000000005 in ?? ()
#44 0x00000000000000d4 in ?? ()
#45 0x0000000000000006 in ?? ()
#46 0x0000000000000000 in ?? ()

Note:
This does not seg fault in a debug build.
(Reporter)

Comment 1

5 years ago
Tested against Firefox built from the same trunk and also seg faults with the same backtrace.
Summary: Segmentation fault in BaselineFrameInfo.h:91 when starting optimized SeaMonkey build → Segmentation fault in BaselineFrameInfo.h:91 when starting optimized Firefox or SeaMonkey builds
(Reporter)

Comment 2

5 years ago
Tested using gcc rather than clang for building and it does not seg fault.
clang version 3.3 (trunk 181171)
Summary: Segmentation fault in BaselineFrameInfo.h:91 when starting optimized Firefox or SeaMonkey builds → Segmentation fault in BaselineFrameInfo.h:91 when starting optimized Firefox or SeaMonkey clang builds
(Reporter)

Comment 3

5 years ago
Works okay with clang 3.2, which is the current release, but 3.3 is due out in early June, so will test against that release to see if it still seg faults. For the moment dropping this to a major.
Severity: blocker → major
This looks like bug 860867. Can you verify that updating Clang 3.3 fixes the problem?
(Reporter)

Comment 5

5 years ago
(In reply to Jan de Mooij [:jandem] from comment #4)
> This looks like bug 860867. Can you verify that updating Clang 3.3 fixes the
> problem?

Well I've tested against Clang 3.4 and it did not have this issue but had another one which the developers fixed (http://llvm.org/bugs/show_bug.cgi?id=16143), so, yes, looks like a dupe (I wish there was a fixed upstream resolution).
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 860867
You need to log in before you can comment on or make changes to this bug.