159880 2016-07-18 10:13:39 -0700 JSC JIT Broken on ARMv7 Traditional (without Thumb2) 2016-07-20 00:31:52 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 108645 1 clopez ossy berto bugs-noreply commit-queue gustavo mario ossy tonikitoo tpopela zan oldest_to_newest 1212005 0 clopez 2016-07-18 10:13:39 -0700 When building WebKitGTK+ for ARMv7 (armhf) with traditional ARM intruction set (-marm) instead of building with Thumb2 instruction set (-mthumb) the JSC JIT fails at run-time. It builds fine, but then any webpage with JavaScript will make the WebProcess crash. I have been able to reproduce this with 2.12.3. Not sure if its reproducible with current trunk, I will try to reproduce it there also. It seems that GNU/Linux armhf distributions build with Thumb2 (-mthumb) by default. At least on Debian the default toolchain (gcc compiler) is built with --with-mode=thumb on armhhf. Therefore the GTK+ ARM buildbot (that runs on Debian) is only testing the ARMv7 Thumb2 build. Related: https://bugzilla.yoctoproject.org/show_bug.cgi?id=9474 1212252 1 clopez 2016-07-18 20:25:33 -0700 It seems the issue is also reproducible on current trunk (tried with r203370). The command line jsc interpreter also crashes: root@raspberrypi3:~# jsc >>> 1 + 1 Segmentation fault Not sure if this only affects the GTK+ port or EFL/JSCOnly are also affected? 1212314 2 tpopela 2016-07-19 02:32:43 -0700 (In reply to comment #1) > Not sure if this only affects the GTK+ port or EFL/JSCOnly are also affected? JSCOnly affected as well. Crashing with SIGILL, Illegal instruction. Also I cannot obtain anything useful from the backtrace.. Core was generated by `./jsc'. Program terminated with signal SIGILL, Illegal instruction. #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 592 ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp: No such file or directory. [Current thread is 1 (Thread 0xb2d6e220 (LWP 29498))] (gdb) bt full #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 vm = @0xb6fb5a28: <error reading variable> tracer = {<No data fields>} codeBlock = 0xb6fb5be0 #1 0xb60a347c in llint_entry () at ../../Source/JavaScriptCore/runtime/Butterfly.h:58 No symbol table info available. #2 0x00000000 in ?? () No symbol table info available. Backtrace stopped: previous frame identical to this frame (corrupt stack?) 1212319 3 ossy 2016-07-19 03:10:34 -0700 (In reply to comment #2) > (In reply to comment #1) > > Not sure if this only affects the GTK+ port or EFL/JSCOnly are also affected? > > JSCOnly affected as well. Crashing with SIGILL, Illegal instruction. Also I > cannot obtain anything useful from the backtrace.. > > Core was generated by `./jsc'. > Program terminated with signal SIGILL, Illegal instruction. > #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at > ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 > 592 ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp: No such > file or directory. > [Current thread is 1 (Thread 0xb2d6e220 (LWP 29498))] > (gdb) bt full > #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at > ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 > vm = @0xb6fb5a28: <error reading variable> > tracer = {<No data fields>} > codeBlock = 0xb6fb5be0 > #1 0xb60a347c in llint_entry () at > ../../Source/JavaScriptCore/runtime/Butterfly.h:58 > No symbol table info available. > #2 0x00000000 in ?? () > No symbol table info available. > Backtrace stopped: previous frame identical to this frame (corrupt stack?) Did you get it on ARMv7 hardware? Could you provide a disassembly near this illegal instruction? 1212366 4 ossy 2016-07-19 08:06:34 -0700 After digging it with Tomas, it seems we ran into a GNU gold linker bug: https://sourceware.org/bugzilla/show_bug.cgi?id=19410 I'm going to prepare a workaround to use the BFD linker on ARM. 1212384 5 284011 ossy 2016-07-19 09:10:09 -0700 Created attachment 284011 Patch 1212385 6 commit-queue 2016-07-19 09:11:17 -0700 Attachment 284011 did not pass style-queue: ERROR: Source/cmake/OptionsCommon.cmake:76: The parentheses after the last listitem "#if !defined(thumb2) && !defined(__thumb2__" should be in a new line. [list/parentheses] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style. 1212660 7 tpopela 2016-07-19 22:45:39 -0700 I can confirm that the patch provided by Ossy fixes the issue. 1212677 8 284011 commit-queue 2016-07-20 00:31:48 -0700 Comment on attachment 284011 Patch Clearing flags on attachment: 284011 Committed r203446: <http://trac.webkit.org/changeset/203446> 1212678 9 commit-queue 2016-07-20 00:31:52 -0700 All reviewed patches have been landed. Closing bug. 284011 2016-07-19 09:10:09 -0700 2016-07-20 00:31:48 -0700 Patch bug-159880-20160719090912.patch text/plain 2123 ossy U3VidmVyc2lvbiBSZXZpc2lvbjogMjAzNDA3CmRpZmYgLS1naXQgYS9Tb3VyY2UvY21ha2UvT3B0 aW9uc0NvbW1vbi5jbWFrZSBiL1NvdXJjZS9jbWFrZS9PcHRpb25zQ29tbW9uLmNtYWtlCmluZGV4 IGJkZjJhOWY1MGZkOGQ4Njc1YmRkMDAzMGRmNDYyNmE0M2E4ZGJmYjkuLmVhMDYwZGI2MmM0NDY1 MDY5MmEyNzFhYTEwNGU5MDBiMWJiMjMzYWEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9jbWFrZS9PcHRp b25zQ29tbW9uLmNtYWtlCisrKyBiL1NvdXJjZS9jbWFrZS9PcHRpb25zQ29tbW9uLmNtYWtlCkBA IC02OSwxMCArNjksMjkgQEAgZW5kaWYgKCkKIAogRVhQT1NFX1ZBUklBQkxFX1RPX0JVSUxEKFdU Rl9DUFVfQVJNNjRfQ09SVEVYQTUzKQogCitzZXQoQVJNX1RSQURJVElPTkFMX0RFVEVDVEVEIEZB TFNFKQoraWYgKFdURl9DUFVfQVJNKQorICAgIHNldChBUk1fVEhVTUIyX1RFU1RfU09VUkNFCisg ICAgIgorICAgICNpZiAhZGVmaW5lZCh0aHVtYjIpICYmICFkZWZpbmVkKF9fdGh1bWIyX18pCisg ICAgI2Vycm9yIFwiVGh1bWIyIGluc3RydWN0aW9uIHNldCBpc24ndCBhdmFpbGFibGVcIgorICAg ICNlbmRpZgorICAgIGludCBtYWluKCkge30KKyAgICIpCisKKyAgICBpbmNsdWRlKENoZWNrQ1hY U291cmNlQ29tcGlsZXMpCisgICAgQ0hFQ0tfQ1hYX1NPVVJDRV9DT01QSUxFUygiJHtBUk1fVEhV TUIyX1RFU1RfU09VUkNFfSIgQVJNX1RIVU1CMl9ERVRFQ1RFRCkKKyAgICBpZiAoTk9UIEFSTV9U SFVNQjJfREVURUNURUQpCisgICAgICAgIHNldChBUk1fVFJBRElUSU9OQUxfREVURUNURUQgVFJV RSkKKyAgICAgICAgIyBTZWUgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE1OTg4MCNjNCBmb3IgZGV0YWlscy4KKyAgICAgICAgbWVzc2FnZShTVEFUVVMgIkRpc2FibGlu ZyBHTlUgZ29sZCBsaW5rZXIsIGJlY2F1c2UgaXQgZG9lc24ndCBzdXBwb3J0IEFSTSBpbnN0cnVj dGlvbiBzZXQgcHJvcGVybHkuIikKKyAgICBlbmRpZiAoKQorZW5kaWYgKCkKKwogIyBVc2UgbGQu Z29sZCBpZiBpdCBpcyBhdmFpbGFibGUgYW5kIGlzbid0IGRpc2FibGVkIGV4cGxpY2l0bHkKIGlu Y2x1ZGUoQ01ha2VEZXBlbmRlbnRPcHRpb24pCiBDTUFLRV9ERVBFTkRFTlRfT1BUSU9OKFVTRV9M RF9HT0xEICJVc2UgR05VIGdvbGQgbGlua2VyIiBPTgotICAgICAgICAgICAgICAgICAgICAgICAi Tk9UIENYWF9BQ0NFUFRTX01GSVhfQ09SVEVYX0E1M184MzU3NjkiIE9GRikKKyAgICAgICAgICAg ICAgICAgICAgICAgIk5PVCBDWFhfQUNDRVBUU19NRklYX0NPUlRFWF9BNTNfODM1NzY5O05PVCBB Uk1fVFJBRElUSU9OQUxfREVURUNURUQiIE9GRikKIGlmIChVU0VfTERfR09MRCkKICAgICBleGVj dXRlX3Byb2Nlc3MoQ09NTUFORCAke0NNQUtFX0NfQ09NUElMRVJ9IC1mdXNlLWxkPWdvbGQgLVds LC0tdmVyc2lvbiBFUlJPUl9RVUlFVCBPVVRQVVRfVkFSSUFCTEUgTERfVkVSU0lPTikKICAgICBp ZiAoIiR7TERfVkVSU0lPTn0iIE1BVENIRVMgIkdOVSBnb2xkIikKZGlmZiAtLWdpdCBhL0NoYW5n ZUxvZyBiL0NoYW5nZUxvZwppbmRleCBjOWE2MzdkMTZkOTk5YmFkM2YzMWVlZDBiZjg3ODFlZjcw ZDNiZWMwLi45N2MwNGNmYzBlZTVkYjFiYWU2ZmM4YWUwZmYxMzZiODM2YzRhZmU4IDEwMDY0NAot LS0gYS9DaGFuZ2VMb2cKKysrIGIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTIgQEAKKzIwMTYtMDct MTkgIENzYWJhIE9zenRyb2dvbsOhYyAgPG9zc3lAd2Via2l0Lm9yZz4KKworICAgICAgICBKU0Mg SklUIEJyb2tlbiBvbiBBUk12NyBUcmFkaXRpb25hbCAod2l0aG91dCBUaHVtYjIpCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNTk4ODAKKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFNvdXJjZS9jbWFrZS9P cHRpb25zQ29tbW9uLmNtYWtlOiBVc2UgdGhlIEJGRCBsaW5rZXIgb24gQVJNIHRyYWRpdGlvbmFs IGJlY2F1c2Ugb2YgYSBnb2xkIGxpbmtlciBidWcuCisKIDIwMTYtMDctMTggIEFsZXhleSBQcm9z a3VyeWFrb3YgIDxhcEBhcHBsZS5jb20+CiAKICAgICAgICAgIm1ha2UgQVJDSFM9eDg2XzY0IiBm YWlscyB0byBidWlsZAo=