Bug 1321113 - jsc crash on s390x/ppc64
Summary: jsc crash on s390x/ppc64
Alias: None
Product: Fedora
Classification: Fedora
Component: webkitgtk4
Version: 24
Hardware: ppc64
OS: Linux
Target Milestone: ---
Assignee: Tomas Popela
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: PPCTracker
TreeView+ depends on / blocked
Reported: 2016-03-24 16:59 UTC by Ngo Than
Modified: 2017-01-07 13:37 UTC (History)
5 users (show)

Clone Of:
Last Closed: 2017-01-07 13:37:58 UTC

Attachments (Terms of Use)
patch fix the crash in jsc on ppc64/s390x (3.57 KB, patch)
2016-03-24 17:01 UTC, Ngo Than
no flags Details | Diff

Description Ngo Than 2016-03-24 16:59:29 UTC
jsc segfauts on s390x/powerpc. Simple reproduce this issue on ppc64/s390x
start jsc and type: print("hallo")

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Missing separate debuginfos, use: dnf debuginfo-install glib2- libgcc-6.0.0-0.16.fc24.ppc64 libstdc++-6.0.0-0.16.fc24.ppc64 pcre-8.38-11.fc24.ppc64
(gdb) bt
#0  0x0000000000000000 in  ()
#1  0x00003fffb7a2f1b4 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) ()
    at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/ppc64-redhat-linux-gnu/DerivedSources/JavaScriptCore/LLIntAssembly.h:899
#2  0x00003fffb7a2e794 in vmEntryToJavaScript() () at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/llint/LLIntThunks.cpp:104
#3  0x00003fffb7a1a728 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/jit/JITCode.cpp:80
#4  0x00003fffb7a1301c in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) ()
    at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/interpreter/Interpreter.cpp:972
#5  0x00003fffb7b7715c in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) ()
    at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/runtime/Completion.cpp:106
#6  0x0000000020011f28 in runJSC() () at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/jsc.cpp:1902
#7  0x0000000020011f28 in runJSC() () at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/jsc.cpp:2052
#8  0x00000000200128e8 in jscmain(int, char**) () at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/jsc.cpp:2101
#9  0x000000002000b730 in main() () at /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/Source/JavaScriptCore/jsc.cpp:1753
(gdb) p /home/than/rpmbuild/BUILD/webkitgtk-2.12.0/ppc64-redhat-linux-gnu/DerivedSources/JavaScriptCore/LLIntAssembly.h

It seems the wrong pagesize and loadisFromInstruction causes the crash on s390x/ppc64. I created a fix which resolves the crash. The patch will be attached in next comment.

Comment 1 Ngo Than 2016-03-24 17:01 UTC
Created attachment 1140057 [details]
patch fix the crash in jsc on ppc64/s390x

Comment 2 Michael Catanzaro 2016-11-18 18:06:27 UTC
(In reply to Ngo Than from comment #1)
> Created attachment 1140057 [details]
> patch fix the crash in jsc on ppc64/s390x

Hi, sorry for the delay in responding to this. Is this still broken? I do not want to carry architecture support patches downstream unless they have first been submitted upstream. Please see https://webkit.org/contributing-code/ for information on contributing code to WebKit. Once you have submitted this upstream, then let me know here and I can review it for inclusion.

Comment 3 Ngo Than 2016-11-28 12:12:47 UTC
yes it's still broken. if i remember correctly i already reported this to upstream last time. I will check and if it's not the case, i will submit it to upstream and let you know. Thanks

Comment 4 Dan Horák 2016-11-29 12:28:11 UTC
IIRC Tomas is aware of this issue too.

Comment 5 Tomas Popela 2016-11-29 12:41:31 UTC
I just know that it was/is indeed broken, but it needs to be retested as the JavaScriptCore codebase is changing quite a lot and it could be broken even more that it was.

Comment 6 Michael Catanzaro 2017-01-07 13:37:58 UTC
Hi, looking through these bugs again. This is an upstream bug, not a Fedora bug, so I don't want to keep it open here forever when it seems nobody is working to make JSC work on this architecture. You could report it upstream on bugzilla.webkit.org.

Note You need to log in before you can comment on or make changes to this bug.