Bug#674908: Testing with newer iceweasel
Jurij Smakov
jurij at wooyd.org
Sun Feb 3 17:24:45 UTC 2013
Hi Hideki,
I've tried the "release" version from mozilla.debian.net today:
jurij at debian:~$ dpkg -l | grep iceweasel
ii iceweasel 14.0.1-2 sparc Web browser based on Firefox
ii iceweasel-dbg 14.0.1-2 sparc debugging symbols for iceweasel
Unfortunately, it performs even worse than the current wheezy version,
crashing immediately on startup:
jurij at debian:~$ iceweasel
Xlib: extension "RANDR" missing on display ":1.0".
Bus error (core dumped)
Stack trace (first ten frames):
Core was generated by `/usr/lib/iceweasel/firefox-bin'.
Program terminated with signal 10, Bus error.
#0 PushOff (ss=0xffede2d8, off=3, op=JSOP_NAME, pc=0xefbe356a ";") at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp:1458
1458 /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp: No such file or directory.
(gdb) bt
#0 PushOff (ss=0xffede2d8, off=3, op=JSOP_NAME, pc=0xefbe356a ";") at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp:1458
#1 0xf768c3b8 in Decompile (ss=<optimized out>, pc=0xefbe356a ";", nb=10) at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp:5356
#2 0xf7695eec in DecompileCode (jp=0xebc43ac0, script=0xeed63d90, pc=0xefbe356a ";", len=10, pcdepth=1)
at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp:5423
#3 0xf7696138 in DecompileExpression (cx=0xf7922340, script=<optimized out>, fun=0xeed92260, pc=<optimized out>)
at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp:5829
#4 0xf76963ac in js_DecompileValueGenerator (cx=0xf7922340, spindex=<optimized out>, v=..., fallback=0x0)
at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsopcode.cpp:5718
#5 0xf75f32cc in DecompileValueGenerator (fallback=<optimized out>, v=..., spindex=1, cx=<optimized out>) at ../../../js/src/jsopcode.h:401
#6 js_ReportIsNullOrUndefined (cx=0xf7922340, spindex=1, v=..., fallback=0x0) at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jscntxt.cpp:770
#7 0xf7676118 in js_ValueToNonNullObject (cx=0xf7922340, v=...) at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsobj.cpp:5908
#8 0xf7648c70 in ValueToObject (v=..., cx=<optimized out>) at ../../../js/src/jsobj.h:1435
#9 GetPropertyOperation (vp=0xffede6b0, lval=..., pc=0xefbe3575 "\270", cx=0xf7922340)
at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsinterpinlines.h:243
#10 js::Interpret (cx=0xf7922340, entryFrame=0xf0e003e8, interpMode=js::JSINTERP_NORMAL)
at /build/buildd-iceweasel_14.0.1-2-sparc-jQxQ7a/iceweasel-14.0.1/js/src/jsinterp.cpp:2654
[...]
It is happening due to an unaligned store operation:
(gdb) disass
Dump of assembler code for function PushOff(SprintStack*, ptrdiff_t, JSOp, jsbytecode*):
0xf7688840 <+0>: save %sp, -96, %sp
0xf7688844 <+4>: ld [ %i0 + 0x28 ], %g1
0xf7688848 <+8>: ld [ %i0 + 0x1c ], %g2
0xf768884c <+12>: ld [ %g1 + 0x28 ], %g1
0xf7688850 <+16>: lduh [ %g1 + 0x56 ], %g3
0xf7688854 <+20>: lduh [ %g1 + 0x52 ], %g1
0xf7688858 <+24>: sub %g3, %g1, %g1
0xf768885c <+28>: cmp %g2, %g1
0xf7688860 <+32>: bcc,pn %icc, 0xf76888d0 <PushOff(SprintStack*, ptrdiff_t, JSOp, jsbytecode*)+144>
0xf7688864 <+36>: sll %g2, 2, %g1
0xf7688868 <+40>: ld [ %i0 + 0x10 ], %o7
0xf768886c <+44>: mov 0x35, %g3
0xf7688870 <+48>: ld [ %i0 + 0x14 ], %g4
0xf7688874 <+52>: cmp %i2, 0xe4
0xf7688878 <+56>: be,pn %icc, 0xf768888c <PushOff(SprintStack*, ptrdiff_t, JSOp, jsbytecode*)+76>
0xf768887c <+60>: st %i1, [ %o7 + %g1 ]
0xf7688880 <+64>: mov 0x37, %g3
0xf7688884 <+68>: cmp %i2, 0xe5
0xf7688888 <+72>: movne %icc, %i2, %g3
0xf768888c <+76>: stb %g3, [ %g4 + %g2 ]
0xf7688890 <+80>: mov %i0, %o0
0xf7688894 <+84>: inc %g2
0xf7688898 <+88>: ld [ %i0 + 0x18 ], %g3
0xf768889c <+92>: mov 3, %o1
=> 0xf76888a0 <+96>: st %i3, [ %g3 + %g1 ]
0xf76888a4 <+100>: st %g2, [ %i0 + 0x1c ]
0xf76888a8 <+104>: call 0xf7688760 <js::Sprinter::reserve(unsigned int)>
0xf76888ac <+108>: mov 1, %i0
0xf76888b0 <+112>: cmp %o0, 0
0xf76888b4 <+116>: be,pn %icc, 0xf76888dc <PushOff(SprintStack*, ptrdiff_t, JSOp, jsbytecode*)+156>
0xf76888b8 <+120>: nop
0xf76888bc <+124>: clrb [ %o0 ]
0xf76888c0 <+128>: clrb [ %o0 + 1 ]
0xf76888c4 <+132>: clrb [ %o0 + 2 ]
0xf76888c8 <+136>: rett %i7 + 8
0xf76888cc <+140>: nop
0xf76888d0 <+144>: ld [ %i0 ], %o0
0xf76888d4 <+148>: call 0xf78de654 <JS_ReportOutOfMemory at plt>
0xf76888d8 <+152>: clr %i0
0xf76888dc <+156>: rett %i7 + 8
0xf76888e0 <+160>: nop
End of assembler dump.
(gdb) info reg i3 g1 g3
i3 0xefbe356a -272747158
g1 0x4 4
g3 0xf1a5f02e -240783314
(gdb)
Either way, I assume that chances of new version getting into wheezy
at this point are pretty slim. For the current wheezy version I've
posted some analysis of the crash at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688086#10
Perhaps we should look into fixing the alignment issues of this code.
Best regards,
--
Jurij Smakov jurij at wooyd.org
Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC
More information about the pkg-mozilla-maintainers
mailing list