Bug 128434

Summary: [GTK] [CMake] JavaScriptCore crashes in JSC::eval
Product: WebKit Reporter: Martin Robinson <mrobinson>
Component: WebKitGTKAssignee: Martin Robinson <mrobinson>
Status: RESOLVED FIXED    
Severity: Normal CC: bunhere, commit-queue, gyuyoung.kim, ossy, rakuco, sergio, zherczeg
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 128807    
Bug Blocks: 127777    
Attachments:
Description Flags
Patch
none
Patch andersca: review+

Martin Robinson
Reported 2014-02-07 19:08:59 PST
Looks like we need to extend a fix from other ports.
Attachments
Patch (2.49 KB, patch)
2014-02-07 19:12 PST, Martin Robinson 		no flags
DetailsFormatted DiffDiff
Patch (1.63 KB, patch)
2014-02-16 09:09 PST, Martin Robinson 		andersca: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Martin Robinson
Comment 1 2014-02-07 19:12:51 PST
Created attachment 223541 [details] Patch
Martin Robinson
Comment 2 2014-02-07 19:15:18 PST
Zoltan, do you mind reviewing this one?
Gyuyoung Kim
Comment 3 2014-02-08 18:53:24 PST
Comment on attachment 223541 [details] Patch efl ews look like wrong alarm. rs=me.
Martin Robinson
Comment 4 2014-02-13 19:30:39 PST
Comment on attachment 223541 [details] Patch Landed in http://trac.webkit.org/changeset/164090 .
Csaba Osztrogonác
Comment 5 2014-02-13 23:29:17 PST
Comment on attachment 223541 [details] Patch EWS doesn't lie ... It broke the EFL build as the EWS noticed. I think the fno-maybe-uninitialized option was overwritten.
Csaba Osztrogonác
Comment 6 2014-02-14 04:12:19 PST
build log: /mnt/buildbot/efl-linux-slave-1/efl-linux-64-release-wk1/build/Source/JavaScriptCore/runtime/JSArray.cpp: In member function ‘void JSC::JSArray::copyToArguments(JSC::ExecState*, JSC::CallFrame*, uint32_t)’: /mnt/buildbot/efl-linux-slave-1/efl-linux-64-release-wk1/build/Source/JavaScriptCore/runtime/JSArray.cpp:1543:6: error: ‘value.JSC::JSValue::u.JSC::EncodedValueDescriptor::asInt64’ may be used uninitialized in this function [-Werror=uninitialized] /mnt/buildbot/efl-linux-slave-1/efl-linux-64-release-wk1/build/Source/JavaScriptCore/runtime/JSArray.cpp:1543:6: error: ‘value.JSC::JSValue::u.JSC::EncodedValueDescriptor::asInt64’ may be used uninitialized in this function [-Werror=uninitialized] cc1plus: all warnings being treated as errors The problem was caused by the -fno-tree-dce option. Unfortunately this error message isn't so useful because of inline functions. (line 1543 is the first line of the copyToArguments() function) I played a little bit with this function and it seems the problem is near here: https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/runtime/JSArray.cpp#L1598 With commenting out this line, build works, so the build failure occured in this line. But unfortunately I have no idea how can it be uninitialized.
Martin Robinson
Comment 7 2014-02-16 09:09:05 PST
Created attachment 224319 [details] Patch
Martin Robinson
Comment 8 2014-02-16 09:11:18 PST
Okay. I reworked the patch to only apply to the GTK+ port. Thanks for the cleanup Ossy.
Martin Robinson
Comment 9 2014-02-16 09:11:18 PST
Okay. I reworked the patch to only apply to the GTK+ port. Thanks for the cleanup Ossy.
Csaba Osztrogonác
Comment 10 2014-02-17 08:54:47 PST
Comment on attachment 224319 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=224319&action=review > ChangeLog:9 > + * Source/cmake/OptionsGTK.cmake: Add -fno-omit-frame-pointer to all ports as well > + as -fno-tree-dce, like it is used in the autotools build. -fno-tree-dce is GTK only now, please fix the comment before landing.
Martin Robinson
Comment 11 2014-02-17 16:25:52 PST
Committed r164257: <http://trac.webkit.org/changeset/164257>
Note You need to log in before you can comment on or make changes to this bug.