RESOLVED FIXED 159880
JSC JIT Broken on ARMv7 Traditional (without Thumb2) 
https://bugs.webkit.org/show_bug.cgi?id=159880
Summary JSC JIT Broken on ARMv7 Traditional (without Thumb2)
Carlos Alberto Lopez Perez
Reported 2016-07-18 10:13:39 PDT
When building WebKitGTK+ for ARMv7 (armhf) with traditional ARM intruction set (-marm) instead of building with Thumb2 instruction set (-mthumb) the JSC JIT fails at run-time. It builds fine, but then any webpage with JavaScript will make the WebProcess crash. I have been able to reproduce this with 2.12.3. Not sure if its reproducible with current trunk, I will try to reproduce it there also. It seems that GNU/Linux armhf distributions build with Thumb2 (-mthumb) by default. At least on Debian the default toolchain (gcc compiler) is built with --with-mode=thumb on armhhf. Therefore the GTK+ ARM buildbot (that runs on Debian) is only testing the ARMv7 Thumb2 build. Related: https://bugzilla.yoctoproject.org/show_bug.cgi?id=9474
Attachments
Patch (2.07 KB, patch)
2016-07-19 09:10 PDT, Csaba Osztrogonác 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Alberto Lopez Perez
Comment 1 2016-07-18 20:25:33 PDT
It seems the issue is also reproducible on current trunk (tried with r203370). The command line jsc interpreter also crashes: root@raspberrypi3:~# jsc >>> 1 + 1 Segmentation fault Not sure if this only affects the GTK+ port or EFL/JSCOnly are also affected?
Tomas Popela
Comment 2 2016-07-19 02:32:43 PDT
(In reply to comment #1) > Not sure if this only affects the GTK+ port or EFL/JSCOnly are also affected? JSCOnly affected as well. Crashing with SIGILL, Illegal instruction. Also I cannot obtain anything useful from the backtrace.. Core was generated by `./jsc'. Program terminated with signal SIGILL, Illegal instruction. #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 592 ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp: No such file or directory. [Current thread is 1 (Thread 0xb2d6e220 (LWP 29498))] (gdb) bt full #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 vm = @0xb6fb5a28: <error reading variable> tracer = {<No data fields>} codeBlock = 0xb6fb5be0 #1 0xb60a347c in llint_entry () at ../../Source/JavaScriptCore/runtime/Butterfly.h:58 No symbol table info available. #2 0x00000000 in ?? () No symbol table info available. Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Csaba Osztrogonác
Comment 3 2016-07-19 03:10:34 PDT
(In reply to comment #2) > (In reply to comment #1) > > Not sure if this only affects the GTK+ port or EFL/JSCOnly are also affected? > > JSCOnly affected as well. Crashing with SIGILL, Illegal instruction. Also I > cannot obtain anything useful from the backtrace.. > > Core was generated by `./jsc'. > Program terminated with signal SIGILL, Illegal instruction. > #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at > ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 > 592 ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp: No such > file or directory. > [Current thread is 1 (Thread 0xb2d6e220 (LWP 29498))] > (gdb) bt full > #0 0xb62049ba in JSC::slow_path_enter (exec=0xb6fb5a28, pc=0xb6fb5be0) at > ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:592 > vm = @0xb6fb5a28: <error reading variable> > tracer = {<No data fields>} > codeBlock = 0xb6fb5be0 > #1 0xb60a347c in llint_entry () at > ../../Source/JavaScriptCore/runtime/Butterfly.h:58 > No symbol table info available. > #2 0x00000000 in ?? () > No symbol table info available. > Backtrace stopped: previous frame identical to this frame (corrupt stack?) Did you get it on ARMv7 hardware? Could you provide a disassembly near this illegal instruction?
Csaba Osztrogonác
Comment 4 2016-07-19 08:06:34 PDT
After digging it with Tomas, it seems we ran into a GNU gold linker bug: https://sourceware.org/bugzilla/show_bug.cgi?id=19410 I'm going to prepare a workaround to use the BFD linker on ARM.
Csaba Osztrogonác
Comment 5 2016-07-19 09:10:09 PDT
Created attachment 284011 [details] Patch
WebKit Commit Bot
Comment 6 2016-07-19 09:11:17 PDT
Attachment 284011 [details] did not pass style-queue: ERROR: Source/cmake/OptionsCommon.cmake:76: The parentheses after the last listitem "#if !defined(thumb2) && !defined(__thumb2__" should be in a new line. [list/parentheses] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Tomas Popela
Comment 7 2016-07-19 22:45:39 PDT
I can confirm that the patch provided by Ossy fixes the issue.
WebKit Commit Bot
Comment 8 2016-07-20 00:31:48 PDT
Comment on attachment 284011 [details] Patch Clearing flags on attachment: 284011 Committed r203446: <http://trac.webkit.org/changeset/203446>
WebKit Commit Bot
Comment 9 2016-07-20 00:31:52 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.