[Webkit-unassigned] [Bug 38547] New: Solaris x86_64 - WTF_USE_JSVALUE64 problem - seg faults in Structure::Structure

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 4 14:09:37 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=38547

           Summary: Solaris x86_64 - WTF_USE_JSVALUE64 problem - seg
                    faults in Structure::Structure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Other
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P3
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: bkoehm at gmail.com


Created an attachment (id=55046)
 --> (https://bugs.webkit.org/attachment.cgi?id=55046)
patch to Platform.h to force use of WTF_USE_JSVALUE32

Problem: QtWebKit fails to work on Solaris x86_64.  Arora seg faults upon
startup in Structure::Structure.  QtWeb also fails.

I've tracked it down to the use of WTF_USE_JSVALUE64 in Platform.h.  It works
when WTF_USE_JSVALUE32 is explicitly set even though it's a x84_64 build.

I am working with the WebKit trunk, Subversion Revision: 58768 (although this
behavior also observed with QtWebKit 2.0 branch and WebKit bundled with the Qt
4.6.2 release).

Qt: 4.6.2
gcc (GCC) 4.5.0
GNU ld (GNU Binutils) 2.20.1.20100303
Kernel version: SunOS 5.10 Generic_141415-10

Configured with:
WebKitTools/Scripts/build-webkit --qt --system-malloc --makeargs="-j8" --debug

I specify --system-malloc because TCMalloc is causing seg faults in
FastMalloc.cpp on my platform so I have to avoid it.

gcc/g++ is using -m64 to produce 64bit objects.

Stack trace upon Arora startup:

[New Thread 1 (LWP 1)]
[New LWP    2        ]
[LWP    2         exited]
[New Thread 2        ]
ASSERTION FAILED: m_prototype.isObject() || m_prototype.isNull()
(../../../JavaScriptCore/runtime/Structure.cpp:244
JSC::Structure::Structure(JSC::JSValue, const JSC::TypeInfo&, unsigned int))

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1 (LWP 1)]
0xfffffd7ffe23faa2 in Structure (this=0x965740, prototype=..., typeInfo=...,
    anonymousSlotCount=0) at ../../../JavaScriptCore/runtime/Structure.cpp:244
244         ASSERT(m_prototype.isObject() || m_prototype.isNull());
(gdb) where
#0  0xfffffd7ffe23faa2 in Structure (this=0x965740, prototype=...,
    typeInfo=..., anonymousSlotCount=0)
    at ../../../JavaScriptCore/runtime/Structure.cpp:244
#1  0xfffffd7ffd512dc7 in JSC::Structure::create (prototype=..., typeInfo=...,
    anonymousSlotCount=0) at ../../../JavaScriptCore/runtime/Structure.h:66
#2  0xfffffd7ffd820192 in WebCore::JSDOMWindow::createStructure(JSC::JSValue)
    ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#3  0xfffffd7ffd820622 in
WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#4  0xfffffd7ffd82040f in
WebCore::JSDOMWindowShell::JSDOMWindowShell(WTF::PassRefPtr<WebCore::DOMWindow>,
WebCore::DOMWrapperWorld*) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#5  0xfffffd7ffd853c4c in
WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld*) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#6  0xfffffd7ffd854483 in
WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld*) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#7  0xfffffd7ffd811477 in
WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld*) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#8  0xfffffd7ffd81267f in WebCore::toJSDOMWindow(WebCore::Frame*,
WebCore::DOMWrapperWorld*) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#9  0xfffffd7ffdf41ed0 in QWebFrame::addToJavaScriptWindowObject(QString
const&, QObject*, QScriptEngine::ValueOwnership) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#10 0xfffffd7ffdf41e37 in QWebFrame::addToJavaScriptWindowObject(QString
const&, QObject*) ()
   from
/local2/users/buildjail/webkit-trunk/webkit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#11 0x0000000000481d16 in WebPage::addExternalBinding(QWebFrame*) ()
#12 0x00000000004829a4 in WebPage::WebPage(QObject*) ()
#13 0x000000000048a51a in WebView::WebView(QWidget*) ()
#14 0x000000000047b89c in TabWidget::makeNewTab(bool) ()
#15 0x0000000000458ed6 in BrowserMainWindow::BrowserMainWindow(QWidget*,
QFlags<Qt::WindowType>) ()
#16 0x000000000044cd4e in BrowserApplication::newMainWindow() ()
#17 0x00000000004d8a92 in main ()

Applied following patch for a work-around:

Index: JavaScriptCore/wtf/Platform.h
===================================================================
--- JavaScriptCore/wtf/Platform.h       (revision 58768)
+++ JavaScriptCore/wtf/Platform.h       (working copy)
@@ -890,6 +890,12 @@
 #define ENABLE_ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL 0
 #endif

+/* work around a problem where WebKit seg faults on Solaris x86_64 when
+ * WTF_USE_JSVALUE64 is in use */
+#if OS(SOLARIS) && CPU(X86_64)
+#define WTF_USE_JSVALUE32 1
+#endif
+
 #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) &&
!defined(WTF_USE_JSVALUE32_64)
 #if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS))) \
     || (CPU(IA64) && !CPU(IA64_32)) \

Arora now starts up and is able to browse web pages (tested with cnn.com and
mail.google.com).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list