[Webkit-unassigned] [Bug 129992] New: JS engine completely broken on ia64

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 9 09:25:51 PDT 2014


https://bugs.webkit.org/show_bug.cgi?id=129992

           Summary: JS engine completely broken on ia64
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: emeric.maschino at gmail.com


Hi,

Starting up a WebKit-based application, e.g. GNOME Epiphany or Yelp, immediately segfaults.

Back in the WebKit 1.x days, patches for WebKit 1.8.1 on Debian were provided to fix JS engine on ia64 [1][2]. Sadly, it seems to me that these were never reported/merged upstream. They address three problems in WebKit JS engine.

[1st issue] On ia64, USE(JSVALUE64) is true. From the source code comment, JSVALUE64 path uses some sophisticated tricks in order to get everything in a 64-bits wide data type. As outlined there, this will work as long the high 16-bits of the addresses of any allocated memory are cleared. This is not always the case on ia64. A similar issue was fixed on Mozilla JS engine [3]. Original 01-ia64-wide-ptr patch against WebKit 1.8.1 [4] fixed this issue by defining a third JSVALUE64W option that was used on ia64 only. This path uses an encapsulated union without any trick for the variant data. As outlined by original author, this a portable but the data type is 128-bits wide and enabling JIT compiler isn't possible (note that ia64 doesn't have a JIT compiler).

[2nd issue] On ia64, and probably other arches too, caches are not coherent automatically. As such fast malloc implementation in Source/JavaScriptCore/wtf/FastMalloc.cpp is totally buggy. This was work-around by using system malloc instead in ia64-use-system-malloc patch [5].

[3rd issue] On Linux ia64, and probably other arches too, memory pages are not necessarily 4K. ia64 can have 4K, 8K, 16K or 64K memory pages. Most (all?) Linux ia64 distributions come with 16K memory pages. This was fixed in large-mem-page patch [6]. It's my understanding that this issue has also been fixed in bug #80615, but I may be wrong.

So, we're left with first two issues, unless second issue is no more valid nowadays.

Since original patch author no more wants to invest time on debugging WebKit, I've tried to port his work to WebKit 2.2.5, as it's the version we're trying to stabilize with GNOME 3.10 on Gentoo. It's not an easy task for me as (i) I'm not the original patch author so don't know what he's got in mind and (ii) I'm not a WebKit developer at all, so don't know how code has evolved or has been refactored since the Webkit 1.x days.

So, if a kind soul could have a look at the patches I'll post in this bugreport and give me advice to get WebKit JS engine fixed on ia64 or commonalize this work with other arches (is ia64 the only one using full 64-bit data path?), I would be really happy ;-)

     Émeric

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642750#96
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694971#5
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=589735
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=69;filename=01-ia64-wide-ptr.patch;att=1;bug=642750
[5] https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=69;filename=02-ia64-use-system-malloc.patch;att=2;bug=642750
[6] https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=large-mem-page.patch;att=1;bug=694971

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list