This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
- From: "fragabr at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 14 Jan 2015 02:18:24 +0000
- Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
- Auto-submitted: auto-generated
- References: <bug-64590-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590
--- Comment #3 from DÃniel Fraga <fragabr at gmail dot com> ---
(In reply to Andrew Pinski from comment #2)
> Also can you try without "-floop-interchange -floop-strip-mine -floop-block"
> Since those are part of Graphite which might be the cause of the bug rather
> than the vectorizer.
Hi Andrew, unfortunately I don't have a simplified testcase, since I don't know
exactly what's causing this.
I compiled without "-floop-interchange -floop-strip-mine -floop-block" and it
also segfaulted:
Assertion failure: !rt->isHeapBusy(), at
/home/fraga/src/mozilla/js/src/jsapi.cpp:176
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4538d0c in js::AssertHeapIsIdle (rt=<optimized out>) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:176
176 JS_ASSERT(!rt->isHeapBusy());
(gdb) bt
#0 0x00007ffff4538d0c in js::AssertHeapIsIdle (rt=<optimized out>) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:176
#1 0x00007ffff454da1d in AssertHeapIsIdle (rt=<optimized out>) at
../../dist/include/js/Value.h:1694
#2 AssertHeapIsIdle (cx=0x7fffffff7720) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:182
#3 JS_ValueToObject (cx=cx@entry=0x7fffffff7720, value=$jsval((JSObject *)
0x7fffdee21780 [object Proxy]), objp=..., objp@entry=0x0) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:385
#4 0x00007ffff27e244b in nsXPCComponents_Utils::EvalInSandbox (this=<optimized
out>, source=..., sandboxVal=$jsval((JSObject *) 0x7fffdee21780 [object
Proxy]), version=...,
filenameArg=..., lineNumber=0, cx=0x7fffffff7720, optionalArgc=64 '@',
retval=$jsval(6.9533335314284608e-310)) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCComponents.cpp:2635
#5 0x00007ffff22fb49e in NS_InvokeByIndex (that=<optimized out>,
methodIndex=<optimized out>, paramCount=<optimized out>, params=<optimized
out>)
at
/home/fraga/src/mozilla/xpcom/reflect/xptcall/md/unix/xptcinvoke_x86_64_unix.cpp:164
#6 0x00007ffff2826040 in Invoke (this=0x7fffffff7850) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:2370
#7 CallMethodHelper::Call (this=0x7fffffff7850) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1731
#8 0x00007ffff2823809 in XPCWrappedNative::CallMethod (ccx=...,
mode=mode@entry=XPCWrappedNative::CALL_METHOD) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1698
#9 0x00007ffff282b783 in XPC_WN_CallMethod (cx=0x7fffe66148c0, argc=<optimized
out>, vp=0x7fffffff7b50) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1288
#10 0x00007fffe67482e0 in ?? ()
#11 0x0000000000000000 in ?? ()
********************************************
I knew it wouldn't be related to Graphite since it will not crash if I compile
with Graphite and -march=nehalem.
Any hints?