Cross-built libjavascriptcore-3.0-0 (2.2.1-2) for armhf segfaults

Wilson Lian wlian at cs.ucsd.edu
Fri Nov 22 02:35:38 UTC 2013 

I pulled down the webkitgtk source package from testing and
cross-built it on amd64.  The shared library
(libjavascriptcoregtk-3.0.so.0.15.6) produced segfaults in JSC
heap-management code.  If I install the binary packages released by
Debian, the crash does not occur, and all is well.  I can't use the
pre-built binaries because I'm trying to experiment with JSC, so it's
necessary for me to be able to build (and re-build) the library from
scratch (at a shorter timescale than available by native compiling).

I modified the source package (Diff of debian/ directory is attached.)
to disable WebKit2 and GObject introspection and built with the
following dpkg-buildpackage line:
$ DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -aarmhf -b -d -us -uc -j7

Based on what I've observed, the this pointers for certain objects are
being corrupted, leading to the segfault.  The fact that swapping in
the pre-built library solves the problem suggests to me that
incompatible dependencies are not to blame. Any idea what's going on
here?

Sorry if I've left out any important info; please let me know, and
I'll provide it.

thanks,
Wilson

I'm testing the library using the dwb browser.
$ gdb dwb
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/dwb...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/dwb
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Gtk-Message: Failed to load module "canberra-gtk-module"
[New Thread 0xb2f8d280 (LWP 4910)]
[New Thread 0xb2669280 (LWP 4911)]
[New Thread 0xb1cff280 (LWP 4912)]
D-Bus-registration failed, using fallback mode

** (dwb:4843): WARNING **: The set_id method on WebKitDOMHTMLElement
is deprecated. Use the one in WebKitDOMElement instead.
[New Thread 0xb117e280 (LWP 4915)]
[New Thread 0xb04cf280 (LWP 4916)]
[New Thread 0xaf927280 (LWP 4919)]
[Thread 0xb04cf280 (LWP 4916) exited]

** (dwb:4843): WARNING **: webkit_dom_node_has_attributes: this
functionality has been removed from WebKit, this function does
nothing.

** (dwb:4843): WARNING **: webkit_dom_node_has_attributes: this
functionality has been removed from WebKit, this function does
nothing.

** (dwb:4843): WARNING **: webkit_dom_node_has_attributes: this
functionality has been removed from WebKit, this function does
nothing.
[New Thread 0xb04cf280 (LWP 4920)]
[New Thread 0xaebe7280 (LWP 4921)]
[New Thread 0xae3e7280 (LWP 4922)]
[New Thread 0xadbe7280 (LWP 4923)]
[New Thread 0xad3e7280 (LWP 4924)]
[New Thread 0xacbe7280 (LWP 4925)]
[New Thread 0xac3e7280 (LWP 4926)]
[New Thread 0xabbe7280 (LWP 4927)]
[Thread 0xad3e7280 (LWP 4924) exited]
[Thread 0xaebe7280 (LWP 4921) exited]
[Thread 0xae3e7280 (LWP 4922) exited]
[Thread 0xacbe7280 (LWP 4925) exited]
[Thread 0xabbe7280 (LWP 4927) exited]

Program received signal SIGSEGV, Segmentation fault.
ruleOut (bits=2993520640, this=0x10) at
../Source/JavaScriptCore/heap/TinyBloomFilter.h:60
60    if ((bits & m_bits) != bits)

(gdb) bt
#0  ruleOut (bits=2993520640, this=0x10) at
../Source/JavaScriptCore/heap/TinyBloomFilter.h:60
#1  contains (block=0xb26d8000, this=0x0) at
../Source/JavaScriptCore/heap/CopiedSpaceInlines.h:40
#2  contains (result=<synthetic pointer>, ptr=0xb26dd574, this=0x0) at
../Source/JavaScriptCore/heap/CopiedSpaceInlines.h:46
#3  pinIfNecessary (opaquePointer=0xb26dd574, this=0x0) at
../Source/JavaScriptCore/heap/CopiedSpaceInlines.h:81
#4  genericAddPointer<JSC::DummyMarkHook> (markHook=..., filter=...,
p=0xb26dd574, this=0xbeffee9c)
    at ../Source/JavaScriptCore/heap/ConservativeRoots.cpp:70
#5  JSC::ConservativeRoots::genericAddSpan<JSC::DummyMarkHook>
(this=0xbeffee9c, begin=<optimized out>, end=0xbeffee48,
    markHook=...) at ../Source/JavaScriptCore/heap/ConservativeRoots.cpp:103
#6  0xb5743f46 in JSC::ConservativeRoots::add (this=<optimized out>,
begin=<optimized out>, end=<optimized out>)
    at ../Source/JavaScriptCore/heap/ConservativeRoots.cpp:114
#7  0xb574b686 in JSC::MachineThreads::gatherFromCurrentThread
(this=this at entry=0xb26dd668, conservativeRoots=...,
    stackCurrent=0xbeffee94) at
../Source/JavaScriptCore/heap/MachineStackMarker.cpp:258
#8  0xb574b76e in JSC::MachineThreads::gatherConservativeRoots
(this=0xb26dd668, conservativeRoots=...,
    stackCurrent=<optimized out>) at
../Source/JavaScriptCore/heap/MachineStackMarker.cpp:475
#9  0xb5747aa8 in JSC::Heap::markRoots (this=this at entry=0xb26d9010) at
../Source/JavaScriptCore/heap/Heap.cpp:456
#10 0xb5749026 in JSC::Heap::collect (this=0xb26d9010,
sweepToggle=JSC::Heap::DoSweep)
    at ../Source/JavaScriptCore/heap/Heap.cpp:760
#11 0xb60bd2da in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#12 0xb60bd2da in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debiandir.patch
Type: text/x-patch
Size: 11887 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20131121/c2a7f634/attachment.bin>

More information about the Pkg-webkit-maintainers mailing list