[Bug 604874] Re: firefox fails to build from source with Linaro toolchain

Wed, 28 Jul 2010 07:11:07 -0700 

Ok, so the immediate cause of the bug is that a global array is only
4-byte aligned, but the code silently assumes 8-byte alignment.

The problem triggers in jsatom.cpp:js_AtomizeString:

            return (JSAtom *) STRING_TO_JSVAL(JSString::unitString(c));

jsapi.h:STRING_TO_JSVAL uses the low 3 bits of the pointer value to
encode the type of the atom.  This works only if all pointers passed to
STRING_TO_JSVAL are guaranteed to be 8-byte aligned.

This is usually not a problem if the value is dynamically allocated.
But in this particular instance, JSString::unitString returns the
address of a global variable (jsstrinlines.h):

inline JSString *
JSString::unitString(jschar c)
{
    JS_ASSERT(c < UNIT_STRING_LIMIT);
    return &unitStringTable[c];
}

The array unitString Table is a static member of the JSString class
(jsstr.h):

    static JSString unitStringTable[];

The compiler assumes that the alignment requirement of that static
variable derive from the alignment requirement of the JSString type.
Since this type has only two members, a size_t and a union of two
pointer types, the total alignment requirement on a platform with 32-bit
pointers like ARM is 4 bytes.

As it so happens, in the build of the "js" executable with this compiler
and options, the variable does actually turn out to reside at an address
that is only 4-byte aligned, but not 8-byte aligned:

000cc034 d JSString::unitStringTable

It seems to me that this is not a compiler bug, just something that can
be triggered by random changes in the compiler ...

Interestingly enough, there is code in jsstr.h to ensure 8-byte
alignment for unitStringTable, but only on Solaris:

#ifdef __SUNPRO_CC
#pragma align 8 (__1cIJSStringPunitStringTable_, __1cIJSStringOintStringTable_)
#endif

    static JSString unitStringTable[];
    static JSString intStringTable[];
    static const char *deflatedIntStringTable[];

I guess it looks like a more generic fix for this problem is required.
It would be good to get some feedback from Firefox developers on how
this is supposed to work ...

-- 
firefox fails to build from source with Linaro toolchain
https://bugs.launchpad.net/bugs/604874
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to