Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Servo crashes on launch with Rust nightly ≥ 2017-11-21 #19519

Closed
atouchet opened this issue Dec 8, 2017 · 33 comments
Closed

Servo crashes on launch with Rust nightly ≥ 2017-11-21 #19519

atouchet opened this issue Dec 8, 2017 · 33 comments

Comments

@atouchet
Copy link
Contributor

@atouchet atouchet commented Dec 8, 2017

Steps to reproduce:

  1. Run latest Servo nightly build.
  2. It crashes immediately.

Tested in Windows 10 with Browser.html.

@tigercosmos
Copy link
Collaborator

@tigercosmos tigercosmos commented Dec 8, 2017

macOS is fine.

@Vtec234
Copy link

@Vtec234 Vtec234 commented Dec 9, 2017

Same symptom (maybe different issue) on Linux x86_64. I attached glxinfo, gdb backtrace, and servo standard output.

gdbout.txt
glxinfo.txt
stdout.txt

@glennw
Copy link
Member

@glennw glennw commented Dec 10, 2017

I'm also seeing this on Linux. It only occurs on a release build, debug builds are fine.

The backtrace on Linux is in a GLX specific function, which suggests that either the Windows crash is different, or probably more likely, there is something else bad going on which happens to cause a crash in that location.

@glennw
Copy link
Member

@glennw glennw commented Dec 10, 2017

A bit more information:

gdb claims the function at the top of the stack is:

   7│ /* Runtime configuration options. */
   8│ const char      *je_malloc_conf
   9│ #ifndef _WIN32
  10├>    JEMALLOC_ATTR(weak)
  11│ #endif
Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x0000555556814694 in glutin::api::glx::ContextPrototype::finish ()
#2  0x0000555556819f8b in glutin::api::x11::window::Window::new ()
#3  0x000055555682376d in glutin::window::<impl glutin::WindowBuilder<'a>>::build ()
#4  0x00005555558501de in glutin_app::window::Window::new ()
#5  0x0000555555854112 in glutin_app::create_window ()
#6  0x000055555583384c in servo::main ()
#7  0x0000555557c1dc9f in panic_unwind::__rust_maybe_catch_panic () at /checkout/src/libpanic_unwind/lib.rs:101
#8  0x0000555557bfc7b4 in std::panicking::try<(),closure> () at /checkout/src/libstd/panicking.rs:459
#9  std::panic::catch_unwind<closure,()> () at /checkout/src/libstd/panic.rs:365
#10 std::rt::lang_start () at /checkout/src/libstd/rt.rs:58
#11 0x00007ffff53e01c1 in __libc_start_main (main=0x555555836f60 <main>, argc=2, argv=0x7fffffffe1d8, init=<optimised out>, fini=<o
ptimised out>, rtld_fini=<optimised out>, stack_end=0x7fffffffe1c8) at ../csu/libc-start.c:308
#12 0x000055555580904a in _start ()
@glennw
Copy link
Member

@glennw glennw commented Dec 11, 2017

git bisect says:

1a950d263a631c59534eb2c97e92348321e42d63 is the first bad commit
commit 1a950d263a631c59534eb2c97e92348321e42d63
Author: Simon Sapin <simon.sapin@exyr.org>
Date:   Mon Dec 4 10:54:32 2017 +0100

    Upgrade to rustc 1.24.0-nightly (5a2465e2b 2017-12-06)

:040000 040000 d601733798fce7fe1c0c03e2f6fe72246bcd10a6 f243bb0212a762d1ec20d61019e917c28df704d7 M	components
:040000 040000 7b489f43aac814900d9700ffe05b41269c0a0ff5 372707b8e4a3c3e178edc450c16d1770aea01d9f M	python
:100644 100644 45c170f9e3f44ac57d820d7a2783a9650f6998be 3e5d257a285b88adb0408a7d442c38dd15b3360a M	rust-toolchain

Assuming I bisected correctly, that is.

The crash only seems to occur when opening a real window - it runs fine in headless mode, which would explain why it got through CI OK.

cc @SimonSapin @jdm

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Dec 11, 2017

That commit updates the compiler from nightly-2017-11-14 to nightly-2017-12-07. Next step would be to bisect Rust Nightly versions. Unfortunately we don’t have a tool that I know of that does this, so that needs to be done by manually editing the rust-toolchain file.

@asajeffrey
Copy link
Member

@asajeffrey asajeffrey commented Dec 14, 2017

I'm seeing this too.

@asajeffrey
Copy link
Member

@asajeffrey asajeffrey commented Dec 14, 2017

rustc 2017-12-01 doesn't build:

error: Could not compile `style`.

Caused by:
  process didn't exit successfully: `rustc --crate-name style components/style/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 --cfg feature="arrayvec" --cfg feature="cssparser" --cfg feature="encoding_rs" --cfg feature="html5ever" --cfg feature="malloc_size_of" --cfg feature="serde" --cfg feature="servo" --cfg feature="servo_atoms" --cfg feature="servo_config" --cfg feature="servo_url" --cfg feature="style_traits" -C metadata=6da1d79af60184ce -C extra-filename=-6da1d79af60184ce --out-dir /home/ajeffrey/github/asajeffrey/servo/target/release/deps -L dependency=/home/ajeffrey/github/asajeffrey/servo/target/release/deps --extern precomputed_hash=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libprecomputed_hash-2aa787baa16786e4.rlib --extern itoa=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libitoa-1a4cfc77158a80f0.rlib --extern matches=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libmatches-5638082799422ff6.rlib --extern style_derive=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libstyle_derive-5c300f2ef61fe0ad.so --extern log=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/liblog-4fd0db9b9a5f64c6.rlib --extern time=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libtime-808e070882a5b9cb.rlib --extern euclid=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libeuclid-1d900c989ebd95d3.rlib --extern serde=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libserde-758633f3d611df3d.rlib --extern malloc_size_of=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libmalloc_size_of-d94e4e7f21b01395.rlib --extern itertools=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libitertools-c8dd6e7978a47f49.rlib --extern html5ever=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libhtml5ever-6bc2eaffba4ae2a4.rlib --extern smallvec=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libsmallvec-d392d906a3442253.rlib --extern fallible=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libfallible-0b191a8470393704.rlib --extern selectors=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libselectors-dde2814ba96529d5.rlib --extern num_integer=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libnum_integer-54a63a40876f77d9.rlib --extern uluru=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libuluru-87c77a98ae310453.rlib --extern servo_config=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libservo_config-552bfe2bc262d81c.rlib --extern owning_ref=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libowning_ref-1291d6f0bd341492.rlib --extern byteorder=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libbyteorder-8172261a4b6b04ab.rlib --extern lazy_static=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/liblazy_static-76308044f5b8e142.rlib --extern servo_arc=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libservo_arc-ac33ca7c7425460c.rlib --extern unicode_bidi=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libunicode_bidi-331c3abf45e8dde8.rlib --extern fnv=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libfnv-cc53f2f3594d9b39.rlib --extern cssparser=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libcssparser-1d8d506bde504480.rlib --extern malloc_size_of_derive=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libmalloc_size_of_derive-f40d81afc65a72f2.so --extern servo_atoms=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libservo_atoms-29ac76d7321ddd31.rlib --extern bitflags=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libbitflags-7da986d8e0bfe8b1.rlib --extern app_units=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libapp_units-e08b789630fc7c54.rlib --extern hashglobe=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libhashglobe-db27626f2d279397.rlib --extern encoding_rs=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libencoding_rs-5fb482f226ebf13d.rlib --extern atomic_refcell=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libatomic_refcell-625bcd5005a823be.rlib --extern arrayvec=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libarrayvec-352445ad602c20db.rlib --extern smallbitvec=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libsmallbitvec-7cf5d7af84fe3b6d.rlib --extern parking_lot=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libparking_lot-d415750559efde23.rlib --extern unicode_segmentation=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libunicode_segmentation-81aeda8d80cda820.rlib --extern num_traits=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libnum_traits-e6c7ab13c1a917de.rlib --extern rayon=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/librayon-e4d2829d2b5808d2.rlib --extern cfg_if=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libcfg_if-e05365400d52fb1c.rlib --extern ordered_float=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libordered_float-e8f826dc42990c25.rlib --extern servo_url=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libservo_url-92924203180ad803.rlib --extern style_traits=/home/ajeffrey/github/asajeffrey/servo/target/release/deps/libstyle_traits-594d026745030c42.rlib -C link-args=-fuse-ld=gold -W unused-extern-crates -L native=/home/ajeffrey/github/asajeffrey/servo/target/release/build/mozjs-fa072a669cd69a52/out/lib -L native=/home/ajeffrey/github/asajeffrey/servo/target/release/build/mozjs_sys-8348347fd130a027/out/js/src -L native=/usr/lib/x86_64-linux-gnu` (signal: 8, SIGFPE: erroneous arithmetic operation)
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Dec 14, 2017

This is likely rust-lang/rust#46519, which was introduced in rust-lang/rust#45225 (I think first in nightly-2017-11-20 first in nightly-2017-11-21) and fixed in rust-lang/rust#46521 (nightly-2017-12-07).

@asajeffrey
Copy link
Member

@asajeffrey asajeffrey commented Dec 14, 2017

Confirming that current master built with nightly 2017-11-14 doesn't have this problem.

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Dec 15, 2017

Unfortunately that didn’t help, I just built servo in release mode with the "alt" build of 1.24.0-nightly (5a2465e2b 2017-12-06) (a.k.a. nightly-2017-12-07, currently used in Servo master) without triggering an LLVM assertion.

bors-servo added a commit that referenced this issue Dec 15, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 16, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 17, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 18, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes work around #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 18, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes work around #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 18, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes work around #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 18, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes work around #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Dec 18, 2017
Downgrade to rustc nightly-2017-11-14

<!-- Please describe your changes on the following line: -->

This is causing nightly servo to crash with hardware acceleration.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes work around #19519
- [X] These changes do not require tests because testing requires AWS instances with GPUs.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19574)
<!-- Reviewable:end -->
@atouchet
Copy link
Contributor Author

@atouchet atouchet commented Dec 19, 2017

This was fixed.

@atouchet atouchet closed this Dec 19, 2017
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Dec 19, 2017

No it is not. We just reverted to an earlier version of the compiler. We still need to isolate the bug and file it upstream so that it can be properly fixed.

@SimonSapin SimonSapin reopened this Dec 19, 2017
@SimonSapin SimonSapin changed the title Latest Servo nightly build crashes on launch Servo crashes on launch with Rust Nigthly >= 2017-11-20 Dec 19, 2017
@atouchet atouchet changed the title Servo crashes on launch with Rust Nigthly >= 2017-11-20 Servo crashes on launch with Rust nightly >= 2017-11-20 Dec 19, 2017
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Dec 23, 2017

I didn’t manage to reproduce this on Linux with Intel GPU. Servo master compiled with nightly-2017-12-07 in release mode loaded a couple URLs without crashing.

bors-servo added a commit that referenced this issue Jan 4, 2018
[Do not merge] Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Do not merge (yet), as this might bring #19519 back.

Also blocked on rust-lang/rust#46906 (comment).

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Jan 5, 2018
[Do not merge] Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Do not merge (yet), as this might bring #19519 back.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Jan 5, 2018
[Do not merge] Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Do not merge (yet), as this might bring #19519 back.

Fixes #19635
Fixes #19637

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 8, 2018

I’ve managed to reproduce on my desktop machine. With nightly-2018-01-04 (#19683), in release mode with debug symbols enabled, gdb says that the stack at SIGSEGV as below.

This is on Ubuntu 17.10 with a Intel HD Graphics 630 (Kaby Lake GT2) GPU. The stack is the same (mentioning glutin::api::x11) whether I run a "GNOME" session (which I believe uses Wayland) or "GNOME on Xorg".

#0  0x0000000000000000 in ?? ()
#1  0x00005555578ef697 in glutin::api::x11::ffi::glx_extra::Glx::SwapIntervalEXT (interval=1, self=<optimized out>, 
    dpy=<optimized out>, drawable=<optimized out>)
    at /home/simon/servo/target/release/build/servo-glutin-3060eb57c723a788/out/glx_extra_bindings.rs:593
#2  glutin::api::glx::ContextPrototype::finish (self=ContextPrototype = {...}, window=27262978)
    at /home/simon/.cargo/registry/src/github.com-1ecc6299db9ec823/servo-glutin-0.13.1/src/api/glx/mod.rs:223
#3  0x00005555578f6ca0 in glutin::api::x11::window::Window::new (display=<optimized out>, 
    window_attrs=<optimized out>, pf_reqs=<optimized out>, opengl=<optimized out>)
    at /home/simon/.cargo/registry/src/github.com-1ecc6299db9ec823/servo-glutin-0.13.1/src/api/x11/window.rs:642
#4  0x00005555578fbeac in glutin::platform::platform::api_dispatch::Window::new (window=<optimized out>, 
    pf_reqs=<optimized out>, opengl=...)
    at /home/simon/.cargo/registry/src/github.com-1ecc6299db9ec823/servo-glutin-0.13.1/src/platform/linux/api_dispatch.rs:129
#5  glutin::window::<impl glutin::WindowBuilder<'a>>::build (self=WindowBuilder = {...})
    at /home/simon/.cargo/registry/src/github.com-1ecc6299db9ec823/servo-glutin-0.13.1/src/window.rs:232
#6  0x00005555558a237e in glutin_app::window::Window::new (is_foreground=<optimized out>, 
    window_size=TypedSize2D<u32, servo_geometry::DeviceIndependentPixel> = {...}, parent=core::option::Option::None)
    at ports/glutin/window.rs:273
#7  0x00005555558a0707 in glutin_app::create_window (parent=core::option::Option::None) at ports/glutin/lib.rs:48
#8  0x0000555555874757 in servo::main () at ports/servo/main.rs:147
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 8, 2018

With some whitespace added, the function for the #1 frame is:

#[inline]
pub unsafe fn SwapIntervalEXT(&self, dpy: *mut types::Display, drawable: types::GLXDrawable,
                              interval: __gl_imports::raw::c_int) -> () {
    __gl_imports::mem::transmute::<
        _,
        extern "system" fn(*mut types::Display, types::GLXDrawable, __gl_imports::raw::c_int) -> ()
    >(self.SwapIntervalEXT.f)(dpy, drawable, interval)
}

Since the #0 frame is 0x0000000000000000, it looks like we’re calling a null pointer as a function pointer, so it’s probably self.SwapIntervalEXT.f that’s null. However this SwapIntervalEXT field has type FnPtr and is created as below, so it looks like the f pointer should never be null.

        #[allow(dead_code, missing_copy_implementations)]
        #[derive(Clone)]
        pub struct FnPtr {
            /// The function pointer that will be used when calling the function.
            f: *const __gl_imports::raw::c_void,
            /// True if the pointer points to a real function, false if points to a `panic!` fn.
            is_loaded: bool,
        }

        impl FnPtr {
            /// Creates a `FnPtr` from a load attempt.
            fn new(ptr: *const __gl_imports::raw::c_void) -> FnPtr {
                if ptr.is_null() {
                    FnPtr {
                        f: missing_fn_panic as *const __gl_imports::raw::c_void,
                        is_loaded: false
                    }
                } else {
                    FnPtr { f: ptr, is_loaded: true }
                }
            }

After some gdb wrangling and squinting as disassembled code with nbp (thanks), the memory area that is probably self.SwapIntervalEXT is 0x0 0x7fffffff9601, which is consistent withFnPtr { f: ptr::null(), is_loaded: true } which FnPtr::new() would never produce.

I’ve also established that this bug is introduced or uncovered by rust-lang/rust#45225 [1], but struct FnPtr { f: *const c_void, is_loaded: bool } doesn’t involve uninhabited types or anything else whose memory layout might have changed.

[1] This crash does not occur with nightly-2017-11-20, which is immediately before that Rust PR was merged. Servo doesn’t build at that PR, but if I compile Rust at the merge commit of rust-lang/rust#45225 with rust-lang/rust#46521 (the build error fix) backported, I can then reproduce this crash.

@SimonSapin SimonSapin changed the title Servo crashes on launch with Rust nightly >= 2017-11-20 Servo crashes on launch with Rust nightly >= 2017-11-21 Jan 8, 2018
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 8, 2018

@eddyb Any idea how your memory layout changes in rust-lang/rust#45225 could cause FnPtr::f to become NULL in the code quoted above?

@eddyb
Copy link
Contributor

@eddyb eddyb commented Jan 9, 2018

@SimonSapin From what I've seen in the past, there's potentially some layout optimization going on "around" the struct in question, i.e. a type containing FnPtr.

Another possibility is the signature of FnPtr, at the LLVM IR level - it could have some accidental attributes that shouldn't be there.

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

This FnPtr value is in a Glx struct :

#[derive(Clone)]
pub struct Glx {
    pub ChooseFBConfig: FnPtr,
    // 36 other FnPtr fields
    pub SwapIntervalEXT: FnPtr,
    pub SwapIntervalSGI: FnPtr,
    pub UseXFont: FnPtr,
    pub WaitGL: FnPtr,
    pub WaitX: FnPtr,
    _priv: ()
}

At one point that struct cloned out of an Option<_>, passed by value as a parameter, and kept as a field of a larger struct before being used.

The IR contains

!3882 = !DIDerivedType(tag: DW_TAG_member, name: "ChooseFBConfig", scope: !3878, file: !2, baseType: !3883, size: 128, align: 64)
!3883 = !DICompositeType(tag: DW_TAG_structure_type, name: "FnPtr", scope: !3879, file: !2, size: 128, align: 64, elements: !3884, identifier: "d6efa958cbdab5062f3008eefb6f530f")
!3884 = !{!3885, !3887}
!3885 = !DIDerivedType(tag: DW_TAG_member, name: "f", scope: !3883, file: !2, baseType: !3886, size: 64, align: 64)
!3886 = !DIDerivedType(tag: DW_TAG_pointer_type, name: "*const std::os::raw::c_void", baseType: !160, size: 64, align: 64)
!3887 = !DIDerivedType(tag: DW_TAG_member, name: "is_loaded", scope: !3883, file: !2, baseType: !3888, size: 8, align: 8, offset: 64)
!3888 = !DIBasicType(name: "bool", size: 8, encoding: DW_ATE_boolean)
!3889 = !DIDerivedType(tag: DW_TAG_member, name: "ChooseVisual", scope: !3878, file: !2, baseType: !3883, size: 128, align: 64, offset: 128)

and later

!21353 = !DIDerivedType(tag: DW_TAG_member, name: "ChooseFBConfig", scope: !21350, file: !2, baseType: !21354, size: 128, align: 64)
!21354 = !DICompositeType(tag: DW_TAG_structure_type, name: "FnPtr", scope: !21351, file: !2, size: 128, align: 64, elements: !21355, identifier: "93bb23b996d87ed937224ca12cf3a54d")
!21355 = !{!21356, !21357}
!21356 = !DIDerivedType(tag: DW_TAG_member, name: "f", scope: !21354, file: !2, baseType: !3886, size: 64, align: 64)
!21357 = !DIDerivedType(tag: DW_TAG_member, name: "is_loaded", scope: !21354, file: !2, baseType: !3888, size: 8, align: 8, offset: 64)
!21358 = !DIDerivedType(tag: DW_TAG_member, name: "ChooseVisual", scope: !21350, file: !2, baseType: !21354, size: 128, align: 64, offset: 128)
// […]
!21394 = !DIDerivedType(tag: DW_TAG_member, name: "SwapIntervalEXT", scope: !21350, file: !2, baseType: !21354, size: 128, align: 64, offset: 4736)
@eddyb
Copy link
Contributor

@eddyb eddyb commented Jan 9, 2018

@SimonSapin Sorry, I meant to write "the signature of FnPtr::new", not sure how I messed that up. But also, it being wrapped in Option is very significant and likely the cause of the problem even though the niche would be the bool, not a raw pointer.

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

; glutin::api::egl::ffi::egl::FnPtr::new
; Function Attrs: nounwind readnone uwtable
define { i8*, i1 } @_ZN6glutin3api3egl3ffi3egl5FnPtr3new17h381a0c6cab4ff37bE(i8*) unnamed_addr #2 !dbg !35222 {
start:
  tail call void @llvm.dbg.value(metadata i8* %0, i64 0, metadata !35221, metadata !4955), !dbg !37651
  tail call void @llvm.dbg.value(metadata i8* %0, i64 0, metadata !15186, metadata !4955), !dbg !37652
  %1 = icmp eq i8* %0, null, !dbg !37654
  %.sink3 = select i1 %1, i8* bitcast (void ()* @_ZN6glutin3api3egl3ffi3egl16missing_fn_panic17he9e478322295adbdE to i8*), i8* %0, !dbg !37655
  %not. = xor i1 %1, true, !dbg !37655
  %2 = insertvalue { i8*, i1 } undef, i8* %.sink3, 0, !dbg !37656
  %3 = insertvalue { i8*, i1 } %2, i1 %not., 1, !dbg !37656
  ret { i8*, i1 } %3, !dbg !37656
}
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

We’re interested in glutin::api::x11::ffi::glx::FnPtr, not the egl one. Though it’s the same code generated multiple time, maybe the compiler deduplicates it?

@eddyb
Copy link
Contributor

@eddyb eddyb commented Jan 9, 2018

Well, that IR looks just fine to me, so it's probably some outer/earlier code to the point where it becomes NULL. What happens if you replace the bool with an u8 you encode false and true manually into?

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

I’ll try patching the build-dependency crate that generates this code to do that. Won’t there still be a niche in the padding (one pointer + one byte rounded up to two words) that Option could use, though?

@eddyb
Copy link
Contributor

@eddyb eddyb commented Jan 9, 2018

@SimonSapin Using padding for niches is not necessarily cheaper because now all padding everywhere must be always initialized (similar problem with Option<Option<(Box<T>, Box<U>)>>).

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

Ok, I see (re padding).

Changing the bool field to u8 does not seem to change anything. The stack at segfault in gdb is the same.

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

Partly-minimized test case:

extern crate glutin;

fn main() {
    glutin::WindowBuilder::new().with_vsync().build().unwrap();
}

With our https://crates.io/crates/servo-glutin fork.

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

The segfault disappears if I add #[inline(never)] to FnPtr::new.

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 9, 2018

Or if I make the glutin::api module public (???)

bors-servo added a commit that referenced this issue Jan 9, 2018
[Do not merge] Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Do not merge (yet), as this might bring #19519 back.

Fixes #19635
Fixes #19637

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Jan 9, 2018
[Do not merge] Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Do not merge (yet), as this might bring #19519 back.

Fixes #19635
Fixes #19637

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
@jonathandturner
Copy link

@jonathandturner jonathandturner commented Jan 9, 2018

Pinging @aturon so that it's on the Rust team's radar.

bors-servo added a commit that referenced this issue Jan 9, 2018
[Do not merge] Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Do not merge (yet), as this might bring #19519 back.

Fixes #19635
Fixes #19637

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
@eddyb
Copy link
Contributor

@eddyb eddyb commented Jan 10, 2018

This is brendanzab/gl-rs#438, a library bug.

@SimonSapin SimonSapin mentioned this issue Jan 10, 2018
1 of 5 tasks complete
@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Jan 10, 2018

Thanks to eddyb’s pointed questions we found the root cause. https://botbot.me/mozilla/rustc/2018-01-10/?msg=95583307&page=2

TL;DR: it’s a bug in gl_generator that’s already fixed upstream, we need to update it in a few crates: #19735.


The function pointer that is incorrectly null is earlier returned by:

pub unsafe fn GetProcAddress(&self, procName: *const types::GLubyte) -> types::__GLXextFuncPtr

with

pub type __GLXextFuncPtr = extern "system" fn();

This type definition is incorrect because fn() pointer types can never be null in Rust, but the value returned by GetProcAddress FFI can. rust-lang/rust#45225 made it know to the optimizer that fn() pointers are never null, so that with enough inlining and constant propagation, ((x: __GLXextFuncPtr) as *const c_void).is_null() is optimized to false. And so the "non-null" branch of FnPtr::new is taken even though the value in memory is actually null.

The fix is defining __GLXextFuncPtr as *mut something instead: brendanzab/gl-rs#444

bors-servo added a commit that referenced this issue Jan 10, 2018
Upgrade to rustc 1.24.0-nightly (0a3761e63 2018-01-03)

Fixes #19635
Fixes #19637
Fixes #19735
Fixes #19519

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/19683)
<!-- Reviewable:end -->
@atouchet atouchet changed the title Servo crashes on launch with Rust nightly >= 2017-11-21 Servo crashes on launch with Rust nightly ≥ 2017-11-21 Jan 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.