search

servo / servo

Servo, the embeddable, independent, memory-safe, modular, parallel web rendering engine
https://servo.org
Mozilla Public License 2.0
28.48k stars 3.04k forks source link

Access violation when backtracing a JS error on the Hololens 2 #27045

Closed KallynGowdy closed 4 years ago

KallynGowdy commented 4 years ago

Details

With this patch applied, it appears that there is some sort of crash that occurs on Windows ARM64 devices when an exception triggers the js_backtrace build feature. (Hololens 2)

It happens as the result of attempting to get a JS stacktrace via the capture_stack macro.

The actual crash is an access violation due attempting to write to NULL. The code is specified in mozjs here. I believe it is likely that this crash is actually caused by a failed assertion, but there were no debug logs indicating such so I am unaware as to what the assertion may be.

The stack trace indicates that mozjs::js::SavedStacks::insertFrames() is the culprit, and some tracing seems to indicate that this assertion is failing. Maybe some program counter is not getting set or maybe there's some race condition? I'm not sure but it seems like an issue with mozjs.

I tried builds on MacOS, the Hololens 2 emulator, and Hololens 2, but it only crashed on the Hololens 2. This may be an indication of an issue specific to ARM64.

Reproduction steps:

  1. Make a build on Windows for the Hololens 2.
    • This is the command I used: C:\Python27\python.exe mach build -d --uwp --win-arm64 --features js_backtrace
  2. Open the project in Visual Studio.
  3. Change the default URL in DefaultUrl.h to "http://yeticgi.casualos.com/?story=test1&pagePortal=home".
    • Note the lack of HTTPS. There's a separate issue that causes a websocket error. Was trying to debug when I ran into this issue.
    • The same issue occurs if you load from a build of this this repository. Follow the instructions in DEVELOPERS.md if you do.
  4. Run on the Hololens 2 via Visual Studio.
    • If the default URL doesn't take effect, you may have to uninstall the app from the Hololens 2 and reinstall.
  5. Wait for it to load and stop at a breakpoint for SavedStacks.cpp.
    • It will say the source cannot be found but its actually because the breakpoint doesn't have a related line in the source code.
    • If you continue then it will run into the access violation exception.

Extra details:

Error message:

Unfortunately, this is the extent of the error message that was written to the debug log.

Exception thrown at 0x00007FFBCDD16784 (simpleservo.dll) in ServoApp.exe: 0xC0000005: Access violation writing location 0x0000000000000000.

The full debug log is available below.

Stack Trace: This is the full stack trace that was available in Visual Studio at the time that the exception was created.

simpleservo.dll!MOZ_NoReturn(int aLine) Line 236
    at E:\Projects\Yeti\servo\target\aarch64-uwp-windows-msvc\debug\build\mozjs_sys-aa48eb6c20c205d4\out\build\dist\include\mozilla\Assertions.h(236)
simpleservo.dll!js::SavedStacks::insertFrames(JSContext * cx, JS::MutableHandle<js::SavedFrame *> frame, mozilla::Variant<JS::AllFrames,JS::MaxFrames,JS::FirstSubsumedFrame> && capture) Line 0
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\SavedStacks.cpp(0)
simpleservo.dll!js::SavedStacks::saveCurrentStack(JSContext * cx, JS::MutableHandle<js::SavedFrame *> frame, mozilla::Variant<JS::AllFrames,JS::MaxFrames,JS::FirstSubsumedFrame> && capture) Line 1292
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\SavedStacks.cpp(1292)
simpleservo.dll!JS::CaptureCurrentStack(JSContext * cx, JS::MutableHandle<JSObject *> stackp, mozilla::Variant<JS::AllFrames,JS::MaxFrames,JS::FirstSubsumedFrame> && capture) Line 5926
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\jsapi.cpp(5926)
simpleservo.dll!mozjs::rust::CapturedJSStack::new(mozjs::rust::RootedGuard<mut mozjs_sys::generated::root::JSObject*> cx, core::option::Option<u32> guard) Line 1337
    at E:\.cargo\git\checkouts\rust-mozjs-8611526964119dd6\28248e1\src\rust.rs(1337)
simpleservo.dll!script::dom::bindings::error::throw_dom_exception(script::script_runtime::JSContext cx, script::dom::globalscope::GlobalScope * global, script::dom::bindings::error::Error result) Line 114
    at E:\Projects\Yeti\servo\components\script\dom\bindings\error.rs(114)
simpleservo.dll!script::dom::bindings::codegen::Bindings::URLBinding::URLBinding::_constructor::{{closure}}::{{closure}}(script::dom::bindings::codegen::Bindings::URLBinding::URLBinding::_constructor::{{closure}}::closure-0 *) Line 2079
    at E:\Projects\Yeti\servo\target\aarch64-uwp-windows-msvc\debug\build\script-850361cbc8173e5f\out\Bindings\URLBinding.rs(2079)
simpleservo.dll!script::dom::bindings::codegen::Bindings::URLBinding::URLBinding::_constructor::{{closure}}(script::dom::bindings::codegen::Bindings::URLBinding::URLBinding::_constructor::closure-0 *) Line 2042
    at E:\Projects\Yeti\servo\target\aarch64-uwp-windows-msvc\debug\build\script-850361cbc8173e5f\out\Bindings\URLBinding.rs(2042)
simpleservo.dll!core::ops::function::impls::{{impl}}::call_once<(),FnMut<()>>(core::ops::function::mut FnMut<()>* self) Line 286
    at C:\Users\kally\.rustup\toolchains\nightly-2020-05-15-x86_64-pc-windows-msvc\lib\rustlib\src\rust\src\libcore\ops\function.rs(286)
simpleservo.dll!std::panic::{{impl}}::call_once<(),mut FnMut<()>*>(std::panic::AssertUnwindSafe<mut FnMut<()>*> self) Line 319
    at C:\Users\kally\.rustup\toolchains\nightly-2020-05-15-x86_64-pc-windows-msvc\lib\rustlib\src\rust\src\libstd\panic.rs(319)
simpleservo.dll!std::panicking::try::do_call<std::panic::AssertUnwindSafe<mut FnMut<()>*>,()>(unsigned char * data) Line 299
    at C:\Users\kally\.rustup\toolchains\nightly-2020-05-15-x86_64-pc-windows-msvc\lib\rustlib\src\rust\src\libstd\panicking.rs(299)
[External Code]
simpleservo.dll!std::panicking::try<(),std::panic::AssertUnwindSafe<mut FnMut<()>*>>(std::panic::AssertUnwindSafe<mut FnMut<()>*> f) Line 274
    at C:\Users\kally\.rustup\toolchains\nightly-2020-05-15-x86_64-pc-windows-msvc\lib\rustlib\src\rust\src\libstd\panicking.rs(274)
simpleservo.dll!std::panic::catch_unwind<std::panic::AssertUnwindSafe<mut FnMut<()>*>,()>(std::panic::AssertUnwindSafe<mut FnMut<()>*> f) Line 394
    at C:\Users\kally\.rustup\toolchains\nightly-2020-05-15-x86_64-pc-windows-msvc\lib\rustlib\src\rust\src\libstd\panic.rs(394)
simpleservo.dll!mozjs::panic::wrap_panic(core::ops::function::mut FnMut<()>* function) Line 22
    at E:\.cargo\git\checkouts\rust-mozjs-8611526964119dd6\28248e1\src\panic.rs(22)
simpleservo.dll!script::dom::bindings::codegen::Bindings::URLBinding::URLBinding::_constructor(mozjs_sys::generated::root::JSContext * cx, unsigned int argc, mozjs_sys::generated::root::JS::Value * vp) Line 2087
    at E:\Projects\Yeti\servo\target\aarch64-uwp-windows-msvc\debug\build\script-850361cbc8173e5f\out\Bindings\URLBinding.rs(2087)
[Inline Frame] simpleservo.dll!CallJSNative(JSContext * cx, bool(*)(JSContext *, unsigned int, JS::Value *) native, js::CallReason reason, const JS::CallArgs & args) Line 456
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(456)
[Inline Frame] simpleservo.dll!CallJSNativeConstructor(JSContext * cx, bool(*)(JSContext *, unsigned int, JS::Value *) native, const JS::CallArgs & args) Line 472
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(472)
simpleservo.dll!InternalConstruct(JSContext * cx, const js::AnyConstructArgs & args) Line 680
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(680)
simpleservo.dll!Interpret(JSContext * cx, js::RunState & state) Line 3108
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(3108)
simpleservo.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 424
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(424)
simpleservo.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct, js::CallReason reason) Line 593
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(593)
simpleservo.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args, js::CallReason reason) Line 617
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(617)
simpleservo.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval, js::CallReason reason) Line 634
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\Interpreter.cpp(634)
simpleservo.dll!js::CallSelfHostedFunction(JSContext * cx, JS::Handle<js::PropertyName *> name, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 1693
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\vm\SelfHosting.cpp(1693)
simpleservo.dll!js::jit::InterpretResume(JSContext * cx, JS::Handle<JSObject *> obj, JS::Handle<JS::Value> val, JS::Handle<js::PropertyName *> kind, JS::MutableHandle<JS::Value> rval) Line 985
    at E:\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\9a6d8fc\mozjs\js\src\jit\VMFunctions.cpp(985)
Full log ``` 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\ServoApp.exe'. Symbols loaded. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\ntdll.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\KernelBase.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\combase.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\ucrtbase.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\rpcrt4.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\kernel32legacy.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\oleaut32.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\msvcp_win.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\libEGL.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\kernel32.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\simpleservo.dll'. Symbols loaded. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\ws2_32.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.VCLibs.140.00.Debug_14.0.27810.0_arm64__8wekyb3d8bbwe\msvcp140d_app.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.VCLibs.140.00.Debug_14.0.27810.0_arm64__8wekyb3d8bbwe\vcruntime140d_app.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\ucrtbased.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\ole32.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.VCLibs.140.00.Debug_14.0.27810.0_arm64__8wekyb3d8bbwe\msvcp140_app.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.VCLibs.140.00.Debug_14.0.27810.0_arm64__8wekyb3d8bbwe\vcruntime140_app.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\libcrypto.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\D3DCompiler_47.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\bcrypt.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\dxgi.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\msvcrt.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\win32u.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\libssl.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\d3d11.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\cryptsp.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\gdi32.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\gdi32min.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MinUser.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\msvcp110_win.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\SHCore.dll'. The thread 0x1634 has exited with code 0 (0x0). 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\procthreadexthost.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\kernel.appcore.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\bcryptprimitives.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.UI.Xaml.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\sechost.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\dcomp.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\CoreMessaging.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\iertutil.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\BCP47Langs.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\advapi32legacy.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\advapi32legacy.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\advapi32legacy.dll' 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\XamlPalWp.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\twinapi.appcore.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\WinTypes.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\CoreUIComponents.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\ntmarta.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.StateRepositoryCore.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.UI.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\WindowManagementAPI.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\InputHost.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\propsys.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\TextInputFramework.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\OneCoreUAPCommonProxyStub.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\urlmon.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Microsoft.Composable.Contracts.AppThemeApiStub.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\UserMgrProxy.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\ResourcePolicyClient.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\ResourcePolicyClient.dll' 'ServoApp.exe' (Win32): Loaded 'B:\Windows\System32\DriverStore\FileRepository\qcdx_ffu850.inf_arm64_3f3ec3a0cb26c5d1\qcdx11arm64um850.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\advapi32.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MrmCoreR.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.StateRepositoryClient.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\usermgrcli.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\DXCore.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\cfgmgr32.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\profapi.dll'. 'ServoApp.exe' (Win32): Loaded 'B:\Windows\System32\DriverStore\FileRepository\qcdx_ffu850.inf_arm64_3f3ec3a0cb26c5d1\qcdxarm64compiler850.DLL'. Exception thrown at 0x00007FFBF7E939EC in ServoApp.exe: Microsoft C++ exception: Cn::XH at memory location 0x0000006988AFE2A0. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\BCP47mrm.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\cryptbase.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\D3DSCache.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\userenv.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\profext.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.UI.Xaml.2.4_2.42005.18002.0_arm64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\d2d1.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\DWrite.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\TextShaping.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Shell.ServiceHostBuilder.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\execmodelproxy.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\rmclient.dll'. Exception thrown at 0x00007FFBF7E939EC in ServoApp.exe: Microsoft C++ exception: Cn::XH at memory location 0x0000006988AFD2D0. onecoreuap\windows\moderncore\inputv2\inputhost\components\cursor\client\cursorclient.cpp(44)\InputHost.dll!00007FFBE703D5C4: (caller: 00007FFBE703CCCC) ReturnHr(1) tid(f7c) 87B20809 onecoreuap\windows\moderncore\inputv2\inputhost\components\cursor\client\cursorclient.cpp(76)\InputHost.dll!00007FFBE703CCEC: (caller: 00007FFBF73FD37C) ReturnHr(2) tid(f7c) 87B20809 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\UiaManager.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.UI.Core.TextInput.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\edgegdi.dll'. The thread 0x1bd0 has exited with code 0 (0x0). 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\DataExchange.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Graphics.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\VisualStudio\16.6\arm64\Microsoft.VisualStudio.DesignTools.UwpTap.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\xmllite.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Globalization.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\msftedit.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\user32.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\minglobinputhost.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\WindowsCodecs.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.UI.Xaml.Controls.dll'. OpenGLES::OpenGLES() 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\libGLESv2.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.ApplicationModel.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Energy.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\directmanipulation.dll'. BrowserPage::StartRenderLoop(). UI thread: 3964 BrowserPage::Loop(). GL thread: 4352 Entering loop 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Storage.ApplicationData.dll'. onecoreuap\base\appmodel\statemanager\winrt\lib\windows.storage.applicationdatafactory.server.cpp(235)\Windows.Storage.ApplicationData.dll!00007FFBE1BF85F4: (caller: 00007FF6032666A8) ReturnHr(1) tid(1100) 8000000B The operation attempted to access data outside the valid range Msg:[User S-1-12-1-570682017-1108323634-2119347075-430557224] 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\logoncli.dll'. Exception thrown at 0x00007FFBF7E939EC (KernelBase.dll) in ServoApp.exe: 0x000006D9: There are no more endpoints available from the endpoint mapper. onecoreuap\base\appmodel\statemanager\roamingrpc\stateroamingrpcclient.cpp(124)\Windows.Storage.ApplicationData.dll!00007FFBE1BF4E60: (caller: 00007FFBE1BFDA70) ReturnHr(2) tid(1100) 800706D9 There are no more endpoints available from the endpoint mapper. Msg:[c_SignalRoamingDataChange 2] 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\windows.storage.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\wldp.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\shlwapi_onecore.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\threadpoolwinrt.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\openxr_loader.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MixedRealityRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\D3D12.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\version.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\rometadata.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\WinMetadata\Windows.Perception.winmd'. Module was built without symbols. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\WinMetadata\Windows.UI.winmd'. Module was built without symbols. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\WinMetadata\Windows.Graphics.winmd'. Module was built without symbols. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\D3D12.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\forwarders\version.dll' 'ServoApp.exe' (Win32): Unloaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\MixedRealityRuntime.dll' 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MixedRealityRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\D3D12.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\version.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\D3D12.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\forwarders\version.dll' 'ServoApp.exe' (Win32): Unloaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\MixedRealityRuntime.dll' RUST: WARN - webxr::openxr - Available extensions: ExtensionSet { epic_view_configuration_fov: false, ext_performance_settings: false, ext_thermal_query: false, ext_debug_utils: true, ext_eye_gaze_interaction: true, ext_view_configuration_depth_range: false, ext_conformance_automation: true, ext_win32_appcontainer_compatible: true, extx_overlay: false, khr_composition_layer_cube: false, khr_composition_layer_depth: true, khr_vulkan_swapchain_format_list: false, khr_composition_layer_cylinder: false, khr_composition_layer_equirect: false, khr_opengl_enable: false, khr_opengl_es_enable: false, khr_vulkan_enable: false, khr_d3d11_enable: true, khr_d3d12_enable: true, khr_visibility_mask: false, khr_win32_convert_performance_counter_time: true, khr_convert_timespec_time: false, mnd_headless: false, msft_unbounded_reference_space: true, msft_spatial_anchor: true, msft_hand_interaction: true, msft_spatial_graph_bridge_preview: false, msft_hand_tracking_preview: false, msft_hand_tracking_mesh_preview: false, msft_secondary_view_configuration_preview: false, msft_first_person_observer_preview: false, msft_controller_model_preview: false, varjo_quad_views: false, other: [] } 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MixedRealityRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\D3D12.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\version.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Perception.Stub.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\Windows.Mirage.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\forwarders\version.dll' 'ServoApp.exe' (Win32): Unloaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\MixedRealityRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\openxr_loader.dll' 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\mswsock.dll'. 'ServoApp.exe' (Win32): Loaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\openxr_loader.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MixedRealityRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\version.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\forwarders\version.dll' 'ServoApp.exe' (Win32): Unloaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\MixedRealityRuntime.dll' 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MixedRealityRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\UIAutomationCore.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\version.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\forwarders\version.dll' 'ServoApp.exe' (Win32): Unloaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\MixedRealityRuntime.dll' RUST: WARN - webxr::openxr - Available extensions: ExtensionSet { epic_view_configuration_fov: false, ext_performance_settings: false, ext_thermal_query: false, ext_debug_utils: true, ext_eye_gaze_interaction: true, ext_view_configuration_depth_range: false, ext_conformance_automation: true, ext_win32_appcontainer_compatible: true, extx_overlay: false, khr_composition_layer_cube: false, khr_composition_layer_depth: true, khr_vulkan_swapchain_format_list: false, khr_composition_layer_cylinder: false, khr_composition_layer_equirect: false, khr_opengl_enable: false, khr_opengl_es_enable: false, khr_vulkan_enable: false, khr_d3d11_enable: true, khr_d3d12_enable: true, khr_visibility_mask: false, khr_win32_convert_performance_counter_time: true, khr_convert_timespec_time: false, mnd_headless: false, msft_unbounded_reference_space: true, msft_spatial_anchor: true, msft_hand_interaction: true, msft_spatial_graph_bridge_preview: false, msft_hand_tracking_preview: false, msft_hand_tracking_mesh_preview: false, msft_secondary_view_configuration_preview: false, msft_first_person_observer_preview: false, msft_controller_model_preview: false, varjo_quad_views: false, other: [] } 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\MixedRealityRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\forwarders\version.dll'. 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\forwarders\version.dll' 'ServoApp.exe' (Win32): Unloaded 'P:\WindowsApps\Microsoft.WindowsMixedReality.Runtime_102.2006.3006.0_arm64__8wekyb3d8bbwe\arm64\WinXrRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'C:\Windows\system32\MixedRealityRuntime.dll' 'ServoApp.exe' (Win32): Unloaded 'U:\USERS\DefaultAccount\AppData\Local\DevelopmentFiles\MozillaFoundation.FirefoxRealityVS.Debug_ARM64.kally\openxr_loader.dll' 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\OneCoreCommonProxyStub.dll'. RUST: WARN - constellation::constellation - Trying to get an event-loop from an unknown BC group RUST: WARN - constellation::constellation - Visibility change for closed browsing context PipelineId { namespace_id: PipelineNamespaceId(1), index: PipelineIndex(1) }. Exception thrown at 0x00007FFBF7E939EC in ServoApp.exe: Microsoft C++ exception: Cn::XH at memory location 0x0000006988AFD830. Exception thrown at 0x00007FFBF7E939EC in ServoApp.exe: Microsoft C++ exception: Cn::XH at memory location 0x0000006988AFDA80. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\dnsapi.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\IPHLPAPI.DLL'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\nsi.dll'. 'ServoApp.exe' (Win32): Loaded 'C:\Windows\system32\FWPUCLNT.DLL'. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - script::timers - Resuming an already resumed timer. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. RUST: WARN - mozjs::rust - Warning at https://yeticgi.casualos.com/vendors.8e14baa88946c15832fc.js:0:0: asm.js type error: Disabled by lack of compiler support RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. [globalThis-polyfill] load THREE.WebGLRenderer: WEBGL_depth_texture extension not supported. [AppManager] Starting init... [AppManager] Fetching config... TypeError: e.style is undefined RUST: WARN - net::http_loader - Failed to receive confirmation request was streamed without error. The thread 0xf4c has exited with code 0 (0x0). Unable to save config: MissingAPIError: indexedDB API not found. If using IE10+, make sure to run your code on a server URL (not locally). If using old Safari versions, make sure to include indexedDB polyfill. Skipping Sentry Initialization [AppManager] Setting primary simulation: test1 Unable to get Username MissingAPIError: indexedDB API not found. If using IE10+, make sure to run your code on a server URL (not locally). If using old Safari versions, make sure to include indexedDB polyfill. [AppManager] Generating new login key... Unable to save user to DB MissingAPIError: indexedDB API not found. If using IE10+, make sure to run your code on a server URL (not locally). If using old Safari versions, make sure to include indexedDB polyfill. Unable to save username MissingAPIError: indexedDB API not found. If using IE10+, make sure to run your code on a server URL (not locally). If using old Safari versions, make sure to include indexedDB polyfill. ServoApp.exe has triggered a breakpoint. Exception thrown at 0x00007FFBCDD16784 (simpleservo.dll) in ServoApp.exe: 0xC0000005: Access violation writing location 0x0000000000000000. Unhandled exception at 0x00007FFBCDD16784 (simpleservo.dll) in ServoApp.exe: 0xC0000005: Access violation writing location 0x0000000000000000. ```
jdm commented 4 years ago

I have not been able to reproduce this in a desktop UWP build yet. I realize this was mentioned, but I like to verify that the easiest setup doesn't work.

jdm commented 4 years ago

The next useful step here is probably to do a build with --features debugmozjs to get a non-optimized spidermonkey build.

jdm commented 4 years ago

I have reproduced this on device with a debugmozjs build.

jdm commented 4 years ago

The backtrace I see ends up in the guts of the mozilla::Variant type, which is the underlying type of JS::StackCapture which is passed to JS::CaptureCurrentStack (called from https://github.com/servo/rust-mozjs/blob/28248e1d6658e92dd5ecb0866e53a97f043b9b38/src/rust.rs#L1337). Since the C++ API uses rvalue references, I suspect there's some surprising FFI miscompilation for arm64 going on.

jdm commented 4 years ago

Confirmed - when I move the call to JS::CaptureCurrentStack into the C++ glue so we don't need to pass an rvalue reference from Rust code, the crash disappears.

jdm commented 4 years ago

Disassembly calling from c++:

``` 00007FF86A77B768 mov x0,x9 return JS::CaptureCurrentStack(cx, obj); 00007FF86A77B76C mov x1,x10 00007FF86A77B770 str x2,[sp,#0x20] 00007FF86A77B774 str x8,[sp,#0x18] 00007FF86A77B778 str x9,[sp,#0x10] 00007FF86A77B77C str x11,[sp,#8] 00007FF86A77B780 bl mozilla::Variant::Variant (07FF86A77DE54h) 00007FF86A77B784 ldr x8,[sp,#8] 00007FF86A77B788 mov x0,x8 00007FF86A77B78C ldr x1,[sp,#0x18] 00007FF86A77B790 ldr x2,[sp,#0x20] 00007FF86A77B794 bl memcpy (07FF8709BFEE8h) 00007FF86A77B798 ldr x0,[sp,#0x30] 00007FF86A77B79C ldr x1,[sp,#0x28] 00007FF86A77B7A0 ldr x2,[sp,#0x10] 00007FF86A77B7A4 bl JS::CaptureCurrentStack (07FF86A30A72Ch) 00007FF86A77B7A8 ldr x8,[sp,#0x10] 00007FF86A77B7AC str w0,[sp,#4] 00007FF86A77B7B0 mov x0,x8 00007FF86A77B7B4 bl mozilla::Variant::~Variant (07FF86A77DEC8h) 00007FF86A77B7B8 ldr x0,[sp,#0x68] 00007FF86A77B7BC bl __security_check_cookie (07FF86E44DE80h) 00007FF86A77B7C0 mov w12,#1 00007FF86A77B7C4 ldr w3,[sp,#4] 00007FF86A77B7C8 and w0,w3,w12 00007FF86A77B7CC ldr lr,[sp,#0x70] 00007FF86A77B7D0 add sp,sp,#0x80 00007FF86A77B7D4 ret ```

disassembly calling from rust:

``` 1333: None => JS_StackCapture_AllFrames(), 00007FF86A9F28C4 ldur w8,[fp,#-0x80] 1333: None => JS_StackCapture_AllFrames(), 00007FF86A9F28C8 mov w1,w8 00007FF86A9F28CC stur x0,[fp,#-0x90] 00007FF86A9F28D0 cbz w1,mozjs::rust::CapturedJSStack::new+6Ch (07FF86A9F28FCh) 00007FF86A9F28D4 b mozjs::rust::CapturedJSStack::new+48h (07FF86A9F28D8h) 1334: Some(count) => JS_StackCapture_MaxFrames(count), 00007FF86A9F28D8 ldur w8,[fp,#-0x7C] 00007FF86A9F28DC stur w8,[fp,#-0x14] 00007FF86A9F28E0 sub x9,fp,#0x68 00007FF86A9F28E4 stur w8,[fp,#-0x94] 00007FF86A9F28E8 mov x8,x9 00007FF86A9F28EC ldur w0,[fp,#-0x94] 00007FF86A9F28F0 bl glue::JS_StackCapture_MaxFrames (07FF86ECA1D5Ch) 1330: mut guard: RootedGuard<'a, *mut JSObject>, 1331: max_frame_count: Option) -> Option { 1332: let ref mut stack_capture = match max_frame_count { 00007FF86A9F28F4 b mozjs::rust::CapturedJSStack::new+78h (07FF86A9F2908h) 00007FF86A9F28F8 brk #1 1333: None => JS_StackCapture_AllFrames(), 00007FF86A9F28FC sub x8,fp,#0x68 00007FF86A9F2900 bl glue::JS_StackCapture_AllFrames (07FF86ECA1D24h) 00007FF86A9F2904 b mozjs::rust::CapturedJSStack::new+78h (07FF86A9F2908h) 1330: mut guard: RootedGuard<'a, *mut JSObject>, 1331: max_frame_count: Option) -> Option { 1332: let ref mut stack_capture = match max_frame_count { 00007FF86A9F2908 sub x8,fp,#0x68 00007FF86A9F290C stur x8,[fp,#-0x10] 1335: }; 1336: 1337: if !jsapi::CaptureCurrentStack(cx, guard.handle_mut().raw(), stack_capture) { 00007FF86A9F2910 sub x0,fp,#0x88 00007FF86A9F2914 bl mozjs::rust::RootedGuard::handle_mut (07FF86A4D0088h) 00007FF86A9F2918 stur x0,[fp,#-0xA0] 00007FF86A9F291C b mozjs::rust::CapturedJSStack::new+90h (07FF86A9F2920h) 00007FF86A9F2920 ldur x8,[fp,#-0xA0] 00007FF86A9F2924 stur x8,[fp,#-0x40] 00007FF86A9F2928 sub x0,fp,#0x40 00007FF86A9F292C bl mozjs::rust::MutableHandle::raw (07FF86A4D03D4h) 00007FF86A9F2930 stur x0,[fp,#-0xA8] 00007FF86A9F2934 b mozjs::rust::CapturedJSStack::new+0A8h (07FF86A9F2938h) 00007FF86A9F2938 ldur x8,[fp,#-0xA8] ```
jdm commented 4 years ago

Oh, JS_CaptureStack_AllFrames is already a C++ glue function, so here's that disassembly as well. That means that we're returning a mozilla::Variant by value to Rust code right now, then passing it by rvalue reference to C++:

    39: JS::StackCapture JS_StackCapture_AllFrames() {
00007FF86ECA1D24  sub         sp,sp,#0x30  
    37: }
    38: 
    39: JS::StackCapture JS_StackCapture_AllFrames() {
00007FF86ECA1D28  str         lr,[sp,#0x20]  
00007FF86ECA1D2C  adrp        x8,__rust_panic_type_info (07FF873AD9000h)  
00007FF86ECA1D30  ldr         x8,[x8,#0xE50]  
00007FF86ECA1D34  str         x8,[sp,#0x18]  
00007FF86ECA1D38  add         x1,sp,#0x17  
00007FF86ECA1D3C  str         x0,[sp,#8]  
    40:     return JS::StackCapture(JS::AllFrames());
00007FF86ECA1D40  bl          mozilla::Variant<JS::AllFrames,JS::MaxFrames,JS::FirstSubsumedFrame>::Variant<JS::AllFrames,JS::AllFrames> (07FF86A9BDE54h)  
00007FF86ECA1D44  ldr         x8,[sp,#0x18]  
00007FF86ECA1D48  mov         x0,x8  
00007FF86ECA1D4C  bl          __security_check_cookie (07FF86E68DEC0h)  
00007FF86ECA1D50  ldr         lr,[sp,#0x20]  
00007FF86ECA1D54  add         sp,sp,#0x30  
00007FF86ECA1D58  ret  
    41: }