Regression on powerpc: segfault on evaluating JS code #1122
Description
@bnoordhuis @saghul @bellard I will try to dig into this myself too, but if you got any idea, it would be very helpful.
Original ticket about the issue is here: andrjohns/QuickJSR#88
But the bug is in quickjs-ng itself, as it appears, not in its R port or my R build environment.
Specifically, this example fails both with 0.10.x and 0.9.0:
wget https://github.com/stan-dev/stanc3/releases/download/nightly/stanc.js
./qjs --include ./stanc.js
qjs > stanc("model_name","data{}")
0.10.x crashes already on the first command:
Starting program: /opt/local/bin/qjs --include ./stanc.js
Reading symbols for shared libraries +++. done
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x03000300
0x03000300 in ?? ()
(gdb) bt
#0 0x03000300 in ?? ()
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
#1 0x000228b8 in JS_RunGC ()
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
Cannot access memory at address 0x3000300
#2 0x00025200 in JS_NewObjectFromShape ()
Cannot access memory at address 0x3000300
#3 0x00026d5c in JS_NewArrayFrom ()
#4 0x00014b40 in JS_CallInternal ()
#5 0x0001494c in JS_CallInternal ()
#6 0x0001494c in JS_CallInternal ()
#7 0x0001494c in JS_CallInternal ()
#8 0x0001494c in JS_CallInternal ()
#9 0x0001494c in JS_CallInternal ()
#10 0x0001494c in JS_CallInternal ()
#11 0x00019660 in JS_CallFree ()
#12 0x0006d03c in __JS_EvalInternal ()
#13 0x00040224 in JS_EvalThis2 ()
#14 0x000402ac in JS_Eval ()
#15 0x00003468 in eval_buf ()
#16 0x00003500 in eval_file ()
#17 0x00079b18 in main ()
0.9.0 handles the first command, but segfaults on the second:
$ qjs --include ./stanc.js
QuickJS-ng - Type ".help" for help
qjs > stanc("model_name","data{}")
Segmentation fault
For comparison, quickjs (non-ng one, 2025.04.05) works normally:
$ qjs --include ./stanc.js
QuickJS - Type "\h" for help
qjs > stanc("model_name","data{}")
{ result: "// Code generated by stanc v2.37.0-rc2-20-g216cb27\n#include <stan/model/m...", warnings: [ ] }
qjs >
And a build from May:
---> Activating quickjs-devel @20250520_0
Sergey-Fedorovs-Mac:~ svacchanda\$ qjs --include ./stanc.js
QuickJS - Type "\h" for help
qjs > stanc("model_name","data{}")
{ result: "// Code generated by stanc v2.37.0-rc2-20-g216cb27\n#include <stan/model/model_header.hpp>\nnamespace model_name_namespace {\nusing stan::model::model_base_crtp;\nusing namespace stan::math;\nstan::math::profile_map profiles__;\nstatic constexpr std::array<const char*, 1> locations_array__ =\n {\" (found before start of program)\"};\nclass model_name final : public model_base_crtp<model_name> {\n private:\n \n public:\n ~model_name() {}\n model_name(stan::io::var_context& context__, unsigned int\n random_seed__ = 0, std::ostream* pstream__ = nullptr)\n : model_base_crtp(0) {\n int current_statement__ = 0;\n // suppress unused var warning\n (void) current_statement__;\n using local_scalar_t__ = double;\n auto base_rng__ = stan::services::util::create_rng(random_seed__, 0);\n // suppress unused var warning\n (void) base_rng__;\n static constexpr const char* function__ =\n \"model_name_namespace::model_name\";\n // suppress unused var warning\n (void) function__;"... 11809 more characters, warnings: [ ] }
qjs >