Created attachment 311669 [details] build log On my hardened ~amd64 machine with gcc-4.6.2 the test-suite of spidermonkey segfaults with the following error message. ../dist/bin/jsapi-tests testCustomIterator_bug612523 make: *** [check] Segmentation fault
Created attachment 311671 [details] emerge --info
Same problem, dmesg: [399297.634568] grsec: denied RWX mmap of <anonymous mapping> by /var/tmp/portage/dev-lang/spidermonkey-1.8.5-r1/work/js-1.8.5/js/src/jsapi-tests/jsapi-tests[jsapi-tests:31664] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:31662] uid/euid:250/250 gid/egid:250/250 [399297.634584] jsapi-tests[31664]: segfault at 10 ip 000002c1884750c4 sp 000003c64e116890 error 4 in libpthread-2.15.so[2c18846b000+17000] [399297.634596] grsec: Segmentation fault occurred at 0000000000000010 in /var/tmp/portage/dev-lang/spidermonkey-1.8.5-r1/work/js-1.8.5/js/src/jsapi-tests/jsapi-tests[jsapi-tests:31664] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:31662] uid/euid:250/250 gid/egid:250/250 [399297.634624] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /var/tmp/portage/dev-lang/spidermonkey-1.8.5-r1/work/js-1.8.5/js/src/jsapi-tests/jsapi-tests[jsapi-tests:31664] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:31662] uid/euid:250/250 gid/egid:250/250 https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals "In addition to the interpreter, SpiderMonkey contains a Just-In-Time (JIT) compiler, a garbage collector, code implementing the basic behavior of JavaScript values, a standard library implementing" jit will not work without pax marking.
(In reply to comment #2) > > https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals > "In addition to the interpreter, SpiderMonkey contains a Just-In-Time (JIT) > compiler, a garbage collector, code implementing the basic behavior of > JavaScript values, a standard library implementing" > > jit will not work without pax marking. Yeah this is a real pita situation because you need to pax-mark in the middle of src_test(). My recommendation is that you patchout this test contingent on USE=-jit. Since we have jit masked on hardened, the test won't run and you won't hit the failure. Its not a useful test in hardened anyhow.
Use spidermonkey-1.8.7 if you insist on running tests, it supports disabling all of jit which would promote a successful test run.
1.8.7 is now hard masked, since sys-auth/polkit-0.107-r1 is marked stable dev-lang/spidermonkey-1.8.5-r1 is installed for most desktop systems. If you do not want backport fixes for tests please just restrict them in ebuild.
Created attachment 336626 [details] run pax-mark before jsapi-tests
+ 30 Aug 2013; Ian Stakenvicius <axs@gentoo.org> metadata.xml, + spidermonkey-1.8.5-r4.ebuild: + added x64-macos keyword and extra dep (bug 464654); pax-marked tests so they + finish on hardened (bug 415791) +