253501 2023-03-07 03:07:50 -0800 [WebAssembly] Tanks demo crashes 2023-03-09 10:34:08 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 253618 https://bugs.webkit.org/show_bug.cgi?id=253618 InRadar P2 Normal --- 1 jmason webkit-unassigned bugs-noreply d_degazio joseph.j.griego justin_michaud mark.lam mcatanzaro webkit-bug-importer ysuzuki oldest_to_newest 1939413 0 jmason 2023-03-07 03:07:50 -0800 Solaris/x86_64 Sometime between r259365@main (still working) and r261276@main (failing), the WebAssembly Tanks demo stopped working for me. The Tanks demo is here: http://webassembly.org.cn/demo/Tanks/ Not sure if this is just me, or whether it is failing now for everyone with the new BBQ code. Upon loading the demo, the worker segmentation faults. Backtrace is as follows: > Thread 39 received signal SIGSEGV, Segmentation fault. > [Switching to Thread 24 (LWP 24)] > 0x00007ff051ec525a in JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort) () from /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > (gdb) bt > #0 0x00007ff051ec525a in JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort) () at > /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #1 0x00007ff0531617eb in JSC::Wasm::BBQPlan::work(JSC::Wasm::Plan::CompilationEffort) () at > /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #2 0x00007ff0532739e0 in JSC::Wasm::Worklist::Thread::work() () > at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #3 0x00007ff053364d6b in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::{lambda()#1}, void>::call() () > at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #4 0x00007ff0533955d5 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #5 0x00007ff053411249 in WTF::wtfThreadEntryPoint(void*) () > at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #6 0x00007ff05a0f7ba9 in _thrp_setup () at /lib/64/libc.so.1 > #7 0x00007ff05a0f7e50 in _lwp_start () at /lib/64/libc.so.1 > #8 0x0000000000000000 in () Other WA demos like the Video Editor (https://d2jta7o2zej4pf.cloudfront.net/) still work fine. 1939579 1 ysuzuki 2023-03-07 15:58:35 -0800 Thanks. This does not happen on macOS. So this is GTK / Solaris specific issue. But I don't think we are supporting JIT on Solaris. 1939582 2 mcatanzaro 2023-03-07 16:11:56 -0800 We can't accept JSC crash reports in WebKitGTK component. Down that path lies only madness. :) 1939583 3 webkit-bug-importer 2023-03-07 16:12:07 -0800 <rdar://problem/106386416> 1940027 4 jmason 2023-03-09 05:08:08 -0800 I found the commit that broke this: Enable single-pass BBQ baseline JIT by default https://commits.webkit.org/261153@main Reverting the commit and thus returning to the legacy Air implementation restores the Tanks demo. The commit notes say, 'One notable hole in the new JIT's support is in some of the recent WASM extensions: typed function references, tail calls, and GC. Since these are still incomplete currently, and disabled by default, single-pass BBQ doesn't yet support them.' Is the failure of the Tanks demo due to this incomplete implementation? Tanks is the only demo which is failing; outside of that, JIT and WASM continue to function normally for me with the single-pass BBQ. 1940113 5 jmason 2023-03-09 10:28:18 -0800 Apparently, this is caused by the same issue described in Bug 253618. I can confirm the patch for that issue, 261417@main, clears the Tanks demo crash on Solaris. Thanks to Asumu Takikawa <asumu@igalia.com> for the analysis and fix! 1940120 6 mcatanzaro 2023-03-09 10:34:08 -0800 *** This bug has been marked as a duplicate of bug 253618 ***