258796 2023-07-03 02:37:57 -0700 SHOULD NEVER BE REACHED in Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp(1189) 2024-02-14 10:38:07 -0800 1 1 1 Unclassified WebKit WebAssembly WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 247394 1 xiangwei1895 asumu d_degazio justin_michaud mark.lam webkit-bug-importer oldest_to_newest 1964750 0 xiangwei1895 2023-07-03 02:37:57 -0700 ## JavaScriptCore Version 1f2d2a92eeb831bedd01bbb5b694a0e29fa9af81 ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --build-dir=asan --cmakeargs="-DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-g -O3 -fsanitize=address'" ## Testcase and Execution steps ``` var buffer = new Uint8Array([0,97,115,109,1,0,0,0,1,160,128,128,128,0,4,80,0,95,1,127,0,80,0,94,123,1,80,0,96,3,127,127,127,1,127,96,6,127,112,107,103,101,107,112,127,0,3,130,128,128,128,0,1,2,4,133,128,128,128,0,1,112,1,1,1,5,132,128,128,128,0,1,1,16,32,13,131,128,128,128,0,1,0,3,7,136,128,128,128,0,1,4,109,97,105,110,0,0,9,139,128,128,128,0,1,6,0,65,0,11,112,1,210,0,11,10,148,128,128,128,0,1,18,0,6,127,65,112,7,0,26,26,26,26,26,1,11,179,168,103,11]); var module = new WebAssembly.Module(buffer); var instance = new WebAssembly.Instance(module); ``` ./bin/jsc --useWebAssemblyGC=true --useWebAssemblyTypedFunctionReferences=true testcase.js ## Output SHOULD NEVER BE REACHED /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp(1189) : JSC::Wasm::LLIntGenerator::PartialResult JSC::Wasm::LLIntGenerator::addCatchToUnreachable(unsigned int, const JSC::Wasm::TypeDefinition &, JSC::Wasm::LLIntGenerator::ControlType &, JSC::Wasm::LLIntGenerator::ResultList &) ## Backtrace __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735922812480) at ./nptl/pthread_kill.c:44 44 ./nptl/pthread_kill.c: No such file or directory. (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735922812480) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140735922812480) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140735922812480, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fffed881476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fffed8677f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff0c7a16f in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:762 #6 0x00007ffff4ea9003 in JSC::Wasm::LLIntGenerator::addCatchToUnreachable (this=this@entry=0x7fffa2af6ab0, exceptionIndex=exceptionIndex@entry=0, exceptionSignature=..., data=..., results=...) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:1189 #7 0x00007ffff4f14db0 in JSC::Wasm::LLIntGenerator::addCatch (this=0x7fffa2af6ab0, exceptionIndex=0, exceptionSignature=..., data=..., expressionStack=..., results=...) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:1155 #8 JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseExpression (this=this@entry=0x7fffa2af6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:2758 #9 0x00007ffff4eece8e in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseBody (this=this@entry=0x7fffa2af6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:365 #10 0x00007ffff4ecd434 in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parse (this=this@entry=0x7fffa2af6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:336 #11 0x00007ffff4e85c3a in JSC::Wasm::parseAndCompileBytecode (functionStart=<optimized out>, functionLength=<optimized out>, signature=..., info=..., functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:580 #12 0x00007ffff4ebf4ac in JSC::Wasm::LLIntPlan::compileFunction (this=0x615000017f00, functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp:89 #13 0x00007ffff4e73891 in JSC::Wasm::EntryPlan::compileFunctions (this=0x615000017f00, effort=<optimized out>) at /home/WebKit/Source/JavaScriptCore/wasm/WasmEntryPlan.cpp:218 #14 0x00007ffff5101ad1 in JSC::Wasm::Worklist::Thread::work (this=0x607000004310) at /home/WebKit/Source/JavaScriptCore/wasm/WasmWorklist.cpp:111 #15 0x00007ffff55ddfa1 in WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/AutomaticThread.cpp:229 #16 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:53 #17 0x00007ffff56994c6 in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:82 #18 WTF::Thread::entryPoint (newThreadContext=<optimized out>) at /home/WebKit/Source/WTF/wtf/Threading.cpp:250 #19 0x00007ffff58377a6 in WTF::wtfThreadEntryPoint (context=0x3011bf) at /home/WebKit/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:242 #20 0x00007fffed8d3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #21 0x00007fffed965a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 1965896 1 webkit-bug-importer 2023-07-10 02:38:14 -0700 <rdar://problem/112006214> 2008671 2 asumu 2024-01-29 14:58:53 -0800 Pull request: https://github.com/WebKit/WebKit/pull/23465 2013553 3 ews-feeder 2024-02-14 10:38:05 -0800 Committed 274635@main (c76ab28ce98e): <https://commits.webkit.org/274635@main> Reviewed commits have been landed. Closing PR #23465 and removing active labels.