265262 2023-11-22 12:11:39 -0800 Wasm tail call conflicts with OMG inlining - ASSERTION FAILED: !irGenerator.m_makesTailCalls 2023-11-26 16:06:23 -0800 1 1 1 Unclassified WebKit WebAssembly WebKit Nightly Build Unspecified Unspecified RESOLVED WONTFIX P2 Normal --- 215275 264650 1 asumu webkit-unassigned justin_michaud keith_miller mark.lam ysuzuki oldest_to_newest 1994432 0 asumu 2023-11-22 12:11:39 -0800 The following wasm program currently crashes in debug mode (using the `module` helper from function reference tests): ``` /* (module (func (result i32) (i32.const 42)) (func (param) (result i32) (return_call 0) (i32.const 5)) (func (export "main") (result i32) (call 1)) ) */ { let m = new WebAssembly.Instance(module("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x00\x01\x7f\x03\x84\x80\x80\x80\x00\x03\x00\x00\x00\x07\x88\x80\x80\x80\x00\x01\x04\x6d\x61\x69\ x6e\x00\x02\x0a\x9e\x80\x80\x80\x00\x03\x84\x80\x80\x80\x00\x00\x41\x2a\x0b\x86\x80\x80\x80\x00\x00\x12\x00\x41\x05\x0b\x84\x80\x80\x80\x00\x00\x10\x01\x0b")); assert.eq(m.exports.main(), 42); } ``` with a crash message like the following: wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ASSERTION FAILED: !irGenerator.m_makesTailCalls wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: /home/asumu/WebKit/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp(4659) : JSC::Wasm::B3IRGenerator::PartialResult JSC::Wasm::B3IRGenerator::emitIn lineDirectCall(uint32_t, const JSC::Wasm::TypeDefinition&, WTF::Vector<JSC::B3::Variable*, 0, WTF::CrashOnOverflow, 16, WTF::FastMalloc>&, ResultList&) wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ERROR: Unexpected exit code: 134 10/10 (failed 1) It looks like there's possibly an attempt to inline the `(call 1)` in the main function and that's failing because the function being inlined has a tail call. 1994853 1 ysuzuki 2023-11-26 16:05:35 -0800 tail call is not correctly implemented, it requires redesign and massive effort, and we are not seeing that it is currently implemented. So, wont' fix. 1994854 2 ysuzuki 2023-11-26 16:06:23 -0800 For example, stack pointer adjustment after the call is not done correctly in any places, so tail-call in wasm is not designed to be working, and that's the reason why it is not enabled. This is half baked and not having complete implementation yet.