Bug 223690

Summary: [iOS] Reproducible crash in Interpreter::executeCall
Product: WebKit Reporter: Glenn Croes <glenn.croes>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: fpizlo, mark.lam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: Safari 14   
Hardware: iPhone / iPad   
OS: iOS 14   
URL: https://demo.luciad.com/wasm-benchmark/2021.0/?webgl&reference=EPSG:4978
Attachments:
Description Flags
Chrome iPad crash log
none
iPhone Safari crash log none

Glenn Croes
Reported 2021-03-24 07:21:50 PDT
Created attachment 424131 [details] Chrome iPad crash log Hi, Some context: We make an API to visualize 3D geospatial data. For our upcoming release we switched our C++ transpiled rendering backend to WASM (from asm.js) and we've noticed that applications that use our 3D WebGL-accelerated maps now crash on iOS. The issue can be reproduced by opening https://demo.luciad.com/wasm-benchmark/2021.0/?webgl&reference=EPSG:4978 on an iOS device (or a simulator). The crash happens shortly after the page has loaded / JS code is being executed. After the page has crashed, the page reloads and crashes again. The issue can be reproduced on iOS Chrome, Safari and Firefox. We're not exactly sure what triggers it, as it's pretty hard to debug these kinds of crashes. It might, or might not be related to the switch to WASM. I've included one of the logs in attachment (chrome on iPad). I can share more logs if necessary, but they all report a similar SIGSEGV fault.
Attachments
Chrome iPad crash log (67.94 KB, text/plain)
2021-03-24 07:21 PDT, Glenn Croes 		no flags
Details
iPhone Safari crash log (102.37 KB, text/plain)
2021-03-24 07:23 PDT, Glenn Croes 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Glenn Croes
Comment 1 2021-03-24 07:23:40 PDT
Created attachment 424132 [details] iPhone Safari crash log
Alexey Proskuryakov
Comment 2 2021-03-24 09:30:18 PDT
I can reproduce this crash with iOS 14.5 beta. Thread 24 Crashed: 0 JavaScriptCore 0x00000001af95a2c0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 508 1 JavaScriptCore 0x00000001af95a2ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488 2 JavaScriptCore 0x00000001afbcc378 JSC::callGetter(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue) + 212 3 JavaScriptCore 0x00000001afa3051c JSC::LLInt::performLLIntGetByID(JSC::Instruction const*, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&) + 1988 4 JavaScriptCore 0x00000001afa2fc6c llint_slow_path_get_by_id + 296 5 JavaScriptCore 0x00000001af323e70 llint_entry + 45104 6 JavaScriptCore 0x00000001af33d1a4 llint_entry + 148324 7 JavaScriptCore 0x00000001af318b94 vmEntryToJavaScript + 276 8 JavaScriptCore 0x00000001af95a2ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488 9 JavaScriptCore 0x00000001afb671e0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 176 10 WebCore 0x00000001b3b2ccc0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1528
Radar WebKit Bug Importer
Comment 3 2021-03-24 09:30:48 PDT
<rdar://problem/75788717>
Glenn Croes
Comment 4 2021-04-08 06:56:43 PDT
I'm glad to see you were able to reproduce this issue. Do you already have an idea what triggers this? If so, we could probably work around the issue, so we can ship our upcoming release without having to disappoint customers that are targeting iOS. We also wouldn't be blocked by a fix being implemented / available on a stable iOS release. Any feedback or pointers would be greatly appreciated.
Yusuke Suzuki
Comment 5 2021-04-10 01:42:44 PDT
I think this is likely https://bugs.webkit.org/show_bug.cgi?id=223491
Yusuke Suzuki
Comment 6 2021-04-10 02:03:49 PDT
Yup! I've ensured that this is dupe of bug 223491 :) Thanks for your report! *** This bug has been marked as a duplicate of bug 223491 ***
Note You need to log in before you can comment on or make changes to this bug.