Bug 232662

Summary:

WebGL2 AllowShared TypedArray should be accepted

Product:

WebKit

Reporter:

Sanjay Kumar <hypertree>

Component:

WebGL

Assignee:

Yusuke Suzuki <ysuzuki>

Status:

RESOLVED FIXED

Severity:

Major

CC:

ap, bfulgham, cdumez, dino, fpizlo, hypertree, jonlee, kbr, keith_miller, kkinnunen, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

iPhone / iPad

OS:

All

Attachments:

Description	Flags
Patch	none

Sanjay Kumar

Reported 2021-11-03 05:12:22 PDT

AvNav is a WebAssembly-powered offline-first Web Application that helps pilots plan flights and navigate complex airspaces. We are excited to see WebKit implementing COEP headers which enables SharedArrayBuffers/WASM Threads making our maps even faster. Big Thank you! We do see a small problem with the new implementation: Our app fails to load (silently - no exceptions) when using PTHERADS on WebGL 2.0 context - in iOS 15.2 beta and Safari Technology Preview 134. App works fine on WebGl 1.0 context (single and multi-threaded). Here are greatly simplified versions of our maps that demonstrate the problem (no registration or subscription required): Single Threaded WASM - works everywhere including all recent iOS/iPadOS versions: https://avnav.io/assets/demo/st/ Multi-Threaded WASM on WebGl 1.0 context - works in Chrome, Firefox and newly released iPadOS 15.2 beta and STP 134: https://avnav.io/assets/demo/mt/ Multi-Threaded WASM on WebGl 2.0 context - only works in Chrome, and Firefox - fails silently in iPadOS 15.2 beta and STP 134: https://avnav.io/assets/demo/mt_webgl2/ It will be nice if you can fix this in iOS/iPadOS 15.2 itself - so we don't have to go back to WebGL 1.0 context anywhere! Thank you!

Attachments
Patch (4.62 KB, patch) 2022-02-11 23:57 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2021-11-03 09:49:58 PDT

> https://avnav.io/assets/demo/mt_webgl2/ The server is not responding right now, could you please check?

Sanjay Kumar

Comment 2 2021-11-03 14:25:06 PDT

Server is back on. Its our sandbox - accidentally went down. Sorry about that.

Kimmo Kinnunen

Comment 3 2021-11-04 03:22:08 PDT

Thank you for the report. It appears to hang somewhere during calls to convert uniform2fv and uniformMatrix4fv arguments via custom javascript (?). I'm not an expert when this would happen in JS or WASM. In case you have time to debug this more, a more minimal test case would be appreciated. E.g. remove content while still observing the hang, until the hang disappears. Also one strategy could be to console.log before each WebGL call, and see which ones are the last ones that work. Then you could report what kind of object is being passed to WebGL. If you have a programming stack that compiles some input language to WASM, you could also explain this so that we could try to make a test case using this stack. * frame #0: 0x0000000710a001a7 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::ThreadSafeRefCountedBase::derefBase(this=<unavailable>) const at ThreadSafeRefCounted.h:86:13 [opt] frame #1: 0x0000000710a001a1 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::ThreadSafeRefCounted<JSC::JITCode, (WTF::DestructionThread)0>::deref(this=<unavailable>) const at ThreadSafeRefCounted.h:113 [opt] frame #2: 0x0000000710a001a1 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::DefaultRefDerefTraits<JSC::JITCode>::derefIfNotNull(ptr=0x000000072f513640) at RefPtr.h:42 [opt] frame #3: 0x0000000710a0019c JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::RefPtr<JSC::JITCode, WTF::RawPtrTraits<JSC::JITCode>, WTF::DefaultRefDerefTraits<JSC::JITCode> >::~RefPtr(this=<unavailable>) at RefPtr.h:73 [opt] frame #4: 0x0000000710a0019c JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::RefPtr<JSC::JITCode, WTF::RawPtrTraits<JSC::JITCode>, WTF::DefaultRefDerefTraits<JSC::JITCode> >::~RefPtr(this=<unavailable>) at RefPtr.h:73 [opt] frame #5: 0x0000000710a0019c JavaScriptCore`JSC::Interpreter::executeCall(this=<unavailable>, lexicalGlobalObject=<unavailable>, function=0x000000073671f580, callData=<unavailable>, thisValue=<unavailable>, args=0x00007ffeef4921d8) at Interpreter.cpp:970 [opt] frame #6: 0x0000000710d5846f JavaScriptCore`JSC::iteratorNext(globalObject=0x00000007161e8468, iterationRecord=IterationRecord @ 0x00007fc931cfe7e0, argument=JSValue @ scalar) at IteratorOperations.cpp:51:22 [opt] frame #7: 0x0000000710d5af98 JavaScriptCore`JSC::iteratorStep(globalObject=0x00000007161e8468, iterationRecord=<unavailable>) at IteratorOperations.cpp:76:22 [opt] frame #8: 0x000000070acba467 WebCore`void JSC::forEachInIterable<WebCore::Detail::GenericSequenceConverter<WebCore::IDLUnrestrictedFloat>::convert(JSC::JSGlobalObject&, JSC::JSObject*, JSC::JSValue, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)::'lambda'(JSC::VM&, JSC::JSGlobalObject&, JSC::JSValue)>(globalObject=0x00000007161e8468, iterable=<unavailable>, iteratorMethod=<unavailable>, callback=0x00007ffeef4922f8) at IteratorOperations.h:129:24 [opt] frame #9: 0x000000070acb9f5d WebCore`WebCore::Detail::NumericSequenceConverter<WebCore::IDLUnrestrictedFloat>::convert(lexicalGlobalObject=0x00000007161e8468, object=0x000000071c5f7ea0, method=JSValue @ r15) at IndexingHeader.h:0:54 [opt] frame #10: 0x000000070acb9ca0 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(JSC::JSGlobalObject&, JSC::JSValue) [inlined] WebCore::Detail::SequenceConverter<WebCore::IDLUnrestrictedFloat>::convert(lexicalGlobalObject=0x00000007161e8468, object=<unavailable>, method=JSValue @ r12) at JSDOMConvertSequences.h:323:16 [opt] frame #11: 0x000000070acb9c92 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(JSC::JSGlobalObject&, JSC::JSValue) [inlined] WebCore::Converter<WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> >::convert(lexicalGlobalObject=0x00000007161e8468, object=<unavailable>, method=JSValue @ r12) at JSDOMConvertSequences.h:369 [opt] frame #12: 0x000000070acb9c92 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(JSC::JSGlobalObject&, JSC::JSValue) [inlined] WebCore::ConditionalSequenceConverter<std::__1::variant<WTF::RefPtr<JSC::GenericTypedArrayView<JSC::Float32Adaptor>, WTF::RawPtrTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> >, WTF::DefaultRefDerefTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> > >, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat>, true>::convert(lexicalGlobalObject=0x00000007161e8468, object=<unavailable>, method=JSValue @ r12) at JSDOMConvertUnion.h:86 [opt] frame #13: 0x000000070acb9c92 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(lexicalGlobalObject=0x00000007161e8468, value=JSValue @ 0x00007ffeef492368) at JSDOMConvertUnion.h:310 [opt] frame #14: 0x000000070acc172f WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv1Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGL2RenderingContext*) [inlined] WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::ReturnType WebCore::convert<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >(lexicalGlobalObject=0x00000007161e8468, value=JSValue @ 0x00007ffeef492450) at JSDOMConvertBase.h:61:12 [opt] frame #15: 0x000000070acc1720 WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv1Body(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620, castedThis=<unavailable>) at JSWebGL2RenderingContext.cpp:8620 [opt] frame #16: 0x000000070ac988b4 WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fvOverloadDispatcher(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620, castedThis=<unavailable>) at JSDOMConvertNullable.h:0:13 [opt] frame #17: 0x000000070ac9885c WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] long long WebCore::IDLOperation<WebCore::JSWebGL2RenderingContext>::call<&(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620, operationName=<unavailable>)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) at JSDOMOperation.h:63 [opt] frame #18: 0x000000070ac98857 WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620) at JSWebGL2RenderingContext.cpp:12759 [opt] frame #19: 0x00003496058011d8 frame #20: 0x00000007102ca2f9 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1177 frame #21: 0x00003496063e4713 frame #22: 0x0000349607040dbc frame #23: 0x000034960704100c frame #24: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #25: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #26: 0x00000007102d24be JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:803 frame #27: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #28: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #29: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #30: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #31: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #32: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #33: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812 frame #34: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812

Radar WebKit Bug Importer

Comment 4 2021-11-10 04:13:19 PST

<rdar://problem/85249360>

Sanjay Kumar

Comment 5 2022-02-11 09:57:34 PST

Liking discussion in Emsrcipten Github repo about this bug: https://github.com/emscripten-core/emscripten/issues/16104

Yusuke Suzuki

Comment 6 2022-02-11 10:56:29 PST

We should write fast path for typed array in JSDOMConvertSequences.h

Yusuke Suzuki

Comment 7 2022-02-11 23:57:31 PST

Created attachment 451775 [details] Patch

EWS

Comment 8 2022-02-12 14:45:31 PST

Committed r289700 (247185@main): <https://commits.webkit.org/247185@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 451775 [details].

Brent Fulgham

Comment 9 2022-05-26 15:04:23 PDT

This fix shipped with Safari 15.5 (all platforms).

Note You need to log in before you can comment on or make changes to this bug.