Bug 232662

Summary: WebGL2 AllowShared TypedArray should be accepted
Product: WebKit Reporter: Sanjay Kumar <hypertree>
Component: WebGLAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Major CC: ap, bfulgham, cdumez, dino, fpizlo, hypertree, jonlee, kbr, keith_miller, kkinnunen, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: iPhone / iPad   
OS: All   
Attachments:
Description Flags
Patch none

Description Sanjay Kumar 2021-11-03 05:12:22 PDT 
AvNav is a WebAssembly-powered offline-first Web Application that helps pilots plan flights and navigate complex airspaces. We are excited to see WebKit implementing COEP headers which enables SharedArrayBuffers/WASM Threads making our maps even faster. Big Thank you!

We do see a small problem with the new implementation:

Our app fails to load (silently - no exceptions) when using PTHERADS on WebGL 2.0 context - in iOS 15.2 beta and Safari Technology Preview 134.
App works fine on WebGl 1.0 context (single and multi-threaded).

Here are greatly simplified versions of our maps that demonstrate the problem (no registration or subscription required):

Single Threaded WASM - works everywhere including all recent iOS/iPadOS versions:
https://avnav.io/assets/demo/st/

Multi-Threaded WASM on WebGl 1.0 context - works in Chrome, Firefox and newly released iPadOS 15.2 beta and STP 134:
https://avnav.io/assets/demo/mt/

Multi-Threaded WASM on WebGl 2.0 context - only works in Chrome, and Firefox - fails silently in iPadOS 15.2 beta and STP 134:
https://avnav.io/assets/demo/mt_webgl2/

It will be nice if you can fix this in iOS/iPadOS 15.2 itself - so we don't have to go back to WebGL 1.0 context anywhere!

Thank you!
Comment 1 Alexey Proskuryakov 2021-11-03 09:49:58 PDT 
> https://avnav.io/assets/demo/mt_webgl2/

The server is not responding right now, could you please check?
Comment 2 Sanjay Kumar 2021-11-03 14:25:06 PDT 
Server is back on. Its our sandbox - accidentally went down. Sorry about that.
Comment 3 Kimmo Kinnunen 2021-11-04 03:22:08 PDT 
Thank you for the report.
It appears to hang somewhere during calls to convert uniform2fv and uniformMatrix4fv arguments via custom javascript (?). I'm not an expert when this would happen in JS or  WASM.

In case you have time to debug this more, a more minimal test case would be appreciated. E.g. remove content while still observing the hang, until the hang disappears. Also one strategy could be to console.log before each WebGL call, and see which ones are the last ones that work. Then you could report what kind of object is being passed to WebGL.

If you have a programming stack that compiles some input language to WASM, you could also explain this so that we could try to make a test case using this stack.


 * frame #0: 0x0000000710a001a7 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::ThreadSafeRefCountedBase::derefBase(this=<unavailable>) const at ThreadSafeRefCounted.h:86:13 [opt]
    frame #1: 0x0000000710a001a1 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::ThreadSafeRefCounted<JSC::JITCode, (WTF::DestructionThread)0>::deref(this=<unavailable>) const at ThreadSafeRefCounted.h:113 [opt]
    frame #2: 0x0000000710a001a1 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::DefaultRefDerefTraits<JSC::JITCode>::derefIfNotNull(ptr=0x000000072f513640) at RefPtr.h:42 [opt]
    frame #3: 0x0000000710a0019c JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::RefPtr<JSC::JITCode, WTF::RawPtrTraits<JSC::JITCode>, WTF::DefaultRefDerefTraits<JSC::JITCode> >::~RefPtr(this=<unavailable>) at RefPtr.h:73 [opt]
    frame #4: 0x0000000710a0019c JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] WTF::RefPtr<JSC::JITCode, WTF::RawPtrTraits<JSC::JITCode>, WTF::DefaultRefDerefTraits<JSC::JITCode> >::~RefPtr(this=<unavailable>) at RefPtr.h:73 [opt]
    frame #5: 0x0000000710a0019c JavaScriptCore`JSC::Interpreter::executeCall(this=<unavailable>, lexicalGlobalObject=<unavailable>, function=0x000000073671f580, callData=<unavailable>, thisValue=<unavailable>, args=0x00007ffeef4921d8) at Interpreter.cpp:970 [opt]
    frame #6: 0x0000000710d5846f JavaScriptCore`JSC::iteratorNext(globalObject=0x00000007161e8468, iterationRecord=IterationRecord @ 0x00007fc931cfe7e0, argument=JSValue @ scalar) at IteratorOperations.cpp:51:22 [opt]
    frame #7: 0x0000000710d5af98 JavaScriptCore`JSC::iteratorStep(globalObject=0x00000007161e8468, iterationRecord=<unavailable>) at IteratorOperations.cpp:76:22 [opt]
    frame #8: 0x000000070acba467 WebCore`void JSC::forEachInIterable<WebCore::Detail::GenericSequenceConverter<WebCore::IDLUnrestrictedFloat>::convert(JSC::JSGlobalObject&, JSC::JSObject*, JSC::JSValue, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)::'lambda'(JSC::VM&, JSC::JSGlobalObject&, JSC::JSValue)>(globalObject=0x00000007161e8468, iterable=<unavailable>, iteratorMethod=<unavailable>, callback=0x00007ffeef4922f8) at IteratorOperations.h:129:24 [opt]
    frame #9: 0x000000070acb9f5d WebCore`WebCore::Detail::NumericSequenceConverter<WebCore::IDLUnrestrictedFloat>::convert(lexicalGlobalObject=0x00000007161e8468, object=0x000000071c5f7ea0, method=JSValue @ r15) at IndexingHeader.h:0:54 [opt]
    frame #10: 0x000000070acb9ca0 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(JSC::JSGlobalObject&, JSC::JSValue) [inlined] WebCore::Detail::SequenceConverter<WebCore::IDLUnrestrictedFloat>::convert(lexicalGlobalObject=0x00000007161e8468, object=<unavailable>, method=JSValue @ r12) at JSDOMConvertSequences.h:323:16 [opt]
    frame #11: 0x000000070acb9c92 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(JSC::JSGlobalObject&, JSC::JSValue) [inlined] WebCore::Converter<WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> >::convert(lexicalGlobalObject=0x00000007161e8468, object=<unavailable>, method=JSValue @ r12) at JSDOMConvertSequences.h:369 [opt]
    frame #12: 0x000000070acb9c92 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(JSC::JSGlobalObject&, JSC::JSValue) [inlined] WebCore::ConditionalSequenceConverter<std::__1::variant<WTF::RefPtr<JSC::GenericTypedArrayView<JSC::Float32Adaptor>, WTF::RawPtrTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> >, WTF::DefaultRefDerefTraits<JSC::GenericTypedArrayView<JSC::Float32Adaptor> > >, WTF::Vector<float, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat>, true>::convert(lexicalGlobalObject=0x00000007161e8468, object=<unavailable>, method=JSValue @ r12) at JSDOMConvertUnion.h:86 [opt]
    frame #13: 0x000000070acb9c92 WebCore`WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::convert(lexicalGlobalObject=0x00000007161e8468, value=JSValue @ 0x00007ffeef492368) at JSDOMConvertUnion.h:310 [opt]
    frame #14: 0x000000070acc172f WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv1Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGL2RenderingContext*) [inlined] WebCore::Converter<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >::ReturnType WebCore::convert<WebCore::IDLUnion<WebCore::IDLAllowSharedAdaptor<WebCore::IDLFloat32Array>, WebCore::IDLSequence<WebCore::IDLUnrestrictedFloat> > >(lexicalGlobalObject=0x00000007161e8468, value=JSValue @ 0x00007ffeef492450) at JSDOMConvertBase.h:61:12 [opt]
    frame #15: 0x000000070acc1720 WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv1Body(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620, castedThis=<unavailable>) at JSWebGL2RenderingContext.cpp:8620 [opt]
    frame #16: 0x000000070ac988b4 WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fvOverloadDispatcher(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620, castedThis=<unavailable>) at JSDOMConvertNullable.h:0:13 [opt]
    frame #17: 0x000000070ac9885c WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] long long WebCore::IDLOperation<WebCore::JSWebGL2RenderingContext>::call<&(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620, operationName=<unavailable>)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) at JSDOMOperation.h:63 [opt]
    frame #18: 0x000000070ac98857 WebCore`WebCore::jsWebGL2RenderingContextPrototypeFunction_uniformMatrix4fv(lexicalGlobalObject=0x00000007161e8468, callFrame=0x00007ffeef492620) at JSWebGL2RenderingContext.cpp:12759 [opt]
    frame #19: 0x00003496058011d8
    frame #20: 0x00000007102ca2f9 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1177
    frame #21: 0x00003496063e4713
    frame #22: 0x0000349607040dbc
    frame #23: 0x000034960704100c
    frame #24: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #25: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #26: 0x00000007102d24be JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:803
    frame #27: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #28: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #29: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #30: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #31: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #32: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #33: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
    frame #34: 0x00000007102d1a1c JavaScriptCore`wasmLLIntPCRangeStart at WebAssembly.asm:812
Comment 4 Radar WebKit Bug Importer 2021-11-10 04:13:19 PST 
<rdar://problem/85249360>
Comment 5 Sanjay Kumar 2022-02-11 09:57:34 PST 
Liking discussion in Emsrcipten Github repo about this bug:
https://github.com/emscripten-core/emscripten/issues/16104
Comment 6 Yusuke Suzuki 2022-02-11 10:56:29 PST 
We should write fast path for typed array in JSDOMConvertSequences.h
Comment 7 Yusuke Suzuki 2022-02-11 23:57:31 PST 
Created attachment 451775 [details]
Patch
Comment 8 EWS 2022-02-12 14:45:31 PST 
Committed r289700 (247185@main): <https://commits.webkit.org/247185@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 451775 [details].
Comment 9 Brent Fulgham 2022-05-26 15:04:23 PDT 
This fix shipped with Safari 15.5 (all platforms).