Bug 253501
| Summary: | [WebAssembly] Tanks demo crashes | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Jim Mason <jmason> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | bugs-noreply, d_degazio, joseph.j.griego, justin_michaud, mark.lam, mcatanzaro, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=253618 | ||
Jim Mason
Solaris/x86_64
Sometime between r259365@main (still working) and r261276@main (failing), the WebAssembly Tanks demo stopped working for me. The Tanks demo is here:
http://webassembly.org.cn/demo/Tanks/
Not sure if this is just me, or whether it is failing now for everyone with the new BBQ code.
Upon loading the demo, the worker segmentation faults. Backtrace is as follows:
> Thread 39 received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 24 (LWP 24)]
> 0x00007ff051ec525a in JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort) () from /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> (gdb) bt
> #0 0x00007ff051ec525a in JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort) () at
> /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> #1 0x00007ff0531617eb in JSC::Wasm::BBQPlan::work(JSC::Wasm::Plan::CompilationEffort) () at
> /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> #2 0x00007ff0532739e0 in JSC::Wasm::Worklist::Thread::work() ()
> at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> #3 0x00007ff053364d6b in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::{lambda()#1}, void>::call() ()
> at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> #4 0x00007ff0533955d5 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> #5 0x00007ff053411249 in WTF::wtfThreadEntryPoint(void*) ()
> at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
> #6 0x00007ff05a0f7ba9 in _thrp_setup () at /lib/64/libc.so.1
> #7 0x00007ff05a0f7e50 in _lwp_start () at /lib/64/libc.so.1
> #8 0x0000000000000000 in ()
Other WA demos like the Video Editor (https://d2jta7o2zej4pf.cloudfront.net/) still work fine.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Yusuke Suzuki
Thanks. This does not happen on macOS. So this is GTK / Solaris specific issue.
But I don't think we are supporting JIT on Solaris.
Michael Catanzaro
We can't accept JSC crash reports in WebKitGTK component. Down that path lies only madness. :)
Radar WebKit Bug Importer
<rdar://problem/106386416>
Jim Mason
I found the commit that broke this:
Enable single-pass BBQ baseline JIT by default
https://commits.webkit.org/261153@main
Reverting the commit and thus returning to the legacy Air implementation restores the Tanks demo.
The commit notes say, 'One notable hole in the new JIT's support is in some of the recent WASM extensions: typed function references, tail calls, and GC. Since these are still incomplete currently, and disabled by default, single-pass BBQ doesn't yet support them.'
Is the failure of the Tanks demo due to this incomplete implementation? Tanks is the only demo which is failing; outside of that, JIT and WASM continue to function normally for me with the single-pass BBQ.
Jim Mason
Apparently, this is caused by the same issue described in Bug 253618.
I can confirm the patch for that issue, 261417@main, clears the Tanks demo crash on Solaris.
Thanks to Asumu Takikawa <asumu@igalia.com> for the analysis and fix!
Michael Catanzaro
*** This bug has been marked as a duplicate of bug 253618 ***