Bug 299018

Summary: REGRESSION(298234.133@webkitglib/2.50): [GTK] [2.50.0] Fails to build in i386: use of undeclared label 'op_instanceof_return_location'
Product: WebKit Reporter: Alberto Garcia <berto>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, development.slash, justin, mcatanzaro, mgorse, yijia_huang
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Linux   
See Also: https://bugs.webkit.org/show_bug.cgi?id=296042

Alberto Garcia
Reported 2025-09-17 07:52:20 PDT
Here is the full log, I think this is due to this commit: https://github.com/WebKit/WebKit/commit/f3f7e7880c36ac7d0735efc084c618382194382e /usr/bin/clang++ -DBUILDING_GTK__=1 -DBUILDING_WEBKIT=1 -DBUILDING_WITH_CMAKE=1 -DBWRAP_EXECUTABLE=\"/usr/bin/bwrap\" -DDBUS_PROXY_EXECUTABLE=\"/usr/bin/xdg-dbus-proxy\" -DGETTEXT_PACKAGE=\"WebKitGTK-4.1\" -DHAVE_CONFIG_H=1 -DJSC_GLIB_API_ENABLED -DPAS_BMALLOC=1 -D_GLIBCXX_ASSERTIONS=1 -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCore/Headers -I/usr/include/glib-2.0 -I/usr/lib/i386-linux-gnu/glib-2.0/include -I/tmp/webkit2gtk-2.50.0/build-soup3 -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/API -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/assembler -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/b3 -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/b3/air -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/bindings -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/builtins -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/bytecode -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/bytecompiler -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/dfg -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/disassembler -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/disassembler/ARM64 -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/disassembler/zydis -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/domjit -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/ftl -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/fuzzilli -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/heap -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/debugger -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/inspector -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/inspector/agents -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/inspector/augmentable -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/inspector/remote -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/interpreter -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/jit -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/llint -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/parser -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/profiler -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/runtime -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/tools -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/wasm -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/wasm/js -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/yarr -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCore/DerivedSources -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCore/DerivedSources/inspector -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCore/DerivedSources/runtime -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCore/DerivedSources/yarr -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/API/glib -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCoreGLib/DerivedSources -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCoreGLib/DerivedSources/jsc -I/tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCoreGLib/Headers -I/tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/inspector/remote/glib -I/tmp/webkit2gtk-2.50.0/build-soup3/WTF/Headers -I/usr/include/sysprof-6 -fdiagnostics-color=always -fcolor-diagnostics -Wextra -Wall -Werror=undefined-internal -Werror=undefined-inline -pipe -msse2 -Wno-noexcept-type -Wno-psabi -Wno-misleading-indentation -Wno-parentheses-equality -Qunused-arguments -Wundef -Wpointer-arith -Wmissing-format-attribute -Wformat-security -Wcast-align -Wno-tautological-compare -fasynchronous-unwind-tables -fdebug-types-section -g1 -O2 -ffile-prefix-map=/tmp/webkit2gtk-2.50.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DNDEBUG -DG_DISABLE_CAST_CHECKS -fno-strict-aliasing -fno-exceptions -fno-rtti -fcoroutines -ffunction-sections -fdata-sections -std=c++23 -fPIC -fvisibility=hidden -MD -MT Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o -MF Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o.d -o Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o -c /tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp /tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:286:9: error: use of undeclared label 'op_instanceof_return_location' 286 | FOR_EACH_BYTECODE_HELPER_ID(OPCODE_ENTRY) | ^ /tmp/webkit2gtk-2.50.0/build-soup3/JavaScriptCore/DerivedSources/Bytecodes.h:989:11: note: expanded from macro 'FOR_EACH_BYTECODE_HELPER_ID' 989 | macro(op_instanceof_return_location, 0) \ | ^ /tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:286:37: error: use of undeclared label 'op_instanceof_return_location_wide16' 286 | FOR_EACH_BYTECODE_HELPER_ID(OPCODE_ENTRY) | ^ /tmp/webkit2gtk-2.50.0/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:286:37: error: use of undeclared label 'op_instanceof_return_location_wide32' 3 errors generated.
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2025-09-18 04:49:27 PDT
A patch from Yijia in bug #296042, which I have not tested yet: ``` diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm index 96aeb5dfba8e..3d495e673eca 100644 --- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm +++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm @@ -3088,6 +3088,11 @@ _wasm_ipint_call_return_location_wide16: _wasm_ipint_call_return_location_wide32: crash() +_op_instanceof_return_location: +_op_instanceof_return_location_wide16: +_op_instanceof_return_location_wide32: + crash() + end # WEBASSEMBLY include? LowLevelInterpreterAdditions
Alberto Garcia
Comment 2 2025-09-18 07:09:39 PDT
I confirm that it fixes the i386 build, thanks!
Mike Gorse
Comment 3 2025-09-18 07:22:34 PDT
For me, this patch fixes the i586 build but makes the build fail on ppc64le: /home/abuild/rpmbuild/BUILD/webkit2gtk3-2.50.0-build/webkitgtk-2.50.0/build/JavaScriptCore/DerivedSources/LLIntAssembly.h:41233:24: error: duplicate label ‘op_instanceof_return_location’ 41233 | OFFLINE_ASM_GLUE_LABEL(op_instanceof_return_location) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/abuild/rpmbuild/BUILD/webkit2gtk3-2.50.0-build/webkitgtk-2.50.0/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:124:39: note: in definition of macro ‘OFFLINE_ASM_GLUE_LABEL’ 124 | #define OFFLINE_ASM_GLUE_LABEL(label) label: TRACE_LABEL("OFFLINE_ASM_GLUE_LABEL", label); USE_LABEL(label); There are similar errors for the other two opcodes that are being added.
Michael Catanzaro
Comment 4 2025-09-18 08:14:13 PDT
I'm afraid this is too confusing for me. I'll need help from JavaScriptCore developers.
Yijia Huang
Comment 5 2025-09-18 08:50:28 PDT
Hi Mike, can you try this: ``` diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm index af53fe269664..237fd6aab9c8 100644 --- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm +++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm @@ -2958,6 +2958,13 @@ _wasm_ipint_call_return_location_wide16: _wasm_ipint_call_return_location_wide32: crash() +if C_LOOP +_op_instanceof_return_location: +_op_instanceof_return_location_wide16: +_op_instanceof_return_location_wide32: + crash() +end + end # WEBASSEMBLY include? LowLevelInterpreterAdditions ```
Mike Gorse
Comment 6 2025-09-18 09:41:34 PDT
Hi Yijia, I tried your patch from comment 5, and, unfortunately, I get the same error on ppc64le that I was getting with your original patch. I'm not passing any options for enabling or disabling cloop or jit on ppc64le, and it looks as though cloop is being used there.
Yijia Huang
Comment 7 2025-09-18 10:19:13 PDT
Hi Mike and Michael, from the those crash logs and your reports, it seems that both i586/i386 (32bit) and ppc64le (64bit) use `C_LOOP`. So, I propose this fix. ``` if C_LOOP and not JSVALUE64 _op_instanceof_return_location: _op_instanceof_return_location_wide16: _op_instanceof_return_location_wide32: crash() end ```
Michael Catanzaro
Comment 8 2025-09-18 10:31:15 PDT
OK, I'll test that and create a pull request if it works. Thanks!
Michael Catanzaro
Comment 9 2025-09-18 12:13:20 PDT
OK, a pull request doesn't work yet because the change from bug #296042 has not landed in main yet. Ideally we would remember that the patch needs to be edited before it lands during security "merge back."
Mike Gorse
Comment 10 2025-09-18 14:14:11 PDT
Thanks, Yijia. This works for me on both i586 and ppc64le.
Alberto Garcia
Comment 11 2025-09-19 04:14:59 PDT
The armhf build fails in Debian: FAILED: Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o error: Undefined temporary symbol .Lop_instanceof_return_location error: Undefined temporary symbol .Lop_instanceof_return_location_wide16 error: Undefined temporary symbol .Lop_instanceof_return_location_wide32
Yijia Huang
Comment 12 2025-09-19 09:06:39 PDT
Hi Alberto, can you try this ``` ... if (C_LOOP and not JSVALUE64) or ARMv7 _op_instanceof_return_location: _op_instanceof_return_location_wide16: _op_instanceof_return_location_wide32: crash() end end # WEBASSEMBLY ``` in LowLevelInterpreter.asm?
Alberto Garcia
Comment 13 2025-09-19 09:31:28 PDT
Thanks, Yijia! Same error, unfortunately.
Michael Catanzaro
Comment 14 2025-09-19 10:59:31 PDT
*** Bug 299171 has been marked as a duplicate of this bug. ***
Yijia Huang
Comment 15 2025-09-19 11:29:33 PDT
Hi Alberto, I am confused.The armhf build configuration in Debian requires these return location labels but we don't know the exact preprocessor defines used for armhf builds. The labels are needed for OSR exit support in instanceof operations. Current solution covers: - 32-bit C_LOOP builds (i586, i386) - Excludes ppc64le which generates labels from BytecodeList.rb For armhf builds that still fail, the Debian maintainer should determine the correct armhf-specific preprocessor condition and add these labels under that condition: ``` _op_instanceof_return_location: _op_instanceof_return_location_wide16: _op_instanceof_return_location_wide32: crash() ``` Another proposal from my side is: ``` if (C_LOOP and not PPC64LE) _op_instanceof_return_location: _op_instanceof_return_location_wide16: _op_instanceof_return_location_wide32: crash() end ```
Alberto Garcia
Comment 16 2025-09-21 13:30:27 PDT
There must be something else going on with the armhf build because the compilation fails even if add that block unconditionally (i.e with no "if" / "end"): [1/6554] Building CXX object Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o FAILED: Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o error: Undefined temporary symbol .Lop_instanceof_return_location error: Undefined temporary symbol .Lop_instanceof_return_location_wide16 error: Undefined temporary symbol .Lop_instanceof_return_location_wide32 3 errors generated.
Justin Michaud
Comment 17 2025-09-22 10:29:57 PDT
Instead of the provided fix, may I suggest: ``` diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm index 6d4036a55f96..f49782964262 100644 --- a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm +++ b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm @@ -3354,6 +3354,9 @@ op(loop_osr_entry_gate, macro () crash() # Should never reach here. end) +op(op_instanceof_return_location, macro () + crash() # Should never reach here. +end) llintOpWithMetadata(op_check_private_brand, OpCheckPrivateBrand, macro (size, get, dispatch, metadata, return) metadata(t5, t2) ```
Justin Michaud
Comment 18 2025-09-22 10:35:32 PDT
``` _op_instanceof_return_location: _op_instanceof_return_location_wide16: _op_instanceof_return_location_wide32: crash() ``` For cloop, this needs to be outside the IF WEBASSEMBLY block
Michael Catanzaro
Comment 19 2025-09-22 14:29:49 PDT
Hi Berto, I will wait for you to test the suggested changes and confirm they are good, since Fedora doesn't build for 32-bit ARM anymore.
Alberto Garcia
Comment 20 2025-09-23 03:22:30 PDT
Hi, I confirm that this change alone (i.e no changes to LowLevelInterpreter.asm needed) fixes i386, armhf and ppc64el builds in Debian: ``` --- webkitgtk.orig/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm +++ webkitgtk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm @@ -3354,6 +3354,9 @@ op(loop_osr_entry_gate, macro () crash() # Should never reach here. end) +op(op_instanceof_return_location, macro () + crash() # Should never reach here. +end) llintOpWithMetadata(op_check_private_brand, OpCheckPrivateBrand, macro (size, get, dispatch, metadata, return) metadata(t5, t2) ``` Thanks Justin and Yijia!!
Mike Gorse
Comment 21 2025-09-23 08:11:36 PDT
I've tested Justin's patch from comment 17 on openSUSE, and it builds correctly on our targets as well.
Note You need to log in before you can comment on or make changes to this bug.