Bug 222805 - Crash with "invalid opcode" if the CPU does not support SSE4
Summary: Crash with "invalid opcode" if the CPU does not support SSE4
Status: RESOLVED DUPLICATE of bug 220889
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
: 222358 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-03-05 08:52 PST by Alberto Garcia
Modified: 2023-08-17 13:52 PDT (History)
8 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Garcia 2021-03-05 08:52:14 PST 
A user reported this crash with WebKitGTK 2.30.5 after opening www.avito.ru , selecting "Вход и регистрация" on the upper right corner and simply waiting for a few seconds.

(gdb) layout asm
>│0x7f00eb999254 <wasm_entry+56936>       roundss $0x2,%xmm0,%xmm1     │
 │0x7f00eb99925a <wasm_entry+56942>       movsbq 0x1(%r13,%r8,1),%r9   │
 │0x7f00eb999260 <wasm_entry+56948>       movss  %xmm1,0x0(%rbp,%r9,8) │
 │0x7f00eb999267 <wasm_entry+56955>       add    $0x3,%r8              │

This is a 64-bit build but the CPU is an old Intel Core 2 without SSE4 instructions. Disabling the JIT ("JavaScriptCoreUseJIT=0") seems to solve the problem.

I assume that there is no plan to support such old hardware, but is this simply a WONTFIX or should WebKit disable the JIT conditionally in these cases?
Comment 1 Radar WebKit Bug Importer 2021-03-12 08:53:17 PST 
<rdar://problem/75363426>
Comment 2 Carlos Garcia Campos 2021-03-15 03:57:58 PDT 
Is this a duplicate of bug #222358?
Comment 3 Michael Catanzaro 2021-03-15 06:03:40 PDT 
(In reply to Alberto Garcia from comment #0)
> should WebKit disable the JIT conditionally in these cases?

That would be ideal.
Comment 4 Michael Catanzaro 2021-03-15 14:14:10 PDT 
*** Bug 222358 has been marked as a duplicate of this bug. ***
Comment 5 Carlos Garcia Campos 2021-03-16 01:54:59 PDT 
Can we just disable JIT when SSE4 is not available?
Comment 6 Jernej Jakob 2021-03-16 05:09:28 PDT 
JSC_useBaselineJIT=0 also fixes it for me. I have that exported in my environment .
Comment 7 Michael Catanzaro 2021-03-16 06:15:15 PDT 
(In reply to Carlos Garcia Campos from comment #5)
> Can we just disable JIT when SSE4 is not available?

Please, though I'm not sure how to test for that easily.

I checked and Fedora's baseline is SSE2. I guess Debian's is probably the same, so we would want to check for SSE3 really.
Comment 8 Alberto Garcia 2021-03-16 06:24:23 PDT 
(In reply to Michael Catanzaro from comment #7)
> I checked and Fedora's baseline is SSE2. I guess Debian's is probably the
> same, so we would want to check for SSE3 really.

It is, according to https://wiki.debian.org/ArchitectureSpecificsMemo#amd64:

"x86_64 with no optional extensions. The core specification includes MMX, SSE and SSE2 so these are OK, but SSE3 and up are not guaranteed."
Comment 9 Michael Catanzaro 2023-08-17 13:41:48 PDT 
This issue is basically the same as bug #220889 and there is a patch there with review feedback, so let's treat this one as the duplicate.

*** This bug has been marked as a duplicate of bug 220889 ***
Comment 10 Michael Catanzaro 2023-08-17 13:45:55 PDT 
Well, one possibility not contemplated in bug #220889 would be to automatically disable the JIT if the system does not support SSE4. If somebody wants to attempt that, we could reopen this one.