RESOLVED DUPLICATE of bug 253618253501
[WebAssembly] Tanks demo crashes 
https://bugs.webkit.org/show_bug.cgi?id=253501
Summary [WebAssembly] Tanks demo crashes
Jim Mason
Reported 2023-03-07 03:07:50 PST
Solaris/x86_64 Sometime between r259365@main (still working) and r261276@main (failing), the WebAssembly Tanks demo stopped working for me. The Tanks demo is here: http://webassembly.org.cn/demo/Tanks/ Not sure if this is just me, or whether it is failing now for everyone with the new BBQ code. Upon loading the demo, the worker segmentation faults. Backtrace is as follows: > Thread 39 received signal SIGSEGV, Segmentation fault. > [Switching to Thread 24 (LWP 24)] > 0x00007ff051ec525a in JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort) () from /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > (gdb) bt > #0 0x00007ff051ec525a in JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort) () at > /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #1 0x00007ff0531617eb in JSC::Wasm::BBQPlan::work(JSC::Wasm::Plan::CompilationEffort) () at > /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #2 0x00007ff0532739e0 in JSC::Wasm::Worklist::Thread::work() () > at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #3 0x00007ff053364d6b in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::{lambda()#1}, void>::call() () > at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #4 0x00007ff0533955d5 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #5 0x00007ff053411249 in WTF::wtfThreadEntryPoint(void*) () > at /usr/lib/64/libjavascriptcoregtk-4.0.so.18 > #6 0x00007ff05a0f7ba9 in _thrp_setup () at /lib/64/libc.so.1 > #7 0x00007ff05a0f7e50 in _lwp_start () at /lib/64/libc.so.1 > #8 0x0000000000000000 in () Other WA demos like the Video Editor (https://d2jta7o2zej4pf.cloudfront.net/) still work fine.
Attachments
Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2023-03-07 15:58:35 PST
Thanks. This does not happen on macOS. So this is GTK / Solaris specific issue. But I don't think we are supporting JIT on Solaris.
Michael Catanzaro
Comment 2 2023-03-07 16:11:56 PST
We can't accept JSC crash reports in WebKitGTK component. Down that path lies only madness. :)
Radar WebKit Bug Importer
Comment 3 2023-03-07 16:12:07 PST
<rdar://problem/106386416>
Jim Mason
Comment 4 2023-03-09 05:08:08 PST
I found the commit that broke this: Enable single-pass BBQ baseline JIT by default https://commits.webkit.org/261153@main Reverting the commit and thus returning to the legacy Air implementation restores the Tanks demo. The commit notes say, 'One notable hole in the new JIT's support is in some of the recent WASM extensions: typed function references, tail calls, and GC. Since these are still incomplete currently, and disabled by default, single-pass BBQ doesn't yet support them.' Is the failure of the Tanks demo due to this incomplete implementation? Tanks is the only demo which is failing; outside of that, JIT and WASM continue to function normally for me with the single-pass BBQ.
Jim Mason
Comment 5 2023-03-09 10:28:18 PST
Apparently, this is caused by the same issue described in Bug 253618. I can confirm the patch for that issue, 261417@main, clears the Tanks demo crash on Solaris. Thanks to Asumu Takikawa <asumu@igalia.com> for the analysis and fix!
Michael Catanzaro
Comment 6 2023-03-09 10:34:08 PST
*** This bug has been marked as a duplicate of bug 253618 ***
Note You need to log in before you can comment on or make changes to this bug.