WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
262863
ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) /home/WebKit/WebKitBuild/Debug/WTF/Headers/wtf/HashTable.h(648) : void WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>, WTF::KeyValuePairKey
https://bugs.webkit.org/show_bug.cgi?id=262863
Summary
ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) /home/...
xiangwei1895
Reported
2023-10-08 05:17:03 PDT
## JavaScriptCore Version 3cf70a3a572708fefd7eb755db3cc211798022a7 ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --build-dir=asan --cmakeargs="-DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-g -O3 -fsanitize=address'" ## Testcase and Execution steps ``` var wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,162,128,128,128,0,6,80,0,95,0,80,0,95,0,80,0,94,127,1,80,0,96,3,127,127,127,1,127,96,0,0,80,0,96,1,107,1,1,127,3,130,128,128,128,0,1,3,4,133,128,128,128,0,1,112,1,1,1,5,132,128,128,128,0,1,1,16,32,13,131,128,128,128,0,1,0,4,7,136,128,128,128,0,1,4,109,97,105,110,0,0,9,139,128,128,128,0,1,6,0,65,0,11,112,1,210,0,11,10,149,128,128,128,0,1,19,1,1,108,1,2,107,1,251,8,1,11,3,5,26,65,237,0,11,11]); var wasm_module = new WebAssembly.Module(wasm_code); var wasm_instance = new WebAssembly.Instance(wasm_module); var f = wasm_instance.exports.main; f(); ``` ./bin/jsc --useWebAssemblyGC=true --useWebAssemblyTypedFunctionReferences=true testcase.js ## Output ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) /home/WebKit/WebKitBuild/Debug/WTF/Headers/wtf/HashTable.h(648) : void WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>>, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>::KeyValuePairTraits, WTF::HashTraits<unsigned long>>::checkKey(const T &) [Key = unsigned long, Value = WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>, Extractor = WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>>, HashFunctions = WTF::DefaultHash<unsigned long>, Traits = WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>::KeyValuePairTraits, KeyTraits = WTF::HashTraits<unsigned long>, HashTranslator = WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT>>::KeyValuePairTraits, WTF::DefaultHash<unsigned long>>, T = unsigned long] ## Backtrace #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735851497024) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140735851497024) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140735851497024, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fffeb36b476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fffeb3517f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff03b92ff in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:778 #6 0x00007ffff484bd4c in WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::checkKey<WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTrait--Type <RET> for more, q to quit, c to continue without paging--c s<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::DefaultHash<unsigned long> >, unsigned long> (this=<optimized out>, this@entry=0x7fffefe59d40 <__PRETTY_FUNCTION__._ZN3WTF9HashTableImNS_12KeyValuePairImNS_6RefPtrIN3JSC4Wasm3RTTENS_12RawPtrTraitsIS5_EENS_21DefaultRefDerefTraitsIS5_EEEEEENS_24KeyValuePairKeyExtractorISB_EENS_11DefaultHashImEENS_7HashMapImSA_SF_NS_10HashTraitsImEENSH_ISA_EENS_15HashTableTraitsEE18KeyValuePairTraitsESI_E8checkKeyINS_22IdentityHashTranslatorISM_SF_EEmEEvRKT0_>, key=<optimized out>) at WTF/Headers/wtf/HashTable.h:648 #7 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::inlineLookup<WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::DefaultHash<unsigned long> >, unsigned long> (this=this@entry=0x613000001ab0, key=@0x7fff9e6e60d0: 0) at WTF/Headers/wtf/HashTable.h:670 #8 0x00007ffff481e8cc in WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::lookup<WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::DefaultHash<unsigned long> >, unsigned long> (this=0x613000001ab0, key=<optimized out>) at WTF/Headers/wtf/HashTable.h:662 #9 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::find<WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::DefaultHash<unsigned long> >, unsigned long> (this=0x613000001ab0, key=@0x7fff9e6e60d0: 0) at WTF/Headers/wtf/HashTable.h:1014 #10 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::find (this=0x613000001ab0, key=@0x7fff9e6e60d0: 0) at WTF/Headers/wtf/HashTable.h:487 #11 WTF::HashMap<unsigned long, WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<JSC::Wasm::RTT, WTF::RawPtrTraits<JSC::Wasm::RTT>, WTF::DefaultRefDerefTraits<JSC::Wasm::RTT> > >, WTF::HashTableTraits>::find (this=0x613000001ab0, key=@0x7fff9e6e60d0: 0) at WTF/Headers/wtf/HashMap.h:312 #12 JSC::Wasm::TypeInformation::tryGetCanonicalRTT (type=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp:1017 #13 0x00007ffff409ac20 in JSC::Wasm::isSubtypeIndex (sub=<optimized out>, parent=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFormat.h:291 #14 0x00007ffff469ee4a in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::unify (this=this@entry=0x7fff9e6f3ba0, controlData=...) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:1546 #15 0x00007ffff464cb3e in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseExpression (this=0x1fefb5, this@entry=0x7fff9e6f3ba0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:3004 #16 0x00007ffff462a57e in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseBody (this=this@entry=0x7fff9e6f3ba0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:429 #17 0x00007ffff4614fcd in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parse (this=this@entry=0x7fff9e6f3ba0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:382 #18 0x00007ffff45c0412 in JSC::Wasm::parseAndCompileBytecode (functionStart=<optimized out>, functionLength=<optimized out>, signature=..., info=..., functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:580 #19 0x00007ffff45f9cfc in JSC::Wasm::LLIntPlan::compileFunction (this=0x615000018180, functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp:89 #20 0x00007ffff43f6411 in JSC::Wasm::EntryPlan::compileFunctions (this=0x615000018180, effort=<optimized out>) at /home/WebKit/Source/JavaScriptCore/wasm/WasmEntryPlan.cpp:220 #21 0x00007ffff484efe1 in JSC::Wasm::Worklist::Thread::work (this=0x607000004380) at /home/WebKit/Source/JavaScriptCore/wasm/WasmWorklist.cpp:111 #22 0x00007ffff4d0b9d1 in WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/AutomaticThread.cpp:229 #23 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:53 #24 0x00007ffff4dc07b6 in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:82 #25 WTF::Thread::entryPoint (newThreadContext=<optimized out>) at /home/WebKit/Source/WTF/wtf/Threading.cpp:258 #26 0x00007ffff4f52126 in WTF::wtfThreadEntryPoint (context=0x1f8add) at /home/WebKit/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:242 #27 0x00007fffeb3bdb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #28 0x00007fffeb44fa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2023-10-15 05:17:15 PDT
<
rdar://problem/116979392
>
Asumu Takikawa
Comment 2
2023-12-01 14:53:29 PST
Pull request:
https://github.com/WebKit/WebKit/pull/21188
EWS
Comment 3
2023-12-01 22:30:25 PST
Committed
271420@main
(b02c88c35d2f): <
https://commits.webkit.org/271420@main
> Reviewed commits have been landed. Closing PR #21188 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug