WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WONTFIX
Bug 265262
Wasm tail call conflicts with OMG inlining - ASSERTION FAILED: !irGenerator.m_makesTailCalls
https://bugs.webkit.org/show_bug.cgi?id=265262
Summary
Wasm tail call conflicts with OMG inlining - ASSERTION FAILED: !irGenerator.m...
Asumu Takikawa
Reported
2023-11-22 12:11:39 PST
The following wasm program currently crashes in debug mode (using the `module` helper from function reference tests): ``` /* (module (func (result i32) (i32.const 42)) (func (param) (result i32) (return_call 0) (i32.const 5)) (func (export "main") (result i32) (call 1)) ) */ { let m = new WebAssembly.Instance(module("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x00\x01\x7f\x03\x84\x80\x80\x80\x00\x03\x00\x00\x00\x07\x88\x80\x80\x80\x00\x01\x04\x6d\x61\x69\ x6e\x00\x02\x0a\x9e\x80\x80\x80\x00\x03\x84\x80\x80\x80\x00\x00\x41\x2a\x0b\x86\x80\x80\x80\x00\x00\x12\x00\x41\x05\x0b\x84\x80\x80\x80\x00\x00\x10\x01\x0b")); assert.eq(m.exports.main(), 42); } ``` with a crash message like the following: wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ASSERTION FAILED: !irGenerator.m_makesTailCalls wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: /home/asumu/WebKit/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp(4659) : JSC::Wasm::B3IRGenerator::PartialResult JSC::Wasm::B3IRGenerator::emitIn lineDirectCall(uint32_t, const JSC::Wasm::TypeDefinition&, WTF::Vector<JSC::B3::Variable*, 0, WTF::CrashOnOverflow, 16, WTF::FastMalloc>&, ResultList&) wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ERROR: Unexpected exit code: 134 10/10 (failed 1) It looks like there's possibly an attempt to inline the `(call 1)` in the main function and that's failing because the function being inlined has a tail call.
Attachments
Add attachment
proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1
2023-11-26 16:05:35 PST
tail call is not correctly implemented, it requires redesign and massive effort, and we are not seeing that it is currently implemented. So, wont' fix.
Yusuke Suzuki
Comment 2
2023-11-26 16:06:23 PST
For example, stack pointer adjustment after the call is not done correctly in any places, so tail-call in wasm is not designed to be working, and that's the reason why it is not enabled. This is half baked and not having complete implementation yet.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug