RESOLVED WONTFIX Bug 265262
Wasm tail call conflicts with OMG inlining - ASSERTION FAILED: !irGenerator.m_makesTailCalls
https://bugs.webkit.org/show_bug.cgi?id=265262
Summary Wasm tail call conflicts with OMG inlining - ASSERTION FAILED: !irGenerator.m...
Asumu Takikawa
Reported 2023-11-22 12:11:39 PST
The following wasm program currently crashes in debug mode (using the `module` helper from function reference tests): ``` /* (module (func (result i32) (i32.const 42)) (func (param) (result i32) (return_call 0) (i32.const 5)) (func (export "main") (result i32) (call 1)) ) */ { let m = new WebAssembly.Instance(module("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x00\x01\x7f\x03\x84\x80\x80\x80\x00\x03\x00\x00\x00\x07\x88\x80\x80\x80\x00\x01\x04\x6d\x61\x69\ x6e\x00\x02\x0a\x9e\x80\x80\x80\x00\x03\x84\x80\x80\x80\x00\x00\x41\x2a\x0b\x86\x80\x80\x80\x00\x00\x12\x00\x41\x05\x0b\x84\x80\x80\x80\x00\x00\x10\x01\x0b")); assert.eq(m.exports.main(), 42); } ``` with a crash message like the following: wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ASSERTION FAILED: !irGenerator.m_makesTailCalls wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: /home/asumu/WebKit/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp(4659) : JSC::Wasm::B3IRGenerator::PartialResult JSC::Wasm::B3IRGenerator::emitIn lineDirectCall(uint32_t, const JSC::Wasm::TypeDefinition&, WTF::Vector<JSC::B3::Variable*, 0, WTF::CrashOnOverflow, 16, WTF::FastMalloc>&, ResultList&) wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ERROR: Unexpected exit code: 134 10/10 (failed 1) It looks like there's possibly an attempt to inline the `(call 1)` in the main function and that's failing because the function being inlined has a tail call.
Attachments
Yusuke Suzuki
Comment 1 2023-11-26 16:05:35 PST
tail call is not correctly implemented, it requires redesign and massive effort, and we are not seeing that it is currently implemented. So, wont' fix.
Yusuke Suzuki
Comment 2 2023-11-26 16:06:23 PST
For example, stack pointer adjustment after the call is not done correctly in any places, so tail-call in wasm is not designed to be working, and that's the reason why it is not enabled. This is half baked and not having complete implementation yet.
Note You need to log in before you can comment on or make changes to this bug.