RESOLVED FIXED285902
REGRESSION (287397@main..288804@main): Wasm optimization/interpretation bug affecting dart2wasm 
https://bugs.webkit.org/show_bug.cgi?id=285902
Summary REGRESSION (287397@main..288804@main): Wasm optimization/interpretation bug a...
Martin Kustermann
Reported 2025-01-14 03:06:09 PST
Created attachment 473897 [details] Wasm optimization bug seemingly introduced between JSC version [287397..288804] We upgraded from JSC version 287397 to 288804 and started hitting issues in our tests for the dart2wasm compiler. Here's one example where a miscompilation seems to happen, first we unpack the attached file: ``` % tar xvzf ~/sdk3/jsc_bug.tar.gz regress.wasm regress.mjs pkg/dart2wasm/bin/run_wasm.js ``` Now we run it with normal JSC ``` % jsc $PWD/pkg/dart2wasm/bin/run_wasm.js -- $PWD/regress.mjs $PWD/regress.wasm -- Bad state: No element module0.wasm-function[Error._throwWithCurrentStackTrace]@[wasm code] module0.wasm-function[closure wrapper at file:///usr/local/google/home/kustermann/repositories/sdk-gclient3/sdk/tests/corelib/string_codeunits_test.dart:9:26 trampoline]@[wasm code] module0.wasm-function[expectThrowsStateError]@[wasm code] module0.wasm-function[main]@[wasm code] module0.wasm-function[_invokeMain]@[wasm code] invokeMain@/tmp/jsc/regress.mjs:276:48 @/tmp/jsc/pkg/dart2wasm/bin/run_wasm.js:425:31 Error: [object WebAssembly.Exception] Stack: undefined ``` It seemingly fails to catch this exception in a try/catch. The same code runs fine in Chrome/D8 & Firefox/JSShell. Now fiddling with the flags, it seems when using `--useWasmIPInt=false` the issue goes away ``` % jsc --useWasmIPInt=false $PWD/pkg/dart2wasm/bin/run_wasm.js -- $PWD/regress.mjs $PWD/regress.wasm -- % echo $? 0 ```
Attachments
Wasm optimization bug seemingly introduced between JSC version [287397..288804] (25.48 KB, application/gzip)
2025-01-14 03:06 PST, Martin Kustermann 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2025-01-14 10:10:54 PST
I verified the regression range, and that "--useWasmIPInt=false" fixes this. Also verified that this is still reproducing as of 288846@main.
Radar WebKit Bug Importer
Comment 2 2025-01-14 10:11:04 PST
<rdar://problem/142892203>
daniel_liu4
Comment 3 2025-01-15 15:47:04 PST
Pull request: https://github.com/WebKit/WebKit/pull/39103
daniel_liu4
Comment 4 2025-01-15 15:49:14 PST
Thank you for reporting this issue! I've checked the PR above against the test provided, and I confirmed it runs correctly with `--useWasmIPInt=1` now.
EWS
Comment 5 2025-01-17 12:21:50 PST
Committed 289082@main (a8ba8390855b): <https://commits.webkit.org/289082@main> Reviewed commits have been landed. Closing PR #39103 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.