NEW292048
[JSC] JIT compiler fails on PureScript 
https://bugs.webkit.org/show_bug.cgi?id=292048
Summary [JSC] JIT compiler fails on PureScript
ysangkok
Reported 2025-04-24 21:57:49 PDT
Created attachment 475043 [details] File will occasionally throw when evaluated with JIT Expected result: The attached file should evaluate without exceptions Actual result: Occasionally, "Failed pattern match" is thrown. If I set JavaScriptCoreUseJIT=0, the error is never thrown. This convinces me that there is an issue with the JIT compiler. We have also verified the issue in Safari 18.4 on https://exfreight.flipstone.com (we've set up a warning now, so Safari users are blocked) I have also verified the issue using the Epiphany: flatpak run --env=JavaScriptCoreUseJIT=1 org.gnome.Epiphany.Devel Tested version of WebKit: 89fa3ff54bbf1634734ff586119333f7673e1645, canonical link: https://commits.webkit.org/294095@main Compiled on Debian 12 (bookworm) using the instructions on https://trac.webkit.org/wiki/JSCOnly
Attachments
File will occasionally throw when evaluated with JIT (2.35 MB, application/x-javascript)
2025-04-24 21:57 PDT, ysangkok 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2025-04-25 09:09:53 PDT
I can reproduce this exception on the website (need to change UA to bypass the block). Not sure how to reproduce with the provided test though, it never fails for me with jsc CLI.
ysangkok
Comment 2 2025-04-28 12:24:58 PDT
To reproduce with the jsc CLI, I have found that it is necessary to run with the concurrent JIT. This configuration reproduces the crash almost every time on my Ryzen 9 5900X: % JavaScriptCoreUseJIT=1 ./jsc --useConcurrentJIT=1 --thresholdForJITAfterWarmUp=50 --thresholdForOptimizeAfterWarmUp=1000 /tmp/attachment.cgi\?id=475043 Exception: Error: Failed pattern match at Data.Map.Internal (line 769, column 5 - line 777, column 30): EQ2 @/tmp/attachment.cgi?id=475043:9190:24 @/tmp/attachment.cgi?id=475043:9235:28 @/tmp/attachment.cgi?id=475043:9258:33 @/tmp/attachment.cgi?id=475043:54609:25 @/tmp/attachment.cgi?id=475043:7171:34 @/tmp/attachment.cgi?id=475043:6992:26 @/tmp/attachment.cgi?id=475043:71221:52 global code@/tmp/attachment.cgi?id=475043:76762:3
Radar WebKit Bug Importer
Comment 3 2025-04-29 09:01:02 PDT
<rdar://problem/150285674>
Note You need to log in before you can comment on or make changes to this bug.