NEW304810
High memory usage in WASM compilation thread 
https://bugs.webkit.org/show_bug.cgi?id=304810
Summary High memory usage in WASM compilation thread
James Dolan
Reported 2025-12-31 12:01:36 PST
Under certain circumstances I am observing that Safari (26.2 + TP 234) on macOS and iOS can enter a stage of perpetual memory leaking attributed to "Page" that continues even after WASM code exits and eventually results in out-of-memory crash + page reset. Currently those circumstances appears to be compiling via Emscripten with ASYNCIFY enabled (even if we never hit a Asyncify import), and reading or writing 64-bit values to memory aligned to 4B boundaries. I have not yet been able to trigger the issue in contrived test so there but I have encountered it in a few different libraries (GLSlang and Tint), this repro (https://github.com/jamesdolan/safari_leak) triggers it in GLSlang and also has a small fix (https://github.com/KhronosGroup/glslang/pull/4137) to avoid the alignment issues that appears to completely avoid the leak. This leaked memory also does not appear to show up in memory snapshots at all, or really anywhere besides "Page". And have not been able to find anything in the same order of magnitude when dumping out objects in the js console. So this feels like internal allocations.
Attachments
Add attachment proposed patch, testcase, etc.
James Dolan
Comment 1 2026-01-02 16:20:53 PST
Small update, ASYNCIFY_REMOVE on the functions that do unaligned access also prevents the leak. Guessing the stack save/restore system is bypassing something.
Radar WebKit Bug Importer
Comment 2 2026-01-07 12:02:12 PST
<rdar://problem/167709015>
Keith Miller
Comment 3 2026-01-07 13:03:56 PST
Not sure what's going on here but unaligned load/stores in JSC won't do anything special (especially on Apple Silicon which natively supports them). If it's related to asyncify my guess is that some promise somewhere isn't running or removing itself from some collection after running although it does seem like that should show up in a heap snapshot...
Laurent Denoue
Comment 4 2026-02-20 14:25:55 PST
This may cause what we see here https://github.com/microsoft/onnxruntime/issues/26827 This unfortunate bug causes many AI models loaded through ONNX runtime to fail on iOS 26, when it was perfect on iOS 18. Laurent
Shu-yu Guo
Comment 5 2026-02-20 14:32:48 PST
The unaligned loads are likely to have been a red herring. We've been addressing this issue and the ONNX issue by improving the greedy register and stack allocators in e.g. 306945@main.
Ben Nham
Comment 6 2026-03-12 15:59:05 PDT
*** Bug 309251 has been marked as a duplicate of this bug. ***
Walter B.
Comment 7 2026-04-26 01:59:25 PDT
still present in iOS 26.4.2 - yes it's related to asyncify I solved it by running: wasm-opt "${filename}.wasm" -Oz --asyncify -o "${filename}.wasm"
Walter B.
Comment 8 2026-04-26 02:01:37 PDT
just to add - maybe this isn't webkit bug at all, but something in the way emscripten generates asyncify code
James Dolan
Comment 9 2026-04-26 11:23:30 PDT
Cross referencing emscripten issue https://github.com/emscripten-core/emscripten/issues/26027 Also interesting reapplying transform via binarygen appears to resolve issue. Although the fact that memory continues to run away after execution finishes feels like there must be an underlying WebKit issue as well.
Walter B.
Comment 10 2026-04-26 15:46:12 PDT
in the end the way i could properly prevent crash is this: wasm-opt "${filename}.wasm" --optimize-instructions --licm --local-cse --code-pushing --merge-locals --coalesce-locals --asyncify -o "${filename}.wasm" or better yet (but slower) wasm-opt "${filename}.wasm" --asyncify --optimize-instructions --licm --local-cse --code-pushing --merge-locals --coalesce-locals -o "${filename}.wasm" it's essential that --asyncify is included and .wasm is stripped of symbols enough that wasm-opt won't complain about previous asyncify strings I analyzed this issue in depth, yes there is definetly an iOS/WebKit bug, I can zero out wasm memory, remove all timers, remove everything from DOM, remove all messages, everything and it still crashes after about a minute or two once the offending web assembly code has been executed. This could be both emscripten and iOS bug
Note You need to log in before you can comment on or make changes to this bug.