Bug 260252

Summary: REGRESSION (Safari 17): WASM intermittent failure transcoding basis file
Product: WebKit Reporter: Donovan Hutchence <slimbuck7>
Component: WebAssemblyAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: cheryl, d_degazio, justin_michaud, keith_miller, mark.lam, mvaligursky, webkit-bug-importer, willeastcott
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
html demonstrating intermittent failure
none
debuggable
none
Disassembly with good/bad path
none
simplified repro none

Description Donovan Hutchence 2023-08-16 03:05:35 PDT 
Created attachment 467286 [details]
html demonstrating intermittent failure

We have found basis transcode fail intermittently in Safari 17 TP running on MacOS 13.5.

This appears to be a regression: code and asset is unchanged and runs fine on Chrome, Firefox and Safari 16.

Please find attached a cut-down example. It loads and transcode a single basis file in a webworker using PlayCanvas. The app logs success or failure result to the console.
Comment 1 Radar WebKit Bug Importer 2023-08-16 18:21:49 PDT 
<rdar://problem/113999793>
Comment 2 Alexey Proskuryakov 2023-08-16 18:23:01 PDT 
Thank you for the test that easily reproduces the issue!
Comment 3 Donovan Hutchence 2023-09-20 01:42:51 PDT 
Hello,

Any updates on this issue?

Can you suggest any workarounds (seeing as iOS 17.0 has now been released)?

Thanks,
Donovan
Comment 4 cheryl 2023-09-25 06:00:03 PDT 
All 3d models on our playcanvas project showing white texture. 3d rendering unworkable in iOS 17/playcanvas. Please address as high priority.
Comment 5 Donovan Hutchence 2023-09-25 06:46:07 PDT 
For playcanvas users, we found a possible mitigation for basis transcode (testing is ongoing). Please see https://github.com/playcanvas/engine/pull/5657 for more info.
Comment 6 Justin Michaud 2023-09-25 15:42:50 PDT 
This is likely caused by a regression in the new BBQ jit. This configuration works: 

```
__XPC_JSC_useBBQJIT=0 __XCP_JSC_validateOptions=1 /Applications/Safari\ Technology\ Preview.app/Contents/MacOS/Safari\ Technology\ Preview
```

I will try to narrow down where in the test case execution diverges.
Comment 7 Justin Michaud 2023-09-25 16:03:05 PDT 
Created attachment 467857 [details]
debuggable
Comment 8 Justin Michaud 2023-09-25 16:03:34 PDT 
I recompiled the module with binaryen to try to debug it, but that makes the issue go away

bin/wasm-opt ~/Desktop/basis.wasm.wasm.orig -o ~/Desktop/basis.wasm.wasm --enable-simd --disable-gc --log-execution --instrument-memory

So it seems to be some kind of control flow bug
Comment 9 Justin Michaud 2023-09-25 16:28:48 PDT 
I have discovered the culprit: 

__XPC_JSC_useWasmLLInt=1 __XPC_JSC_wasmFunctionIndexRangeToCompile=76:76  __XPC_JSC_useConcurrentJIT=0 __XPC_JSC_useOMGJIT=0 __XCP_JSC_validateOptions=1 /Applications/Safari\ Technology\ Preview.app/Contents/MacOS/Safari\ Technology\ Preview
Comment 10 Justin Michaud 2023-09-25 16:56:52 PDT 
Created attachment 467861 [details]
Disassembly with good/bad path
Comment 11 Justin Michaud 2023-09-26 19:47:49 PDT 
Created attachment 467887 [details]
simplified repro