263363 – ASSERTION FAILED: shouldJIT(callee) /home/WebKit/Source/JavaScriptCore/wasm/WasmSlowPaths.cpp(356) : JSC::UGPRPair JSC::LLInt::slow_path_wasm_simd_go_straight_to_bbq_osr(JSC::CallFrame *, const JSC::WasmInstruction *, Wasm::Instance *)

RESOLVED WONTFIX263363

ASSERTION FAILED: shouldJIT(callee) /home/WebKit/Source/JavaScriptCore/wasm/WasmSlowPaths.cpp(356) : JSC::UGPRPair JSC::LLInt::slow_path_wasm_simd_go_straight_to_bbq_osr(JSC::CallFrame *, const JSC::WasmInstruction *, Wasm::Instance *)

https://bugs.webkit.org/show_bug.cgi?id=263363

Summary ASSERTION FAILED: shouldJIT(callee) /home/WebKit/Source/JavaScriptCore/wasm/W...

xiangwei1895

Reported 2023-10-18 23:01:52 PDT

## JavaScriptCore Version 6b4ebcdffbfcb90c6be097374c74904a92a6e71b ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --build-dir=asan --cmakeargs="-DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-g -O3 -fsanitize=address'" ## Testcase and Execution steps ``` var wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,4,1,96,0,0,2,1,0,3,2,1,0,4,8,1,111,1,226,1,219,199,3,5,1,0,6,1,0,7,10,1,6,95,115,116,97,114,116,0,0,8,1,0,9,1,0,12,1,0,10,14,1,12,0,12,0,45,1,15,186,253,44,160,1,11,11,1,0]); var wasm_module = new WebAssembly.Module(wasm_code); var wasm_instance = new WebAssembly.Instance(wasm_module); var f = wasm_instance.exports.main; f(); ``` ./bin/jsc --useWebAssemblyGC=true --useWebAssemblyTypedFunctionReferences=true --useWebAssemblyTailCalls=true --useWebAssemblyRelaxedSIMD=true testcase.js ## Output ASSERTION FAILED: shouldJIT(callee) /home/WebKit/Source/JavaScriptCore/wasm/WasmSlowPaths.cpp(356) : JSC::UGPRPair JSC::LLInt::slow_path_wasm_simd_go_straight_to_bbq_osr(JSC::CallFrame *, const JSC::WasmInstruction *, Wasm::Instance *) ## Backtrace #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737177692096) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140737177692096) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140737177692096, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fffed801476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fffed7e77f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff26a59ff in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:778 #6 0x00007ffff6a7ee22 in slow_path_wasm_simd_go_straight_to_bbq_osr (callFrame=<optimized out>, pc=<optimized out>, instance=<optimized out>) at /home/WebKit/Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:356 #7 0x00007ffff2663a78 in wasm_function_prologue_simd () from /home/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1 #8 0x00007fffab42002c in ?? () #9 0x0000610000001440 in ?? () #10 0x0000611000038fc3 in ?? () #11 0x00007fffffffb680 in ?? () #12 0x00007ffff21eb720 in __PRETTY_FUNCTION__._ZNK3WTF3RefIN3JSC7JITCodeENS_12RawPtrTraitsIS2_EEEptEv () from /home/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1 #13 0x00007ffff21dc5a0 in str () from /home/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1 #14 0x000060e000004418 in ?? () #15 0x00007fffffffb8b0 in ?? () #16 0x0000631000014800 in ?? () #17 0x00007fffffffb670 in ?? () #18 0x00007ffff263be04 in vmEntryToJavaScript () from /home/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1

Attachments
Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2023-10-19 16:04:02 PDT

useWebAssemblyTailCalls is not supported. They are half-baked and not intended to be tested.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebAssembly

Assignee

Nobody

Reported

2023-10-18 23:01 PDT

Modified

2023-10-19 16:04 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks