263467 – [JSC] Assertion failure in generateWasmToJSStubs for wasm/gc-spec-tests/type-subtyping

Bug 263467 - [JSC] Assertion failure in generateWasmToJSStubs for wasm/gc-spec-tests/type-subtyping

Summary: [JSC] Assertion failure in generateWasmToJSStubs for wasm/gc-spec-tests/type-...

Status:	RESOLVED DUPLICATE of bug 254693

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Asumu Takikawa

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-10-20 13:38 PDT by Joseph Griego
Modified:	2024-07-24 13:39 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joseph Griego 2023-10-20 13:38:08 PDT

As title, in a debug build, we encounter the following assertion failure:

ASSERTION FAILED: returnType.isNullable()
/home/jgriego/proj/WebKit3/Source/JavaScriptCore/wasm/js/WasmToJS.cpp(464) : Expected<JSC::MacroAssemblerCodeRef<(WTF::PtrTag)64376>, JSC::Wasm::BindingFailure> JSC::Wasm::wasmToJS(JSC::VM&, JSC::Wasm::WasmToJSCallee&, JSC::OptimizingCallLinkInfo&, JSC::Wasm::TypeIndex, unsigned int)

Thread 1 "jsc" received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737352566592) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737352566592) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737352566592) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737352566592, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff2c42476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff2c287f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff35ed130 in WTFCrashWithInfo () at /home/jgriego/proj/WebKit3/WebKitBuild/Debug/WTF/Headers/wtf/Assertions.h:778
#6  0x00007ffff5899783 in JSC::Wasm::wasmToJS (vm=..., callee=..., callLinkInfo=..., typeIndex=140737056268800, importIndex=0) at /home/jgriego/proj/WebKit3/Source/JavaScriptCore/wasm/js/WasmToJS.cpp:464
#7  0x00007ffff588d10c in JSC::JSWebAssemblyModule::generateWasmToJSStubs (this=0x7fffa45fc730, vm=...) at /home/jgriego/proj/WebKit3/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp:169
#8  0x00007ffff588c804 in JSC::JSWebAssemblyModule::createStub (vm=..., globalObject=0x7fffa441a068, structure=0x7ffe0000ec50, result=...) at /home/jgriego/proj/WebKit3/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp:56
#9  0x00007ffff58b79ee in JSC::WebAssemblyModuleConstructor::createModule (globalObject=0x7fffa441a068, callFrame=0x7fffffffcfd0, buffer=...) at /home/jgriego/proj/WebKit3/Source/JavaScriptCore/wasm/js/WebAssemblyModuleConstructor.cpp:188
#10 0x00007ffff58b747e in JSC::constructJSWebAssemblyModule (globalObject=0x7fffa441a068, callFrame=0x7fffffffcfd0) at /home/jgriego/proj/WebKit3/Source/JavaScriptCore/wasm/js/WebAssemblyModuleConstructor.cpp:169
#11 0x00007fffa60000c7 in ?? ()
#12 0x00007fffffffd070 in ?? ()
#13 0x00007fffa6045983 in ?? ()
#14 0x0000000000000000 in ?? ()

Comment 1 Radar WebKit Bug Importer 2023-10-27 13:39:20 PDT

<rdar://problem/117601865>

Comment 2 David Degazio 2024-07-24 13:39:37 PDT

Does not reproduce; the relevant `ASSERT` seems to have been fixed by Asumu in https://bugs.webkit.org/show_bug.cgi?id=254693. Closing as dupe.

*** This bug has been marked as a duplicate of bug 254693 ***