[Webkit-unassigned] [Bug 271030] New: webkit webassemly enable TailCalls feature failed

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 14 19:03:35 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=271030

            Bug ID: 271030
           Summary: webkit webassemly enable TailCalls feature failed
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: happytraveller3312 at gmail.com

Created attachment 470376

  --> https://bugs.webkit.org/attachment.cgi?id=470376&action=review

the file that trigger crash

get source code from github Repository:https://github.com/WebKit/WebKit
lattest commit hash 711120e7edec012527620d07bf63d85713a180fd
download and compile with args (./Tools/Scripts/build-jsc --jsc-only --build-dir=patch/)


(bash) gdb source-to-webkit/patch/JSCOnly/Release/bin/jsc
(gdb) set args  --useWebAssemblyGC=true    --useWebAssemblyTailCalls=true crash.js
(gdb) r
Starting program: source-to-webkit/patch/JSCOnly/Release/bin/jsc --useWebAssemblyGC=true    --useWebAssemblyTailCalls=true  crash.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe23b3640 (LWP 798332)]
[New Thread 0x7fff9dbb0640 (LWP 798334)]
[New Thread 0x7fff9d3af640 (LWP 798335)]
[New Thread 0x7fff9cbae640 (LWP 798336)]
[New Thread 0x7fff9c3ad640 (LWP 798337)]
[New Thread 0x7fff9bbac640 (LWP 798338)]
[New Thread 0x7fff9b3ab640 (LWP 798339)]
[New Thread 0x7fff9abaa640 (LWP 798340)]
[New Thread 0x7fff9a3a9640 (LWP 798341)]
[New Thread 0x7fff99ba8640 (LWP 798342)]
[New Thread 0x7fff993a7640 (LWP 798343)]
[New Thread 0x7fff98ba6640 (LWP 798344)]
[New Thread 0x7fff983a5640 (LWP 798345)]
[New Thread 0x7fff97ba4640 (LWP 798348)]
[New Thread 0x7fff973a3640 (LWP 798349)]
[New Thread 0x7fff96ba2640 (LWP 798350)]
[New Thread 0x7fff963a1640 (LWP 798351)]
[New Thread 0x7fff95ba0640 (LWP 798352)]
[New Thread 0x7fff9539f640 (LWP 798353)]
[New Thread 0x7fff94b9e640 (LWP 798354)]
[New Thread 0x7fff9439d640 (LWP 798355)]
[New Thread 0x7fff93b9c640 (LWP 798356)]
[New Thread 0x7fff9339b640 (LWP 798357)]
[New Thread 0x7fff92b9a640 (LWP 798358)]
[New Thread 0x7fff92399640 (LWP 798359)]
[New Thread 0x7fff91b98640 (LWP 798360)]
[New Thread 0x7fff91397640 (LWP 798361)]
[New Thread 0x7fff90b96640 (LWP 798362)]
[New Thread 0x7fff90395640 (LWP 798363)]
[New Thread 0x7fff8fb94640 (LWP 798364)]
[New Thread 0x7fff8f393640 (LWP 798365)]
[New Thread 0x7fff8eb92640 (LWP 798366)]

Thread 3 "t Helper Thread" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff9dbb0640 (LWP 798334)]
0x00007ffff76115b1 in WTF::Vector<JSC::X86Registers::XMMRegisterID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::size (this=0x7ffff7fafb60 <JSC::Wasm::wasmCallingConvention()::staticWasmCallingConvention+16>) at WTF/Headers/wtf/Vector.h:799
799         size_t size() const { return m_size; }
(gdb) bt
#0  0x00007ffff76115b1 in WTF::Vector<JSC::X86Registers::XMMRegisterID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::size (
    this=0x7ffff7fafb60 <JSC::Wasm::wasmCallingConvention()::staticWasmCallingConvention+16>) at WTF/Headers/wtf/Vector.h:799
#1  JSC::Wasm::WasmCallingConvention::numberOfStackArguments (this=0x7ffff7fafb50 <JSC::Wasm::wasmCallingConvention()::staticWasmCallingConvention>, signature=...)
    at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmCallingConvention.h:207
#2  JSC::Wasm::WasmCallingConvention::numberOfStackValues (this=0x7ffff7fafb50 <JSC::Wasm::wasmCallingConvention()::staticWasmCallingConvention>, signature=...)
    at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmCallingConvention.h:255
#3  0x00007ffff7611d44 in JSC::Wasm::LLIntGenerator::addCallIndirect (this=0x7fff9dbac0d0, tableIndex=tableIndex at entry=0, signature=..., args=..., results=..., 
    callType=JSC::CallLinkInfoBase::TailCall) at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:1522
#4  0x00007ffff764389a in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseExpression (this=this at entry=0x7fff9dbac1d0)
    at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:2986
#5  0x00007ffff762c63b in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseBody (this=this at entry=0x7fff9dbac1d0)
    at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:482
#6  0x00007ffff75f8c19 in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parse (this=this at entry=0x7fff9dbac1d0)
    at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:435
#7  0x00007ffff75f718b in JSC::Wasm::parseAndCompileBytecode (functionStart=0x7fffe0000580 "", functionLength=<optimized out>, signature=..., info=..., 
    functionIndex=functionIndex at entry=0) at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:586
#8  0x00007ffff7619e38 in JSC::Wasm::LLIntPlan::compileFunction (this=0x7fffe005d600, functionIndex=0) at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp:89
#9  0x00007ffff74d0596 in JSC::Wasm::EntryPlan::compileFunctions (this=0x7fffe005d600, effort=<optimized out>) at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmEntryPlan.cpp:223
#10 0x00007ffff77b16df in JSC::Wasm::Worklist::Thread::work (this=0x7fffe0035ad0) at /home/.../WebKit/Source/JavaScriptCore/wasm/WasmWorklist.cpp:119
#11 0x00007ffff79518e0 in WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const (this=<optimized out>)
    at /home/.../WebKit/Source/WTF/wtf/AutomaticThread.cpp:229
#12 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() (this=<optimized out>) at /home/.../WebKit/Source/WTF/wtf/Function.h:53
#13 0x00007ffff79b7b7a in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/.../WebKit/Source/WTF/wtf/Function.h:82
#14 WTF::Thread::entryPoint (newThreadContext=0x7fffe0036480) at /home/.../WebKit/Source/WTF/wtf/Threading.cpp:258
#15 0x00007ffff7a99563 in WTF::wtfThreadEntryPoint (context=0x7ffff7fafb50 <JSC::Wasm::wasmCallingConvention()::staticWasmCallingConvention>)
    at /home/.../WebKit/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:247
#16 0x00007ffff244fac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#17 0x00007ffff24e1850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240315/4630ccdd/attachment-0001.htm>

More information about the webkit-unassigned mailing list