WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
258796
SHOULD NEVER BE REACHED in Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp(1189)
https://bugs.webkit.org/show_bug.cgi?id=258796
Summary
SHOULD NEVER BE REACHED in Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp(...
xiangwei1895
Reported
2023-07-03 02:37:57 PDT
## JavaScriptCore Version 1f2d2a92eeb831bedd01bbb5b694a0e29fa9af81 ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --build-dir=asan --cmakeargs="-DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-g -O3 -fsanitize=address'" ## Testcase and Execution steps ``` var buffer = new Uint8Array([0,97,115,109,1,0,0,0,1,160,128,128,128,0,4,80,0,95,1,127,0,80,0,94,123,1,80,0,96,3,127,127,127,1,127,96,6,127,112,107,103,101,107,112,127,0,3,130,128,128,128,0,1,2,4,133,128,128,128,0,1,112,1,1,1,5,132,128,128,128,0,1,1,16,32,13,131,128,128,128,0,1,0,3,7,136,128,128,128,0,1,4,109,97,105,110,0,0,9,139,128,128,128,0,1,6,0,65,0,11,112,1,210,0,11,10,148,128,128,128,0,1,18,0,6,127,65,112,7,0,26,26,26,26,26,1,11,179,168,103,11]); var module = new WebAssembly.Module(buffer); var instance = new WebAssembly.Instance(module); ``` ./bin/jsc --useWebAssemblyGC=true --useWebAssemblyTypedFunctionReferences=true testcase.js ## Output SHOULD NEVER BE REACHED /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp(1189) : JSC::Wasm::LLIntGenerator::PartialResult JSC::Wasm::LLIntGenerator::addCatchToUnreachable(unsigned int, const JSC::Wasm::TypeDefinition &, JSC::Wasm::LLIntGenerator::ControlType &, JSC::Wasm::LLIntGenerator::ResultList &) ## Backtrace __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735922812480) at ./nptl/pthread_kill.c:44 44 ./nptl/pthread_kill.c: No such file or directory. (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735922812480) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140735922812480) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140735922812480, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fffed881476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fffed8677f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff0c7a16f in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:762 #6 0x00007ffff4ea9003 in JSC::Wasm::LLIntGenerator::addCatchToUnreachable (this=this@entry=0x7fffa2af6ab0, exceptionIndex=exceptionIndex@entry=0, exceptionSignature=..., data=..., results=...) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:1189 #7 0x00007ffff4f14db0 in JSC::Wasm::LLIntGenerator::addCatch (this=0x7fffa2af6ab0, exceptionIndex=0, exceptionSignature=..., data=..., expressionStack=..., results=...) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:1155 #8 JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseExpression (this=this@entry=0x7fffa2af6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:2758 #9 0x00007ffff4eece8e in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseBody (this=this@entry=0x7fffa2af6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:365 #10 0x00007ffff4ecd434 in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parse (this=this@entry=0x7fffa2af6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:336 #11 0x00007ffff4e85c3a in JSC::Wasm::parseAndCompileBytecode (functionStart=<optimized out>, functionLength=<optimized out>, signature=..., info=..., functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:580 #12 0x00007ffff4ebf4ac in JSC::Wasm::LLIntPlan::compileFunction (this=0x615000017f00, functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp:89 #13 0x00007ffff4e73891 in JSC::Wasm::EntryPlan::compileFunctions (this=0x615000017f00, effort=<optimized out>) at /home/WebKit/Source/JavaScriptCore/wasm/WasmEntryPlan.cpp:218 #14 0x00007ffff5101ad1 in JSC::Wasm::Worklist::Thread::work (this=0x607000004310) at /home/WebKit/Source/JavaScriptCore/wasm/WasmWorklist.cpp:111 #15 0x00007ffff55ddfa1 in WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/AutomaticThread.cpp:229 #16 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:53 #17 0x00007ffff56994c6 in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:82 #18 WTF::Thread::entryPoint (newThreadContext=<optimized out>) at /home/WebKit/Source/WTF/wtf/Threading.cpp:250 #19 0x00007ffff58377a6 in WTF::wtfThreadEntryPoint (context=0x3011bf) at /home/WebKit/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:242 #20 0x00007fffed8d3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #21 0x00007fffed965a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2023-07-10 02:38:14 PDT
<
rdar://problem/112006214
>
Asumu Takikawa
Comment 2
2024-01-29 14:58:53 PST
Pull request:
https://github.com/WebKit/WebKit/pull/23465
EWS
Comment 3
2024-02-14 10:38:05 PST
Committed
274635@main
(c76ab28ce98e): <
https://commits.webkit.org/274635@main
> Reviewed commits have been landed. Closing PR #23465 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug