Closed Bug 1506675 Opened 6 years ago Closed 6 years ago

Cranelift crash when running wasm demos

Categories

(Core :: JavaScript: WebAssembly, defect)

Product:
Core
Component:
JavaScript: WebAssembly
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bbouvier, Assigned: bbouvier)

References

Details

I've tried running Cranelift demos after the bump to 0.23, but it seems it's still crashing on wasm demos on my machine, including: - webassembly.org/demo - the godot startup benchmark: http://godot.eska.me/pub/wasm-benchmark/ Crashes happen in generated code: https://crash-stats.mozilla.com/report/index/7fcf6411-6db5-47ee-ab84-4daff0181112 https://crash-stats.mozilla.com/report/index/243393e5-828d-4ad2-998d-48eb90181112
That second trace seems to show the recursion starting at js::wasm::Instance::callExport.
Can reproduce on shell test cases: wasm_fannkuch in embenchen. Investigating a bit more.
Assignee: nobody → bbouvier
Status: NEW → ASSIGNED
It's a problem of encoding during code generation, during the codegen of Fasta jit code. Opened https://github.com/CraneStation/cranelift/issues/600 to track it on the Cranelift side.

As of today, the Godot benchmark seems to work fine in both Cranelift-only and tiering mode with the workaround in bug 1507820.

The WebAssembly demo still crashes in generated code.

Tracked it down to https://github.com/CraneStation/cranelift/issues/666, which is quite a diabolic bug.

Confirmed that the workaround patch in bug 1507820 and fix in https://github.com/CraneStation/cranelift/pull/667 fix the crash on the WebAssembly demo website.

Depends on: 1525873

Was fixed in Cranelift 0.29.0.

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Depends on: 1532689
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.