Crash in debugger of WebAssembly: unsupported global variable type
Categories
(Core :: JavaScript: WebAssembly, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox75 | --- | fixed |
People
(Reporter: volker.berlin, Assigned: lth)
References
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Steps to reproduce:
I use the FF Nightly from today, 75.0a1 (2020-02-26) (64-Bit).
In the attachments there are screenshots to visualize the follow steps. There are also all files that are involved.
1.) Open the sample start page in the nightly FF browser. I use the URL http://localhost/test/HelloWorld.html
2.) Open the debugger and set a breakpoint in the file HelloWorld.wasm.js:9 in the function set_anyref.
3.) Reload the page.
4.) Click in the stacktrace the first wasm line (HelloWorld.wasm:1364)
5.) Some seconds later -> Crash
|
Assignee | |
Comment 1•5 years ago
|
||
I can reproduce this on Linux using the provided steps (Fedora 30 on x64).
|
|
Assignee | |
Comment 2•5 years ago
|
||
|
|
Assignee | |
Comment 3•5 years ago
|
||
That appears to be a MOZ_CRASH, it's a getGlobal on an unsupported type. Might we guess this would be a reference type? wat2wasm crashes on it, which is no fun at all.
|
|
Assignee | |
Comment 4•5 years ago
|
||
Jan, can you open this up? MOZ_CRASH is not s-s.
|
||
Comment 5•5 years ago
|
||
(In reply to Lars T Hansen [:lth] from comment #4)
Jan, can you open this up? MOZ_CRASH is not s-s.
I can only change the JS security group flag, not the core-security one.
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 6•5 years ago
|
||
I'll add a suitable short-term fix and maybe let Yury do something smarter in the long term.
|
|
Assignee | |
Comment 7•5 years ago
|
||
For reference types, return 0 when they are read from wasm globals.
This is an adequate stopgap solution. See comment in the code for
ideas about better solutions.
|
|
Assignee | |
Comment 8•5 years ago
|
||
Yury, I'm unable to test this fix because when I build Nightly locally it appears to come without the debugging tools that I need (starting with output like this:
console.error: (new Error("Unexpected type", "resource://devtools/client/shared/vendor/WasmDis.js", 36))
console.warn: "Action loadSourceText had an exception:" (new Error("Unexpected type", "resource://devtools/client/shared/vendor/WasmDis.js", 36))
Can you look at the patch, maybe try it locally to see if it fixes the problem? Or let me know how I install enough code to run the debugger in a Nightly build without the errors above...
|
||
Comment 9•5 years ago
|
||
(In reply to Lars T Hansen [:lth] from comment #8)
Yury, I'm unable to test this fix because when I build Nightly locally it appears to come without the debugging tools that I need
I working on updating wasm display for FF DevTools in bug 1619737 -- that shall take care of that
|
||
Comment 10•5 years ago
|
||
|
|
||
Comment 11•5 years ago
|
||
| bugherder | ||
|
Reporter | |
Comment 12•5 years ago
|
||
I test it with the version from today 75.0a1 (2020-03-06) (64-Bit)
It work better but I can reproduce the crash with the sample.
1.) Open the sample start page in the nightly FF browser. I use the URL http://localhost/test/HelloWorld.html
2.) Open the debugger and set a breakpoint in the file HelloWorld.wasm.js:9 in the function set_anyref.
3.) Reload the page.
4.) Click "Step Return" 4 times until we receive the stacktrace position of the first wasm line (HelloWorld.wasm:1365)
5.) Some seconds later -> Crash
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 13•5 years ago
|
||
I can confirm the crash on linux64 (it's also in the debugger) but the underlying cause is something different, so far as I can tell. I'm going to re-close this bug as fixed and open another one. Volker, I'll cc you on that bug too.
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 14•5 years ago
|
||
re-flagging this as fixed as the new issue was transfered to bug 1620748.
Description
•