js_of_ocaml icon indicating copy to clipboard operation
js_of_ocaml copied to clipboard
verified publisher icon ocsigen

[BUG] Stack overflow in some web browsers for an ocaml program that uses menhir to generate its parser

Open relokin opened this issue 6 months ago • 3 comments

Apologies in advance, I haven't been able to isolate the problem and create a minimal test case. I will attempt to explain how the bug manifests itself hoping that I can get some help to debug further.

Describe the bug herdtools7 uses js_of_ocaml to create a js interface for the herd7 memory model simulator. When running the js through certain browsers (for example, Chrome 141.0.7390.123 (Official Build) (arm64) on MacOS 15.1), we run into a Stack overflow exception. The bug can be reproduced here: https://diy.inria.fr/www/ by clicking at the play button at the bottom of the page. The Stack overflow exception is generated when the litmus test is parsed (left hand side window) and more specifically when the body of the main body of the litmus test is parsed (first instruction of P0, in the case of the default litmus test that is MOV W0,#1). The parser is generated using menhir and the parsing rules can be found here: https://github.com/herd/herdtools7/blob/master/lib/AArch64Parser.mly.

The Stack overflow exception is generated for AArch64 (one of the architecture supported in herd7), if we switch to x86 (using the drop down menu in the centre of the web page), the simulator works as expected. x86 (https://github.com/herd/herdtools7/blob/master/lib/X86Parser.mly) has simpler parser than AArch64. I've tried using --table to enable menhir's table backend but that didn't help either.

Expected behavior Normally we would expect the parser to correctly parse the default litmus test and herd7 would proceed as normally. I can get the correct output if I run the generated js with some browsers (for example Safari Version 18.1 (20619.2.8.11.10) on MacOS 15.1) or node.js.

Versions

js_of_ocaml 5.5.0

I have found that this commit https://github.com/ocsigen/js_of_ocaml/commit/29c693ba166962725d209123bd80bd1793c7ff78 seems to be the culprit, prior to it the generated js works as expected.

relokin avatar Oct 28 '25 12:10 relokin

You mention version 5.5.0 but your link uses version 5.8.2. Theses versions are 1.5 / 2 years old, could you upgrade to the latest version 6.2.0 ?

hhugo avatar Nov 03 '25 11:11 hhugo

Thanks for having a look @hhugo, we've now deployed the latest version 6.2.0 at https://diy.inria.fr/www-new/ which should demonstrate the errors I described and the last working version 5.4.0 at https://developer.arm.com/herd7

relokin avatar Nov 03 '25 15:11 relokin

It is possible that the new compilation scheme results in larger stack frames. I'm not sure how to reproduce this since I don't have access to a Mac.

vouillon avatar Dec 11 '25 14:12 vouillon

It is possible that the new compilation scheme results in larger stack frames. I'm not sure how to reproduce this since I don't have access to a Mac.

Thanks for having a look. If you are running Linux, I think it should be possible to reproduce this by running a test using https://diy.inria.fr/www-new/ on Chrome.

Is there any other piece of information I can provide to help? Are there any particular expression that might be causing the stack frames to grow disproportionally?

relokin avatar Dec 13 '25 09:12 relokin