Bug 244352
| Summary: | [Wasm-GC] Fix regression on armv7 in structs.js test | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Asumu Takikawa <asumu> |
| Component: | WebAssembly | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 247394 | ||
Asumu Takikawa
On armv7 builds, the structs.js test fails (at least in debug mode):
```
wasm.yaml/wasm/gc/structs.js.default-wasm: ASSERTION FAILED: isCell()
wasm.yaml/wasm/gc/structs.js.default-wasm: ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h(406) : JSC::JSCell* JSC::JSValue::asCell() const
wasm.yaml/wasm/gc/structs.js.default-wasm: ERROR: Unexpected exit code: 134
```
This is a regression introduced by https://github.com/WebKit/WebKit/pull/2983.
The cause is a write to the callee slot of the call frame header that doesn't account for the tag on 32-bit. There is a straightforward fix (use `storeCell` or 32-bit specific code as done elsewhere in WasmToJS.cpp) that I'll submit soon.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Asumu Takikawa
Pull request: https://github.com/WebKit/WebKit/pull/3670
EWS
Committed 253906@main (97d8c872ff5e): <https://commits.webkit.org/253906@main>
Reviewed commits have been landed. Closing PR #3670 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/99280742>