Bug 265693

Summary:	[Wasm-GC] Fix initialization of portable reftype globals
Product:	WebKit	Reporter:	Asumu Takikawa <asumu>
Component:	WebAssembly	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Asumu Takikawa

Reported 2023-12-01 13:30:33 PST

In the gc/js-api.js test for the wasm test suite, the `testCastFailures()` sub-test occasionally fails in continuousCollect + verifyGC mode. It turns out that this is because of a bug in the initialization of reference typed globals, particularly portable ones. Instead of being initialized "as bits", it needs to be initialized "as a JSValue". This didn't come up before as with only function references, you are guaranteed that the instance itself will have a strong reference to the functions themselves. With other GC types you don't have this guarantee.

Attachments
Add attachment proposed patch, testcase, etc.

Asumu Takikawa

Comment 1 2023-12-01 13:49:05 PST

Pull request: https://github.com/WebKit/WebKit/pull/21184

Radar WebKit Bug Importer

Comment 2 2023-12-08 13:31:12 PST

<rdar://problem/119397603>

EWS

Comment 3 2023-12-08 18:09:05 PST

Committed 271777@main (fc9e1f45e692): <https://commits.webkit.org/271777@main> Reviewed commits have been landed. Closing PR #21184 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.