Bug 293832

I can reproduce the problem

Here's a minimalish reproducer: ``` <!doctype html> <html> <head> <meta charset="UTF-8" /> </head> <body> <div> Result is: </div> <div id="result"> </div> <script type="module"> function sleep(ms) { return new Promise(res => setTimeout(res, ms)); } // Try to initialize countArgsFunc const code = new Uint8Array([ 0x00, 0x61, 0x73, 0x6d, // \0asm magic number 0x01, 0x00, 0x00, 0x00, // version 1 0x01, 0x1b, // Type section, body is 0x1b bytes 0x05, // 6 entries 0x60, 0x00, 0x01, 0x7f, // (type $type0 (func (param) (result i32))) 0x60, 0x01, 0x7f, 0x01, 0x7f, // (type $type1 (func (param i32) (result i32))) 0x60, 0x02, 0x7f, 0x7f, 0x01, 0x7f, // (type $type2 (func (param i32 i32) (result i32))) 0x60, 0x03, 0x7f, 0x7f, 0x7f, 0x01, 0x7f, // (type $type3 (func (param i32 i32 i32) (result i32))) 0x60, 0x01, 0x7f, 0x00, // (type $blocktype (func (param i32) (result))) 0x02, 0x09, // Import section, 0x9 byte body 0x01, // 1 import (table $funcs (import "e" "t") 0 funcref) 0x01, 0x65, // "e" 0x01, 0x74, // "t" 0x01, // importing a table 0x70, // of entry type funcref 0x00, 0x00, // table limits: no max, min of 0 0x03, 0x02, // Function section 0x01, 0x01, // We're going to define one function of type 1 (func (param i32) (result i32)) 0x07, 0x05, // export section 0x01, // 1 export 0x01, 0x66, // called "f" 0x00, // a function 0x00, // at index 0 0x0a, 0x44, // Code section, 0x01, 0x42, // one entry of length 50 0x01, 0x01, 0x70, // one local of type funcref // Body of the function 0x20, 0x00, // local.get $fptr 0x25, 0x00, // table.get $funcs 0x22, 0x01, // local.tee $fref 0xfb, 0x14, 0x03, // ref.test $type3 0x02, 0x04, // block $b (type $blocktype) 0x45, // i32.eqz 0x0d, 0x00, // br_if $b 0x41, 0x03, // i32.const 3 0x0f, // return 0x0b, // end block 0x20, 0x01, // local.get $fref 0xfb, 0x14, 0x02, // ref.test $type2 0x02, 0x04, // block $b (type $blocktype) 0x45, // i32.eqz 0x0d, 0x00, // br_if $b 0x41, 0x02, // i32.const 2 0x0f, // return 0x0b, // end block 0x20, 0x01, // local.get $fref 0xfb, 0x14, 0x01, // ref.test $type1 0x02, 0x04, // block $b (type $blocktype) 0x45, // i32.eqz 0x0d, 0x00, // br_if $b 0x41, 0x01, // i32.const 1 0x0f, // return 0x0b, // end block 0x20, 0x01, // local.get $fref 0xfb, 0x14, 0x00, // ref.test $type0 0x02, 0x04, // block $b (type $blocktype) 0x45, // i32.eqz 0x0d, 0x00, // br_if $b 0x41, 0x00, // i32.const 0 0x0f, // return 0x0b, // end block 0x41, 0x7f, // i32.const -1 0x0b // end function ]); const mod = new WebAssembly.Module(code); const wasmTable = new WebAssembly.Table({element: "anyfunc", initial: 2}); const inst = new WebAssembly.Instance(mod, { e: { t: wasmTable } }); wasmTable.set(0, inst.exports.f); const f = inst.exports.f; for (let i = 0; i < 10000; i++) { document.querySelector("#result").innerText = `${i}: ${f(0)}`; if (i % 1000 === 0) { await sleep(100); } } </script> </body> ```

Deployed this here: https://wasm-gc-test.pages.dev/

Likely a dupe of bug 293113 :)

<rdar://problem/152674966>

Yes, it was a dupe.

*** This bug has been marked as a duplicate of bug 293113 ***

Thanks!