Bug 298651

Summary:	StackVisitor crashes with wasmOMGOptimizationLevel=0 when some OMG frames throw exceptions
Product:	WebKit	Reporter:	Ioanna M. Dimitriou H. <idimitriou>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Ioanna M. Dimitriou H.

Reported 2025-09-10 04:08:29 PDT

Several exception related stress tests crash when ran with the flag wasmOMGOptimizationLevel set to 0. Some of the failing tests in JSTests/wasm/stress/ are cc-int-to-int-cross-module-with-exception.js, exception-liveness-tier-up.js, exception-trap.js, simd-exception.js, exception-multiple-instances.js, among others. The tests crash with ASSERTION FAILED: m_offset + sizeof(T) <= m_size, from the DeltaCompresseionReader::read().

Attachments
Add attachment proposed patch, testcase, etc.

Ioanna M. Dimitriou H.

Comment 1 2025-09-10 04:30:14 PDT

Pull request: https://github.com/WebKit/WebKit/pull/50539

Radar WebKit Bug Importer

Comment 2 2025-09-17 04:11:12 PDT

<rdar://problem/160764690>

EWS

Comment 3 2025-09-19 12:16:24 PDT

Committed 300252@main (be01dbda2568): <https://commits.webkit.org/300252@main> Reviewed commits have been landed. Closing PR #50539 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.