Parsing of block signatures currently does not correctly account for ref types with type indices. Here is an example that illustrates the problem: ``` // Run this in JSTests/wasm/gc import * as assert from "../assert.js"; import { compile, instantiate } from "./wast-wrapper.js"; instantiate(` (module (type (func)) (func (export "run") (block (result (ref null func)) (ref.null 0)) ;; (ref null 0) <: (ref null func) (br 0) ) ) `).exports.run(); ``` This program should validate (and does in the reference interpreter) but currently doesn't in JSC. The problem is that `(ref null func)` in the block signature is not parsed correctly; it gets turned into a ref type with an invalid 0 index. This can be fixed by adding a special case to `parseBlockSignature` for ref types.
<rdar://problem/102159543>
Pull request: https://github.com/WebKit/WebKit/pull/9081
Committed 259421@main (3e28bdb07aa2): <https://commits.webkit.org/259421@main> Reviewed commits have been landed. Closing PR #9081 and removing active labels.
Re-opened since this is blocked by bug 251295
Pull request: https://github.com/WebKit/WebKit/pull/16542
Committed 266847@main (5ff67f8945d7): <https://commits.webkit.org/266847@main> Reviewed commits have been landed. Closing PR #16542 and removing active labels.
Re-opened since this is blocked by bug 260123
Pull request: https://github.com/WebKit/WebKit/pull/17146
Committed 271262@main (9a518a553026): <https://commits.webkit.org/271262@main> Reviewed commits have been landed. Closing PR #17146 and removing active labels.