Created attachment 473984 [details] [dart2wasm] WasmGC interpreter/compiler bug discovered by dart2wasm compiled app This is a regression introduced between 287397 (good) to 289284 (bad). Here's a reproduction: First we unpack the attached file: ``` % tar xvzf flute.tar.gz flute.wasm flute.wasm.map flute.mjs pkg/dart2wasm/bin/run_wasm.js ``` Now we run it with normal JSC ``` % jsc $PWD/pkg/dart2wasm/bin/run_wasm.js -- $PWD/flute.mjs $PWD/flute.wasm -- Error: RuntimeError: Out of bounds array.set (evaluating 'this.instantiatedModule.exports.$invokeMain(args)') Stack: module0.wasm-function[_DefaultMap&_HashFieldBase&MapMixin&_HashBase&_OperatorEqualsAndHashCode&_LinkedHashMapMixin._insert]@[wasm code] module0.wasm-function[_DefaultMap&_HashFieldBase&MapMixin&_HashBase&_OperatorEqualsAndHashCode&_LinkedHashMapMixin._set]@[wasm code] module0.wasm-function[_DefaultMap&_HashFieldBase&MapMixin&_HashBase&_OperatorEqualsAndHashCode&_LinkedHashMapMixin._insert]@[wasm code] module0.wasm-function[_DefaultMap&_HashFieldBase&MapMixin&_HashBase&_OperatorEqualsAndHashCode&_LinkedHashMapMixin.putIfAbsent]@[wasm code] module0.wasm-function[_DefaultBinaryMessenger.setMessageHandler]@[wasm code] module0.wasm-function[MethodChannel.setMethodCallHandler]@[wasm code] module0.wasm-function[main]@[wasm code] module0.wasm-function[_invokeMain]@[wasm code] invokeMain@/tmp/bad/flute.mjs:432:48 @/tmp/bad/pkg/dart2wasm/bin/run_wasm.js:425:31 ``` Now if we run this using `--useWasmIPInt=false` the issue goes away ``` % jsc --useWasmIPInt=false $PWD/pkg/dart2wasm/bin/run_wasm.js -- $PWD/flute.mjs $PWD/flute.wasm -- Frame #1: build 2.0 ms; draw 11.0 ms Frame #2: build 1.0 ms; draw 64.0 ms Frame #3: build 1.0 ms; draw 62.0 ms Frame #4: build 2.0 ms; draw 57.0 ms Frame #5: build 1.0 ms; draw 53.0 ms Frame #6: build 1.0 ms; draw 52.0 ms Frame #7: build 1.0 ms; draw 56.0 ms Frame #8: build 1.0 ms; draw 51.0 ms Frame #9: build 2.0 ms; draw 52.0 ms ```