[webkit-changes] [WebKit/WebKit] 7489f1: [Wasm-GC] BBQJIT crashes compiling Wasm GC program...
Asumu Takikawa
noreply at github.com
Wed Dec 6 14:18:15 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7489f1848c5327a916b95b34c967d41950c03a89
https://github.com/WebKit/WebKit/commit/7489f1848c5327a916b95b34c967d41950c03a89
Author: Asumu Takikawa <asumu at igalia.com>
Date: 2023-12-06 (Wed, 06 Dec 2023)
Changed paths:
A JSTests/wasm/gc/bug265742.js
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
[Wasm-GC] BBQJIT crashes compiling Wasm GC program with ASSERTION FAILED: !currentLocation.isRegister()
https://bugs.webkit.org/show_bug.cgi?id=265742
Reviewed by Justin Michaud.
There was a missing `consume` for struct.set, resulting in a bad state for the
register allocator. Also switches an `allocate` to `loadIfNecessary` (don't have
a minimal test case for this, but it caused a crash in Kotlin code).
* JSTests/wasm/gc/bug265742.js: Added.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::addStructSet):
Canonical link: https://commits.webkit.org/271633@main
More information about the webkit-changes
mailing list