[webkit-changes] [WebKit/WebKit] d27f9e: [Wasm-GC] Fix handling of bottom type in struct ops
Asumu Takikawa
noreply at github.com
Tue Feb 13 10:14:43 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d27f9e79585db8efbc87fb4832a1f2a3c15021ff
https://github.com/WebKit/WebKit/commit/d27f9e79585db8efbc87fb4832a1f2a3c15021ff
Author: Asumu Takikawa <asumu at igalia.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M JSTests/wasm/gc/arrays.js
M JSTests/wasm/gc/structs.js
M Source/JavaScriptCore/wasm/WasmFunctionParser.h
Log Message:
-----------
[Wasm-GC] Fix handling of bottom type in struct ops
https://bugs.webkit.org/show_bug.cgi?id=268870
Reviewed by Justin Michaud.
The parsing of struct types for the reference argument of various struct
operations relied on checking for a type index in the type to check validity.
This is too conservative, as the bottom type exists and values of bottom
inhabit all types in the hiearchy.
This patch corrects the validation check to accommodate bottom.
* JSTests/wasm/gc/arrays.js:
(testArrayGet):
* JSTests/wasm/gc/structs.js:
* Source/JavaScriptCore/wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseStructFieldManipulation):
Canonical link: https://commits.webkit.org/274556@main
More information about the webkit-changes
mailing list