[webkit-changes] [WebKit/WebKit] 6decd8: [Wasm-GC] Fix write barrier bug in BBQ array.set
Asumu Takikawa
noreply at github.com
Thu Jan 11 10:09:48 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6decd847ff1762e7bc2a269e3a264192ed704c24
https://github.com/WebKit/WebKit/commit/6decd847ff1762e7bc2a269e3a264192ed704c24
Author: Asumu Takikawa <asumu at igalia.com>
Date: 2024-01-11 (Thu, 11 Jan 2024)
Changed paths:
A JSTests/wasm/gc/bug267381.js
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
[Wasm-GC] Fix write barrier bug in BBQ array.set
https://bugs.webkit.org/show_bug.cgi?id=267381
Reviewed by Justin Michaud.
Fixes a bug in the patch for bug245405. The write barriers in these cases were
in the right place, but the condition to check for them was wrong (because BBQ
values use I64 type kind for Ref types). The condition now uses the type index
to look up the type.
* JSTests/wasm/gc/bug267381.js: Added.
(i.assert.eq.m2.exports):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::addArrayNewFixed):
(JSC::Wasm::BBQJIT::addArraySet):
Canonical link: https://commits.webkit.org/272923@main
More information about the webkit-changes
mailing list