[Webkit-unassigned] [Bug 244352] New: [Wasm-GC] Fix regression on armv7 in structs.js test

Thu Aug 25 13:00:23 PDT 2022

https://bugs.webkit.org/show_bug.cgi?id=244352

            Bug ID: 244352
           Summary: [Wasm-GC] Fix regression on armv7 in structs.js test
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebAssembly
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: asumu at igalia.com

On armv7 builds, the structs.js test fails (at least in debug mode):

```
wasm.yaml/wasm/gc/structs.js.default-wasm: ASSERTION FAILED: isCell()                                     
wasm.yaml/wasm/gc/structs.js.default-wasm: ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h(406) : JSC::JSCell* JSC::JSValue::asCell() const
wasm.yaml/wasm/gc/structs.js.default-wasm: ERROR: Unexpected exit code: 134
```

This is a regression introduced by https://github.com/WebKit/WebKit/pull/2983.

The cause is a write to the callee slot of the call frame header that doesn't account for the tag on 32-bit. There is a straightforward fix (use `storeCell` or 32-bit specific code as done elsewhere in WasmToJS.cpp) that I'll submit soon.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220825/8047482d/attachment.htm>