[Webkit-unassigned] [Bug 243265] New: [WASM-Function-References] Assertion failure when a function returns (ref <idx>) to JS
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 27 14:12:31 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=243265
Bug ID: 243265
Summary: [WASM-Function-References] Assertion failure when a
function returns (ref <idx>) to JS
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebAssembly
Assignee: webkit-unassigned at lists.webkit.org
Reporter: asumu at igalia.com
A test case like the following will currently raise an assertion error:
```
//@ runWebAssemblySuite("--useWebAssemblyTypedFunctionReferences=true", "--useWebAssemblyGC=false")
import * as assert from "../assert.js";
import { compile, instantiate } from "./wast-wrapper.js";
let m1 = instantiate(`
(module
(type (func))
(type (func (result (ref 0))))
(elem declare funcref (ref.func 0))
(func)
(func (export "f") (type 1) (ref.func 0))
)
`);
instantiate(`
(module
(type (func))
(type (func (result (ref 0))))
(func (import "m" "f") (type 1))
)
`, { m: { f: m1.exports.f } });
```
This will instead raise a parse error if typed funcrefs are turned off (the default).
The assertion failure comes from a ref-with-index type not being supported in `WasmToJS.cpp` in processing the result of an exported Wasm function. I think it should be possible to support this case, it just requires checking if the type index points to a function signature or not. For non-function signatures, it should probably error for now.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220727/7d5a2f1f/attachment.htm>
More information about the webkit-unassigned
mailing list