[Webkit-unassigned] [Bug 260039] New: [Wasm-GC] Module linking should take subtyping into account

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 10 13:58:01 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=260039

            Bug ID: 260039
           Summary: [Wasm-GC] Module linking should take subtyping into
                    account
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebAssembly
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: asumu at igalia.com

Right now, module linking checks for exact type index equality to make sure linked functions satisfy their types. The GC proposal extends this to work with subtypes, instead of exact match, but this isn't implemented yet.

For example, this test fragment is from the GC proposal repo test suite:

```
(module
  (type $t0 (sub (func (result (ref null func)))))
  (rec (type $t1 (sub $t0 (func (result (ref null $t1))))))
  (rec (type $t2 (sub $t1 (func (result (ref null $t2))))))

  (func (export "f0") (type $t0) (ref.null func))
  (func (export "f1") (type $t1) (ref.null $t1))
  (func (export "f2") (type $t2) (ref.null $t2))
)
(register "M")

(module
  (type $t0 (sub (func (result (ref null func)))))
  (rec (type $t1 (sub $t0 (func (result (ref null $t1))))))
  (rec (type $t2 (sub $t1 (func (result (ref null $t2))))))

  (func (import "M" "f0") (type $t0))
  (func (import "M" "f1") (type $t0))
  (func (import "M" "f1") (type $t1))
  (func (import "M" "f2") (type $t0))
  (func (import "M" "f2") (type $t1))
  (func (import "M" "f2") (type $t2))
)
```

The import "f1" takes a function that has type `$t1` (subtype of `$t0`) and tries to import it under type `$t0`. This currently fails, but is supposed to succeed.

It should be relatively easy to fix, by changing the index equality check to a `isSubtype` call.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230810/d412d04c/attachment.htm>

More information about the webkit-unassigned mailing list