[Webkit-unassigned] [Bug 265693] New: [Wasm-GC] Fix initialization of portable reftype globals

Fri Dec 1 13:30:33 PST 2023

https://bugs.webkit.org/show_bug.cgi?id=265693

            Bug ID: 265693
           Summary: [Wasm-GC] Fix initialization of portable reftype
                    globals
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebAssembly
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: asumu at igalia.com

In the gc/js-api.js test for the wasm test suite, the `testCastFailures()` sub-test occasionally fails in continuousCollect + verifyGC mode.

It turns out that this is because of a bug in the initialization of reference typed globals, particularly portable ones. Instead of being initialized "as bits", it needs to be initialized "as a JSValue".

This didn't come up before as with only function references, you are guaranteed that the instance itself will have a strong reference to the functions themselves. With other GC types you don't have this guarantee.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231201/85d73ded/attachment.htm>