[Webkit-unassigned] [Bug 258126] [WASM] ASSERTION FAILED: !tmp.type().isV128() in JSC::Wasm::AirIRGenerator64::emitTailCallPatchpoint
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 15 16:04:46 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258126
--- Comment #3 from Justin Michaud <justin_michaud at apple.com> ---
OK, so turning on WASM GC turns off the new BBQ jit. One mystery solved.
This poc totally needs tail calls though
justin_michaud at justinmichaudstudio OpenSource % jsc ~/Downloads/poc.js --useWebAssemblyTypedFunctionReferences=true --useWebAssemblyGC=true
Exception: CompileError: WebAssembly.Module doesn't parse at byte 104: wasm tail calls are not enabled, in function at index 0 (evaluating 'new WebAssembly.Module(wasm_code)')
Module@[native code]
global code@/Users/justin_michaud/Downloads/poc.js:2:41
So this is not a security bug, we know wasm tail calls are broken
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230615/d73afc50/attachment.htm>
More information about the webkit-unassigned
mailing list