Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c64fed2494abb9199b84adc5d5c81ae504b08037
https://github.com/WebKit/WebKit/commit/c64fed2494abb9199b84adc5d5c81ae504b08037
Author: Asumu Takikawa <as...@igalia.com>
Date: 2023-12-08 (Fri, 08 Dec 2023)
Changed paths:
M JSTests/wasm/function-references/call_ref.js
A JSTests/wasm/gc/call_ref.js
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmFunctionParser.h
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
Log Message:
-----------
[WASM-Function-References] call_ref should subtype-check its arguments
https://bugs.webkit.org/show_bug.cgi?id=264649
Reviewed by Justin Michaud.
Fixes a few issues with call_ref, mainly that it should subtype check its
arguments. Also fixes other GC-related issues with call_ref such as needing
to check that the target typedef is a function type, and using subtyping
for the funcref argument itself.
Also adds FIXME comments for a related bug for the runtime part.
* JSTests/wasm/function-references/call_ref.js:
(async invalidTypeIndex):
* JSTests/wasm/gc/call_ref.js: Added.
(testRefSubtyping):
(testArgSubtyping):
(testTypeDefCheck):
* Source/JavaScriptCore/wasm/WasmFormat.h:
(JSC::Wasm::isSubtypeIndex):
* Source/JavaScriptCore/wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::doWasmCallIndirect):
(JSC::LLInt::doWasmCallRef):
Canonical link: https://commits.webkit.org/271780@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
