Closed
Bug 1901647
Opened 2 years ago
Closed 1 year ago
i31ref values are not correctly passed between JS and wasm
Categories
(Core :: JavaScript: WebAssembly, defect, P1)
Core
JavaScript: WebAssembly
Tracking
()
RESOLVED
FIXED
129 Branch
| Tracking | Status | |
|---|---|---|
| firefox129 | --- | fixed |
People
(Reporter: jpages, Assigned: jpages)
References
Details
Attachments
(1 file)
i31ref values are sometimes bigger than 32bits when creating JS values and passing them to wasm.
The problem disappears by setting this option to false: https://searchfox.org/mozilla-central/rev/46d0387f0b582f00a5722c20d4e6b8693793631b/js/src/jit/JitOptions.cpp#356
This bug is somewhere in JIT entry wrappers between JavaScript and wasm.
See related bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1847757
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → jpages
|
|
Assignee | |
Comment 1•2 years ago
|
||
i31ref values are sometimes bigger than 32-bits on 64-bits platforms.
This should not happen and was caused by treating i31ref values as
pointers in masm.
|
||
Updated•2 years ago
|
Attachment #9406533 -
Attachment description: Bug 1901647 - wasm: Fix i31refs conversion between JS to wasm Anyref. → Bug 1901647 - wasm: Fix i31ref conversions between JS and wasm Anyref.
|
||
Updated•2 years ago
|
Severity: -- → S3
Priority: -- → P1
Pushed by jpages@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cecf4598b612
wasm: Fix i31ref conversions between JS and wasm Anyref. r=rhunt
|
||
Comment 3•1 year ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox129:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 129 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•