[Wasm-GC] Local init tracking should track unreachable local.set too

https://bugs.webkit.org/show_bug.cgi?id=266127 Reviewed by Justin Michaud. Unreachable local.set instructions still need to set init flags for local init tracking purposes. While these aren't very useful, it avoids spurious validation errors from subsequent local.get in unreachable code. * JSTests/wasm/gc/bug266127.js: Added. (testUnreachable): * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression): Canonical link: https://commits.webkit.org/271910@main
WebKit · Dec 12, 2023 · 025c31d · 025c31d
1 parent c1dcadd
commit 025c31d
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/JSTests/wasm/gc/bug266127.js b/JSTests/wasm/gc/bug266127.js
@@ -0,0 +1,31 @@
+//@ runWebAssemblySuite("--useWebAssemblyTypedFunctionReferences=true", "--useWebAssemblyGC=true")
+
+import * as assert from "../assert.js";
+import { compile } from "./wast-wrapper.js";
+
+function testUnreachable()
+{
+  // A local.set in unreachable code should still count for init.
+  compile(`
+    (module
+      (type (struct))
+      (func (local (ref 0))
+        (unreachable)
+        (local.set 0 (struct.new 0))
+        (local.get 0)
+        drop))
+  `);
+
+  compile(`
+    (module
+      (type (struct))
+      (func (local (ref 0))
+        (unreachable)
+        (local.tee 0 (struct.new 0))
+        drop
+        (local.get 0)
+        drop))
+  `);
+}
+
+testUnreachable();
diff --git a/Source/JavaScriptCore/wasm/WasmFunctionParser.h b/Source/JavaScriptCore/wasm/WasmFunctionParser.h
@@ -3485,6 +3485,7 @@ auto FunctionParser<Context>::parseUnreachableExpression() -> PartialResult
     case TeeLocal: {
         uint32_t index;
         WASM_FAIL_IF_HELPER_FAILS(parseIndexForLocal(index));
+        pushLocalInitialized(index);
         return { };
     }