Bug 244352

Summary: [Wasm-GC] Fix regression on armv7 in structs.js test
Product: WebKit Reporter: Asumu Takikawa <asumu>
Component: WebAssemblyAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 247394    

Description Asumu Takikawa 2022-08-25 13:00:23 PDT 
On armv7 builds, the structs.js test fails (at least in debug mode):

```
wasm.yaml/wasm/gc/structs.js.default-wasm: ASSERTION FAILED: isCell()                                     
wasm.yaml/wasm/gc/structs.js.default-wasm: ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h(406) : JSC::JSCell* JSC::JSValue::asCell() const
wasm.yaml/wasm/gc/structs.js.default-wasm: ERROR: Unexpected exit code: 134
```

This is a regression introduced by https://github.com/WebKit/WebKit/pull/2983.

The cause is a write to the callee slot of the call frame header that doesn't account for the tag on 32-bit. There is a straightforward fix (use `storeCell` or 32-bit specific code as done elsewhere in WasmToJS.cpp) that I'll submit soon.
Comment 1 Asumu Takikawa 2022-08-25 13:16:35 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/3670
Comment 2 EWS 2022-08-29 09:24:14 PDT 
Committed 253906@main (97d8c872ff5e): <https://commits.webkit.org/253906@main>

Reviewed commits have been landed. Closing PR #3670 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2022-08-29 09:25:19 PDT 
<rdar://problem/99280742>