Change information
Commit message:
[wasm] Fix inlining ReturnCall'd WKI inside catch
During WKI inlining for a ReturnCall (tail call), the inlining helpers
generated throwing operations (e.g., null or type checks) with
CheckForException::kCatchInThisFrame hardcoded.
Since ReturnCall does not mark the surrounding try block as might_throw,
the Wasm decoder skips binding the local catch block, leaving it unbound
and without a terminator. The incorrect kCatchInThisFrame setting caused
the Turboshaft assembler to connect exception edges to this unbound
catch block, making it reachable. The compiler then crashed during
WasmLoweringPhase when the GraphVisitor visited the incomplete block.
This CL fixes the issue by propagating CheckForException explicitly
through the WKI and DataView inlining helpers, ensuring that tail-called
operations do not link to the local catch block.
TAG=agy
CONV=8c31f782-921d-42d9-b136-cecaf95da79b
Bug: 529842414
Change-Id: I2b7c6e4a43c68c8752724be3b615b2dfc3bd17d1
Cr-Commit-Position: refs/heads/main@{#108377}
Files:
- M src/wasm/turboshaft-graph-interface.cc
- A test/mjsunit/wasm/regress-529842414.js
Change size: L
Delta: 2 files changed, 202 insertions(+), 82 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Jakob Kummerow