[Wasm GC] Fix array.new order of operand execution (#5487)

2 files changed, 27 insertions, 4 deletions

diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index 43b001f35..6d25e4398 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -1595,6 +1595,13 @@ public:
 
   Flow visitArrayNew(ArrayNew* curr) {
     NOTE_ENTER("ArrayNew");
+    Flow init;
+    if (!curr->isWithDefault()) {
+      init = self()->visit(curr->init);
+      if (init.breaking()) {
+        return init;
+      }
+    }
     auto size = self()->visit(curr->size);
     if (size.breaking()) {
       return size;
@@ -1618,10 +1625,6 @@ public:
         data[i] = Literal::makeZero(element.type);
       }
     } else {
-      auto init = self()->visit(curr->init);
-      if (init.breaking()) {
-        return init;
-      }
       auto field = curr->type.getHeapType().getArray().element;
       auto value = truncateForPacking(init.getSingleValue(), field);
       for (Index i = 0; i < num; i++) {
diff --git a/test/lit/exec/array.wast b/test/lit/exec/array.wast
new file mode 100644
index 000000000..7e74c7b7d
--- /dev/null
+++ b/test/lit/exec/array.wast
@@ -0,0 +1,20 @@
+;; NOTE: Assertions have been generated by update_lit_checks.py --output=fuzz-exec and should not be edited.
+
+;; RUN: wasm-opt %s -all --fuzz-exec -q -o /dev/null 2>&1 | filecheck %s
+
+(module
+ (type $array (array (mut i8)))
+
+ ;; CHECK:      [fuzz-exec] calling func
+ ;; CHECK-NEXT: [fuzz-exec] note result: func => 1
+ (func "func" (result i32)
+  ;; Verifies the order of execution is correct - we should return 1, not 2.
+  (array.new $array
+   (return (i32.const 1))
+   (return (i32.const 2))
+  )
+ )
+)
+;; CHECK:      [fuzz-exec] calling func
+;; CHECK-NEXT: [fuzz-exec] note result: func => 1
+;; CHECK-NEXT: [fuzz-exec] comparing func