Commit 485786b4 authored by Clemens Hammacher's avatar Clemens Hammacher Committed by Commit Bot

[wasm] Fix wrong DCHECK

It's ok that the instance of the called code object is different from
the caller instance. This happens if one instance calls an exported
function of another instance.

R=ahaas@chromium.org

Bug: chromium:739768
Change-Id: I6afa8332a9b33fe32e9332cdca573053f058421d
Reviewed-on: https://chromium-review.googlesource.com/568494Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46624}
parent aa3f32d8
...@@ -904,9 +904,10 @@ Handle<Code> wasm::CompileLazy(Isolate* isolate) { ...@@ -904,9 +904,10 @@ Handle<Code> wasm::CompileLazy(Isolate* isolate) {
if (it.frame()->is_js_to_wasm()) { if (it.frame()->is_js_to_wasm()) {
DCHECK(!instance.is_null()); DCHECK(!instance.is_null());
} else if (instance.is_null()) { } else if (instance.is_null()) {
// Then this is a direct call (otherwise we would have attached the instance
// via deopt data to the lazy compile stub). Just use the instance of the
// caller.
instance = handle(wasm::GetOwningWasmInstance(*caller_code), isolate); instance = handle(wasm::GetOwningWasmInstance(*caller_code), isolate);
} else {
DCHECK(*instance == wasm::GetOwningWasmInstance(*caller_code));
} }
int offset = int offset =
static_cast<int>(it.frame()->pc() - caller_code->instruction_start()); static_cast<int>(it.frame()->pc() - caller_code->instruction_start());
......
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
load('test/mjsunit/wasm/wasm-constants.js');
load('test/mjsunit/wasm/wasm-module-builder.js');
// Flags: --wasm-lazy-compilation
let builder0 = new WasmModuleBuilder();
builder0.setName('module_0');
let sig_index = builder0.addType(kSig_i_v);
builder0.addFunction('main', kSig_i_i)
.addBody([
kExprGetLocal, 0, // --
kExprCallIndirect, sig_index, kTableZero
]) // --
.exportAs('main');
builder0.setFunctionTableLength(3);
builder0.addExportOfKind('table', kExternalTable);
let module0 = new WebAssembly.Module(builder0.toBuffer());
let instance0 = new WebAssembly.Instance(module0);
let builder1 = new WasmModuleBuilder();
builder1.setName('module_1');
builder1.addFunction('main', kSig_i_i).addBody([0]);
builder1.addImportedTable('z', 'table');
builder1.addFunctionTableInit(0, false, [0], true);
let module1 = new WebAssembly.Module(builder1.toBuffer());
let instance1 =
new WebAssembly.Instance(module1, {z: {table: instance0.exports.table}});
assertThrows(
() => instance0.exports.main(0), WebAssembly.RuntimeError, 'unreachable');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment