Commit 573e4120 authored by Clemens Hammacher's avatar Clemens Hammacher Committed by Commit Bot

[wasm] Fix return from unreachable code

We hit a DCHECK in the wasm graph builder because the current SSA
environment is unreachable. We were using the wrong block (the target
block) to do the reachability check.

R=titzer@chromium.org

Bug: chromium:913804
Change-Id: I4cfd3a0c696fb63903a47e4448362626a524340d
Reviewed-on: https://chromium-review.googlesource.com/c/1371566Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58150}
parent f68ee6e7
...@@ -1825,10 +1825,10 @@ class WasmFullDecoder : public WasmDecoder<validate> { ...@@ -1825,10 +1825,10 @@ class WasmFullDecoder : public WasmDecoder<validate> {
case kExprBr: { case kExprBr: {
BreakDepthImmediate<validate> imm(this, this->pc_); BreakDepthImmediate<validate> imm(this, this->pc_);
if (!this->Validate(this->pc_, imm, control_.size())) break; if (!this->Validate(this->pc_, imm, control_.size())) break;
Control* c = control_at(imm.depth);
if (imm.depth == control_.size() - 1) { if (imm.depth == control_.size() - 1) {
DoReturn(c, false); DoReturn(&control_.back(), false);
} else { } else {
Control* c = control_at(imm.depth);
if (!TypeCheckBreak(c)) break; if (!TypeCheckBreak(c)) break;
if (control_.back().reachable()) { if (control_.back().reachable()) {
CALL_INTERFACE(Br, c); CALL_INTERFACE(Br, c);
......
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
load('test/mjsunit/wasm/wasm-constants.js');
load('test/mjsunit/wasm/wasm-module-builder.js');
const builder = new WasmModuleBuilder();
builder.addFunction('main', kSig_v_v).addBody([
kExprLoop, kWasmStmt, // loop
/**/ kExprBr, 0x01, // br depth=1
/**/ kExprBlock, kWasmStmt, // block
/**/ /**/ kExprBr, 0x02, // br depth=2
/**/ /**/ kExprEnd, // end [block]
/**/ kExprEnd // end [loop]
]);
builder.instantiate();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment