[wasm] Handle multi-value return in compiled fuzzing result

When a function returns multiple result, we check the only the first result. We correctly get the first return value from the interpreter results, but did not handle the compiled code correctly, which returns a JSArray. Bug: chromium:1153406 Change-Id: I32198cea131cab18094fac3e66a44e976907773d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562816Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71488}

[wasm] Handle multi-value return in compiled fuzzing result
When a function returns multiple result, we check the only the first result. We correctly get the first return value from the interpreter results, but did not handle the compiled code correctly, which returns a JSArray. Bug: chromium:1153406 Change-Id: I32198cea131cab18094fac3e66a44e976907773d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562816Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71488}
75289506 · Zhi An Ng · Commit Bot · 63c95cad · 75289506
Commit 75289506 authored Nov 30, 2020 by Zhi An Ng Committed by Commit Bot Nov 30, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

wasm-module-runner.cc test/common/wasm/wasm-module-runner.cc +7 -0

No files found.
--- a/test/common/wasm/wasm-module-runner.cc
+++ b/test/common/wasm/wasm-module-runner.cc
@@ -237,6 +237,13 @@ int32_t CallWasmFunctionForTesting(Isolate* isolate,
    return -1;
  }
  Handle<Object> result = retval.ToHandleChecked();
+
+  // Multi-value returns, get the first return value (see InterpretWasmModule).
+  if (result->IsJSArray()) {
+    auto receiver = Handle<JSReceiver>::cast(result);
+    result = JSObject::GetElement(isolate, receiver, 0).ToHandleChecked();
+  }
+
  if (result->IsSmi()) {
    return Smi::ToInt(*result);
  }