[wasm] Fix DCHECK handiling pending exceptions.

+ additional fixes uncovered by bug, and addressed remaining feedback from original CL (https://codereview.chromium.org/2806073002/). Note that the regression test differs slightly from the bug reported one, in that it catches the RangeError which will eventually be thrown due to call stack size being exceeded. BUG=chromium:712569 Review-Url: https://codereview.chromium.org/2825073002 Cr-Commit-Position: refs/heads/master@{#44700}

[wasm] Fix DCHECK handiling pending exceptions.
+ additional fixes uncovered by bug, and addressed remaining feedback from original CL (https://codereview.chromium.org/2806073002/). Note that the regression test differs slightly from the bug reported one, in that it catches the RangeError which will eventually be thrown due to call stack size being exceeded. BUG=chromium:712569 Review-Url: https://codereview.chromium.org/2825073002 Cr-Commit-Position: refs/heads/master@{#44700}
9cc67291 · mtrofin · Commit bot · 5930e0ab · 9cc67291 · 9cc67291
Commit 9cc67291 authored Apr 18, 2017 by mtrofin Committed by Commit bot Apr 18, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 8 deletions

wasm-js.cc src/wasm/wasm-js.cc +12 -8

regress-712569.js test/mjsunit/regress/wasm/regress-712569.js +20 -0

No files found.
--- a/src/wasm/wasm-js.cc
+++ b/src/wasm/wasm-js.cc
@@ -32,12 +32,15 @@ namespace v8 {
 namespace {
-#define ASSIGN(type, var, expr)                   \
+#define ASSIGN(type, var, expr)                      \
-  Local<type> var;                                \
+  Local<type> var;                                   \
-  do {                                            \
+  do {                                               \
-    if (!expr.ToLocal(&var)) {                    \
+    if (!expr.ToLocal(&var)) {                       \
-      DCHECK(i_isolate->has_pending_exception()); \
+      DCHECK(i_isolate->has_scheduled_exception());  \
-    }                                             \
+      return;                                        \
+    } else {                                         \
+      DCHECK(!i_isolate->has_scheduled_exception()); \
+    }                                                \
  } while (false)
 // TODO(wasm): move brand check to the respective types, and don't throw
@@ -125,7 +128,7 @@ i::wasm::ModuleWireBytes GetFirstArgumentAsBytes(
  return i::wasm::ModuleWireBytes(start, start + length);
 }
-i::MaybeHandle<i::JSReceiver> GetValueAsImports(const Local<Value>& arg,
+i::MaybeHandle<i::JSReceiver> GetValueAsImports(Local<Value> arg,
                                                ErrorThrower* thrower) {
  if (arg->IsUndefined()) return {};
@@ -320,8 +323,9 @@ void WebAssemblyInstantiateToPairCallback(
  const uint8_t* module_str = reinterpret_cast<const uint8_t*>("module");
  Local<Value> instance;
  if (!WebAssemblyInstantiateImpl(isolate, module, args.Data())
-           .ToLocal(&instance))
+           .ToLocal(&instance)) {
    return;
+  }
  Local<Object> ret = Object::New(isolate);
  Local<String> instance_name =

--- a/test/mjsunit/regress/wasm/regress-712569.js
+++ b/test/mjsunit/regress/wasm/regress-712569.js
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+var v11 = {};
+Object.defineProperty(v11.__proto__, 0, {
+  get: function() {
+  },
+  set: function() {
+    try {
+      WebAssembly.instantiate();
+      v11[0] = 0;
+    } catch (e) {
+      assertTrue(e instanceof RangeError);
+    }
+  }
+});
+v66 = new Array();
+cv = v66; cv[0] = 0.1; cv[2] = 0.2;