Commit cb03097d authored by Clemens Backes's avatar Clemens Backes Committed by Commit Bot

[wasm-gc] Fix gc-stress error on WasmJSFunctionData

Always install the Abort builtin first, because heap validation might
get triggered while we compile the wasm-to-js wrapper, and it would find
an illegal WasmJSFunctionData object otherwise.

TBR=manoskouk@chromium.org

Bug: v8:9495
Change-Id: I959eb3b6e9944db8b7ad7ecd0a51eefdab98c751
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463230Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70426}
parent 32d7ec1a
......@@ -2000,6 +2000,10 @@ Handle<WasmJSFunction> WasmJSFunction::New(Isolate* isolate,
function_data->set_serialized_signature(*serialized_sig);
function_data->set_callable(*callable);
function_data->set_wrapper_code(*wrapper_code);
// Use Abort() as a default value (it will never be called if not overwritten
// below).
function_data->set_wasm_to_js_wrapper_code(
isolate->heap()->builtin(Builtins::kAbort));
if (wasm::WasmFeatures::FromIsolate(isolate).has_typed_funcref()) {
using CK = compiler::WasmImportCallKind;
......@@ -2024,10 +2028,6 @@ Handle<WasmJSFunction> WasmJSFunction::New(Isolate* isolate,
compiler::CompileWasmToJSWrapper(isolate, sig, kind, expected_arity)
.ToHandleChecked();
function_data->set_wasm_to_js_wrapper_code(*wasm_to_js_wrapper_code);
} else {
// Use Abort() as a default value (it will never be called).
function_data->set_wasm_to_js_wrapper_code(
isolate->heap()->builtin(Builtins::kAbort));
}
Handle<String> name = isolate->factory()->Function_string();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment