[serializer] do not serialize script wrappers.

The scenario here: the asm function fails asm validation, so we emit a message. In doing so, we create a JSValue wrapper for the script object that we cache on the script object. This wrapper is context-dependent and causes the code serializer to choke. R=mtrofin@chromium.org, titzer@chromium.org BUG=chromium:674446,chromium:673321 Review-Url: https://codereview.chromium.org/2586943003 Cr-Commit-Position: refs/heads/master@{#41794}
2016-12-19 02:53:02 -08:00 · 2016-12-19 02:53:02 -08:00 · 07fa0f4967
commit 07fa0f4967
parent d0bb789f03
2 changed files with 16 additions and 0 deletions
--- a/src/snapshot/code-serializer.cc
+++ b/src/snapshot/code-serializer.cc
@ -104,6 +104,12 @@ void CodeSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
    return SerializeObject(isolate()->heap()->undefined_value(), how_to_code,
                           where_to_point, skip);
  }
+
+  if (obj->IsScript()) {
+    // Wrapper object is a context-dependent JSValue. Reset it here.
+    Script::cast(obj)->set_wrapper(isolate()->heap()->undefined_value());
+  }
+
  // Past this point we should not see any (context-specific) maps anymore.
  CHECK(!obj->IsMap());
  // There should be no references to the global object embedded.
--- a/test/mjsunit/regress/wasm/regression-674447.js
+++ b/test/mjsunit/regress/wasm/regression-674447.js
@ -0,0 +1,10 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --validate-asm --cache=code
+
+(function() {
+  "use asm";
+  return function f() {}
+})();