[wasm] Improve precision of slow DCHECK for WebAssembly-constructed internal objects.

BUG=chromium:740325
R=ahaas@chromium.org,mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2972353002
Cr-Commit-Position: refs/heads/master@{#46518}
This commit is contained in:
titzer 2017-07-10 06:49:34 -07:00 committed by Commit Bot
parent bb881c8880
commit 11484e7e9b
2 changed files with 82 additions and 6 deletions

View File

@ -15851,23 +15851,28 @@ bool JSObject::WasConstructedFromApiFunction() {
auto instance_type = map()->instance_type();
bool is_api_object = instance_type == JS_API_OBJECT_TYPE ||
instance_type == JS_SPECIAL_API_OBJECT_TYPE;
bool is_wasm_object =
instance_type == WASM_MEMORY_TYPE || instance_type == WASM_MODULE_TYPE ||
instance_type == WASM_INSTANCE_TYPE || instance_type == WASM_TABLE_TYPE;
#ifdef ENABLE_SLOW_DCHECKS
if (FLAG_enable_slow_asserts) {
Object* maybe_constructor = map()->GetConstructor();
if (maybe_constructor->IsJSFunction()) {
JSFunction* constructor = JSFunction::cast(maybe_constructor);
if (constructor->shared()->IsApiFunction()) {
DCHECK(is_api_object);
} else {
DCHECK(!is_api_object);
}
DCHECK_EQ(constructor->shared()->IsApiFunction(),
is_api_object || is_wasm_object);
} else if (maybe_constructor->IsFunctionTemplateInfo()) {
DCHECK(is_api_object);
DCHECK(is_api_object || is_wasm_object);
} else {
return false;
}
}
#endif
// TODO(titzer): Clean this up somehow. WebAssembly objects should not be
// considered "constructed from API functions" even though they have
// function template info, since that would make the V8 GC identify them to
// the embedder, e.g. the Oilpan GC.
USE(is_wasm_object);
return is_api_object;
}

View File

@ -0,0 +1,71 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --expose-gc
assertTrue = function assertTrue() { }
assertFalse = function assertFalse() { }
__v_3 = [];
__v_2 = [];
__v_0 = 0;
__v_2.__defineGetter__(0, function() {
if (__v_0++ > 2) return;
gc();
__v_3.concat(__v_2);
});
__v_2[0];
function __f_2() {
}
(function __f_1() {
print("1...");
function __f_5(stdlib, imports) {
"use asm";
var __f_2 = imports.__f_2;
function __f_3(a) {
a = a | 0;
}
return { __f_3:__f_3 };
}
var __v_2 = __f_5(this, { __f_2:__f_2 });
;
})();
(function __f_10() {
print("2...");
function __f_5() {
"use asm";
function __f_3(a) {
}
}
var __v_2 = __f_5();
assertFalse();
})();
(function __f_11() {
print("3...");
let m = (function __f_6() {
function __f_5() {
"use asm";
function __f_3() {
}
return { __f_3:__f_3 };
}
var __v_2 = __f_5( { __f_2:__f_2 });
});
for (var i = 0; i < 30; i++) {
print(" i = " + i);
var x = m();
for (var j = 0; j < 200; j++) {
try {
__f_5;
} catch (e) {
}
}
x;
}
})();