AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[wasm] Handle multi-value return in compiled fuzzing result

Browse Source 
When a function returns multiple result, we check the only the first
result. We correctly get the first return value from the interpreter
results, but did not handle the compiled code correctly, which returns a
JSArray.

Bug: chromium:1153406
Change-Id: I32198cea131cab18094fac3e66a44e976907773d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562816
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71488}
This commit is contained in:
Zhi An Ng 2020-11-30 03:42:35 +00:00 committed by Commit Bot
parent 63c95cad19
commit 752895065f
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
test/common/wasm/wasm-module-runner.cc
View File

@ -237,6 +237,13 @@ int32_t CallWasmFunctionForTesting(Isolate* isolate,
return -1;
}
Handle<Object> result = retval.ToHandleChecked();
// Multi-value returns, get the first return value (see InterpretWasmModule).
if (result->IsJSArray()) {
auto receiver = Handle<JSReceiver>::cast(result);
result = JSObject::GetElement(isolate, receiver, 0).ToHandleChecked();
}
if (result->IsSmi()) {
return Smi::ToInt(*result);
}