[wasm] Check for WasmExportedFunction before cast

{WasmInternalFunction::external} might return a function that is not a WasmExportedFunction, at which point the code in ProcessTypeFeedback fails. See crrev.com/c/3277878 for context. Bug: v8:12436 Change-Id: I447710cfa2dbdb64cba27922da85871d18bc79a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303613 Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#78126}
2021-11-26 21:05:12 +08:00 · 2021-11-26 21:05:12 +08:00 · 97b89b6a6d
commit 97b89b6a6d
parent 5c47acfcae
1 changed files with 3 additions and 1 deletions
--- a/src/wasm/module-compiler.cc
+++ b/src/wasm/module-compiler.cc
@ -1253,7 +1253,9 @@ std::vector<CallSiteFeedback> ProcessTypeFeedback(
      static_cast<int>(instance->module()->num_imported_functions);
  for (int i = 0; i < feedback.length(); i += 2) {
    Object value = feedback.get(i);
-    if (value.IsWasmInternalFunction()) {
+    if (value.IsWasmInternalFunction() &&
+        WasmExportedFunction::IsWasmExportedFunction(
+            WasmInternalFunction::cast(value).external())) {
      // Monomorphic. Mark the target for inlining if it's defined in the
      // same module.
      WasmExportedFunction target = WasmExportedFunction::cast(