[wasm] GC should ignore unboxed stack parameters in WASM frames.
R=mstarzinger@chromium.org,bradnelson@chromium.org BUG= Review URL: https://codereview.chromium.org/1782613003 Cr-Commit-Position: refs/heads/master@{#34682}
This commit is contained in:
parent
01589fe708
commit
a42b24514e
@ -743,7 +743,10 @@ void StandardFrame::IterateCompiledFrame(ObjectVisitor* v) const {
|
|||||||
safepoint_bits += kNumSafepointRegisters >> kBitsPerByteLog2;
|
safepoint_bits += kNumSafepointRegisters >> kBitsPerByteLog2;
|
||||||
|
|
||||||
// Visit the rest of the parameters.
|
// Visit the rest of the parameters.
|
||||||
v->VisitPointers(parameters_base, parameters_limit);
|
if (!is_js_to_wasm() && !is_wasm()) {
|
||||||
|
// Non-WASM frames have tagged values as parameters.
|
||||||
|
v->VisitPointers(parameters_base, parameters_limit);
|
||||||
|
}
|
||||||
|
|
||||||
// Visit pointer spill slots and locals.
|
// Visit pointer spill slots and locals.
|
||||||
for (unsigned index = 0; index < stack_slots; index++) {
|
for (unsigned index = 0; index < stack_slots; index++) {
|
||||||
|
74
test/mjsunit/wasm/gc-frame.js
Normal file
74
test/mjsunit/wasm/gc-frame.js
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
// Copyright 2016 the V8 project authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a BSD-style license that can be
|
||||||
|
// found in the LICENSE file.
|
||||||
|
|
||||||
|
// Flags: --expose-wasm --expose-gc
|
||||||
|
|
||||||
|
load("test/mjsunit/wasm/wasm-constants.js");
|
||||||
|
load("test/mjsunit/wasm/wasm-module-builder.js");
|
||||||
|
|
||||||
|
function makeFFI(func, t) {
|
||||||
|
var builder = new WasmModuleBuilder();
|
||||||
|
|
||||||
|
var sig_index = builder.addSignature([t,t,t,t,t,t,t,t,t,t,t]);
|
||||||
|
builder.addImport("func", sig_index);
|
||||||
|
// Try to create a frame with lots of spilled values and parameters
|
||||||
|
// on the stack to try to catch GC bugs in the reference maps for
|
||||||
|
// the different parts of the stack.
|
||||||
|
builder.addFunction("main", sig_index)
|
||||||
|
.addBody([
|
||||||
|
kExprCallImport, 0, // --
|
||||||
|
kExprGetLocal, 0, // --
|
||||||
|
kExprGetLocal, 1, // --
|
||||||
|
kExprGetLocal, 2, // --
|
||||||
|
kExprGetLocal, 3, // --
|
||||||
|
kExprGetLocal, 4, // --
|
||||||
|
kExprGetLocal, 5, // --
|
||||||
|
kExprGetLocal, 6, // --
|
||||||
|
kExprGetLocal, 7, // --
|
||||||
|
kExprGetLocal, 8, // --
|
||||||
|
kExprGetLocal, 9, // --
|
||||||
|
kExprCallImport, 0, // --
|
||||||
|
kExprGetLocal, 0, // --
|
||||||
|
kExprGetLocal, 1, // --
|
||||||
|
kExprGetLocal, 2, // --
|
||||||
|
kExprGetLocal, 3, // --
|
||||||
|
kExprGetLocal, 4, // --
|
||||||
|
kExprGetLocal, 5, // --
|
||||||
|
kExprGetLocal, 6, // --
|
||||||
|
kExprGetLocal, 7, // --
|
||||||
|
kExprGetLocal, 8, // --
|
||||||
|
kExprGetLocal, 9 // --
|
||||||
|
]) // --
|
||||||
|
.exportFunc();
|
||||||
|
|
||||||
|
return builder.instantiate({func: func}).exports.main;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function print10(a, b, c, d, e, f, g, h, i) {
|
||||||
|
print(a + ",", b + ",", c + ",", d + ",", e + ",", f + ",", g + ",", h + ",", i);
|
||||||
|
gc();
|
||||||
|
print(a + ",", b + ",", c + ",", d + ",", e + ",", f + ",", g + ",", h + ",", i);
|
||||||
|
}
|
||||||
|
|
||||||
|
(function I32Test() {
|
||||||
|
var main = makeFFI(print10, kAstI32);
|
||||||
|
for (var i = 1; i < 0xFFFFFFF; i <<= 2) {
|
||||||
|
main(i - 1, i, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8);
|
||||||
|
}
|
||||||
|
})();
|
||||||
|
|
||||||
|
(function F32Test() {
|
||||||
|
var main = makeFFI(print10, kAstF32);
|
||||||
|
for (var i = 1; i < 2e+30; i *= -157) {
|
||||||
|
main(i - 1, i, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8);
|
||||||
|
}
|
||||||
|
})();
|
||||||
|
|
||||||
|
(function I32Test() {
|
||||||
|
var main = makeFFI(print10, kAstF64);
|
||||||
|
for (var i = 1; i < 2e+80; i *= -1137) {
|
||||||
|
main(i - 1, i, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8);
|
||||||
|
}
|
||||||
|
})();
|
Loading…
Reference in New Issue
Block a user