AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[wasm][fuzzer] Second instantiation cannot fail

Browse Source 
A minor fix to the {InterpretAndExecuteModule} function: We instantiate
the module twice. If the first instantiation worked, then also the
second instantiation must succeed.
Plus minor drive-by cleanup.

R=ahaas@chromium.org

Bug: chromium:1113681
Change-Id: Ib897cb1907152cdd9b0ed2b513a6c8217a3f400c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349288
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69352}
This commit is contained in:
Clemens Backes 2020-08-11 12:19:36 +02:00 committed by Commit Bot
parent 3c0fb324fa
commit c32a3106b4
1 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
test/fuzzer/wasm-fuzzer-common.cc
View File

@ -33,17 +33,15 @@ void InterpretAndExecuteModule(i::Isolate* isolate,
if (module_object->module()->start_function_index >= 0) return; if (module_object->module()->start_function_index >= 0) return;
HandleScope handle_scope(isolate); // Avoid leaking handles. HandleScope handle_scope(isolate); // Avoid leaking handles.
MaybeHandle<WasmInstanceObject> maybe_instance;
Handle<WasmInstanceObject> instance; Handle<WasmInstanceObject> instance;
// Try to instantiate, return if it fails. // Try to instantiate, return if it fails.
{ {
ErrorThrower thrower(isolate, "WebAssembly Instantiation"); ErrorThrower thrower(isolate, "WebAssembly Instantiation");
maybe_instance = isolate->wasm_engine()->SyncInstantiate( if (!isolate->wasm_engine()
isolate, &thrower, module_object, ->SyncInstantiate(isolate, &thrower, module_object, {},
Handle<JSReceiver>::null(), // imports {}) // no imports & memory
MaybeHandle<JSArrayBuffer>()); // memory .ToHandle(&instance)) {
if (!maybe_instance.ToHandle(&instance)) {
isolate->clear_pending_exception(); isolate->clear_pending_exception();
thrower.Reset(); // Ignore errors. thrower.Reset(); // Ignore errors.
return; return;
@ -76,16 +74,12 @@ void InterpretAndExecuteModule(i::Isolate* isolate,
// Try to instantiate and execute the module_object. // Try to instantiate and execute the module_object.
{ {
ErrorThrower thrower(isolate, "InterpretAndExecuteModule"); ErrorThrower thrower(isolate, "Second Instantiation");
maybe_instance = isolate->wasm_engine()->SyncInstantiate( // We instantiated before, so the second instantiation must also succeed:
isolate, &thrower, module_object, CHECK(isolate->wasm_engine()
Handle<JSReceiver>::null(), // imports ->SyncInstantiate(isolate, &thrower, module_object, {},
MaybeHandle<JSArrayBuffer>()); // memory {}) // no imports & memory
if (!maybe_instance.ToHandle(&instance)) { .ToHandle(&instance));
isolate->clear_pending_exception();
thrower.Reset(); // Ignore errors.
return;
}
} }
int32_t result_compiled = testing::CallWasmFunctionForTesting( int32_t result_compiled = testing::CallWasmFunctionForTesting(