[wasm] Fix lazy compilation with native-heap code.

This fixes a corner-case with lazy compilation in WebAssembly where native-heap code did not expect to see WASM-to-JS wrappers in tables. R=clemensh@chromium.org TEST=mjsunit/regress/wasm/regress-803788 BUG=chromium:803788 Change-Id: Ie44b5c9efe2b171e1915295bb95d6cb61dfab3dc Reviewed-on: https://chromium-review.googlesource.com/878262 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50755}
2018-01-22 13:08:27 +01:00 · 2018-01-22 13:08:27 +01:00 · f30a86c8d3
commit f30a86c8d3
parent 4224421622
2 changed files with 31 additions and 1 deletions
--- a/src/wasm/module-compiler.cc
+++ b/src/wasm/module-compiler.cc
@ -3360,7 +3360,10 @@ void InstanceBuilder::LoadTableSegments(Handle<FixedArray> code_table,
            const wasm::WasmCode* code = native_module->GetCode(func_index);
            // Only increase the counter for lazy compile builtins (it's not
            // needed otherwise).
-            if (code->kind() == wasm::WasmCode::kFunction) continue;
+            if (code->kind() == wasm::WasmCode::kFunction ||
+                code->kind() == wasm::WasmCode::kWasmToJsWrapper) {
+              continue;
+            }
            DCHECK_EQ(wasm::WasmCode::kLazyStub, code->kind());
          }
          ++num_table_exports[func_index];
--- a/test/mjsunit/regress/wasm/regress-803788.js
+++ b/test/mjsunit/regress/wasm/regress-803788.js
@ -0,0 +1,27 @@
+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-lazy-compilation
+
+load('test/mjsunit/wasm/wasm-constants.js');
+load('test/mjsunit/wasm/wasm-module-builder.js');
+
+var builder = new WasmModuleBuilder();
+let q_table = builder.addImportedTable("q", "table")
+let q_base = builder.addImportedGlobal("q", "base", kWasmI32);
+let q_fun = builder.addImport("q", "fun", kSig_v_v);
+builder.addType(kSig_i_ii);
+builder.addFunctionTableInit(q_base, true, [ q_fun ])
+let module = new WebAssembly.Module(builder.toBuffer());
+let table = new WebAssembly.Table({
+  element: "anyfunc",
+  initial: 10,
+});
+let instance = new WebAssembly.Instance(module, {
+  q: {
+    base: 0,
+    table: table,
+    fun: () => (0)
+  }
+});