Reland "[wasm][fuzzer] Fix exception detection"

This is a reland of 899cb34868. The new fuzzer regression test is skipped in jitless. Original change's description: > [wasm][fuzzer] Fix exception detection > > Exceptions were detected by checking for a pending exception on the > isolate, but {CallWasmFunctionForTesting} was clearing any pending > exception before returning. > This CL fixes that by explicitly passing back a boolean which is set if > an exception occurred during execution. > > R=ahaas@chromium.org > > Bug: chromium:1115280 > Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69404} Bug: chromium:1115280 Change-Id: I9bb7300d423c53214e51e61233b0a6b09a21fd97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361464 Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69446}
2020-08-18 10:14:25 +02:00 · 2020-08-18 10:14:25 +02:00 · f7d169c600
commit f7d169c600
parent 7c8379223d
5 changed files with 12 additions and 9 deletions
--- a/test/common/wasm/wasm-module-runner.cc
+++ b/test/common/wasm/wasm-module-runner.cc
@ -172,7 +172,8 @@ MaybeHandle<WasmExportedFunction> GetExportedFunction(
 int32_t CallWasmFunctionForTesting(Isolate* isolate,
                                   Handle<WasmInstanceObject> instance,
                                   const char* name, int argc,
-                                   Handle<Object> argv[]) {
+                                   Handle<Object> argv[], bool* exception) {
+  if (exception) *exception = false;
  MaybeHandle<WasmExportedFunction> maybe_export =
      GetExportedFunction(isolate, instance, name);
  Handle<WasmExportedFunction> main_export;
@ -189,6 +190,7 @@ int32_t CallWasmFunctionForTesting(Isolate* isolate,
  if (retval.is_null()) {
    DCHECK(isolate->has_pending_exception());
    isolate->clear_pending_exception();
+    if (exception) *exception = true;
    return -1;
  }
  Handle<Object> result = retval.ToHandleChecked();
--- a/test/common/wasm/wasm-module-runner.h
+++ b/test/common/wasm/wasm-module-runner.h
@ -31,11 +31,13 @@ MaybeHandle<WasmExportedFunction> GetExportedFunction(

 // Call an exported wasm function by name. Returns -1 if the export does not
 // exist or throws an error. Errors are cleared from the isolate before
-// returning.
+// returning. {exception} is set to to true if an exception happened during
+// execution of the wasm function.
 int32_t CallWasmFunctionForTesting(Isolate* isolate,
                                   Handle<WasmInstanceObject> instance,
                                   const char* name, int argc,
-                                   Handle<Object> argv[]);
+                                   Handle<Object> argv[],
+                                   bool* exception = nullptr);

 // Decode, verify, and run the function labeled "main" in the
 // given encoded module. The module should have no imports.
--- a/test/fuzzer/fuzzer.status
+++ b/test/fuzzer/fuzzer.status
@ -8,6 +8,7 @@
 ['lite_mode or variant == jitless', {
  # TODO(v8:7777): Re-enable once wasm is supported in jitless mode.
  'multi_return/*': [SKIP],
+  'wasm/*': [SKIP],
  'wasm_async/*': [SKIP],
  'wasm_code/*': [SKIP],
  'wasm_compile/*': [SKIP],
--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@ -82,21 +82,19 @@ void InterpretAndExecuteModule(i::Isolate* isolate,
              .ToHandle(&instance));
  }

+  bool exception = false;
  int32_t result_compiled = testing::CallWasmFunctionForTesting(
-      isolate, instance, "main", 0, nullptr);
-  if (interpreter_result.trapped() != isolate->has_pending_exception()) {
+      isolate, instance, "main", 0, nullptr, &exception);
+  if (interpreter_result.trapped() != exception) {
    const char* exception_text[] = {"no exception", "exception"};
    FATAL("interpreter: %s; compiled: %s",
          exception_text[interpreter_result.trapped()],
-          exception_text[isolate->has_pending_exception()]);
+          exception_text[exception]);
  }

  if (interpreter_result.finished()) {
    CHECK_EQ(interpreter_result.result(), result_compiled);
  }
-
-  // Cleanup any pending exception.
-  isolate->clear_pending_exception();
 }

 namespace {
--- a/test/fuzzer/wasm/regress-1115280.wasm
+++ b/test/fuzzer/wasm/regress-1115280.wasm