AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
2b77ca200c
v8/test/mjsunit/regress/wasm/regress-11809.js
Thibaud Michaud 2b77ca200c [wasm][liftoff] Always zero-extend 32 bit offsets 
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.

R=clemensb@chromium.org
CC=jkummerow@chromium.org

Bug: v8:11809
Change-Id: I21e2535c701041d11fa06c176fa683d82db0a3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917612
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74881}
2021-06-01 12:59:17 +00:00

59 lines
1.8 KiB
JavaScript
Raw Blame History

// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Flags: --enable-testing-opcode-in-wasm --nowasm-tier-up --wasm-tier-mask-for-testing=2
load("test/mjsunit/wasm/wasm-module-builder.js");
var instance = (function () {
var builder = new WasmModuleBuilder();
builder.addMemory(1, 1, false /* exported */);
var sig_index = builder.addType(makeSig(
[kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32,
kWasmI32],
[kWasmI32]));
var sig_three = builder.addType(makeSig(
[kWasmI64, kWasmI64, kWasmI64, kWasmI64, kWasmI64, kWasmI64, kWasmI64,
kWasmI64],
[]));
var zero = builder.addFunction("zero", kSig_i_i);
var one = builder.addFunction("one", sig_index);
var two = builder.addFunction("two", kSig_v_i);
var three = builder.addFunction("three", sig_three).addBody([]);
zero.addBody([kExprLocalGet, 0, kExprI32LoadMem, 0, 0]);
one.addBody([
kExprLocalGet, 7,
kExprCallFunction, zero.index]);
two.addBody([
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprI64Const, 0x81, 0x80, 0x80, 0x80, 0x10,
kExprCallFunction, three.index,
kExprI32Const, 0,
kExprI32Const, 0,
kExprI32Const, 0,
kExprI32Const, 0,
kExprI32Const, 0,
kExprI32Const, 0,
kExprI32Const, 0,
kExprI32Const, 0,
kExprCallFunction, one.index,
kExprDrop,
]).exportFunc();
return builder.instantiate({});
})();
instance.exports.two()
Reference in New Issue View Git Blame Copy Permalink