v8/test/mjsunit/regress/wasm/regress-1196837.js
Andreas Haas 923d32606d [wasm][ia32] Spill result register of CompareExchange before using it
R=clemensb@chromium.org

Bug: chromium:1196837
Change-Id: I8945e25be12155482e1feefe1cfd980a94b0488d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850646
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74180}
2021-04-26 10:45:20 +00:00

40 lines
1.2 KiB
JavaScript

// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --wasm-staging
load('test/mjsunit/wasm/wasm-module-builder.js');
const builder = new WasmModuleBuilder();
builder.addMemory(16, 32, false);
builder.addType(makeSig([kWasmI32, kWasmI32, kWasmI32], [kWasmI32]));
builder.addFunction(undefined, 0 /* sig */)
.addBodyWithEnd([
// signature: i_iii
// body:
kExprLocalGet, 0x01,
kExprLocalGet, 0x01,
kExprLocalGet, 0x01,
kExprLocalGet, 0x01,
kAtomicPrefix, kExprI32AtomicCompareExchange16U, 0x00, 0x7a,
kExprLocalGet, 0x01,
kExprLocalGet, 0x01,
kExprLocalGet, 0x01,
kExprLocalGet, 0x00,
kExprMemoryGrow, 0x00,
kAtomicPrefix, kExprI32AtomicCompareExchange16U, 0x00, 0x7a,
kExprLocalGet, 0x01,
kExprLocalGet, 0x00,
kAtomicPrefix, kExprI32AtomicCompareExchange16U, 0x00, 0x7a,
kExprLocalGet, 0x01,
kExprLocalGet, 0x00,
kAtomicPrefix, kExprI32AtomicCompareExchange16U, 0x00, 0x7a,
kExprLocalGet, 0x01,
kExprReturnCall, 0x00,
kExprEnd,
]);
builder.addExport('main', 0);
const instance = builder.instantiate();
assertTraps(kTrapUnalignedAccess, () => instance.exports.main(0, 0, 0));