AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
32281d6247
v8/test/mjsunit/regress/wasm/regress-1161555.js
Clemens Backes 591db5d98b [wasm] Fix data race in lazy compilation 
Instead of updating the detected features set directly, use the
synchronized {OnCompilationStopped} method.
In order to avoid this error in the future, the whole
{detected_features()} getter is removed, as it returns a pointer which
can only be accessed when holding the mutex anyway. Also, the refactored
code was the only user of this dangerous method.

Drive-by: Pass the WasmFeatures set by value, since it's just an
EnumSet.
Drive-by 2: Remove a print line from the regression test which can be
confusing if the test is picked up again by foozzie.

R=ahaas@chromium.org
CC=zhin@chromium.org

Bug: v8:11357
Change-Id: I75b5c8f35983d2bc1fd2b61adcb2ecfc18564f39
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2653226
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72375}
2021-01-27 17:37:29 +00:00

39 lines
1.4 KiB
JavaScript
Raw Blame History

// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-wasm-simd --wasm-lazy-compilation
// Test case copied from clusterfuzz, this exercises a bug in WasmCompileLazy
// where we are not correctly pushing the full 128-bits of a SIMD register.
load('test/mjsunit/wasm/wasm-module-builder.js');
const __v_0 = new WasmModuleBuilder();
__v_0.addImportedMemory('m', 'imported_mem');
__v_0.addFunction('main', makeSig([], [])).addBodyWithEnd([
kExprI32Const, 0, kSimdPrefix, kExprS128LoadMem, 0, 0, kExprCallFunction,
0x01, kExprEnd
]);
__v_0.addFunction('function2', makeSig([kWasmS128], [])).addBodyWithEnd([
kExprI32Const, 17, kExprLocalGet, 0, kSimdPrefix, kExprS128StoreMem, 0, 0,
kExprI32Const, 9, kExprLocalGet, 0, kExprCallFunction, 0x02, kExprEnd
]);
__v_0.addFunction('function3', makeSig([kWasmI32, kWasmS128], []))
.addBodyWithEnd([
kExprI32Const, 32, kExprLocalGet, 1, kSimdPrefix, kExprS128StoreMem, 0, 0,
kExprEnd
]);
__v_0.addExport('main');
var __v_1 = new WebAssembly.Memory({
initial: 1,
});
const __v_2 = __v_0.instantiate({m: {imported_mem: __v_1}});
const __v_3 = new Uint8Array(__v_1.buffer);
for (let __v_4 = 0; __v_4 < 16; __v_4++) {
__v_3[__v_4] = __v_4 * 2;
}
__v_2.exports.main();
for (let __v_5 = 0; __v_5 < 16; __v_5++) {
assertEquals(__v_3[__v_5], __v_3[__v_5 + 32]);
}
Reference in New Issue View Git Blame Copy Permalink