AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
438e7ec6dc
v8/test/mjsunit/regress/wasm/regress-808848.js
Michael Starzinger 25ec9d833b [test] Remove eval string confusing the fuzzer. 
This removes an occurrence where the "%Foo" native syntax appears as part
of a string. Such strings are picked up by the fuzzer and recombined in
unsupported ways, producing false-positive crash reports. Simply avoid
having those strings in the fuzzing corpus.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-808848
BUG=chromium:844842

Change-Id: I017c1552578f0d26033e58b11353e87e27a69ebf
Reviewed-on: https://chromium-review.googlesource.com/1136300
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54432}
2018-07-13 10:07:22 +00:00

68 lines
2.1 KiB
JavaScript
Raw Blame History

// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
load('test/mjsunit/wasm/wasm-constants.js');
load('test/mjsunit/wasm/wasm-module-builder.js');
// The number of locals must be greater than the constant defined here:
// https://cs.chromium.org/chromium/src/v8/src/compiler/x64/code-generator-x64.cc?l=3146
const kNumLocals = 128;
function varuint32(val) {
let bytes = [];
for (let i = 0; i < 4; ++i) {
bytes.push(0x80 | ((val >> (7 * i)) & 0x7f));
}
bytes.push((val >> (7 * 4)) & 0x7f);
return bytes;
}
// Generate a function that calls the "get" import `kNumLocals` times, and
// stores each result in a local, then calls the "call" import `kNumLocals`
// times with the stored local values.
//
// The intention is to create a function that has a large stack frame.
let body = [];
for (let i = 0; i < kNumLocals; ++i) {
body.push(kExprCallFunction, 0, kExprSetLocal, ...varuint32(i));
}
for (let i = 0; i < kNumLocals; ++i) {
body.push(kExprGetLocal, ...varuint32(i), kExprCallFunction, 1);
}
let builder = new WasmModuleBuilder();
builder.addImport('mod', 'get', kSig_i_v);
builder.addImport('mod', 'call', kSig_v_i);
builder.
addFunction('main', kSig_v_v).
addLocals({i32_count: kNumLocals}).
addBody(body).
exportAs('main');
let m1_bytes = builder.toBuffer();
let m1 = new WebAssembly.Module(m1_bytes);
// Serialize the module and postMessage it to another thread.
let serialized_m1 = %SerializeWasmModule(m1);
let worker_onmessage = function(msg) {
let {serialized_m1, m1_bytes} = msg;
let m1_clone = %DeserializeWasmModule(serialized_m1, m1_bytes);
let imports = {mod: {get: () => 3, call: () => {}}};
let i2 = new WebAssembly.Instance(m1_clone, imports);
i2.exports.main();
postMessage('done');
}
let workerScript = "onmessage = " + worker_onmessage.toString();
let worker = new Worker(workerScript);
worker.postMessage({serialized_m1, m1_bytes});
// Wait for worker to finish.
print(worker.getMessage());
Reference in New Issue View Git Blame Copy Permalink