441e6d4a3c
When WebAssembly.instantiate or WebAssembly.instantiateStreaming is called in JavaScript, internally we transfrom it into WebAssembly.compile(buffer).then(WebAssembly.instantiate). However, modifying the prototype of WebAssembly.Module can change the result of WebAssembly.compile(buffer). With this CL we make sure that even if the result of WebAssembly.compile is modified, there is still no type confusion. In the long term we have to do a refactoring and remove this internal transformation. R=mstarzinger@chromium.org Bug: chromium:837417 Change-Id: I376068b8b8b01b991ec450162da6a62ae7030c62 Reviewed-on: https://chromium-review.googlesource.com/1032392 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52859}
24 lines
844 B
JavaScript
24 lines
844 B
JavaScript
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
load('test/mjsunit/wasm/wasm-constants.js');
|
|
load('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
builder.addMemory(16, 32);
|
|
builder.addFunction("test", kSig_i_v).addBody([
|
|
kExprI32Const, 12, // i32.const 0
|
|
]);
|
|
|
|
WebAssembly.Module.prototype.then = resolve => resolve(
|
|
String.fromCharCode(null, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41));
|
|
|
|
// WebAssembly.instantiate should not actually throw a TypeError in this case.
|
|
// However, this is a workaround for
|
|
assertPromiseResult(
|
|
WebAssembly.instantiate(builder.toBuffer()), assertUnreachable,
|
|
exception => {
|
|
assertInstanceof(exception, TypeError);
|
|
});
|