793c52ed26
The existing stack check only checked the number of stack frames on the stack, not the actual size of the stack frames. In the test case, each stack frame is huge, and the interpreter runs out of memory before the stack check stops the execution. With this change we take the size of the value stack and the size of the control stack and compare their sum to the stack limit of V8. Note that this stack limit is kind of arbitrary, because the stack space of the interpreter is not on the actual runtime stack but allocated in zone memory, and the stack check exists to simulate stack overflows in compiled code, not to prevent actual stack overflows. R=clemensh@chromium.org TEST=mjsunit/regress/wasm/regress-778917 Bug: chromium:778917 Change-Id: Ife47631fcb1a178a68facab1e42c0069b12c0155 Reviewed-on: https://chromium-review.googlesource.com/744003 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49071}
21 lines
676 B
JavaScript
21 lines
676 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --expose-wasm --wasm-interpret-all
|
|
|
|
load("test/mjsunit/wasm/wasm-constants.js");
|
|
load("test/mjsunit/wasm/wasm-module-builder.js");
|
|
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
|
|
const index = builder.addFunction("huge_frame", kSig_v_v)
|
|
.addBody([kExprCallFunction, 0])
|
|
.addLocals({f64_count: 49555}).exportFunc().index;
|
|
// We assume above that the function we added has index 0.
|
|
assertEquals(0, index);
|
|
|
|
const module = builder.instantiate();
|
|
assertThrows(module.exports.huge_frame, RangeError);
|