dd40b33371
This fixes a crash with a predicate used during stack unwinding of WebAssembly frames during exception handling. The predicate caused an observable side-effect in JavaScript during unwinding, code that is inherently unhandlified and is not allowed to be observable. The fix actually just removes the entire predicate. This is because the updated proposal causes all JavaScript exceptions to participate in WebAssembly exception handling, allowing modelling of "finally" language constructs to perform cleanup independent of the embedders exception details. R=ahaas@chromium.org TEST=mjsunit/regress/wasm/regress-8095 BUG=v8:8095 Change-Id: Ic03bc45e7b7f4562a431ccf910ee9ddcf558aa48 Reviewed-on: https://chromium-review.googlesource.com/1193445 Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55457}
26 lines
855 B
JavaScript
26 lines
855 B
JavaScript
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --expose-wasm --experimental-wasm-eh
|
|
|
|
load("test/mjsunit/wasm/wasm-constants.js");
|
|
load("test/mjsunit/wasm/wasm-module-builder.js");
|
|
|
|
// Prepare a special error object to throw.
|
|
var error = new Error("my error");
|
|
error.__proto__ = new Proxy(new Error(), {
|
|
has(target, property, receiver) {
|
|
assertUnreachable();
|
|
}
|
|
});
|
|
|
|
// Throw it through a WebAssembly module.
|
|
var builder = new WasmModuleBuilder();
|
|
builder.addImport('mod', 'fun', kSig_v_v);
|
|
builder.addFunction("funnel", kSig_v_v)
|
|
.addBody([kExprCallFunction, 0])
|
|
.exportFunc();
|
|
var instance = builder.instantiate({ mod: {fun: function() { throw error }}});
|
|
assertThrows(instance.exports.funnel, Error);
|