07f93affa7
The wasm valiation incorrectly allowed simd locals, even without the experimental flag turned on. This was not noted in the generated code because simd opcodes were forbidden, but the interpreter could not handle these locals. R=clemensh@chromium.org Bug: chromium:763697 Change-Id: I11d924ac21e50bce81d0504c2c7b252105a89f80 Reviewed-on: https://chromium-review.googlesource.com/660117 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47946}
52 lines
1.5 KiB
JavaScript
52 lines
1.5 KiB
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
load("test/mjsunit/wasm/wasm-constants.js");
|
|
load("test/mjsunit/wasm/wasm-module-builder.js");
|
|
|
|
// Non-standard opcodes.
|
|
let kSig_s_v = makeSig([], [kWasmS128]);
|
|
let kExprS128LoadMem = 0xc0;
|
|
|
|
(function() {
|
|
"use asm";
|
|
var builder = new WasmModuleBuilder();
|
|
builder.addFunction("regression_702460", kSig_i_v)
|
|
.addBody([
|
|
kExprI32Const, 0x52,
|
|
kExprI32Const, 0x41,
|
|
kExprI32Const, 0x3c,
|
|
kExprI32Const, 0xdc, 0x01,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprSetLocal, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprGrowMemory, 0x00,
|
|
kExprS128LoadMem, 0x00, 0x40,
|
|
kExprUnreachable,
|
|
kExprGrowMemory, 0x00
|
|
]).exportFunc();
|
|
assertThrows(() => builder.instantiate());
|
|
})();
|