98e2796555
LoadTransform operators contain a LoadKind, which can be unaligned, protected, poisoned, normal. If it is protected, we cannot eliminiate that load, since we rely on the segv signal handling. So, we use partial template specialization on LoadKind::kProtected, and don't set the operator to not be eliminatable. Bug: chromium:1132461 Change-Id: If45fc6562348ffd4dbaa27058e6c5d4242f79abb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436081 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70205}
28 lines
899 B
JavaScript
28 lines
899 B
JavaScript
|
|
// Copyright 2020 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --wasm-staging
|
|
|
|
// We load-splat a value, then drop it. Verify that the OOB load is not
|
|
// eliminated, it should trap. This test case is simplified from the fuzzer
|
|
// provided test case in https://crbug.com/1132461.
|
|
load('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
builder.addMemory(16, 32, false, true);
|
|
builder.addFunction(undefined, makeSig([], [kWasmI32]))
|
|
.addBodyWithEnd([
|
|
kExprI32Const, 0x00,
|
|
kExprI32Const, 0x00,
|
|
kSimdPrefix, kExprS128Load32Splat, 0x00, 0xb6, 0xec, 0xd8, 0xb1, 0x03,
|
|
kSimdPrefix, kExprI32x4ExtractLane, 0x00,
|
|
kExprDrop,
|
|
kExprEnd,
|
|
]);
|
|
|
|
builder.addExport('main', 0);
|
|
const instance = builder.instantiate();
|
|
assertThrows(() => instance.exports.main());
|