ebc76f64c5
If one wasm instance imports an exported function of another instance, we unwrap the js-to-wasm wrapper of the export and use the underlying code object directly. However, the code object does not keep the wasm instance alive. It is only connected via a WeakCell. With this CL, we explicitly store a FixedArray of all wasm instances from which we imported functions to keep them alive at least as long as the instance which imports the code. R=mtrofin@chromium.org, ahaas@chromium.org BUG=chromium:734345 Change-Id: I8dcfc9a4ea2d791a62d8cb7255039e481c50bdfd Reviewed-on: https://chromium-review.googlesource.com/539738 Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46062}
29 lines
873 B
JavaScript
29 lines
873 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --expose-gc
|
|
|
|
load('test/mjsunit/wasm/wasm-constants.js');
|
|
load('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
builder1 = new WasmModuleBuilder();
|
|
builder1.addFunction('exp1', kSig_v_v).addBody([kExprUnreachable]).exportFunc();
|
|
|
|
builder2 = new WasmModuleBuilder();
|
|
builder2.addImport('imp', 'imp', kSig_v_v);
|
|
builder2.addFunction('call_imp', kSig_v_v)
|
|
.addBody([kExprCallFunction, 0])
|
|
.exportFunc();
|
|
|
|
export1 = builder1.instantiate().exports.exp1;
|
|
export2 = builder2.instantiate({imp: {imp: export1}}).exports.call_imp;
|
|
export1 = undefined;
|
|
|
|
let a = [0];
|
|
for (i = 0; i < 10; ++i) {
|
|
a = a.concat(new Array(i).fill(i));
|
|
assertThrows(() => export2(), WebAssembly.RuntimeError);
|
|
gc();
|
|
}
|