AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
c8ee3fb405
v8/test/mjsunit/regress/wasm/regression-684858.js
Clemens Hammacher 1a73f73b3b [wasm] Implement extensible name section 
The format of the name section changed recently. It now contains
subsections of different type (currently for function names or local
variable names).
This CL changes our internal wasm module builders (in JS and C++) to
emit this new format, and changes the decoder to understand it.
We currently only parse the function name section, and ignore names of
local variables. I will later extend this to parse local variable names
when needed for debugging.

R=ahaas@chromium.org, rossberg@chromium.org
BUG=v8:6222

Change-Id: I2627160c25c9209a3f09abe0b88941ec48b24434
Reviewed-on: https://chromium-review.googlesource.com/470247
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44492}
2017-04-07 16:31:47 +00:00

35 lines
1.3 KiB
JavaScript
Raw Blame History

// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
load('test/mjsunit/wasm/wasm-constants.js');
load('test/mjsunit/wasm/wasm-module-builder.js');
var name = 'regression_684858';
function patchNameLength(buffer) {
var count = 0;
var view = new Uint8Array(buffer);
for (var i = 0, e = view.length - name.length; i <= e; ++i) {
var subs = String.fromCharCode.apply(null, view.slice(i, i + name.length));
if (subs != name) continue;
++count;
// One byte before this name, its length is encoded.
// Patch this to 127, making it out of bounds.
if (view.length >= 127) throw Error('cannot patch reliably');
if (view[i - 1] != name.length) throw Error('unexpected length');
view[i - 1] = 0x7f;
}
if (count != 1) throw Error('did not find name');
}
var builder = new WasmModuleBuilder();
builder.addFunction(name, kSig_i_v)
.addBody([kExprI32Const, 2, kExprI32Const, 0, kExprI32DivU])
.exportAs('main');
var buffer = builder.toBuffer();
patchNameLength(buffer);
var module = new WebAssembly.Module(buffer);
var instance = new WebAssembly.Instance(module);
assertThrows(() => instance.exports.main(), WebAssembly.RuntimeError);
Reference in New Issue View Git Blame Copy Permalink