5c3092718e
This is a reland of 5d69010e26
Original change's description:
> [asmjs] Properly validate asm.js heap sizes
>
> Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> limitations on the size of asm.js heaps.
>
> R=clemensh@chromium.org
> CC=mstarzinger@chromium.org
>
> Bug: chromium:873600
> Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> Reviewed-on: https://chromium-review.googlesource.com/1174411
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55163}
Bug: chromium:873600
Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
Reviewed-on: https://chromium-review.googlesource.com/1179681
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55193}
24 lines
571 B
JavaScript
24 lines
571 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax --expose-gc
|
|
|
|
function Module(stdlib, env, heap) {
|
|
"use asm";
|
|
var MEM = new stdlib.Int32Array(heap);
|
|
function f() {
|
|
MEM[0] = 0;
|
|
}
|
|
return { f: f };
|
|
}
|
|
function instantiate() {
|
|
var buffer = new ArrayBuffer(4096);
|
|
Module(this, {}, buffer).f();
|
|
try {} finally {}
|
|
gc();
|
|
Module(this, {}, buffer).f();
|
|
}
|
|
instantiate();
|
|
assertTrue(%IsAsmWasmCode(Module));
|