7b6de8381e
When Heap::TearDown is called, parts of the Isolate are already gone (specifically: Managed<> objects, which includes Wasm NativeModules). Since heap verification can depend on these parts (e.g. to find Code objects belonging to current activations on the stack), we should do it before tearing down things. Heap::StartTearDown is a suitable way to achieve that. Bug: v8:9209 Change-Id: I44094b19e16a4f372eb14ab363d8b4a65182f38a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993968 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#65684}
15 lines
501 B
JavaScript
15 lines
501 B
JavaScript
// Copyright 2020 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --verify-heap
|
|
|
|
load('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
builder.addImport("d8", "quit", kSig_v_v)
|
|
builder.addFunction('do_not_crash', kSig_v_v)
|
|
.addBody([kExprCallFunction, 0])
|
|
.exportFunc();
|
|
builder.instantiate({d8: {quit: quit}}).exports.do_not_crash();
|