47f3a53f70
With exception handling enabled new call paths open up, which will
perform environment merging while a "call" or "call_indirect" is
currently being emitted. This will lead to double-use of the buffer
returned by calls to {Buffer} or {Realloc}. In general we should
transition away from this optimization to safer constructs such as
{base::SmallVector} to avoid such bugs.
R=clemensb@chromium.org
TEST=mjsunit/regress/regress-9832
BUG=v8:9832
Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64271}
36 lines
1.0 KiB
JavaScript
36 lines
1.0 KiB
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --experimental-wasm-eh
|
|
|
|
load("test/mjsunit/wasm/wasm-module-builder.js");
|
|
|
|
(function TestRegress9832() {
|
|
let builder = new WasmModuleBuilder();
|
|
let f = builder.addFunction("f", kSig_i_i)
|
|
.addBody([
|
|
kExprLocalGet, 0,
|
|
kExprLocalGet, 0,
|
|
kExprI32Add,
|
|
]).exportFunc();
|
|
builder.addFunction("main", kSig_i_i)
|
|
.addLocals({except_count: 1})
|
|
.addBody([
|
|
kExprTry, kWasmStmt,
|
|
kExprLocalGet, 0,
|
|
kExprCallFunction, f.index,
|
|
kExprCallFunction, f.index,
|
|
kExprLocalSet, 0,
|
|
kExprCatch,
|
|
kExprDrop,
|
|
kExprLocalGet, 0,
|
|
kExprCallFunction, f.index,
|
|
kExprLocalSet, 0,
|
|
kExprEnd,
|
|
kExprLocalGet, 0,
|
|
]).exportFunc();
|
|
let instance = builder.instantiate();
|
|
assertEquals(92, instance.exports.main(23));
|
|
})();
|