6a8dccb197
This avoids the crash which ClusterFuzz found, but still does not report the same position as without validate.asm. For calls like "foo()|0", we report the position of the call instead of the position of the "|" if ToNumber throws an error. After this CL, the correctness-fuzzer for validate-asm will probably find mismatches there. R=titzer@chromium.org BUG=chromium:670808 Review-Url: https://codereview.chromium.org/2548323002 Cr-Commit-Position: refs/heads/master@{#41500}
23 lines
473 B
JavaScript
23 lines
473 B
JavaScript
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
var sym = Symbol();
|
|
function asm(stdlib, ffi) {
|
|
"use asm";
|
|
var get_sym = ffi.get_sym;
|
|
function crash() {
|
|
get_sym()|0;
|
|
}
|
|
return {crash: crash};
|
|
}
|
|
function get_sym() {
|
|
return sym;
|
|
}
|
|
try {
|
|
asm(null, {get_sym: get_sym}).crash();
|
|
} catch (e) {
|
|
if (!(e instanceof TypeError))
|
|
throw e;
|
|
}
|