Changeset 271114 in webkit
- Timestamp:
- Dec 30, 2020 7:20:30 PM (less than one hour ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/wasm/stress/multivalue-iteration-count.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/wasm/WasmOperations.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r271112 r271114 1 2020-12-30 Yusuke Suzuki <ysuzuki@apple.com> 2 3 Unreviewed, fix iteration count check 4 https://bugs.webkit.org/show_bug.cgi?id=220206 5 6 * wasm/stress/multivalue-iteration-count.js: Added. 7 (async let): 8 1 9 2020-12-29 Yusuke Suzuki <ysuzuki@apple.com> 2 10 -
trunk/Source/JavaScriptCore/ChangeLog
r271113 r271114 1 2020-12-30 Yusuke Suzuki <ysuzuki@apple.com> 2 3 Unreviewed, fix iteration count check 4 https://bugs.webkit.org/show_bug.cgi?id=220206 5 6 We should have iterationCount variable to track iteration count since it can be larger than MarkedArgumentBuffer's size. 7 8 * wasm/WasmOperations.cpp: 9 (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): 10 1 11 2020-12-30 Yusuke Suzuki <ysuzuki@apple.com> 2 12 -
trunk/Source/JavaScriptCore/wasm/WasmOperations.cpp
r271113 r271114 523 523 RegisterAtOffsetList registerResultOffsets = wasmCallInfo.computeResultsOffsetList(); 524 524 525 unsigned iterationCount = 0; 525 526 MarkedArgumentBuffer buffer; 526 527 forEachInIterable(globalObject, result, [&] (VM&, JSGlobalObject*, JSValue value) -> void { 527 528 if (buffer.size() < signature->returnCount()) 528 529 buffer.append(value); 530 ++iterationCount; 529 531 }); 530 532 RETURN_IF_EXCEPTION(scope, void()); … … 535 537 } 536 538 537 if ( buffer.size()!= signature->returnCount()) {539 if (iterationCount != signature->returnCount()) { 538 540 throwVMTypeError(globalObject, scope, "Incorrect number of values returned to Wasm from JS"); 539 541 return;
Note: See TracChangeset
for help on using the changeset viewer.
