[wasm] Adjust segment loading for table index > 0
This was supposed to be only a clean-up, but the original code even
invalidated a test and thereby covered a test. I fixed the bug here as
well.
Without testing it I think this fixes https://crbug.com/964607.
Bug: v8:9183
Change-Id: I076f40a2302bfd5b7cecd2ae35d4e05a465e054b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621935
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61691}
diff --git a/src/wasm/module-instantiate.cc b/src/wasm/module-instantiate.cc
index 3fec697..3a10263 100644
--- a/src/wasm/module-instantiate.cc
+++ b/src/wasm/module-instantiate.cc
@@ -1531,10 +1531,15 @@
const WasmFunction* function = &module->functions[func_index];
- // Update the local dispatch table first.
- uint32_t sig_id = module->signature_ids[function->sig_index];
- IndirectFunctionTableEntry(instance, entry_index)
- .Set(sig_id, instance, func_index);
+ // Update the local dispatch table first if necessary. We only have to
+ // update the dispatch table if the first table of the instance is changed.
+ // For all other tables, function calls do not use a dispatch table at
+ // the moment.
+ if (elem_segment.table_index == 0) {
+ uint32_t sig_id = module->signature_ids[function->sig_index];
+ IndirectFunctionTableEntry(instance, entry_index)
+ .Set(sig_id, instance, func_index);
+ }
// Update the table object's other dispatch tables.
MaybeHandle<WasmExportedFunction> wasm_exported_function =
diff --git a/test/mjsunit/wasm/wasm-module-builder.js b/test/mjsunit/wasm/wasm-module-builder.js
index 24f4801..3f2f80e 100644
--- a/test/mjsunit/wasm/wasm-module-builder.js
+++ b/test/mjsunit/wasm/wasm-module-builder.js
@@ -900,22 +900,6 @@
addElementSegment(table, base, is_global, array) {
this.element_segments.push({table: table, base: base, is_global: is_global,
array: array, is_active: true});
-
- // As a testing convenience, update the table length when adding an element
- // segment. If the table is imported, we can't do this because we don't
- // know how long the table actually is. If |is_global| is true, then the
- // base is a global index, instead of an integer offset, so we can't update
- // the table then either.
- if (!(is_global || table < this.num_imported_tables)) {
- var length = base + array.length;
- if (length > this.tables[0].initial_size) {
- this.tables[0].initial_size = length;
- }
- if (this.tables[0].has_max &&
- length > this.tables[0].max_size) {
- this.tables[0].max_size = length;
- }
- }
return this;
}
@@ -932,7 +916,15 @@
if (this.tables.length == 0) {
this.addTable(kWasmAnyFunc, 0);
}
- return this.addElementSegment(0, this.tables[0].initial_size, false, array);
+ // Adjust the table to the correct size.
+ let table = this.tables[0];
+ const base = table.initial_size;
+ const table_size = base + array.length;
+ table.initial_size = table_size;
+ if (table.has_max && table_size > table.max_size) {
+ table.max_size = table_size;
+ }
+ return this.addElementSegment(0, base, false, array);
}
setTableBounds(min, max = undefined) {
