Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit b59af77

Browse filesBrowse files
jakobkummerowtargos
jakobkummerow
authored and
targos
committed
deps: V8: cherry-pick 47800791b35c
Original commit message: [wasm] Fix DCHECK in AtomicWait after memory growth With the changes in crrev.com/c/7003085, calling memory.grow() via the JS API didn't immediately update the memory's array buffer any more, which triggered a DCHECK in the runtime functions for atomic waits. This patch restores immediate updating of the buffer for the current isolate, which maintains the other CL's goal to not allocate on loop back edges. Fixed: 454991459 Change-Id: Id633cebb9ac24606bc0d8a3df703c74531d3c8a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7100806 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#103431} Refs: v8/v8@4780079 PR-URL: #60488 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
1 parent 6494c7b commit b59af77
Copy full SHA for b59af77

3 files changed

+24-1Lines changed: 24 additions & 1 deletion

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎common.gypi‎

Copy file name to clipboardExpand all lines: common.gypi
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838

3939
# Reset this number to 0 on major V8 upgrades.
4040
# Increment by one for each non-official patch applied to deps/v8.
41-
'v8_embedder_string': '-node.7',
41+
'v8_embedder_string': '-node.8',
4242

4343
##### V8 defaults for Node.js #####
4444

Collapse file

‎deps/v8/src/wasm/wasm-objects.cc‎

Copy file name to clipboardExpand all lines: deps/v8/src/wasm/wasm-objects.cc
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1207,6 +1207,9 @@ int32_t WasmMemoryObject::Grow(Isolate* isolate,
12071207
if (!old_buffer->is_resizable_by_js()) {
12081208
// Broadcasting the update should update this memory object too.
12091209
CHECK(memory_object->needs_new_buffer());
1210+
// For the current isolate, immediately update the buffer.
1211+
RefreshSharedBuffer(isolate, memory_object, old_buffer,
1212+
ResizableFlag::kNotResizable);
12101213
}
12111214
// As {old_pages} was read racefully, we return here the synchronized
12121215
// value provided by {GrowWasmMemoryInPlace}, to provide the atomic
Collapse file

‎deps/v8/test/mjsunit/regress/wasm/regress-454991459.js‎

Copy file name to clipboard
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
// Copyright 2025 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
6+
7+
let memory = new WebAssembly.Memory({ initial: 1, maximum: 2, shared: true });
8+
let builder = new WasmModuleBuilder();
9+
builder.addImportedMemory("m", "memory", 1, 2, "shared");
10+
builder.addFunction("wait", kSig_i_ii)
11+
.addBody([
12+
kExprLocalGet, 0, // address
13+
kExprLocalGet, 1, // expected_value
14+
kExprI64Const, 0, // timeout
15+
kAtomicPrefix, kExprI32AtomicWait, 2, 0
16+
])
17+
.exportFunc();
18+
let instance = builder.instantiate({m: {memory}});
19+
memory.grow(1);
20+
instance.exports.wait(kPageSize);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.