Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime/runtime-wasm.cc

Issue 2105013004: Explicitly Disallow heap allocation when wasm memory references are updated (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Fix tests Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/wasm/wasm-module.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/runtime/runtime-utils.h" 5 #include "src/runtime/runtime-utils.h"
6 6
7 #include "src/arguments.h" 7 #include "src/arguments.h"
8 #include "src/assembler.h" 8 #include "src/assembler.h"
9 #include "src/conversions.h" 9 #include "src/conversions.h"
10 #include "src/debug/debug.h" 10 #include "src/debug/debug.h"
11 #include "src/factory.h" 11 #include "src/factory.h"
12 #include "src/frames-inl.h" 12 #include "src/frames-inl.h"
13 #include "src/objects-inl.h" 13 #include "src/objects-inl.h"
14 #include "src/v8memory.h" 14 #include "src/v8memory.h"
15 #include "src/wasm/wasm-module.h" 15 #include "src/wasm/wasm-module.h"
16 16
17 namespace v8 { 17 namespace v8 {
18 namespace internal { 18 namespace internal {
19 19
20 RUNTIME_FUNCTION(Runtime_WasmGrowMemory) { 20 RUNTIME_FUNCTION(Runtime_WasmGrowMemory) {
21 HandleScope scope(isolate); 21 HandleScope scope(isolate);
22 DCHECK_EQ(1, args.length()); 22 DCHECK_EQ(1, args.length());
23 uint32_t delta_pages = 0; 23 uint32_t delta_pages = 0;
24 RUNTIME_ASSERT(args[0]->ToUint32(&delta_pages)); 24 RUNTIME_ASSERT(args[0]->ToUint32(&delta_pages));
25 Handle<JSObject> module_object;
25 26
26 // Get the module JSObject 27 {
27 const Address entry = Isolate::c_entry_fp(isolate->thread_local_top()); 28 // Get the module JSObject
28 Address pc = 29 DisallowHeapAllocation no_allocation;
29 Memory::Address_at(entry + StandardFrameConstants::kCallerPCOffset); 30 const Address entry = Isolate::c_entry_fp(isolate->thread_local_top());
30 Code* code = isolate->inner_pointer_to_code_cache()->GetCacheEntry(pc)->code; 31 Address pc =
31 FixedArray* deopt_data = code->deoptimization_data(); 32 Memory::Address_at(entry + StandardFrameConstants::kCallerPCOffset);
32 DCHECK(deopt_data->length() == 2); 33 Code* code =
33 JSObject* module_object = JSObject::cast(deopt_data->get(0)); 34 isolate->inner_pointer_to_code_cache()->GetCacheEntry(pc)->code;
34 RUNTIME_ASSERT(!module_object->IsNull(isolate)); 35 FixedArray* deopt_data = code->deoptimization_data();
36 DCHECK(deopt_data->length() == 2);
37 module_object = Handle<JSObject>::cast(handle(deopt_data->get(0), isolate));
38 RUNTIME_ASSERT(!module_object->IsNull(isolate));
39 }
35 40
36 Address old_mem_start, new_mem_start; 41 Address old_mem_start, new_mem_start;
37 uint32_t old_size, new_size; 42 uint32_t old_size, new_size;
38 const int kWasmMemArrayBuffer = 2; 43 const int kWasmMemArrayBuffer = 2;
39 44
40 // Get mem buffer associated with module object 45 // Get mem buffer associated with module object
41 Object* obj = module_object->GetInternalField(kWasmMemArrayBuffer); 46 Handle<Object> obj(module_object->GetInternalField(kWasmMemArrayBuffer),
47 isolate);
42 48
43 if (obj->IsUndefined(isolate)) { 49 if (obj->IsUndefined(isolate)) {
44 // If module object does not have linear memory associated with it, 50 // If module object does not have linear memory associated with it,
45 // Allocate new array buffer of given size. 51 // Allocate new array buffer of given size.
46 old_mem_start = nullptr; 52 old_mem_start = nullptr;
47 old_size = 0; 53 old_size = 0;
48 // TODO(gdeepti): Fix bounds check to take into account size of memtype. 54 // TODO(gdeepti): Fix bounds check to take into account size of memtype.
49 new_size = delta_pages * wasm::WasmModule::kPageSize; 55 new_size = delta_pages * wasm::WasmModule::kPageSize;
50 if (delta_pages > wasm::WasmModule::kMaxMemPages) { 56 if (delta_pages > wasm::WasmModule::kMaxMemPages) {
51 THROW_NEW_ERROR_RETURN_FAILURE( 57 THROW_NEW_ERROR_RETURN_FAILURE(
52 isolate, NewRangeError(MessageTemplate::kWasmTrapMemOutOfBounds)); 58 isolate, NewRangeError(MessageTemplate::kWasmTrapMemOutOfBounds));
53 } 59 }
54 new_mem_start = 60 new_mem_start =
55 static_cast<Address>(isolate->array_buffer_allocator()->Allocate( 61 static_cast<Address>(isolate->array_buffer_allocator()->Allocate(
56 static_cast<uint32_t>(new_size))); 62 static_cast<uint32_t>(new_size)));
57 if (new_mem_start == NULL) { 63 if (new_mem_start == NULL) {
58 THROW_NEW_ERROR_RETURN_FAILURE( 64 THROW_NEW_ERROR_RETURN_FAILURE(
59 isolate, NewRangeError(MessageTemplate::kWasmTrapMemAllocationFail)); 65 isolate, NewRangeError(MessageTemplate::kWasmTrapMemAllocationFail));
60 } 66 }
61 #if DEBUG 67 #if DEBUG
62 // Double check the API allocator actually zero-initialized the memory. 68 // Double check the API allocator actually zero-initialized the memory.
63 for (size_t i = old_size; i < new_size; i++) { 69 for (size_t i = old_size; i < new_size; i++) {
64 DCHECK_EQ(0, new_mem_start[i]); 70 DCHECK_EQ(0, new_mem_start[i]);
65 } 71 }
66 #endif 72 #endif
67 } else { 73 } else {
68 Handle<JSArrayBuffer> old_buffer = 74 Handle<JSArrayBuffer> old_buffer = Handle<JSArrayBuffer>::cast(obj);
69 Handle<JSArrayBuffer>(JSArrayBuffer::cast(obj));
70 old_mem_start = static_cast<Address>(old_buffer->backing_store()); 75 old_mem_start = static_cast<Address>(old_buffer->backing_store());
71 old_size = old_buffer->byte_length()->Number(); 76 old_size = old_buffer->byte_length()->Number();
72 // If the old memory was zero-sized, we should have been in the 77 // If the old memory was zero-sized, we should have been in the
73 // "undefined" case above. 78 // "undefined" case above.
74 DCHECK_NOT_NULL(old_mem_start); 79 DCHECK_NOT_NULL(old_mem_start);
75 DCHECK_NE(0, old_size); 80 DCHECK_NE(0, old_size);
76 81
77 new_size = old_size + delta_pages * wasm::WasmModule::kPageSize; 82 new_size = old_size + delta_pages * wasm::WasmModule::kPageSize;
78 if (new_size > 83 if (new_size >
79 wasm::WasmModule::kMaxMemPages * wasm::WasmModule::kPageSize) { 84 wasm::WasmModule::kMaxMemPages * wasm::WasmModule::kPageSize) {
(...skipping 20 matching lines...) Expand all
100 105
101 RUNTIME_ASSERT(wasm::UpdateWasmModuleMemory( 106 RUNTIME_ASSERT(wasm::UpdateWasmModuleMemory(
102 module_object, old_mem_start, new_mem_start, old_size, new_size)); 107 module_object, old_mem_start, new_mem_start, old_size, new_size));
103 108
104 return *isolate->factory()->NewNumberFromUint(old_size / 109 return *isolate->factory()->NewNumberFromUint(old_size /
105 wasm::WasmModule::kPageSize); 110 wasm::WasmModule::kPageSize);
106 } 111 }
107 112
108 } // namespace internal 113 } // namespace internal
109 } // namespace v8 114 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/wasm/wasm-module.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698