src/runtime/runtime-wasm.cc - Issue 2105013004: Explicitly Disallow heap allocation when wasm memory references are updated

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/runtime/runtime-wasm.cc

Issue 2105013004: Explicitly Disallow heap allocation when wasm memory references are updated (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Fix tests Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/runtime/runtime-wasm.cc

diff --git a/src/runtime/runtime-wasm.cc b/src/runtime/runtime-wasm.cc

index 75e2a76b8b2965527828af6fee0c07e4be38f1f8..0e86ccc3712eaf3d3e710eb2c5fe880d2690c024 100644

--- a/src/runtime/runtime-wasm.cc

+++ b/src/runtime/runtime-wasm.cc

@@ -22,23 +22,29 @@ RUNTIME_FUNCTION(Runtime_WasmGrowMemory) {

DCHECK_EQ(1, args.length());

uint32_t delta_pages = 0;

RUNTIME_ASSERT(args[0]->ToUint32(&delta_pages));

+ Handle<JSObject> module_object;

- // Get the module JSObject

- const Address entry = Isolate::c_entry_fp(isolate->thread_local_top());

- Address pc =

- Memory::Address_at(entry + StandardFrameConstants::kCallerPCOffset);

- Code* code = isolate->inner_pointer_to_code_cache()->GetCacheEntry(pc)->code;

- FixedArray* deopt_data = code->deoptimization_data();

- DCHECK(deopt_data->length() == 2);

- JSObject* module_object = JSObject::cast(deopt_data->get(0));

- RUNTIME_ASSERT(!module_object->IsNull(isolate));

+ {

+ // Get the module JSObject

+ DisallowHeapAllocation no_allocation;

+ const Address entry = Isolate::c_entry_fp(isolate->thread_local_top());

+ Address pc =

+ Memory::Address_at(entry + StandardFrameConstants::kCallerPCOffset);

+ Code* code =

+ isolate->inner_pointer_to_code_cache()->GetCacheEntry(pc)->code;

+ FixedArray* deopt_data = code->deoptimization_data();

+ DCHECK(deopt_data->length() == 2);

+ module_object = Handle<JSObject>::cast(handle(deopt_data->get(0), isolate));

+ RUNTIME_ASSERT(!module_object->IsNull(isolate));

+ }

Address old_mem_start, new_mem_start;

uint32_t old_size, new_size;

const int kWasmMemArrayBuffer = 2;

// Get mem buffer associated with module object

- Object* obj = module_object->GetInternalField(kWasmMemArrayBuffer);

+ Handle<Object> obj(module_object->GetInternalField(kWasmMemArrayBuffer),

+ isolate);

if (obj->IsUndefined(isolate)) {

// If module object does not have linear memory associated with it,

@@ -65,8 +71,7 @@ RUNTIME_FUNCTION(Runtime_WasmGrowMemory) {

}

#endif

} else {

- Handle<JSArrayBuffer> old_buffer =

- Handle<JSArrayBuffer>(JSArrayBuffer::cast(obj));

+ Handle<JSArrayBuffer> old_buffer = Handle<JSArrayBuffer>::cast(obj);

old_mem_start = static_cast<Address>(old_buffer->backing_store());

old_size = old_buffer->byte_length()->Number();

// If the old memory was zero-sized, we should have been in the

« no previous file with comments | « no previous file | src/wasm/wasm-module.h » ('j') | no next file with comments »