[wasm] GrowMemory should use maximum size declared in WebAssembly.Memory

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
 
 #include "src/macro-assembler.h"
@@ skipping 1408 matching lines @@
         module_object_->SetInternalField(0, *compiled_module_);
         instance->SetInternalField(kWasmCompiledModule, *compiled_module_);
         compiled_module_->set_weak_owning_instance(link_to_owning_instance);
         GlobalHandles::MakeWeak(global_handle.location(),
                                 global_handle.location(), &InstanceFinalizer,
                                 v8::WeakCallbackType::kFinalizer);
       }
     }
 
     DCHECK(wasm::IsWasmObject(*instance));
+    // TODO(gdeepti): This should be a weak list of instance objects
+    // for instances that share memory.
+    Handle<Object> memory_object(instance->GetInternalField(kWasmMemObject),
+                                 isolate_);
+    static const int kWasmMemoryInstanceIndex = 2;

[bradnelson, 2016/10/17 22:13:25]

Shouldn't this live in wasm-module.h ?

[gdeepti, 2016/10/18 02:34:17]

Refactored this and GetMaxInstanceMemorySize so that internal fields on the
memory objects have getters/setters as required in wasm-js.cc instead of
defining const values in this file. This should not live in wasm-module.h
because the memory object should be internal to the JS interface.

+    if (!memory_object->IsUndefined(isolate_)) {
+      JSObject::cast(*memory_object)
+          ->SetInternalField(kWasmMemoryInstanceIndex, *instance);
+    }
 
     //--------------------------------------------------------------------------
     // Run the start function if one was specified.
     //--------------------------------------------------------------------------
     if (compiled_module_->has_startup_function()) {
       Handle<FixedArray> startup_data = compiled_module_->startup_function();
       HandleScope scope(isolate_);
       int32_t start_index =
           startup_data->GetValueChecked<Smi>(isolate_, kExportIndex)->value();
       Handle<Code> startup_code =
@@ skipping 759 matching lines @@
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> buffer;
   if (!maybe_mem_buffer.ToHandle(&buffer)) {
     return 0;
   } else {
     return buffer->byte_length()->Number() / WasmModule::kPageSize;
   }
 }
 
+uint32_t GetMaxInstanceMemorySize(Isolate* isolate, Handle<JSObject> instance) {
+  static const int kWasmMemoryMaximumIndex = 1;
+  uint32_t max_pages = WasmModule::kMaxMemPages;
+  Handle<Object> memory_object(instance->GetInternalField(kWasmMemObject),
+                               isolate);
+  if (memory_object->IsUndefined(isolate)) return max_pages;
+  Object* max_mem =
+      JSObject::cast(*memory_object)->GetInternalField(kWasmMemoryMaximumIndex);
+  if (max_mem->IsUndefined(isolate)) return max_pages;
+  max_pages = Smi::cast(max_mem)->value();
+  DCHECK(max_pages <= WasmModule::kMaxMemPages);
+  return max_pages;
+}
+
 int32_t wasm::GrowInstanceMemory(Isolate* isolate, Handle<JSObject> instance,
                                  uint32_t pages) {
-  if (!IsWasmObject(*instance)) return false;
+  if (!IsWasmObject(*instance)) return -1;
   if (pages == 0) return GetInstanceMemorySize(isolate, instance);

[bradnelson, 2016/10/17 22:23:26]

Move max_pages = ... to above and reuse max_pages here?

[gdeepti, 2016/10/18 02:34:17]

GetInstanceMemorySize, GetMaxInstanceMemorySize are different functions, cannot
reuse max_pages here.

+  uint32_t max_pages = GetMaxInstanceMemorySize(isolate, instance);
+  if (WasmModule::kMaxMemPages < max_pages) return -1;
 
   Address old_mem_start = nullptr;
   uint32_t old_size = 0, new_size = 0;
 
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> old_buffer;
-  if (!maybe_mem_buffer.ToHandle(&old_buffer)) {
+  if (!maybe_mem_buffer.ToHandle(&old_buffer) ||
+      old_buffer->backing_store() == nullptr) {
     // If module object does not have linear memory associated with it,
     // Allocate new array buffer of given size.
-    // TODO(gdeepti): Fix bounds check to take into account size of memtype.
     new_size = pages * WasmModule::kPageSize;
-    // The code generated in the wasm compiler guarantees this precondition.
-    DCHECK(pages <= WasmModule::kMaxMemPages);
+    if (max_pages < pages) return -1;
   } else {
     old_mem_start = static_cast<Address>(old_buffer->backing_store());
     old_size = old_buffer->byte_length()->Number();
     // If the old memory was zero-sized, we should have been in the
     // "undefined" case above.
     DCHECK_NOT_NULL(old_mem_start);
     DCHECK_NE(0, old_size);
     DCHECK(old_size + pages * WasmModule::kPageSize <=
            std::numeric_limits<uint32_t>::max());
     new_size = old_size + pages * WasmModule::kPageSize;
   }
 
-  if (new_size <= old_size ||
-      WasmModule::kMaxMemPages * WasmModule::kPageSize <= new_size) {
+  if (new_size <= old_size || max_pages * WasmModule::kPageSize < new_size) {
     return -1;
   }
   Handle<JSArrayBuffer> buffer = NewArrayBuffer(isolate, new_size);
   if (buffer.is_null()) return -1;
   Address new_mem_start = static_cast<Address>(buffer->backing_store());
   if (old_size != 0) {
     memcpy(new_mem_start, old_mem_start, old_size);
   }
   SetInstanceMemory(instance, *buffer);
   RelocateInstanceCode(instance, old_mem_start, new_mem_start, old_size,
@@ skipping 44 matching lines @@
 }
 
 void testing::ValidateOrphanedInstance(Isolate* isolate,
                                        Handle<JSObject> instance) {
   DisallowHeapAllocation no_gc;
   CHECK(IsWasmObject(*instance));
   WasmCompiledModule* compiled_module = GetCompiledModule(*instance);
   CHECK(compiled_module->has_weak_module_object());
   CHECK(compiled_module->ptr_to_weak_module_object()->cleared());
 }