[wasm] GrowMemory should use maximum size declared in WebAssembly.Memory

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
 
 #include "src/macro-assembler.h"
@@ skipping 84 matching lines @@
   kSourceSize,          // Smi. an uint32_t
   kWasmSegmentInfoSize  // Sentinel value.
 };
 
 enum WasmIndirectFunctionTableData {
   kSize,                              // Smi. an uint32_t
   kTable,                             // FixedArray of indirect function table
   kWasmIndirectFunctionTableDataSize  // Sentinel value.
 };
 
+enum WasmMemoryObjectData {

[titzer, 2016/10/11 08:30:06]

I am wondering if it is possible to hide these in wasm-js.cc instead. Not sure
if that will turn out to be simpler or not.

[gdeepti, 2016/10/16 15:39:58]

Done.

+  kWasmMemoryBuffer,
+  kWasmMaxMemory,
+  kWasmInstanceObject
+};
+
 byte* raw_buffer_ptr(MaybeHandle<JSArrayBuffer> buffer, int offset) {
   return static_cast<byte*>(buffer.ToHandleChecked()->backing_store()) + offset;
 }
 
 uint32_t GetMinModuleMemSize(const WasmModule* module) {
   return WasmModule::kPageSize * module->min_mem_pages;
 }
 
 void SaveDataSegmentInfo(Factory* factory, const WasmModule* module,
                          Handle<WasmCompiledModule> compiled_module) {
@@ skipping 1327 matching lines @@
         module_object_->SetInternalField(0, *compiled_module_);
         instance->SetInternalField(kWasmCompiledModule, *compiled_module_);
         compiled_module_->set_weak_owning_instance(link_to_owning_instance);
         GlobalHandles::MakeWeak(global_handle.location(),
                                 global_handle.location(), &InstanceFinalizer,
                                 v8::WeakCallbackType::kFinalizer);
       }
     }
 
     DCHECK(wasm::IsWasmObject(*instance));
+    // TODO(gdeepti): This should be a weak list of instance objects
+    // for instances that share memory.
+    Handle<Object> memory_object(instance->GetInternalField(kWasmMemObject),
+                                 isolate_);
+    if (!memory_object->IsUndefined(isolate_)) {
+      JSObject::cast(*memory_object)
+          ->SetInternalField(kWasmInstanceObject, *instance);
+    }
 
     TRACE("Finishing instance %d\n", compiled_module_->instance_id());
     TRACE_CHAIN(WasmCompiledModule::cast(module_object_->GetInternalField(0)));
     return instance;
   }
 
  private:
   Isolate* isolate_;
   ErrorThrower* thrower_;
   Handle<JSObject> module_object_;
@@ skipping 712 matching lines @@
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> buffer;
   if (!maybe_mem_buffer.ToHandle(&buffer)) {
     return 0;
   } else {
     return buffer->byte_length()->Number() / WasmModule::kPageSize;
   }
 }
 
+uint32_t GetMaxInstanceMemorySize(Isolate* isolate, Handle<JSObject> instance) {
+  uint32_t max_pages = WasmModule::kMaxMemPages;
+  Handle<Object> memory_object(instance->GetInternalField(kWasmMemObject),
+                               isolate);
+  if (memory_object->IsUndefined(isolate)) return max_pages;
+  Object* max_mem =
+      JSObject::cast(*memory_object)->GetInternalField(kWasmMaxMemory);
+  if (max_mem->IsUndefined(isolate)) return max_pages;
+  max_pages = Smi::cast(max_mem)->value();
+  DCHECK(max_pages <= WasmModule::kMaxMemPages);
+  return max_pages;
+}
+
 int32_t GrowInstanceMemory(Isolate* isolate, Handle<JSObject> instance,
                            uint32_t pages) {
-  if (pages == 0) {
-    return GetInstanceMemorySize(isolate, instance);
-  }
+  if (!IsWasmObject(*instance)) return -1;
+  if (pages == 0) return GetInstanceMemorySize(isolate, instance);
+  uint32_t max_pages = GetMaxInstanceMemorySize(isolate, instance);
+  if (WasmModule::kMaxMemPages < max_pages) return -1;
+
   Address old_mem_start = nullptr;
   uint32_t old_size = 0, new_size = 0;
 
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> old_buffer;
   if (!maybe_mem_buffer.ToHandle(&old_buffer)) {
     // If module object does not have linear memory associated with it,
     // Allocate new array buffer of given size.
     // TODO(gdeepti): Fix bounds check to take into account size of memtype.
     new_size = pages * WasmModule::kPageSize;
-    // The code generated in the wasm compiler guarantees this precondition.
-    DCHECK(pages <= WasmModule::kMaxMemPages);
+    if (max_pages < pages) return -1;
   } else {
     old_mem_start = static_cast<Address>(old_buffer->backing_store());
     old_size = old_buffer->byte_length()->Number();
     // If the old memory was zero-sized, we should have been in the
     // "undefined" case above.
     DCHECK_NOT_NULL(old_mem_start);
     DCHECK_NE(0, old_size);
     DCHECK(old_size + pages * WasmModule::kPageSize <=
            std::numeric_limits<uint32_t>::max());
     new_size = old_size + pages * WasmModule::kPageSize;
   }
 
-  if (new_size <= old_size ||
-      WasmModule::kMaxMemPages * WasmModule::kPageSize <= new_size) {
+  if (new_size <= old_size || max_pages * WasmModule::kPageSize < new_size) {
     return -1;
   }
   Handle<JSArrayBuffer> buffer = NewArrayBuffer(isolate, new_size);
   if (buffer.is_null()) return -1;
   Address new_mem_start = static_cast<Address>(buffer->backing_store());
   if (old_size != 0) {
     memcpy(new_mem_start, old_mem_start, old_size);
   }
   SetInstanceMemory(instance, *buffer);
   if (!UpdateWasmModuleMemory(instance, old_mem_start, new_mem_start, old_size,
@@ skipping 51 matching lines @@
   WasmCompiledModule* compiled_module =
       WasmCompiledModule::cast(instance->GetInternalField(kWasmCompiledModule));
   CHECK(compiled_module->has_weak_module_object());
   CHECK(compiled_module->ptr_to_weak_module_object()->cleared());
 }
 
 }  // namespace testing
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8