Revert of [wasm] Fix bounds check for zero initial memory.

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
 
 #include "src/macro-assembler.h"
@@ skipping 2038 matching lines @@
 Handle<WasmDebugInfo> wasm::GetDebugInfo(Handle<JSObject> wasm) {
   Handle<Object> info(wasm->GetInternalField(kWasmDebugInfo),
                       wasm->GetIsolate());
   if (!info->IsUndefined(wasm->GetIsolate()))
     return Handle<WasmDebugInfo>::cast(info);
   Handle<WasmDebugInfo> new_info = WasmDebugInfo::New(wasm);
   wasm->SetInternalField(kWasmDebugInfo, *new_info);
   return new_info;
 }
 
+bool wasm::UpdateWasmModuleMemory(Handle<JSObject> object, Address old_start,
+                                  Address new_start, uint32_t old_size,
+                                  uint32_t new_size) {
+  DisallowHeapAllocation no_allocation;
+  if (!IsWasmObject(*object)) {
+    return false;
+  }
+
+  // Get code table associated with the module js_object
+  Object* obj = object->GetInternalField(kWasmModuleCodeTable);
+  Handle<FixedArray> code_table(FixedArray::cast(obj));
+
+  // Iterate through the code objects in the code table and update relocation
+  // information
+  for (int i = 0; i < code_table->length(); ++i) {
+    obj = code_table->get(i);
+    Handle<Code> code(Code::cast(obj));
+
+    int mode_mask = RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_REFERENCE) |
+                    RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
+    for (RelocIterator it(*code, mode_mask); !it.done(); it.next()) {
+      RelocInfo::Mode mode = it.rinfo()->rmode();
+      if (RelocInfo::IsWasmMemoryReference(mode) ||
+          RelocInfo::IsWasmMemorySizeReference(mode)) {
+        it.rinfo()->update_wasm_memory_reference(old_start, new_start, old_size,
+                                                 new_size);
+      }
+    }
+  }
+  return true;
+}
+
 Handle<FixedArray> wasm::BuildFunctionTable(Isolate* isolate, uint32_t index,
                                             const WasmModule* module) {
   const WasmIndirectFunctionTable* table = &module->function_tables[index];
   DCHECK_EQ(table->size, table->values.size());
   DCHECK_GE(table->max_size, table->size);
   Handle<FixedArray> values =
       isolate->factory()->NewFixedArray(2 * table->max_size, TENURED);
   for (uint32_t i = 0; i < table->size; ++i) {
     const WasmFunction* function = &module->functions[table->values[i]];
     int32_t index = table->map.Find(function->sig);
@@ skipping 131 matching lines @@
   Handle<JSArrayBuffer> buffer;
   if (!maybe_mem_buffer.ToHandle(&buffer)) {
     return 0;
   } else {
     return buffer->byte_length()->Number() / WasmModule::kPageSize;
   }
 }
 
 int32_t wasm::GrowInstanceMemory(Isolate* isolate, Handle<JSObject> instance,
                                  uint32_t pages) {
-  if (!IsWasmObject(*instance)) return false;
-  if (pages == 0) return GetInstanceMemorySize(isolate, instance);
-
+  if (pages == 0) {
+    return GetInstanceMemorySize(isolate, instance);
+  }
   Address old_mem_start = nullptr;
   uint32_t old_size = 0, new_size = 0;
 
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> old_buffer;
   if (!maybe_mem_buffer.ToHandle(&old_buffer)) {
     // If module object does not have linear memory associated with it,
     // Allocate new array buffer of given size.
     // TODO(gdeepti): Fix bounds check to take into account size of memtype.
@@ skipping 16 matching lines @@
       WasmModule::kMaxMemPages * WasmModule::kPageSize <= new_size) {
     return -1;
   }
   Handle<JSArrayBuffer> buffer = NewArrayBuffer(isolate, new_size);
   if (buffer.is_null()) return -1;
   Address new_mem_start = static_cast<Address>(buffer->backing_store());
   if (old_size != 0) {
     memcpy(new_mem_start, old_mem_start, old_size);
   }
   SetInstanceMemory(instance, *buffer);
-  RelocateInstanceCode(instance, old_mem_start, new_mem_start, old_size,
-                       new_size);
+  if (!UpdateWasmModuleMemory(instance, old_mem_start, new_mem_start, old_size,
+                              new_size)) {
+    return -1;
+  }
   DCHECK(old_size % WasmModule::kPageSize == 0);
   return (old_size / WasmModule::kPageSize);
 }
 
 void testing::ValidateInstancesChain(Isolate* isolate,
                                      Handle<JSObject> module_obj,
                                      int instance_count) {
   CHECK_GE(instance_count, 0);
   DisallowHeapAllocation no_gc;
   WasmCompiledModule* compiled_module =
@@ skipping 33 matching lines @@
 }
 
 void testing::ValidateOrphanedInstance(Isolate* isolate,
                                        Handle<JSObject> instance) {
   DisallowHeapAllocation no_gc;
   CHECK(IsWasmObject(*instance));
   WasmCompiledModule* compiled_module = GetCompiledModule(*instance);
   CHECK(compiled_module->has_weak_module_object());
   CHECK(compiled_module->ptr_to_weak_module_object()->cleared());
 }