[wasm] Update WasmMemoryObject correctly when module memory is exported.

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
 
 #include "src/macro-assembler.h"
@@ skipping 1773 matching lines @@
           desc.set_value(table_instance.table_object);
           break;
         }
         case kExternalMemory: {
           // Export the memory as a WebAssembly.Memory object.
           Handle<WasmMemoryObject> memory_object;
           if (!instance->has_memory_object()) {
             // If there was no imported WebAssembly.Memory object, create one.
             Handle<JSArrayBuffer> buffer(instance->get_memory_buffer(),
                                          isolate_);
-            memory_object = WasmMemoryObject::New(
-                isolate_, buffer,
-                (module_->max_mem_pages != 0) ? module_->max_mem_pages : -1);
-            instance->set_memory_object(*memory_object);
+            if (!buffer.is_null() && buffer->has_guard_region()) {

[Eric Holk, 2016/12/05 19:54:52]

We talked about this offline, but I'm summarizing here.

It's probably best to do this branch using wasm::NewArrayBuffer. To match the
old behavior, I think the right thing to do is to copy the old buffer into a
newly allocated buffer. Otherwise we'll end up with inconsistencies where once
the buffer grows sometimes it looks like the old size and sometimes it looks
like the new size.

[gdeepti, 2016/12/07 07:10:33]

Summarizing offline discussions, previous interpretation of the spec was
incorrect, exported memory objects reference instance memory, and should reflect
new size when grow_memory is called. Removed this block of code. 

+              // If guard pages are enabled, use a different buffer to create
+              // the exported memory object. Using the same buffer will result
+              // in the exported memory object having a handle to the buffer
+              // associated with a live instance.
+              Handle<JSArrayBuffer> new_buffer =
+                  isolate_->factory()->NewJSArrayBuffer();
+              JSArrayBuffer::Setup(new_buffer, isolate_, true,
+                                   buffer->backing_store(),
+                                   buffer->byte_length()->Number());
+              new_buffer->set_is_neuterable(false);
+              new_buffer->set_has_guard_region(true);
+              memory_object = WasmMemoryObject::New(
+                  isolate_, new_buffer,
+                  (module_->max_mem_pages != 0) ? module_->max_mem_pages : -1);
+            } else {
+              memory_object = WasmMemoryObject::New(
+                  isolate_, buffer,
+                  (module_->max_mem_pages != 0) ? module_->max_mem_pages : -1);
+            }
           } else {
             memory_object = Handle<WasmMemoryObject>(
                 instance->get_memory_object(), isolate_);
             DCHECK(WasmJs::IsWasmMemoryObject(isolate_, memory_object));
             memory_object->ResetInstancesLink(isolate_);
           }
 
           desc.set_value(memory_object);
           break;
         }
@@ skipping 549 matching lines @@
 MaybeHandle<String> WasmCompiledModule::GetFunctionName(
     Handle<WasmCompiledModule> compiled_module, uint32_t func_index) {
   DCHECK_LT(func_index, compiled_module->module()->functions.size());
   WasmFunction& function = compiled_module->module()->functions[func_index];
   Isolate* isolate = compiled_module->GetIsolate();
   MaybeHandle<String> string = ExtractStringFromModuleBytes(
       isolate, compiled_module, function.name_offset, function.name_length);
   if (!string.is_null()) return string.ToHandleChecked();
   return {};
 }