[runtime] Add instance size check for CheckEquivalent().

[runtime] Add instance size check for CheckEquivalent().

WASM exported functions have additional internal fields which change the instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.

R=verwaest@chromium.org,cbruni@chromium.org
BUG=

Committed: https://crrev.com/576abe14c673eefc4aaf3aaba4b4b670b1d87a12
Cr-Commit-Position: refs/heads/master@{#41691}

[titzer, 2016-12-07 15:27:26]

The CQ bit was checked by titzer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-07 15:27:42]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-07 15:46:40]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-07 15:46:42]

Dry run: Try jobs failed on following builders:
  v8_linux64_gyp_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_gyp_rel_ng/build...)
  v8_linux64_gyp_rel_ng_triggered on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_gyp_rel_ng_trigg...)

[titzer, 2016-12-12 15:40:53]

The CQ bit was checked by titzer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-12 15:41:04]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-12 15:54:53]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-12 15:54:54]

Dry run: Try jobs failed on following builders:
  v8_linux64_asan_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_asan_rel_ng/buil...)
  v8_linux64_asan_rel_ng_triggered on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_asan_rel_ng_trig...)

[titzer, 2016-12-12 17:35:05]

The CQ bit was checked by titzer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-12 17:35:08]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-12 18:02:47]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-12 18:02:48]

Dry run: This issue passed the CQ dry run.

[titzer, 2016-12-12 18:20:21]

PTAL, this is ready to go now.

[Camillo Bruni, 2016-12-14 11:30:13]

lgtm

[titzer, 2016-12-14 11:30:21]

The CQ bit was checked by titzer@chromium.org

[commit-bot: I haz the power, 2016-12-14 11:30:24]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-14 11:58:49]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1481715021772350,
"parent_rev": "8268f341c917551723d75fceb720262ae6c4a499", "commit_rev":
"5b1f936d139c5c5e6d68f6d7d40127c13ec539d6"}

[commit-bot: I haz the power, 2016-12-14 11:58:57]

Description was changed from

==========
[runtime] Add instance size check for CheckEquivalent().

WASM exported functions have additional internal fields which change the
instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.

R=verwaest@chromium.org,cbruni@chromium.org
BUG=
==========

to

==========
[runtime] Add instance size check for CheckEquivalent().

WASM exported functions have additional internal fields which change the
instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.

R=verwaest@chromium.org,cbruni@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2554343002
==========

[commit-bot: I haz the power, 2016-12-14 11:58:57]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2016-12-14 12:00:01]

Description was changed from

==========
[runtime] Add instance size check for CheckEquivalent().

WASM exported functions have additional internal fields which change the
instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.

R=verwaest@chromium.org,cbruni@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2554343002
==========

to

==========
[runtime] Add instance size check for CheckEquivalent().

WASM exported functions have additional internal fields which change the
instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.

R=verwaest@chromium.org,cbruni@chromium.org
BUG=

Committed: https://crrev.com/576abe14c673eefc4aaf3aaba4b4b670b1d87a12
Cr-Commit-Position: refs/heads/master@{#41691}
==========

[commit-bot: I haz the power, 2016-12-14 12:00:02]

Patchset 3 (id:??) landed as
https://crrev.com/576abe14c673eefc4aaf3aaba4b4b670b1d87a12
Cr-Commit-Position: refs/heads/master@{#41691}