[wasm] Use new override mechanism for wasm limits

third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 128 matching lines @@
       break;
     case v8::Isolate::kMessageError:
       level = InfoMessageLevel;
       break;
     default:
       NOTREACHED();
   }
   return level;
 }
 
+// NOTE: when editing this, please also edit the error messages we throw when
+// the size is exceeded (see uses of the constant), which use the human-friendly
+// "4KB" text.
 const size_t kWasmWireBytesLimit = 1 << 12;
 
 }  // namespace
 
 void V8Initializer::messageHandlerInMainThread(v8::Local<v8::Message> message,
                                                v8::Local<v8::Value> data) {
   ASSERT(isMainThread());
   v8::Isolate* isolate = v8::Isolate::GetCurrent();
 
   if (isolate->GetEnteredContext().IsEmpty())
@@ skipping 159 matching lines @@
   if (ExecutionContext* executionContext = toExecutionContext(context)) {
     if (ContentSecurityPolicy* policy =
             toDocument(executionContext)->contentSecurityPolicy())
       return policy->allowEval(ScriptState::from(context),
                                SecurityViolationReportingPolicy::Report,
                                ContentSecurityPolicy::WillThrowException);
   }
   return false;
 }
 
-static bool allowWasmCompileCallbackInMainThread(v8::Isolate* isolate,
-                                                 v8::Local<v8::Value> source,
-                                                 bool asPromise) {
-  // We allow async compilation irrespective of buffer size.
-  if (asPromise)
-    return true;
-  if (source->IsArrayBuffer() &&
-      v8::Local<v8::ArrayBuffer>::Cast(source)->ByteLength() >
-          kWasmWireBytesLimit) {
-    return false;
-  }
-  if (source->IsArrayBufferView() &&
-      v8::Local<v8::ArrayBufferView>::Cast(source)->ByteLength() >
-          kWasmWireBytesLimit) {
-    return false;
-  }
-  return true;
+v8::Local<v8::Value> newRangeException(v8::Isolate* isolate,
+                                       const char* message) {
+  return v8::Exception::RangeError(
+      v8::String::NewFromOneByte(isolate,
+                                 reinterpret_cast<const uint8_t*>(message),
+                                 v8::NewStringType::kNormal)
+          .ToLocalChecked());
 }
 
-static bool allowWasmInstantiateCallbackInMainThread(
-    v8::Isolate* isolate,
-    v8::Local<v8::Value> source,
-    v8::MaybeLocal<v8::Value> ffi,
-    bool asPromise) {
-  // Async cases are allowed, regardless of the size of the
-  // wire bytes. Note that, for instantiation, we use the wire
-  // bytes size as a proxy for instantiation time. We may
-  // consider using the size of the ffi (nr of properties)
-  // instead, or, even more directly, number of imports.
-  if (asPromise)
+void throwRangeException(v8::Isolate* isolate, const char* message) {
+  isolate->ThrowException(newRangeException(isolate, message));
+}
+
+static bool wasmModuleOverride(
+    const v8::FunctionCallbackInfo<v8::Value>& args) {
+  // Return false if we want the base behavior to proceed.
+  if (!WTF::isMainThread() || args.Length() < 1)
+    return false;
+  v8::Local<v8::Value> source = args[0];
+  if ((source->IsArrayBuffer() &&
+       v8::Local<v8::ArrayBuffer>::Cast(source)->ByteLength() >
+           kWasmWireBytesLimit) ||
+      (source->IsArrayBufferView() &&
+       v8::Local<v8::ArrayBufferView>::Cast(source)->ByteLength() >
+           kWasmWireBytesLimit)) {
+    throwRangeException(args.GetIsolate(),
+                        "WebAssembly.Compile is disallowed on the main thread, "
+                        "if the buffer size is larger than 4KB. Use "
+                        "WebAssembly.compile, or compile on a worker thread.");
+    // Return true because we injected new behavior and we do not
+    // want the default behavior.
     return true;
-  // If it's not a promise, the source should be a wasm module
-  DCHECK(source->IsWebAssemblyCompiledModule());
+  }
+  return false;
+}
+
+static bool wasmInstanceOverride(
+    const v8::FunctionCallbackInfo<v8::Value>& args) {
+  // Return false if we want the base behavior to proceed.
+  if (!WTF::isMainThread() || args.Length() < 1)
+    return false;
+  v8::Local<v8::Value> source = args[0];
+  if (!source->IsWebAssemblyCompiledModule())
+    return false;
+
   v8::Local<v8::WasmCompiledModule> module =
       v8::Local<v8::WasmCompiledModule>::Cast(source);
   if (static_cast<size_t>(module->GetWasmWireBytes()->Length()) >
       kWasmWireBytesLimit) {
-    return false;
+    throwRangeException(
+        args.GetIsolate(),
+        "WebAssembly.Instance is disallowed on the main thread, "
+        "if the buffer size is larger than 4KB. Use "
+        "WebAssembly.instantiate.");
+    return true;
   }
-  return true;
+  return false;
 }
 
 static void initializeV8Common(v8::Isolate* isolate) {
   isolate->AddGCPrologueCallback(V8GCController::gcPrologue);
   isolate->AddGCEpilogueCallback(V8GCController::gcEpilogue);
   std::unique_ptr<ScriptWrappableVisitor> visitor(
       new ScriptWrappableVisitor(isolate));
   V8PerIsolateData::from(isolate)->setScriptWrappableVisitor(
       std::move(visitor));
   isolate->SetEmbedderHeapTracer(
       V8PerIsolateData::from(isolate)->scriptWrappableVisitor());
 
   isolate->SetMicrotasksPolicy(v8::MicrotasksPolicy::kScoped);
 
   isolate->SetUseCounterCallback(&useCounterCallback);
+  isolate->SetWasmModuleCallback(wasmModuleOverride);
+  isolate->SetWasmInstanceCallback(wasmInstanceOverride);
 }
 
 namespace {
 
 class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
   // Allocate() methods return null to signal allocation failure to V8, which
   // should respond by throwing a RangeError, per
   // http://www.ecma-international.org/ecma-262/6.0/#sec-createbytedatablock.
   void* Allocate(size_t size) override {
     return WTF::ArrayBufferContents::allocateMemoryOrNull(
@@ skipping 56 matching lines @@
   isolate->SetFatalErrorHandler(reportFatalErrorInMainThread);
   isolate->AddMessageListenerWithErrorLevel(
       messageHandlerInMainThread,
       v8::Isolate::kMessageError | v8::Isolate::kMessageWarning |
           v8::Isolate::kMessageInfo | v8::Isolate::kMessageDebug |
           v8::Isolate::kMessageLog);
   isolate->SetFailedAccessCheckCallbackFunction(
       failedAccessCheckCallbackInMainThread);
   isolate->SetAllowCodeGenerationFromStringsCallback(
       codeGenerationCheckCallbackInMainThread);
-  isolate->SetAllowWasmCompileCallback(allowWasmCompileCallbackInMainThread);
-  isolate->SetAllowWasmInstantiateCallback(
-      allowWasmInstantiateCallbackInMainThread);
   if (RuntimeEnabledFeatures::v8IdleTasksEnabled()) {
     V8PerIsolateData::enableIdleTasks(
         isolate, WTF::makeUnique<V8IdleTaskRunner>(scheduler));
   }
 
   isolate->SetPromiseRejectCallback(promiseRejectHandlerInMainThread);
 
   if (v8::HeapProfiler* profiler = isolate->GetHeapProfiler()) {
     profiler->SetWrapperClassInfoProvider(
         WrapperTypeInfo::NodeClassId, &RetainedDOMInfo::createRetainedDOMInfo);
@@ skipping 86 matching lines @@
           v8::Isolate::kMessageLog);
   isolate->SetFatalErrorHandler(reportFatalErrorInWorker);
 
   uint32_t here;
   isolate->SetStackLimit(reinterpret_cast<uintptr_t>(&here) -
                          kWorkerMaxStackSize);
   isolate->SetPromiseRejectCallback(promiseRejectHandlerInWorker);
 }
 
 }  // namespace blink