[wasm] Fix serialization after instantiation

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/assembler-inl.h"
 #include "src/base/adapters.h"
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
@@ skipping 631 matching lines @@
           static_cast<int>(module_->functions.size() + func_index);
       code_table->set(export_index, *wrapper_code);
       RecordStats(isolate_, *wrapper_code);
       func_index++;
     }
 
     return WasmModuleObject::New(isolate_, compiled_module);
 }
 };
 
-static void ResetCompiledModule(Isolate* isolate, WasmInstanceObject* owner,
-                                WasmCompiledModule* compiled_module) {
-  TRACE("Resetting %d\n", compiled_module->instance_id());
-  Object* undefined = *isolate->factory()->undefined_value();
-  Object* fct_obj = compiled_module->ptr_to_code_table();
-  if (fct_obj != nullptr && fct_obj != undefined) {
-    uint32_t old_mem_size = compiled_module->mem_size();
-    uint32_t default_mem_size = compiled_module->default_mem_size();
-    Object* mem_start = compiled_module->maybe_ptr_to_memory();
-
-    // Patch code to update memory references, global references, and function
-    // table references.
-    Zone specialization_zone(isolate->allocator(), ZONE_NAME);
-    CodeSpecialization code_specialization(isolate, &specialization_zone);
-
-    if (old_mem_size > 0) {
-      CHECK_NE(mem_start, undefined);
-      Address old_mem_address =
-          static_cast<Address>(JSArrayBuffer::cast(mem_start)->backing_store());
-      code_specialization.RelocateMemoryReferences(
-          old_mem_address, old_mem_size, nullptr, default_mem_size);
-    }
-
-    if (owner->has_globals_buffer()) {
-      Address globals_start =
-          static_cast<Address>(owner->globals_buffer()->backing_store());
-      code_specialization.RelocateGlobals(globals_start, nullptr);
-    }
-
-    // Reset function tables.
-    if (compiled_module->has_function_tables()) {
-      FixedArray* function_tables = compiled_module->ptr_to_function_tables();
-      FixedArray* empty_function_tables =
-          compiled_module->ptr_to_empty_function_tables();
-      DCHECK_EQ(function_tables->length(), empty_function_tables->length());
-      for (int i = 0, e = function_tables->length(); i < e; ++i) {
-        code_specialization.RelocateObject(
-            handle(function_tables->get(i), isolate),
-            handle(empty_function_tables->get(i), isolate));
-      }
-      compiled_module->set_ptr_to_function_tables(empty_function_tables);
-    }
-
-    FixedArray* functions = FixedArray::cast(fct_obj);
-    for (int i = compiled_module->num_imported_functions(),
-             end = functions->length();
-         i < end; ++i) {
-      Code* code = Code::cast(functions->get(i));
-      // Skip lazy compile stubs.
-      if (code->builtin_index() == Builtins::kWasmCompileLazy) continue;
-      if (code->kind() != Code::WASM_FUNCTION) {
-        // From here on, there should only be wrappers for exported functions.
-        for (; i < end; ++i) {
-          DCHECK_EQ(Code::JS_TO_WASM_FUNCTION,
-                    Code::cast(functions->get(i))->kind());
-        }
-        break;
-      }
-      bool changed =
-          code_specialization.ApplyToWasmCode(code, SKIP_ICACHE_FLUSH);
-      // TODO(wasm): Check if this is faster than passing FLUSH_ICACHE_IF_NEEDED
-      // above.
-      if (changed) {
-        Assembler::FlushICache(isolate, code->instruction_start(),
-                               code->instruction_size());
-      }
-    }
-  }
-  compiled_module->reset_memory();
-}
-
 static void MemoryInstanceFinalizer(Isolate* isolate,
                                     WasmInstanceObject* instance) {
   DisallowHeapAllocation no_gc;
   // If the memory object is destroyed, nothing needs to be done here.
   if (!instance->has_memory_object()) return;
   Handle<WasmInstanceWrapper> instance_wrapper =
       handle(instance->instance_wrapper());
   DCHECK(WasmInstanceWrapper::IsWasmInstanceWrapper(*instance_wrapper));
   DCHECK(instance_wrapper->has_instance());
   bool has_prev = instance_wrapper->has_previous();
@@ skipping 65 matching lines @@
     TRACE("chain before {\n");
     TRACE_CHAIN(current_template);
     TRACE("}\n");
 
     DCHECK(!current_template->has_weak_prev_instance());
     WeakCell* next = compiled_module->maybe_ptr_to_weak_next_instance();
     WeakCell* prev = compiled_module->maybe_ptr_to_weak_prev_instance();
 
     if (current_template == compiled_module) {
       if (next == nullptr) {
-        ResetCompiledModule(isolate, owner, compiled_module);
+        WasmCompiledModule::Reset(isolate, compiled_module);
       } else {
         DCHECK(next->value()->IsFixedArray());
         wasm_module->SetEmbedderField(0, next->value());
         DCHECK_NULL(prev);
         WasmCompiledModule::cast(next->value())->reset_weak_prev_instance();
       }
     } else {
       DCHECK(!(prev == nullptr && next == nullptr));
       // the only reason prev or next would be cleared is if the
       // respective objects got collected, but if that happened,
@@ skipping 442 matching lines @@
     uint32_t globals_size = module_->globals_size;
     if (globals_size > 0) {
       const bool enable_guard_regions = false;
       Handle<JSArrayBuffer> global_buffer =
           NewArrayBuffer(isolate_, globals_size, enable_guard_regions);
       globals_ = global_buffer;
       if (globals_.is_null()) {
         thrower_->RangeError("Out of memory: wasm globals");
         return {};
       }
-      Address old_globals_start = nullptr;
-      if (!owner.is_null()) {
-        DCHECK(owner.ToHandleChecked()->has_globals_buffer());
-        old_globals_start = static_cast<Address>(
-            owner.ToHandleChecked()->globals_buffer()->backing_store());
-      }
+      Address old_globals_start = compiled_module_->GetGlobalsStartOrNull();
       Address new_globals_start =
           static_cast<Address>(global_buffer->backing_store());
       code_specialization.RelocateGlobals(old_globals_start, new_globals_start);
+      // The address of the backing buffer for the golbals is in native memory
+      // and, thus, not moving. We need it saved for
+      // serialization/deserialization purposes - so that the other end
+      // understands how to relocate the references. We still need to save the
+      // JSArrayBuffer on the instance, to keep it all alive.
+      WasmCompiledModule::SetGlobalsStartAddressFrom(factory, compiled_module_,
+                                                     global_buffer);
       instance->set_globals_buffer(*global_buffer);
     }
 
     //--------------------------------------------------------------------------
     // Prepare for initialization of function tables.
     //--------------------------------------------------------------------------
     int function_table_count =
         static_cast<int>(module_->function_tables.size());
     table_instances_.reserve(module_->function_tables.size());
     for (int index = 0; index < function_table_count; ++index) {
@@ skipping 15 matching lines @@
 
     //--------------------------------------------------------------------------
     // Set up the indirect function tables for the new instance.
     //--------------------------------------------------------------------------
     if (function_table_count > 0)
       InitializeTables(code_table, instance, &code_specialization);
 
     //--------------------------------------------------------------------------
     // Set up the memory for the new instance.
     //--------------------------------------------------------------------------
-    MaybeHandle<JSArrayBuffer> old_memory;
-
     uint32_t min_mem_pages = module_->min_mem_pages;
     (module_->is_wasm() ? isolate_->counters()->wasm_wasm_min_mem_pages_count()
                         : isolate_->counters()->wasm_asm_min_mem_pages_count())
         ->AddSample(min_mem_pages);
 
     if (!memory_.is_null()) {
       // Set externally passed ArrayBuffer non neuterable.
       memory_->set_is_neuterable(false);
 
       DCHECK_IMPLIES(EnableGuardRegions(),
@@ skipping 28 matching lines @@
       if (!in_bounds(base, seg.source_size, mem_size)) {
         thrower_->LinkError("data segment is out of bounds");
         return {};
       }
     }
 
     //--------------------------------------------------------------------------
     // Initialize memory.
     //--------------------------------------------------------------------------
     if (!memory_.is_null()) {
-      instance->set_memory_buffer(*memory_);
       Address mem_start = static_cast<Address>(memory_->backing_store());
       uint32_t mem_size =
           static_cast<uint32_t>(memory_->byte_length()->Number());
       LoadDataSegments(mem_start, mem_size);
 
       uint32_t old_mem_size = compiled_module_->mem_size();
-      Address old_mem_start =
-          compiled_module_->has_memory()
-              ? static_cast<Address>(
-                    compiled_module_->memory()->backing_store())
-              : nullptr;
+      Address old_mem_start = compiled_module_->GetEmbeddedMemStartOrNull();
       // We might get instantiated again with the same memory. No patching
       // needed in this case.
       if (old_mem_start != mem_start || old_mem_size != mem_size) {
         code_specialization.RelocateMemoryReferences(
             old_mem_start, old_mem_size, mem_start, mem_size);
       }
-      compiled_module_->set_memory(memory_);
+      // Just like with globals, we need to keep both the JSArrayBuffer
+      // and save the start pointer.
+      instance->set_memory_buffer(*memory_);
+      WasmCompiledModule::SetSpecializationMemInfoFrom(
+          factory, compiled_module_, memory_);
     }
 
     //--------------------------------------------------------------------------
     // Set up the runtime support for the new instance.
     //--------------------------------------------------------------------------
     Handle<WeakCell> weak_link = factory->NewWeakCell(instance);
 
     for (int i = num_imported_functions + FLAG_skip_compiling_wasm_funcs,
              num_functions = static_cast<int>(module_->functions.size());
          i < num_functions; ++i) {
@@ skipping 917 matching lines @@
 
 MaybeHandle<JSArrayBuffer> wasm::GetInstanceMemory(
     Isolate* isolate, Handle<WasmInstanceObject> object) {
   auto instance = Handle<WasmInstanceObject>::cast(object);
   if (instance->has_memory_buffer()) {
     return Handle<JSArrayBuffer>(instance->memory_buffer(), isolate);
   }
   return MaybeHandle<JSArrayBuffer>();
 }
 
-void SetInstanceMemory(Handle<WasmInstanceObject> instance,
-                       JSArrayBuffer* buffer) {
-  DisallowHeapAllocation no_gc;
-  instance->set_memory_buffer(buffer);
-  instance->compiled_module()->set_ptr_to_memory(buffer);
+// May GC, because SetSpecializationMemInfoFrom may GC
+void SetInstanceMemory(Isolate* isolate, Handle<WasmInstanceObject> instance,
+                       Handle<JSArrayBuffer> buffer) {
+  instance->set_memory_buffer(*buffer);
+  WasmCompiledModule::SetSpecializationMemInfoFrom(
+      isolate->factory(), handle(instance->compiled_module()), buffer);
 }
 
 int32_t wasm::GetInstanceMemorySize(Isolate* isolate,
                                     Handle<WasmInstanceObject> instance) {
   DCHECK(IsWasmInstance(*instance));
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> buffer;
   if (!maybe_mem_buffer.ToHandle(&buffer)) {
     return 0;
@@ skipping 152 matching lines @@
     DCHECK(WasmInstanceWrapper::IsWasmInstanceWrapper(*instance_wrapper));
     DCHECK(instance_wrapper->has_instance());
     Handle<WasmInstanceObject> instance = instance_wrapper->instance_object();
     DCHECK(IsWasmInstance(*instance));
     uint32_t max_pages = GetMaxInstanceMemoryPages(isolate, instance);
 
     // Grow memory object buffer and update instances associated with it.
     new_buffer = GrowMemoryBuffer(isolate, memory_buffer, pages, max_pages);
     if (new_buffer.is_null()) return -1;
     DCHECK(!instance_wrapper->has_previous());
-    SetInstanceMemory(instance, *new_buffer);
+    SetInstanceMemory(isolate, instance, new_buffer);
     UncheckedUpdateInstanceMemory(isolate, instance, old_mem_start, old_size);
     while (instance_wrapper->has_next()) {
       instance_wrapper = instance_wrapper->next_wrapper();
       DCHECK(WasmInstanceWrapper::IsWasmInstanceWrapper(*instance_wrapper));
       Handle<WasmInstanceObject> instance = instance_wrapper->instance_object();
       DCHECK(IsWasmInstance(*instance));
-      SetInstanceMemory(instance, *new_buffer);
+      SetInstanceMemory(isolate, instance, new_buffer);
       UncheckedUpdateInstanceMemory(isolate, instance, old_mem_start, old_size);
     }
   }
   memory_object->set_buffer(*new_buffer);
   DCHECK(old_size % WasmModule::kPageSize == 0);
   return (old_size / WasmModule::kPageSize);
 }
 
 int32_t wasm::GrowMemory(Isolate* isolate, Handle<WasmInstanceObject> instance,
                          uint32_t pages) {
   if (!IsWasmInstance(*instance)) return -1;
   if (pages == 0) return GetInstanceMemorySize(isolate, instance);
   Handle<WasmInstanceObject> instance_obj(WasmInstanceObject::cast(*instance));
   if (!instance_obj->has_memory_object()) {
     // No other instances to grow, grow just the one.
     MaybeHandle<JSArrayBuffer> instance_buffer =
         GetInstanceMemory(isolate, instance);
     Handle<JSArrayBuffer> old_buffer;
     uint32_t old_size = 0;
     Address old_mem_start = nullptr;
     if (instance_buffer.ToHandle(&old_buffer) &&
         old_buffer->backing_store() != nullptr) {
       old_size = old_buffer->byte_length()->Number();
       old_mem_start = static_cast<Address>(old_buffer->backing_store());
     }
     uint32_t max_pages = GetMaxInstanceMemoryPages(isolate, instance_obj);
     Handle<JSArrayBuffer> buffer =
         GrowMemoryBuffer(isolate, instance_buffer, pages, max_pages);
     if (buffer.is_null()) return -1;
-    SetInstanceMemory(instance, *buffer);
+    SetInstanceMemory(isolate, instance, buffer);
     UncheckedUpdateInstanceMemory(isolate, instance, old_mem_start, old_size);
     DCHECK(old_size % WasmModule::kPageSize == 0);
     return (old_size / WasmModule::kPageSize);
   } else {
     return GrowWebAssemblyMemory(isolate, handle(instance_obj->memory_object()),
                                  pages);
   }
 }
 
 void wasm::GrowDispatchTables(Isolate* isolate,
@@ skipping 557 matching lines @@
   DCHECK_EQ(Builtins::kWasmCompileLazy,
             Code::cast(compiled_module->code_table()->get(func_index))
                 ->builtin_index());
   compiled_module->code_table()->set(func_index, *code);
 
   // Now specialize the generated code for this instance.
   Zone specialization_zone(isolate->allocator(), ZONE_NAME);
   CodeSpecialization code_specialization(isolate, &specialization_zone);
   if (module_env.module->globals_size) {
     Address globals_start =
-        reinterpret_cast<Address>(instance->globals_buffer()->backing_store());
+        reinterpret_cast<Address>(compiled_module->globals_start());
     code_specialization.RelocateGlobals(nullptr, globals_start);
   }
   if (instance->has_memory_buffer()) {
     Address mem_start =
         reinterpret_cast<Address>(instance->memory_buffer()->backing_store());
     int mem_size = instance->memory_buffer()->byte_length()->Number();
     DCHECK_IMPLIES(mem_size == 0, mem_start == nullptr);
     if (mem_size > 0) {
       code_specialization.RelocateMemoryReferences(nullptr, 0, mem_start,
                                                    mem_size);
@@ skipping 96 matching lines @@
                                      callee_compiled->instruction_start());
     }
     DCHECK_EQ(non_compiled_functions.size(), idx);
   }
 
   Code* ret =
       Code::cast(compiled_module->code_table()->get(func_to_return_idx));
   DCHECK_EQ(Code::WASM_FUNCTION, ret->kind());
   return handle(ret, isolate);
 }