[wasm] Fix WasmMemoryObject constructor for when a module has no initial memory

src/wasm/wasm-objects.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/wasm/wasm-objects.h"
 #include "src/utils.h"
 
 #include "src/assembler-inl.h"
 #include "src/base/iterator.h"
 #include "src/compiler/wasm-compiler.h"
@@ skipping 391 matching lines @@
 }  // namespace
 
 Handle<WasmMemoryObject> WasmMemoryObject::New(Isolate* isolate,
                                                Handle<JSArrayBuffer> buffer,
                                                int32_t maximum) {
   Handle<JSFunction> memory_ctor(
       isolate->native_context()->wasm_memory_constructor());
   Handle<JSObject> memory_obj =
       isolate->factory()->NewJSObject(memory_ctor, TENURED);
   memory_obj->SetEmbedderField(kWrapperTracerHeader, Smi::kZero);
-  buffer.is_null() ? memory_obj->SetEmbedderField(
-                         kArrayBuffer, isolate->heap()->undefined_value())
-                   : memory_obj->SetEmbedderField(kArrayBuffer, *buffer);
+  if (buffer.is_null()) {
+    const bool enable_guard_regions = EnableGuardRegions();
+    buffer = SetupArrayBuffer(isolate, nullptr, 0, nullptr, 0, false,
+                              enable_guard_regions);
+  }
+  memory_obj->SetEmbedderField(kArrayBuffer, *buffer);
   Handle<Object> max = isolate->factory()->NewNumber(maximum);
   memory_obj->SetEmbedderField(kMaximum, *max);
   Handle<Symbol> memory_sym(isolate->native_context()->wasm_memory_sym());
   Object::SetProperty(memory_obj, memory_sym, memory_obj, STRICT).Check();
   return Handle<WasmMemoryObject>::cast(memory_obj);
 }
 
-DEFINE_OPTIONAL_OBJ_ACCESSORS(WasmMemoryObject, buffer, kArrayBuffer,
-                              JSArrayBuffer)
+DEFINE_OBJ_ACCESSORS(WasmMemoryObject, buffer, kArrayBuffer, JSArrayBuffer)
 DEFINE_OPTIONAL_OBJ_ACCESSORS(WasmMemoryObject, instances_link, kInstancesLink,
                               WasmInstanceWrapper)
 
 uint32_t WasmMemoryObject::current_pages() {
   uint32_t byte_length;
   CHECK(buffer()->byte_length()->ToUint32(&byte_length));
   return byte_length / wasm::WasmModule::kPageSize;
 }
 
 bool WasmMemoryObject::has_maximum_pages() {
@@ skipping 26 matching lines @@
 
 void WasmMemoryObject::ResetInstancesLink(Isolate* isolate) {
   Handle<Object> undefined = isolate->factory()->undefined_value();
   SetEmbedderField(kInstancesLink, *undefined);
 }
 
 // static
 int32_t WasmMemoryObject::Grow(Isolate* isolate,
                                Handle<WasmMemoryObject> memory_object,
                                uint32_t pages) {
-  Handle<JSArrayBuffer> old_buffer;
-  uint32_t old_size = 0;
-  Address old_mem_start = nullptr;
-  if (memory_object->has_buffer()) {
-    old_buffer = handle(memory_object->buffer());
-    old_size = old_buffer->byte_length()->Number();
-    old_mem_start = static_cast<Address>(old_buffer->backing_store());
-  }
+  Handle<JSArrayBuffer> old_buffer(memory_object->buffer());
+  uint32_t old_size = old_buffer->byte_length()->Number();

[Clemens Hammacher, 2017/05/31 07:56:37]

Can you use "uint32_t old_size = 0;
CHECK(old_buffer->byte_length()->ToUInt32(&old_size);" here? We had problems
with too large memory buffers before, and the CHECK would catch it early.

[gdeepti, 2017/06/01 07:01:37]

Done.

   Handle<JSArrayBuffer> new_buffer;
   // Return current size if grow by 0.
   if (pages == 0) {
     // Even for pages == 0, we need to attach a new JSArrayBuffer with the same
     // backing store and neuter the old one to be spec compliant.
     if (!old_buffer.is_null() && old_size != 0) {

[Clemens Hammacher, 2017/05/31 07:56:37]

old_buffer cannot be null here.

[gdeepti, 2017/06/01 07:01:37]

Done.

       new_buffer = SetupArrayBuffer(
           isolate, old_buffer->allocation_base(),
           old_buffer->allocation_length(), old_buffer->backing_store(),
           old_size, old_buffer->is_external(), old_buffer->has_guard_region());
       memory_object->set_buffer(*new_buffer);
     }
     DCHECK_EQ(0, old_size % WasmModule::kPageSize);
     return old_size / WasmModule::kPageSize;
   }
   if (!memory_object->has_instances_link()) {
@@ skipping 14 matching lines @@
     DCHECK(instance_wrapper->has_instance());
     Handle<WasmInstanceObject> instance = instance_wrapper->instance_object();
     DCHECK(IsWasmInstance(*instance));
     uint32_t max_pages = instance->GetMaxMemoryPages();
 
     // Grow memory object buffer and update instances associated with it.
     new_buffer = GrowMemoryBuffer(isolate, old_buffer, pages, max_pages);
     if (new_buffer.is_null()) return -1;
     DCHECK(!instance_wrapper->has_previous());
     SetInstanceMemory(isolate, instance, new_buffer);
+    Address old_mem_start = static_cast<Address>(old_buffer->backing_store());
     UncheckedUpdateInstanceMemory(isolate, instance, old_mem_start, old_size);
     while (instance_wrapper->has_next()) {
       instance_wrapper = instance_wrapper->next_wrapper();
       DCHECK(WasmInstanceWrapper::IsWasmInstanceWrapper(*instance_wrapper));
       Handle<WasmInstanceObject> instance = instance_wrapper->instance_object();
       DCHECK(IsWasmInstance(*instance));
       SetInstanceMemory(isolate, instance, new_buffer);
       UncheckedUpdateInstanceMemory(isolate, instance, old_mem_start, old_size);
     }
   }
@@ skipping 1052 matching lines @@
   if (!array->get(kWrapperInstanceObject)->IsWeakCell()) return false;
   Isolate* isolate = array->GetIsolate();
   if (!array->get(kNextInstanceWrapper)->IsUndefined(isolate) &&
       !array->get(kNextInstanceWrapper)->IsFixedArray())
     return false;
   if (!array->get(kPreviousInstanceWrapper)->IsUndefined(isolate) &&
       !array->get(kPreviousInstanceWrapper)->IsFixedArray())
     return false;
   return true;
 }