• Deepti Gandluri's avatar
    [wasm] Move is_growable from JSArrayBuffer object to AllocationData · b0077b3b
    Deepti Gandluri authored
    Some state related to WasmMemories is cached on the JSArrayBuffer
    object (is_growable, is_wasm_memory). The problem with this is in
    some PostMessage flows, this information can get lost depending on
    how JSArrayBuffers are deserialized. In this particular case when
    the WasmMemory is postMessaged, it goes through the Blink
    DedicatedWorkerMessagingProxy::PostMessageToWorkerGlobalScope flow,
    which reconstructs the ArrayBuffer from the backing store, and size,
    and loses the is_growable flag, leading to a failure to grow memory.
    
    Moving the is_growable flag so that AllocationData can be the source
    of truth for all wasm memory state, and is consistently preserved
    across PostMessage.
    
    Change-Id: I775f66ddeff68b8cafc18b75ca5460dfb0343c8b
    Bug: v8:9065
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549789
    Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
    Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
    Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60641}
    b0077b3b
wasm-js.cc 81.4 KB