Commit 0c6e06ae authored by Mircea Trofin's avatar Mircea Trofin Committed by Commit Bot

[wasm] Verify references are immovable.

Temporary check ensuring no regression while we get the wasm code off the GC heap, and
and until we de-contextualize wasm code.

We expect the only embedded objects to be: CEntryStub, undefined, and
the various builtins for throwing exceptions like OOB. These are all immovable
because they are snapshotted. Additionally, we embed references to the FixedArray
that backs WebAssembly.Table. That will be replaced separately with a native data
structure.

Once the Table is native, we can generate Wasm code off the GC heap, as long as the
embedded objects are immutable, which is the property we check for here. 

That greatly simplifies a subsequent step, which is to replace those dependencies 
with a isolate-independent solution. The source of simplification is that we don't 
have to worry about moving pointers.

Bug: 
Change-Id: Id1e41863a2619c2afc50f48416f422012f0c9a24
Reviewed-on: https://chromium-review.googlesource.com/574938Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46749}
parent 34cac45c
...@@ -785,6 +785,12 @@ class PipelineWasmCompilationJob final : public CompilationJob { ...@@ -785,6 +785,12 @@ class PipelineWasmCompilationJob final : public CompilationJob {
private: private:
size_t AllocatedMemory() const override; size_t AllocatedMemory() const override;
// Temporary regression check while we get the wasm code off the GC heap, and
// until we decontextualize wasm code.
// We expect the only embedded objects to be: CEntryStub, undefined, and
// the various builtins for throwing exceptions like OOB.
void ValidateImmovableEmbeddedObjects() const;
ZoneStats zone_stats_; ZoneStats zone_stats_;
std::unique_ptr<PipelineStatistics> pipeline_statistics_; std::unique_ptr<PipelineStatistics> pipeline_statistics_;
PipelineData data_; PipelineData data_;
...@@ -839,9 +845,45 @@ size_t PipelineWasmCompilationJob::AllocatedMemory() const { ...@@ -839,9 +845,45 @@ size_t PipelineWasmCompilationJob::AllocatedMemory() const {
PipelineWasmCompilationJob::Status PipelineWasmCompilationJob::Status
PipelineWasmCompilationJob::FinalizeJobImpl() { PipelineWasmCompilationJob::FinalizeJobImpl() {
pipeline_.FinalizeCode(); pipeline_.FinalizeCode();
ValidateImmovableEmbeddedObjects();
return SUCCEEDED; return SUCCEEDED;
} }
void PipelineWasmCompilationJob::ValidateImmovableEmbeddedObjects() const {
#if !DEBUG
return;
#endif
// We expect the only embedded objects to be those originating from
// a snapshot, which are immovable.
DisallowHeapAllocation no_gc;
Handle<Code> result = pipeline_.data_->code();
if (result.is_null()) return;
// TODO(aseemgarg): remove this restriction when
// wasm-to-js is also internally immovable to include WASM_TO_JS
if (result->kind() != Code::WASM_FUNCTION) return;
static const int kAllGCRefs = (1 << (RelocInfo::LAST_GCED_ENUM + 1)) - 1;
for (RelocIterator it(*result, kAllGCRefs); !it.done(); it.next()) {
RelocInfo::Mode mode = it.rinfo()->rmode();
Object* target = nullptr;
switch (mode) {
case RelocInfo::CODE_TARGET:
target = reinterpret_cast<Object*>(it.rinfo()->target_address());
break;
case RelocInfo::EMBEDDED_OBJECT:
target = it.rinfo()->target_object();
break;
default:
UNREACHABLE();
}
CHECK_NOT_NULL(target);
bool is_immovable =
target->IsSmi() || Heap::IsImmovable(HeapObject::cast(target));
// TODO(mtrofin): remove the fixed array part when WebAssembly.Table
// is backed by native object, rather than a FixedArray
CHECK(is_immovable || target->IsFixedArray());
}
}
template <typename Phase> template <typename Phase>
void PipelineImpl::Run() { void PipelineImpl::Run() {
PipelineRunScope scope(this->data_, Phase::phase_name()); PipelineRunScope scope(this->data_, Phase::phase_name());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment