[wasm] Compare the maximum memory size with the spec limit, not with the V8 limit

The maximum memory size is a user-defined upper limit for the size of
the memory of a WebAssembly instance. The actual limit is the minimum of
the user-defined limit and the V8 limit. With this CL we allow the
user-defined limit to be greater than the V8 limit, which is required by
the spec.

R=titzer@chromium.org
CC=gdeepti@chromium.org

TEST=unittests/WasmModuleVerifyTest.MaxMaximumMemorySize

Review-Url: https://codereview.chromium.org/2484643002
Cr-Commit-Position: refs/heads/master@{#40801}

src/wasm/module-decoder.cc

@@ -316,7 +316,8 @@ class ModuleDecoder : public Decoder {
             WasmIndirectFunctionTable* table = &module->function_tables.back();
             consume_resizable_limits(
                 "element count", "elements", WasmModule::kV8MaxTableSize,
-                &table->min_size, &table->has_max, &table->max_size);
+                &table->min_size, &table->has_max, WasmModule::kV8MaxTableSize,
+                &table->max_size);
             break;
           }
           case kExternalMemory: {
@@ -324,6 +325,7 @@ class ModuleDecoder : public Decoder {
             bool has_max = false;
             consume_resizable_limits("memory", "pages", WasmModule::kV8MaxPages,
                                      &module->min_mem_pages, &has_max,
+                                     WasmModule::kSpecMaxPages,
                                      &module->max_mem_pages);
             break;
           }
@@ -385,7 +387,8 @@ class ModuleDecoder : public Decoder {
         expect_u8("table type", kWasmAnyFunctionTypeForm);
         consume_resizable_limits("table elements", "elements",
                                  WasmModule::kV8MaxTableSize, &table->min_size,
-                                 &table->has_max, &table->max_size);
+                                 &table->has_max, WasmModule::kV8MaxTableSize,
+                                 &table->max_size);
       }
       section_iter.advance();
     }
@@ -401,9 +404,9 @@ class ModuleDecoder : public Decoder {
 
       for (uint32_t i = 0; ok() && i < memory_count; i++) {
         bool has_max = false;
-        consume_resizable_limits("memory", "pages", WasmModule::kV8MaxPages,
-                                 &module->min_mem_pages, &has_max,
-                                 &module->max_mem_pages);
+        consume_resizable_limits(
+            "memory", "pages", WasmModule::kV8MaxPages, &module->min_mem_pages,
+            &has_max, WasmModule::kSpecMaxPages, &module->max_mem_pages);
       }
       section_iter.advance();
     }
@@ -843,26 +846,27 @@ class ModuleDecoder : public Decoder {
   }
 
   void consume_resizable_limits(const char* name, const char* units,
-                                uint32_t max_value, uint32_t* initial,
-                                bool* has_max, uint32_t* maximum) {
+                                uint32_t max_initial, uint32_t* initial,
+                                bool* has_max, uint32_t max_maximum,
+                                uint32_t* maximum) {
     uint32_t flags = consume_u32v("resizable limits flags");
     const byte* pos = pc();
     *initial = consume_u32v("initial size");
     *has_max = false;
-    if (*initial > max_value) {
+    if (*initial > max_initial) {
       error(pos, pos,
             "initial %s size (%u %s) is larger than implementation limit (%u)",
-            name, *initial, units, max_value);
+            name, *initial, units, max_initial);
     }
     if (flags & 1) {
       *has_max = true;
       pos = pc();
       *maximum = consume_u32v("maximum size");
-      if (*maximum > max_value) {
+      if (*maximum > max_maximum) {
         error(
             pos, pos,
             "maximum %s size (%u %s) is larger than implementation limit (%u)",
-            name, *maximum, units, max_value);
+            name, *maximum, units, max_maximum);
       }
       if (*maximum < *initial) {
         error(pos, pos, "maximum %s size (%u %s) is less than initial (%u %s)",
@@ -870,7 +874,7 @@ class ModuleDecoder : public Decoder {
       }
     } else {
       *has_max = false;
-      *maximum = max_value;
+      *maximum = max_initial;
     }
   }
 

src/wasm/wasm-module.h

@@ -177,6 +177,7 @@ struct V8_EXPORT_PRIVATE WasmModule {
   static const uint32_t kPageSize = 0x10000;    // Page size, 64kb.
   static const uint32_t kMinMemPages = 1;       // Minimum memory size = 64kb
   static const size_t kV8MaxPages = 16384;      // Maximum memory size = 1gb
+  static const size_t kSpecMaxPages = 65536;    // Maximum according to the spec
   static const size_t kV8MaxTableSize = 16 * 1024 * 1024;
 
   Zone* owned_zone;

test/unittests/wasm/module-decoder-unittest.cc

@@ -475,6 +475,23 @@ TEST_F(WasmModuleVerifyTest, TwoDataSegments) {
   EXPECT_OFF_END_FAILURE(data, 14, sizeof(data));
 }
 
+TEST_F(WasmModuleVerifyTest, MaxMaximumMemorySize) {
+  {
+    const byte data[] = {
+        SECTION(Memory, 6), ENTRY_COUNT(1), kResizableMaximumFlag, 0,
+        U32V_3(65536),
+    };
+    EXPECT_VERIFIES(data);
+  }
+  {
+    const byte data[] = {
+        SECTION(Memory, 6), ENTRY_COUNT(1), kResizableMaximumFlag, 0,
+        U32V_3(65537),
+    };
+    EXPECT_FAILURE(data);
+  }
+}
+
 TEST_F(WasmModuleVerifyTest, DataSegment_wrong_init_type) {
   const byte data[] = {
       SECTION(Memory, 4),