[wasm] Add a field for the Wrapper Tracer to WebAssembly API objects.

Issue 6051 description: "Blink blindly assumes that it can get an aligned pointer from the 0-th internal field of any object that has two internal fields." R=titzer@chromium.org, jochen@chromium.org BUG=v8:6051 Change-Id: I814b76e508ffd9fe2326bd0e728129f2a013b807 Reviewed-on: https://chromium-review.googlesource.com/451319Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43653}

[wasm] Add a field for the Wrapper Tracer to WebAssembly API objects.
Issue 6051 description: "Blink blindly assumes that it can get an aligned pointer from the 0-th internal field of any object that has two internal fields." R=titzer@chromium.org, jochen@chromium.org BUG=v8:6051 Change-Id: I814b76e508ffd9fe2326bd0e728129f2a013b807 Reviewed-on: https://chromium-review.googlesource.com/451319Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43653}
269983f3 · Andreas Haas · Commit Bot · 5f00d289 · 269983f3 · 269983f3
Commit 269983f3 authored Mar 07, 2017 by Andreas Haas Committed by Commit Bot Mar 07, 2017
Show whitespace changes
Inline Side-by-side

Showing with 35 additions and 4 deletions

wasm-debug.cc src/wasm/wasm-debug.cc +1 -0

wasm-objects.cc src/wasm/wasm-objects.cc +9 -1

wasm-objects.h src/wasm/wasm-objects.h +25 -3

No files found.
--- a/src/wasm/wasm-debug.cc
+++ b/src/wasm/wasm-debug.cc
@@ -362,6 +362,7 @@ Handle<WasmDebugInfo> WasmDebugInfo::New(Handle<WasmInstanceObject> instance) {
  Isolate* isolate = instance->GetIsolate();
  Factory* factory = isolate->factory();
  Handle<FixedArray> arr = factory->NewFixedArray(kFieldCount, TENURED);
+  arr->set(kWrapperTracerHeader, Smi::kZero);
  arr->set(kInstance, *instance);
  return Handle<WasmDebugInfo>::cast(arr);
 }

--- a/src/wasm/wasm-objects.cc
+++ b/src/wasm/wasm-objects.cc
@@ -263,6 +263,8 @@ Handle<WasmTableObject> WasmTableObject::New(Isolate* isolate, uint32_t initial,
  Handle<JSFunction> table_ctor(
      isolate->native_context()->wasm_table_constructor());
  Handle<JSObject> table_obj = isolate->factory()->NewJSObject(table_ctor);
+  table_obj->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
  *js_functions = isolate->factory()->NewFixedArray(initial);
  Object* null = isolate->heap()->null_value();
  for (int i = 0; i < static_cast<int>(initial); ++i) {
@@ -340,6 +342,8 @@ Handle<WasmMemoryObject> WasmMemoryObject::New(Isolate* isolate,
      isolate->native_context()->wasm_memory_constructor());
  Handle<JSObject> memory_obj =
      isolate->factory()->NewJSObject(memory_ctor, TENURED);
+  memory_obj->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
  memory_obj->SetInternalField(kArrayBuffer, *buffer);
  Handle<Object> max = isolate->factory()->NewNumber(maximum);
  memory_obj->SetInternalField(kMaximum, *max);
@@ -447,6 +451,8 @@ Handle<WasmInstanceObject> WasmInstanceObject::New(
      isolate->native_context()->wasm_instance_constructor());
  Handle<JSObject> instance_object =
      isolate->factory()->NewJSObject(instance_cons, TENURED);
+  instance_object->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
  Handle<Symbol> instance_sym(isolate->native_context()->wasm_instance_sym());
  Object::SetProperty(instance_object, instance_sym, instance_object, STRICT)
      .Check();
@@ -499,6 +505,8 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
  shared->set_internal_formal_parameter_count(arity);
  Handle<JSFunction> function = isolate->factory()->NewFunction(
      isolate->wasm_function_map(), name, export_wrapper);
+  function->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
  function->set_shared(*shared);

  function->SetInternalField(kInstance, *instance);
@@ -554,7 +562,7 @@ Handle<WasmSharedModuleData> WasmSharedModuleData::New(
    Handle<ByteArray> asm_js_offset_table) {
  Handle<FixedArray> arr =
      isolate->factory()->NewFixedArray(kFieldCount, TENURED);
-
+  arr->set(kWrapperTracerHeader, Smi::kZero);
  arr->set(kModuleWrapper, *module_wrapper);
  if (!module_bytes.is_null()) {
    arr->set(kModuleBytes, *module_bytes);

--- a/src/wasm/wasm-objects.h
+++ b/src/wasm/wasm-objects.h
@@ -44,6 +44,7 @@ class WasmInstanceWrapper;
 // Representation of a WebAssembly.Module JavaScript-level object.
 class WasmModuleObject : public JSObject {
 public:
+  // If a second field is added, we need a kWrapperTracerHeader field as well.
  // TODO(titzer): add the brand as an internal field instead of a property.
  enum Fields { kCompiledModule, kFieldCount };

@@ -58,8 +59,15 @@ class WasmModuleObject : public JSObject {
 // Representation of a WebAssembly.Table JavaScript-level object.
 class WasmTableObject : public JSObject {
 public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
  // TODO(titzer): add the brand as an internal field instead of a property.
-  enum Fields { kFunctions, kMaximum, kDispatchTables, kFieldCount };
+  enum Fields {
+    kWrapperTracerHeader,
+    kFunctions,
+    kMaximum,
+    kDispatchTables,
+    kFieldCount
+  };

  DECLARE_CASTS(WasmTableObject);
  DECLARE_ACCESSORS(functions, FixedArray);
@@ -83,8 +91,15 @@ class WasmTableObject : public JSObject {
 // Representation of a WebAssembly.Memory JavaScript-level object.
 class WasmMemoryObject : public JSObject {
 public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
  // TODO(titzer): add the brand as an internal field instead of a property.
-  enum Fields : uint8_t { kArrayBuffer, kMaximum, kInstancesLink, kFieldCount };
+  enum Fields : uint8_t {
+    kWrapperTracerHeader,
+    kArrayBuffer,
+    kMaximum,
+    kInstancesLink,
+    kFieldCount
+  };

  DECLARE_CASTS(WasmMemoryObject);
  DECLARE_ACCESSORS(buffer, JSArrayBuffer);
@@ -107,8 +122,10 @@ class WasmMemoryObject : public JSObject {
 // Representation of a WebAssembly.Instance JavaScript-level object.
 class WasmInstanceObject : public JSObject {
 public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
  // TODO(titzer): add the brand as an internal field instead of a property.
  enum Fields {
+    kWrapperTracerHeader,
    kCompiledModule,
    kMemoryObject,
    kMemoryArrayBuffer,
@@ -142,7 +159,8 @@ class WasmInstanceObject : public JSObject {
 // Representation of an exported WASM function.
 class WasmExportedFunction : public JSFunction {
 public:
-  enum Fields { kInstance, kIndex, kFieldCount };
+  // The 0-th field is used by the Blink Wrapper Tracer.
+  enum Fields { kWrapperTracerHeader, kInstance, kIndex, kFieldCount };

  DECLARE_CASTS(WasmExportedFunction);

@@ -158,7 +176,9 @@ class WasmExportedFunction : public JSFunction {

 // Information shared by all WasmCompiledModule objects for the same module.
 class WasmSharedModuleData : public FixedArray {
+  // The 0-th field is used by the Blink Wrapper Tracer.
  enum Fields {
+    kWrapperTracerHeader,
    kModuleWrapper,
    kModuleBytes,
    kScript,
@@ -408,7 +428,9 @@ class WasmCompiledModule : public FixedArray {

 class WasmDebugInfo : public FixedArray {
 public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
  enum Fields {
+    kWrapperTracerHeader,
    kInstance,
    kInterpreterHandle,
    kInterpretedFunctions,