[wasm] Add a field for the Wrapper Tracer to WebAssembly API objects.

Issue 6051 description: "Blink blindly assumes that it can get an
aligned pointer from the 0-th internal field of any object that has two
internal fields."

R=titzer@chromium.org, jochen@chromium.org

BUG=v8:6051

Change-Id: I814b76e508ffd9fe2326bd0e728129f2a013b807
Reviewed-on: https://chromium-review.googlesource.com/451319Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43653}

src/wasm/wasm-debug.cc

@@ -362,6 +362,7 @@ Handle<WasmDebugInfo> WasmDebugInfo::New(Handle<WasmInstanceObject> instance) {
   Isolate* isolate = instance->GetIsolate();
   Factory* factory = isolate->factory();
   Handle<FixedArray> arr = factory->NewFixedArray(kFieldCount, TENURED);
+  arr->set(kWrapperTracerHeader, Smi::kZero);
   arr->set(kInstance, *instance);
   return Handle<WasmDebugInfo>::cast(arr);
 }

src/wasm/wasm-objects.cc

@@ -263,6 +263,8 @@ Handle<WasmTableObject> WasmTableObject::New(Isolate* isolate, uint32_t initial,
   Handle<JSFunction> table_ctor(
       isolate->native_context()->wasm_table_constructor());
   Handle<JSObject> table_obj = isolate->factory()->NewJSObject(table_ctor);
+  table_obj->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
   *js_functions = isolate->factory()->NewFixedArray(initial);
   Object* null = isolate->heap()->null_value();
   for (int i = 0; i < static_cast<int>(initial); ++i) {
@@ -340,6 +342,8 @@ Handle<WasmMemoryObject> WasmMemoryObject::New(Isolate* isolate,
       isolate->native_context()->wasm_memory_constructor());
   Handle<JSObject> memory_obj =
       isolate->factory()->NewJSObject(memory_ctor, TENURED);
+  memory_obj->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
   memory_obj->SetInternalField(kArrayBuffer, *buffer);
   Handle<Object> max = isolate->factory()->NewNumber(maximum);
   memory_obj->SetInternalField(kMaximum, *max);
@@ -447,6 +451,8 @@ Handle<WasmInstanceObject> WasmInstanceObject::New(
       isolate->native_context()->wasm_instance_constructor());
   Handle<JSObject> instance_object =
       isolate->factory()->NewJSObject(instance_cons, TENURED);
+  instance_object->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
   Handle<Symbol> instance_sym(isolate->native_context()->wasm_instance_sym());
   Object::SetProperty(instance_object, instance_sym, instance_object, STRICT)
       .Check();
@@ -499,6 +505,8 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
   shared->set_internal_formal_parameter_count(arity);
   Handle<JSFunction> function = isolate->factory()->NewFunction(
       isolate->wasm_function_map(), name, export_wrapper);
+  function->SetInternalField(kWrapperTracerHeader, Smi::kZero);
+
   function->set_shared(*shared);
 
   function->SetInternalField(kInstance, *instance);
@@ -554,7 +562,7 @@ Handle<WasmSharedModuleData> WasmSharedModuleData::New(
     Handle<ByteArray> asm_js_offset_table) {
   Handle<FixedArray> arr =
       isolate->factory()->NewFixedArray(kFieldCount, TENURED);
-
+  arr->set(kWrapperTracerHeader, Smi::kZero);
   arr->set(kModuleWrapper, *module_wrapper);
   if (!module_bytes.is_null()) {
     arr->set(kModuleBytes, *module_bytes);

src/wasm/wasm-objects.h

@@ -44,6 +44,7 @@ class WasmInstanceWrapper;
 // Representation of a WebAssembly.Module JavaScript-level object.
 class WasmModuleObject : public JSObject {
  public:
+  // If a second field is added, we need a kWrapperTracerHeader field as well.
   // TODO(titzer): add the brand as an internal field instead of a property.
   enum Fields { kCompiledModule, kFieldCount };
 
@@ -58,8 +59,15 @@ class WasmModuleObject : public JSObject {
 // Representation of a WebAssembly.Table JavaScript-level object.
 class WasmTableObject : public JSObject {
  public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
   // TODO(titzer): add the brand as an internal field instead of a property.
-  enum Fields { kFunctions, kMaximum, kDispatchTables, kFieldCount };
+  enum Fields {
+    kWrapperTracerHeader,
+    kFunctions,
+    kMaximum,
+    kDispatchTables,
+    kFieldCount
+  };
 
   DECLARE_CASTS(WasmTableObject);
   DECLARE_ACCESSORS(functions, FixedArray);
@@ -83,8 +91,15 @@ class WasmTableObject : public JSObject {
 // Representation of a WebAssembly.Memory JavaScript-level object.
 class WasmMemoryObject : public JSObject {
  public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
   // TODO(titzer): add the brand as an internal field instead of a property.
-  enum Fields : uint8_t { kArrayBuffer, kMaximum, kInstancesLink, kFieldCount };
+  enum Fields : uint8_t {
+    kWrapperTracerHeader,
+    kArrayBuffer,
+    kMaximum,
+    kInstancesLink,
+    kFieldCount
+  };
 
   DECLARE_CASTS(WasmMemoryObject);
   DECLARE_ACCESSORS(buffer, JSArrayBuffer);
@@ -107,8 +122,10 @@ class WasmMemoryObject : public JSObject {
 // Representation of a WebAssembly.Instance JavaScript-level object.
 class WasmInstanceObject : public JSObject {
  public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
   // TODO(titzer): add the brand as an internal field instead of a property.
   enum Fields {
+    kWrapperTracerHeader,
     kCompiledModule,
     kMemoryObject,
     kMemoryArrayBuffer,
@@ -142,7 +159,8 @@ class WasmInstanceObject : public JSObject {
 // Representation of an exported WASM function.
 class WasmExportedFunction : public JSFunction {
  public:
-  enum Fields { kInstance, kIndex, kFieldCount };
+  // The 0-th field is used by the Blink Wrapper Tracer.
+  enum Fields { kWrapperTracerHeader, kInstance, kIndex, kFieldCount };
 
   DECLARE_CASTS(WasmExportedFunction);
 
@@ -158,7 +176,9 @@ class WasmExportedFunction : public JSFunction {
 
 // Information shared by all WasmCompiledModule objects for the same module.
 class WasmSharedModuleData : public FixedArray {
+  // The 0-th field is used by the Blink Wrapper Tracer.
   enum Fields {
+    kWrapperTracerHeader,
     kModuleWrapper,
     kModuleBytes,
     kScript,
@@ -408,7 +428,9 @@ class WasmCompiledModule : public FixedArray {
 
 class WasmDebugInfo : public FixedArray {
  public:
+  // The 0-th field is used by the Blink Wrapper Tracer.
   enum Fields {
+    kWrapperTracerHeader,
     kInstance,
     kInterpreterHandle,
     kInterpretedFunctions,