[asmjs] --validate-asm should not expose the WASM API.

R=mstarzinger@chromium.org Bug: v8:6756 Change-Id: Ic748a4848f66dfcd9b8577d615669b61670e5431 Reviewed-on: https://chromium-review.googlesource.com/647757Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47799}

[asmjs] --validate-asm should not expose the WASM API.
R=mstarzinger@chromium.org Bug: v8:6756 Change-Id: Ic748a4848f66dfcd9b8577d615669b61670e5431 Reviewed-on: https://chromium-review.googlesource.com/647757Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47799}
6377519f · Ben L. Titzer · Commit Bot · f31af974 · 6377519f · 6377519f
Commit 6377519f authored Sep 04, 2017 by Ben L. Titzer Committed by Commit Bot Sep 04, 2017
7 changed files
--- a/src/bootstrapper.cc
+++ b/src/bootstrapper.cc
@@ -4830,8 +4830,14 @@ bool Genesis::InstallSpecialObjects(Handle<Context> native_context) {
  Handle<Smi> stack_trace_limit(Smi::FromInt(FLAG_stack_trace_limit), isolate);
  JSObject::AddProperty(Error, name, stack_trace_limit, NONE);
-  if (FLAG_expose_wasm || FLAG_validate_asm) {
+  if (FLAG_expose_wasm) {
-    WasmJs::Install(isolate);
+    // Install the internal data structures into the isolate and expose on
+    // the global object.
+    WasmJs::Install(isolate, true);
+  } else if (FLAG_validate_asm) {
+    // Install the internal data structures only; these are needed for asm.js
+    // translated to WASM to work correctly.
+    WasmJs::Install(isolate, false);
  }
  InstallFFIMap(isolate);

--- a/src/wasm/wasm-js.cc
+++ b/src/wasm/wasm-js.cc
@@ -843,7 +843,7 @@ void InstallGetter(Isolate* isolate, Handle<JSObject> object,
                                              Local<Function>(), attributes);
 }
-void WasmJs::Install(Isolate* isolate) {
+void WasmJs::Install(Isolate* isolate, bool exposed_on_global_object) {
  Handle<JSGlobalObject> global = isolate->global_object();
  Handle<Context> context(global->native_context(), isolate);
  // Install the JS API once only.
@@ -863,11 +863,11 @@ void WasmJs::Install(Isolate* isolate) {
  cons->shared()->set_instance_class_name(*name);
  Handle<JSObject> webassembly = factory->NewJSObject(cons, TENURED);
  PropertyAttributes attributes = static_cast<PropertyAttributes>(DONT_ENUM);
-  JSObject::AddProperty(global, name, webassembly, attributes);
  PropertyAttributes ro_attributes =
      static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY);
-  JSObject::AddProperty(webassembly, factory->to_string_tag_symbol(),
+  JSObject::AddProperty(webassembly, factory->to_string_tag_symbol(), name,
-                        v8_str(isolate, "WebAssembly"), ro_attributes);
+                        ro_attributes);
  InstallFunc(isolate, webassembly, "compile", WebAssemblyCompile, 1);
  InstallFunc(isolate, webassembly, "validate", WebAssemblyValidate, 1);
  InstallFunc(isolate, webassembly, "instantiate", WebAssemblyInstantiate, 1);
@@ -879,6 +879,11 @@ void WasmJs::Install(Isolate* isolate) {
                WebAssemblyInstantiateStreaming, 1);
  }
+  // Expose the API on the global object if configured to do so.
+  if (exposed_on_global_object) {
+    JSObject::AddProperty(global, name, webassembly, attributes);
+  }
  // Setup Module
  Handle<JSFunction> module_constructor =
      InstallFunc(isolate, webassembly, "Module", WebAssemblyModule, 1);

--- a/src/wasm/wasm-js.h
+++ b/src/wasm/wasm-js.h
@@ -14,7 +14,8 @@ namespace internal {
 // Exposes a WebAssembly API to JavaScript through the V8 API.
 class WasmJs {
 public:
-  V8_EXPORT_PRIVATE static void Install(Isolate* isolate);
+  V8_EXPORT_PRIVATE static void Install(Isolate* isolate,
+                                        bool exposed_on_global_object);
  // WebAssembly.Table.
  static bool IsWasmTableObject(Isolate* isolate, Handle<Object> value);

--- a/test/cctest/wasm/wasm-run-utils.cc
+++ b/test/cctest/wasm/wasm-run-utils.cc
@@ -15,7 +15,7 @@ TestingModuleBuilder::TestingModuleBuilder(Zone* zone, WasmExecutionMode mode)
      mem_start_(nullptr),
      mem_size_(0),
      interpreter_(nullptr) {
-  WasmJs::Install(isolate_);
+  WasmJs::Install(isolate_, true);
  test_module_.globals_size = kMaxGlobalsSize;
  memset(globals_data_, 0, sizeof(globals_data_));
  instance_object_ = InitInstanceObject();

--- a/test/common/wasm/wasm-module-runner.cc
+++ b/test/common/wasm/wasm-module-runner.cc
@@ -152,7 +152,7 @@ int32_t CallWasmFunctionForTesting(Isolate* isolate, Handle<JSObject> instance,
 }
 void SetupIsolateForWasmModule(Isolate* isolate) {
-  WasmJs::Install(isolate);
+  WasmJs::Install(isolate, true);
 }
 }  // namespace testing

--- a/test/mjsunit/asm/noexpose-wasm.js
+++ b/test/mjsunit/asm/noexpose-wasm.js
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// Flags: --noexpose-wasm --validate-asm
+assertThrows(() => { let x = WebAssembly.Module; });
+function Module(stdlib, foreign, heap) {
+  "use asm";
+  function f1(i) {
+    i = i|0;
+    return (i | 0) / 3 | 0;
+  }
+  function f2(i) {
+    i = i|0;
+    return (i | 0) / 13 | 0;
+  }
+  function f3(i) {
+    i = i|0;
+    return (i | 0) / 1024 | 0;
+  }
+  function f4(i) {
+    i = i|0;
+    return (i | 0) / 3733331 | 0;
+  }
+  return { f1: f1, f2: f2, f3: f3, f4: f4 };
+}
+var m = Module(this, {}, new ArrayBuffer(1024));
+for (var i = -2147483648; i < 2147483648; i += 3999777) {
+  assertEquals(i / 3 | 0, m.f1(i));
+  assertEquals(i / 13 | 0, m.f2(i));
+  assertEquals(i / 1024 | 0, m.f3(i));
+  assertEquals(i / 3733331 | 0, m.f4(i));
+}
--- a/test/mjsunit/wasm/expose-wasm.js
+++ b/test/mjsunit/wasm/expose-wasm.js
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// Flags: --noexpose-wasm
+assertThrows(() => { let x = WebAssembly.compile; });