[wasm-gc] Introduce WasmObject - a superclass for data ref types

... and use the generated WasmObject instance type range for data refs checks. Bug: v8:11804 Change-Id: I855ff76404ff7e3ca919dabec238d35cb39c0baf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910784 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#74713}

[wasm-gc] Introduce WasmObject - a superclass for data ref types
... and use the generated WasmObject instance type range for data refs checks. Bug: v8:11804 Change-Id: I855ff76404ff7e3ca919dabec238d35cb39c0baf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910784 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#74713}
658c0ae3 · Igor Sheludko · V8 LUCI CQ · ee56a986 · 658c0ae3 · 658c0ae3
Commit 658c0ae3 authored May 21, 2021 by Igor Sheludko Committed by V8 LUCI CQ May 21, 2021
8 changed files
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@@ -422,21 +422,13 @@ class WasmGraphAssembler : public GraphAssembler {

  Node* IsDataRefMap(Node* map) {
    Node* instance_type = LoadInstanceType(map);
-    // We're going to test a range of instance types with a single unsigned
-    // comparison. Statically assert that this is safe, i.e. that there are
-    // no instance types between array and struct types that might possibly
-    // occur (i.e. internal types are OK, types of Wasm objects are not).
-    // At the time of this writing:
-    // WASM_ARRAY_TYPE = 184
-    // WASM_STRUCT_TYPE = 185
-    // The specific values don't matter; the relative order does.
-    static_assert(
-        WASM_STRUCT_TYPE == static_cast<InstanceType>(WASM_ARRAY_TYPE + 1),
-        "Relying on specific InstanceType values here");
+    // We're going to test a range of WasmObject instance types with a single
+    // unsigned comparison.
    Node* comparison_value =
-        Int32Sub(instance_type, Int32Constant(WASM_ARRAY_TYPE));
+        Int32Sub(instance_type, Int32Constant(FIRST_WASM_OBJECT_TYPE));
    return Uint32LessThanOrEqual(
-        comparison_value, Int32Constant(WASM_STRUCT_TYPE - WASM_ARRAY_TYPE));
+        comparison_value,
+        Int32Constant(LAST_WASM_OBJECT_TYPE - FIRST_WASM_OBJECT_TYPE));
  }

  // Generic HeapObject helpers.

--- a/src/diagnostics/objects-debug.cc
+++ b/src/diagnostics/objects-debug.cc
@@ -1620,6 +1620,8 @@ void WasmValueObject::WasmValueObjectVerify(Isolate* isolate) {
  CHECK(IsWasmValueObject());
 }

+USE_TORQUE_VERIFIER(WasmObject)
+
 void WasmExportedFunctionData::WasmExportedFunctionDataVerify(
    Isolate* isolate) {
  TorqueGeneratedClassVerifiers::WasmExportedFunctionDataVerify(*this, isolate);

--- a/src/objects/object-list-macros.h
+++ b/src/objects/object-list-macros.h
@@ -226,6 +226,7 @@ class ZoneForwardList;
  IF_WASM(V, WasmJSFunctionData)               \
  IF_WASM(V, WasmMemoryObject)                 \
  IF_WASM(V, WasmModuleObject)                 \
+  IF_WASM(V, WasmObject)                       \
  IF_WASM(V, WasmStruct)                       \
  IF_WASM(V, WasmTypeInfo)                     \
  IF_WASM(V, WasmTableObject)                  \

--- a/src/wasm/baseline/liftoff-compiler.cc
+++ b/src/wasm/baseline/liftoff-compiler.cc
@@ -5927,20 +5927,11 @@ class LiftoffCompiler {
        wasm::ObjectAccess::ToTagged(Map::kInstanceTypeOffset);
    __ Load(tmp, map, no_reg, kInstanceTypeOffset, LoadType::kI32Load16U,
            pinned);
-    // We're going to test a range of instance types with a single unsigned
-    // comparison. Statically assert that this is safe, i.e. that there are
-    // no instance types between array and struct types that might possibly
-    // occur (i.e. internal types are OK, types of Wasm objects are not).
-    // At the time of this writing:
-    // WASM_ARRAY_TYPE = 184
-    // WASM_STRUCT_TYPE = 185
-    // The specific values don't matter; the relative order does.
-    static_assert(
-        WASM_STRUCT_TYPE == static_cast<InstanceType>(WASM_ARRAY_TYPE + 1),
-        "Relying on specific InstanceType values here");
-    __ emit_i32_subi(tmp.gp(), tmp.gp(), WASM_ARRAY_TYPE);
+    // We're going to test a range of WasmObject instance types with a single
+    // unsigned comparison.
+    __ emit_i32_subi(tmp.gp(), tmp.gp(), FIRST_WASM_OBJECT_TYPE);
    __ emit_i32_cond_jumpi(kUnsignedGreaterThan, not_data_ref, tmp.gp(),
-                           WASM_STRUCT_TYPE - WASM_ARRAY_TYPE);
+                           LAST_WASM_OBJECT_TYPE - FIRST_WASM_OBJECT_TYPE);
  }

  void MaybeOSR() {

--- a/src/wasm/wasm-objects-inl.h
+++ b/src/wasm/wasm-objects-inl.h
@@ -40,6 +40,7 @@ OBJECT_CONSTRUCTORS_IMPL(WasmCapiFunctionData, WasmFunctionData)
 OBJECT_CONSTRUCTORS_IMPL(WasmExportedFunctionData, WasmFunctionData)
 OBJECT_CONSTRUCTORS_IMPL(WasmGlobalObject, JSObject)
 OBJECT_CONSTRUCTORS_IMPL(WasmInstanceObject, JSObject)
+OBJECT_CONSTRUCTORS_IMPL(WasmObject, HeapObject)
 OBJECT_CONSTRUCTORS_IMPL(WasmMemoryObject, JSObject)
 OBJECT_CONSTRUCTORS_IMPL(WasmModuleObject, JSObject)
 OBJECT_CONSTRUCTORS_IMPL(WasmTableObject, JSObject)
@@ -54,6 +55,7 @@ CAST_ACCESSOR(WasmExceptionObject)
 CAST_ACCESSOR(WasmExportedFunctionData)
 CAST_ACCESSOR(WasmGlobalObject)
 CAST_ACCESSOR(WasmInstanceObject)
+CAST_ACCESSOR(WasmObject)
 CAST_ACCESSOR(WasmMemoryObject)
 CAST_ACCESSOR(WasmModuleObject)
 CAST_ACCESSOR(WasmTableObject)

--- a/src/wasm/wasm-objects.h
+++ b/src/wasm/wasm-objects.h
@@ -935,7 +935,15 @@ class WasmTypeInfo : public TorqueGeneratedWasmTypeInfo<WasmTypeInfo, Foreign> {
  TQ_OBJECT_CONSTRUCTORS(WasmTypeInfo)
 };

-class WasmStruct : public TorqueGeneratedWasmStruct<WasmStruct, HeapObject> {
+class WasmObject : public HeapObject {
+ public:
+  DECL_CAST(WasmObject)
+  DECL_VERIFIER(WasmObject)
+
+  OBJECT_CONSTRUCTORS(WasmObject, HeapObject);
+};
+
+class WasmStruct : public TorqueGeneratedWasmStruct<WasmStruct, WasmObject> {
 public:
  static inline wasm::StructType* type(Map map);
  inline wasm::StructType* type() const;
@@ -955,7 +963,7 @@ class WasmStruct : public TorqueGeneratedWasmStruct<WasmStruct, HeapObject> {
  TQ_OBJECT_CONSTRUCTORS(WasmStruct)
 };

-class WasmArray : public TorqueGeneratedWasmArray<WasmArray, HeapObject> {
+class WasmArray : public TorqueGeneratedWasmArray<WasmArray, WasmObject> {
 public:
  static inline wasm::ArrayType* type(Map map);
  inline wasm::ArrayType* type() const;

--- a/src/wasm/wasm-objects.tq
+++ b/src/wasm/wasm-objects.tq
@@ -117,12 +117,19 @@ extern class WasmTypeInfo extends Foreign {
  instance_size: Smi;
 }

+// WasmObject corresponds to data ref types which are WasmStruct and WasmArray.
+@abstract
+extern class WasmObject extends HeapObject {
+}
+
 @generateCppClass
-extern class WasmStruct extends HeapObject {
+@highestInstanceTypeWithinParentClassRange
+extern class WasmStruct extends WasmObject {
 }

 @generateCppClass
-extern class WasmArray extends HeapObject {
+@lowestInstanceTypeWithinParentClassRange
+extern class WasmArray extends WasmObject {
  length: uint32;

  @if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;

--- a/tools/v8heapconst.py
+++ b/tools/v8heapconst.py
@@ -120,33 +120,33 @@ INSTANCE_TYPES = {
  156: "SYNTHETIC_MODULE_TYPE",
  157: "UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE",
  158: "UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE",
-  159: "WEAK_FIXED_ARRAY_TYPE",
-  160: "TRANSITION_ARRAY_TYPE",
-  161: "CELL_TYPE",
-  162: "CODE_TYPE",
-  163: "CODE_DATA_CONTAINER_TYPE",
-  164: "COVERAGE_INFO_TYPE",
-  165: "EMBEDDER_DATA_ARRAY_TYPE",
-  166: "FEEDBACK_METADATA_TYPE",
-  167: "FEEDBACK_VECTOR_TYPE",
-  168: "FILLER_TYPE",
-  169: "FREE_SPACE_TYPE",
-  170: "INTERNAL_CLASS_TYPE",
-  171: "INTERNAL_CLASS_WITH_STRUCT_ELEMENTS_TYPE",
-  172: "MAP_TYPE",
-  173: "MEGA_DOM_HANDLER_TYPE",
-  174: "ON_HEAP_BASIC_BLOCK_PROFILER_DATA_TYPE",
-  175: "PREPARSE_DATA_TYPE",
-  176: "PROPERTY_ARRAY_TYPE",
-  177: "PROPERTY_CELL_TYPE",
-  178: "SCOPE_INFO_TYPE",
-  179: "SHARED_FUNCTION_INFO_TYPE",
-  180: "SMI_BOX_TYPE",
-  181: "SMI_PAIR_TYPE",
-  182: "SORT_STATE_TYPE",
-  183: "SWISS_NAME_DICTIONARY_TYPE",
-  184: "WASM_ARRAY_TYPE",
-  185: "WASM_STRUCT_TYPE",
+  159: "WASM_ARRAY_TYPE",
+  160: "WASM_STRUCT_TYPE",
+  161: "WEAK_FIXED_ARRAY_TYPE",
+  162: "TRANSITION_ARRAY_TYPE",
+  163: "CELL_TYPE",
+  164: "CODE_TYPE",
+  165: "CODE_DATA_CONTAINER_TYPE",
+  166: "COVERAGE_INFO_TYPE",
+  167: "EMBEDDER_DATA_ARRAY_TYPE",
+  168: "FEEDBACK_METADATA_TYPE",
+  169: "FEEDBACK_VECTOR_TYPE",
+  170: "FILLER_TYPE",
+  171: "FREE_SPACE_TYPE",
+  172: "INTERNAL_CLASS_TYPE",
+  173: "INTERNAL_CLASS_WITH_STRUCT_ELEMENTS_TYPE",
+  174: "MAP_TYPE",
+  175: "MEGA_DOM_HANDLER_TYPE",
+  176: "ON_HEAP_BASIC_BLOCK_PROFILER_DATA_TYPE",
+  177: "PREPARSE_DATA_TYPE",
+  178: "PROPERTY_ARRAY_TYPE",
+  179: "PROPERTY_CELL_TYPE",
+  180: "SCOPE_INFO_TYPE",
+  181: "SHARED_FUNCTION_INFO_TYPE",
+  182: "SMI_BOX_TYPE",
+  183: "SMI_PAIR_TYPE",
+  184: "SORT_STATE_TYPE",
+  185: "SWISS_NAME_DICTIONARY_TYPE",
  186: "WEAK_ARRAY_LIST_TYPE",
  187: "WEAK_CELL_TYPE",
  188: "JS_PROXY_TYPE",
@@ -235,16 +235,16 @@ INSTANCE_TYPES = {

 # List of known V8 maps.
 KNOWN_MAPS = {
-  ("read_only_space", 0x02119): (172, "MetaMap"),
+  ("read_only_space", 0x02119): (174, "MetaMap"),
  ("read_only_space", 0x02141): (67, "NullMap"),
  ("read_only_space", 0x02169): (154, "StrongDescriptorArrayMap"),
-  ("read_only_space", 0x02191): (159, "WeakFixedArrayMap"),
+  ("read_only_space", 0x02191): (161, "WeakFixedArrayMap"),
  ("read_only_space", 0x021d1): (101, "EnumCacheMap"),
  ("read_only_space", 0x02205): (119, "FixedArrayMap"),
  ("read_only_space", 0x02251): (8, "OneByteInternalizedStringMap"),
-  ("read_only_space", 0x0229d): (169, "FreeSpaceMap"),
-  ("read_only_space", 0x022c5): (168, "OnePointerFillerMap"),
-  ("read_only_space", 0x022ed): (168, "TwoPointerFillerMap"),
+  ("read_only_space", 0x0229d): (171, "FreeSpaceMap"),
+  ("read_only_space", 0x022c5): (170, "OnePointerFillerMap"),
+  ("read_only_space", 0x022ed): (170, "TwoPointerFillerMap"),
  ("read_only_space", 0x02315): (67, "UninitializedMap"),
  ("read_only_space", 0x0238d): (67, "UndefinedMap"),
  ("read_only_space", 0x023d1): (66, "HeapNumberMap"),
@@ -255,15 +255,15 @@ KNOWN_MAPS = {
  ("read_only_space", 0x02559): (120, "HashTableMap"),
  ("read_only_space", 0x02581): (64, "SymbolMap"),
  ("read_only_space", 0x025a9): (40, "OneByteStringMap"),
-  ("read_only_space", 0x025d1): (178, "ScopeInfoMap"),
-  ("read_only_space", 0x025f9): (179, "SharedFunctionInfoMap"),
-  ("read_only_space", 0x02621): (162, "CodeMap"),
-  ("read_only_space", 0x02649): (161, "CellMap"),
-  ("read_only_space", 0x02671): (177, "GlobalPropertyCellMap"),
+  ("read_only_space", 0x025d1): (180, "ScopeInfoMap"),
+  ("read_only_space", 0x025f9): (181, "SharedFunctionInfoMap"),
+  ("read_only_space", 0x02621): (164, "CodeMap"),
+  ("read_only_space", 0x02649): (163, "CellMap"),
+  ("read_only_space", 0x02671): (179, "GlobalPropertyCellMap"),
  ("read_only_space", 0x02699): (70, "ForeignMap"),
-  ("read_only_space", 0x026c1): (160, "TransitionArrayMap"),
+  ("read_only_space", 0x026c1): (162, "TransitionArrayMap"),
  ("read_only_space", 0x026e9): (45, "ThinOneByteStringMap"),
-  ("read_only_space", 0x02711): (167, "FeedbackVectorMap"),
+  ("read_only_space", 0x02711): (169, "FeedbackVectorMap"),
  ("read_only_space", 0x02749): (67, "ArgumentsMarkerMap"),
  ("read_only_space", 0x027a9): (67, "ExceptionMap"),
  ("read_only_space", 0x02805): (67, "TerminationExceptionMap"),
@@ -271,17 +271,17 @@ KNOWN_MAPS = {
  ("read_only_space", 0x028cd): (67, "StaleRegisterMap"),
  ("read_only_space", 0x0292d): (131, "ScriptContextTableMap"),
  ("read_only_space", 0x02955): (129, "ClosureFeedbackCellArrayMap"),
-  ("read_only_space", 0x0297d): (166, "FeedbackMetadataArrayMap"),
+  ("read_only_space", 0x0297d): (168, "FeedbackMetadataArrayMap"),
  ("read_only_space", 0x029a5): (119, "ArrayListMap"),
  ("read_only_space", 0x029cd): (65, "BigIntMap"),
  ("read_only_space", 0x029f5): (130, "ObjectBoilerplateDescriptionMap"),
  ("read_only_space", 0x02a1d): (133, "BytecodeArrayMap"),
-  ("read_only_space", 0x02a45): (163, "CodeDataContainerMap"),
-  ("read_only_space", 0x02a6d): (164, "CoverageInfoMap"),
+  ("read_only_space", 0x02a45): (165, "CodeDataContainerMap"),
+  ("read_only_space", 0x02a6d): (166, "CoverageInfoMap"),
  ("read_only_space", 0x02a95): (134, "FixedDoubleArrayMap"),
  ("read_only_space", 0x02abd): (122, "GlobalDictionaryMap"),
  ("read_only_space", 0x02ae5): (102, "ManyClosuresCellMap"),
-  ("read_only_space", 0x02b0d): (173, "MegaDomHandlerMap"),
+  ("read_only_space", 0x02b0d): (175, "MegaDomHandlerMap"),
  ("read_only_space", 0x02b35): (119, "ModuleInfoMap"),
  ("read_only_space", 0x02b5d): (123, "NameDictionaryMap"),
  ("read_only_space", 0x02b85): (102, "NoClosuresCellMap"),
@@ -290,8 +290,8 @@ KNOWN_MAPS = {
  ("read_only_space", 0x02bfd): (125, "OrderedHashMapMap"),
  ("read_only_space", 0x02c25): (126, "OrderedHashSetMap"),
  ("read_only_space", 0x02c4d): (127, "OrderedNameDictionaryMap"),
-  ("read_only_space", 0x02c75): (175, "PreparseDataMap"),
-  ("read_only_space", 0x02c9d): (176, "PropertyArrayMap"),
+  ("read_only_space", 0x02c75): (177, "PreparseDataMap"),
+  ("read_only_space", 0x02c9d): (178, "PropertyArrayMap"),
  ("read_only_space", 0x02cc5): (98, "SideEffectCallHandlerInfoMap"),
  ("read_only_space", 0x02ced): (98, "SideEffectFreeCallHandlerInfoMap"),
  ("read_only_space", 0x02d15): (98, "NextCallSideEffectFreeCallHandlerInfoMap"),
@@ -300,7 +300,7 @@ KNOWN_MAPS = {
  ("read_only_space", 0x02d8d): (151, "SmallOrderedHashSetMap"),
  ("read_only_space", 0x02db5): (152, "SmallOrderedNameDictionaryMap"),
  ("read_only_space", 0x02ddd): (155, "SourceTextModuleMap"),
-  ("read_only_space", 0x02e05): (183, "SwissNameDictionaryMap"),
+  ("read_only_space", 0x02e05): (185, "SwissNameDictionaryMap"),
  ("read_only_space", 0x02e2d): (156, "SyntheticModuleMap"),
  ("read_only_space", 0x02e55): (72, "WasmCapiFunctionDataMap"),
  ("read_only_space", 0x02e7d): (73, "WasmExportedFunctionDataMap"),
@@ -308,7 +308,7 @@ KNOWN_MAPS = {
  ("read_only_space", 0x02ecd): (75, "WasmTypeInfoMap"),
  ("read_only_space", 0x02ef5): (186, "WeakArrayListMap"),
  ("read_only_space", 0x02f1d): (121, "EphemeronHashTableMap"),
-  ("read_only_space", 0x02f45): (165, "EmbedderDataArrayMap"),
+  ("read_only_space", 0x02f45): (167, "EmbedderDataArrayMap"),
  ("read_only_space", 0x02f6d): (187, "WeakCellMap"),
  ("read_only_space", 0x02f95): (32, "StringMap"),
  ("read_only_space", 0x02fbd): (41, "ConsOneByteStringMap"),
@@ -368,18 +368,18 @@ KNOWN_MAPS = {
  ("read_only_space", 0x05c01): (153, "DescriptorArrayMap"),
  ("read_only_space", 0x05c29): (158, "UncompiledDataWithoutPreparseDataMap"),
  ("read_only_space", 0x05c51): (157, "UncompiledDataWithPreparseDataMap"),
-  ("read_only_space", 0x05c79): (174, "OnHeapBasicBlockProfilerDataMap"),
-  ("read_only_space", 0x05ca1): (170, "InternalClassMap"),
-  ("read_only_space", 0x05cc9): (181, "SmiPairMap"),
-  ("read_only_space", 0x05cf1): (180, "SmiBoxMap"),
+  ("read_only_space", 0x05c79): (176, "OnHeapBasicBlockProfilerDataMap"),
+  ("read_only_space", 0x05ca1): (172, "InternalClassMap"),
+  ("read_only_space", 0x05cc9): (183, "SmiPairMap"),
+  ("read_only_space", 0x05cf1): (182, "SmiBoxMap"),
  ("read_only_space", 0x05d19): (147, "ExportedSubClassBaseMap"),
  ("read_only_space", 0x05d41): (148, "ExportedSubClassMap"),
  ("read_only_space", 0x05d69): (68, "AbstractInternalClassSubclass1Map"),
  ("read_only_space", 0x05d91): (69, "AbstractInternalClassSubclass2Map"),
  ("read_only_space", 0x05db9): (135, "InternalClassWithSmiElementsMap"),
-  ("read_only_space", 0x05de1): (171, "InternalClassWithStructElementsMap"),
+  ("read_only_space", 0x05de1): (173, "InternalClassWithStructElementsMap"),
  ("read_only_space", 0x05e09): (149, "ExportedSubClass2Map"),
-  ("read_only_space", 0x05e31): (182, "SortStateMap"),
+  ("read_only_space", 0x05e31): (184, "SortStateMap"),
  ("read_only_space", 0x05e59): (90, "AllocationSiteWithWeakNextMap"),
  ("read_only_space", 0x05e81): (90, "AllocationSiteWithoutWeakNextMap"),
  ("read_only_space", 0x05ea9): (81, "LoadHandler1Map"),