[wasm] Fix cloned deserialization of JS-to-WASM wrappers.

This fixes a corner-case where deserialization of a module containing multiple exported functions of the same signature forgot to properly unprotect the code-space. Test coverage has been added. R=clemensh@chromium.org TEST=mjsunit/wasm/compiled-module-serialization BUG=chromium:804767 Change-Id: I0082303db19bcc14c4de30f29d604665e281d79d Reviewed-on: https://chromium-review.googlesource.com/880844Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50799}

[wasm] Fix cloned deserialization of JS-to-WASM wrappers.
This fixes a corner-case where deserialization of a module containing multiple exported functions of the same signature forgot to properly unprotect the code-space. Test coverage has been added. R=clemensh@chromium.org TEST=mjsunit/wasm/compiled-module-serialization BUG=chromium:804767 Change-Id: I0082303db19bcc14c4de30f29d604665e281d79d Reviewed-on: https://chromium-review.googlesource.com/880844Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50799}
7900db4f · Michael Starzinger · Commit Bot · 66ce6153 · 7900db4f · 7900db4f
Commit 7900db4f authored Jan 23, 2018 by Michael Starzinger Committed by Commit Bot Jan 23, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 0 deletions

wasm-serialization.cc src/wasm/wasm-serialization.cc +4 -0

compiled-module-serialization.js test/mjsunit/wasm/compiled-module-serialization.js +20 -0

No files found.
--- a/src/wasm/wasm-serialization.cc
+++ b/src/wasm/wasm-serialization.cc
@@ -741,6 +741,10 @@ MaybeHandle<WasmCompiledModule> DeserializeNativeModule(
                                        compiled_module->GetNativeModule());
  if (!deserializer.Read(data)) return {};

+  // TODO(6792): Wrappers below might be cloned using {Factory::CopyCode}. This
+  // requires unlocking the code space here. This should be moved into the
+  // allocator eventually.
+  CodeSpaceMemoryModificationScope modification_scope(isolate->heap());
  CompileJsToWasmWrappers(isolate, compiled_module, isolate->counters());
  WasmCompiledModule::ReinitializeAfterDeserialization(isolate,
                                                       compiled_module);

--- a/test/mjsunit/wasm/compiled-module-serialization.js
+++ b/test/mjsunit/wasm/compiled-module-serialization.js
@@ -98,6 +98,26 @@ load("test/mjsunit/wasm/wasm-module-builder.js");
  assertEquals(clone.constructor, compiled_module.constructor);
 })();

+(function SerializeWrappersWithSameSignature() {
+  let builder = new WasmModuleBuilder();
+  builder.addFunction("main", kSig_i_v)
+    .addBody([kExprI32Const, 42])
+    .exportFunc();
+  builder.addFunction("main_same_signature", kSig_i_v)
+    .addBody([kExprI32Const, 23])
+    .exportFunc();
+
+  var wire_bytes = builder.toBuffer();
+  var compiled_module = new WebAssembly.Module(wire_bytes);
+  var serialized = %SerializeWasmModule(compiled_module);
+  var clone = %DeserializeWasmModule(serialized, wire_bytes);
+
+  assertNotNull(clone);
+  assertFalse(clone == undefined);
+  assertFalse(clone == compiled_module);
+  assertEquals(clone.constructor, compiled_module.constructor);
+})();
+
 (function SerializeAfterInstantiation() {
  let builder = new WasmModuleBuilder();
  builder.addFunction("main", kSig_i_v)