[wasm] Support max memory size in WasmModuleBuilder.

This adds support to specify the maximum memory size when building a
WebAssembly module. Default is not maximum, one can be explicitly set.
It is mainly used by the WebAssembly fuzzers to prevent OOMs.

R=ahaas@chromium.org
BUG=chromium:759973

Change-Id: Ibf5fa63a7e36e5f3b65ced528c73a65355d5632f
Reviewed-on: https://chromium-review.googlesource.com/640386Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47676}

src/wasm/wasm-module-builder.cc

@@ -224,7 +224,9 @@ WasmModuleBuilder::WasmModuleBuilder(Zone* zone)
       globals_(zone),
       signature_map_(zone),
       start_function_index_(-1),
-      min_memory_size_(16) {}
+      min_memory_size_(16),
+      max_memory_size_(0),
+      has_max_memory_size_(false) {}
 
 WasmFunctionBuilder* WasmModuleBuilder::AddFunction(FunctionSig* sig) {
   functions_.push_back(new (zone_) WasmFunctionBuilder(this));
@@ -318,6 +320,11 @@ void WasmModuleBuilder::SetMinMemorySize(uint32_t value) {
   min_memory_size_ = value;
 }
 
+void WasmModuleBuilder::SetMaxMemorySize(uint32_t value) {
+  has_max_memory_size_ = true;
+  max_memory_size_ = value;
+}
+
 void WasmModuleBuilder::WriteTo(ZoneBuffer& buffer) const {
   // == Emit magic =============================================================
   buffer.write_u32(kWasmMagic);
@@ -388,9 +395,13 @@ void WasmModuleBuilder::WriteTo(ZoneBuffer& buffer) const {
   // == emit memory declaration ================================================
   {
     size_t start = EmitSection(kMemorySectionCode, buffer);
-    buffer.write_u8(1);                   // memory count
-    buffer.write_u8(kNoMaximumFlag);      // no max provided
-    buffer.write_u32v(min_memory_size_);  // min memory size
+    buffer.write_u8(1);  // memory count
+    buffer.write_u8(has_max_memory_size_ ? kResizableMaximumFlag
+                                         : kNoMaximumFlag);
+    buffer.write_u32v(min_memory_size_);
+    if (has_max_memory_size_) {
+      buffer.write_u32v(max_memory_size_);
+    }
     FixupSection(buffer, start);
   }
 

src/wasm/wasm-module-builder.h

@@ -235,6 +235,7 @@ class V8_EXPORT_PRIVATE WasmModuleBuilder : public ZoneObject {
   void MarkStartFunction(WasmFunctionBuilder* builder);
   void AddExport(Vector<const char> name, WasmFunctionBuilder* builder);
   void SetMinMemorySize(uint32_t value);
+  void SetMaxMemorySize(uint32_t value);
 
   // Writing methods.
   void WriteTo(ZoneBuffer& buffer) const;
@@ -292,6 +293,8 @@ class V8_EXPORT_PRIVATE WasmModuleBuilder : public ZoneObject {
   SignatureMap signature_map_;
   int start_function_index_;
   uint32_t min_memory_size_;
+  uint32_t max_memory_size_;
+  bool has_max_memory_size_;
 };
 
 inline FunctionSig* WasmFunctionBuilder::signature() {

test/fuzzer/wasm-call.cc

@@ -125,6 +125,7 @@ class WasmCallFuzzer : public WasmExecutionFuzzer {
       }
     }
 
+    builder.SetMaxMemorySize(32);
     builder.WriteTo(buffer);
 
     if (!ok) {

test/fuzzer/wasm-code.cc

@@ -42,6 +42,7 @@ class WasmCodeFuzzer : public WasmExecutionFuzzer {
     f->EmitCode(&end_opcode, 1);
     builder.AddExport(CStrVector("main"), f);
 
+    builder.SetMaxMemorySize(32);
     builder.WriteTo(buffer);
     num_args = 3;
     interpreter_args.reset(

test/fuzzer/wasm-compile.cc

@@ -329,6 +329,7 @@ class WasmCompileFuzzer : public WasmExecutionFuzzer {
     f->EmitCode(&end_opcode, 1);
     builder.AddExport(v8::internal::CStrVector("main"), f);
 
+    builder.SetMaxMemorySize(32);
     builder.WriteTo(buffer);
 
     num_args = 3;