[wasm] Avoid embedding movable references in interpreter entry

Interpreter entries may be called from wasm functions, when debugging. That means that, when moving on the native heap, interpreter entries need to be native, too. That means they cannot reference movable GC objects. The only such reference was to the instance object, which is needed in the WasmRunInterpreter runtime function. We can fetch the instance using GetWasmInstanceOnTop() instead. Bug: v8:6876 Change-Id: I7198a849cc0e441b057537a570a3dfa6f3197149 Reviewed-on: https://chromium-review.googlesource.com/742391 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49019}

[wasm] Avoid embedding movable references in interpreter entry
Interpreter entries may be called from wasm functions, when debugging. That means that, when moving on the native heap, interpreter entries need to be native, too. That means they cannot reference movable GC objects. The only such reference was to the instance object, which is needed in the WasmRunInterpreter runtime function. We can fetch the instance using GetWasmInstanceOnTop() instead. Bug: v8:6876 Change-Id: I7198a849cc0e441b057537a570a3dfa6f3197149 Reviewed-on: https://chromium-review.googlesource.com/742391 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49019}
968f30ec · Mircea Trofin · Commit Bot · 55371ebc · 968f30ec · 968f30ec
Commit 968f30ec authored Oct 30, 2017 by Mircea Trofin Committed by Commit Bot Oct 30, 2017
Showing with 8 additions and 12 deletions

wasm-compiler.cc src/compiler/wasm-compiler.cc +2 -4

wasm-compiler.h src/compiler/wasm-compiler.h +1 -2

runtime-wasm.cc src/runtime/runtime-wasm.cc +4 -5

runtime.h src/runtime/runtime.h +1 -1

No files found.
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@@ -3049,8 +3049,7 @@ void WasmGraphBuilder::BuildWasmToWasmWrapper(Handle<Code> target,
  MergeControlToEnd(jsgraph(), tail_call);
 }

-void WasmGraphBuilder::BuildWasmInterpreterEntry(
-    uint32_t func_index, Handle<WasmInstanceObject> instance) {
+void WasmGraphBuilder::BuildWasmInterpreterEntry(uint32_t func_index) {
  int param_count = static_cast<int>(sig_->parameter_count());

  // Build the start and the parameter nodes.
@@ -3095,7 +3094,6 @@ void WasmGraphBuilder::BuildWasmInterpreterEntry(
  // like a Smi (lowest bit not set). In the runtime function however, don't
  // call Smi::value on it, but just cast it to a byte pointer.
  Node* parameters[] = {
-      jsgraph()->HeapConstant(instance),   // wasm instance
      jsgraph()->SmiConstant(func_index),  // function index
      arg_buffer,                          // argument buffer
  };
@@ -4499,7 +4497,7 @@ Handle<Code> CompileWasmInterpreterEntry(Isolate* isolate, uint32_t func_index,
                           CEntryStub(isolate, 1).GetCode(), sig);
  builder.set_control_ptr(&control);
  builder.set_effect_ptr(&effect);
-  builder.BuildWasmInterpreterEntry(func_index, instance);
+  builder.BuildWasmInterpreterEntry(func_index);

  Handle<Code> code = Handle<Code>::null();
  {

--- a/src/compiler/wasm-compiler.h
+++ b/src/compiler/wasm-compiler.h
@@ -308,8 +308,7 @@ class WasmGraphBuilder {
                            int index);
  void BuildWasmToWasmWrapper(Handle<Code> target,
                              Address new_wasm_context_address);
-  void BuildWasmInterpreterEntry(uint32_t func_index,
-                                 Handle<WasmInstanceObject> instance);
+  void BuildWasmInterpreterEntry(uint32_t func_index);
  void BuildCWasmEntry(Address wasm_context_address);

  Node* ToJS(Node* node, wasm::ValueType type);

--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@@ -30,7 +30,6 @@ WasmInstanceObject* GetWasmInstanceOnStackTop(Isolate* isolate) {
  Address pc =
      Memory::Address_at(entry + StandardFrameConstants::kCallerPCOffset);
  Code* code = isolate->inner_pointer_to_code_cache()->GetCacheEntry(pc)->code;
-  DCHECK_EQ(Code::WASM_FUNCTION, code->kind());
  WasmInstanceObject* owning_instance =
      WasmInstanceObject::GetOwningInstance(code);
  CHECK_NOT_NULL(owning_instance);
@@ -225,11 +224,11 @@ RUNTIME_FUNCTION(Runtime_WasmExceptionSetElement) {
 }

 RUNTIME_FUNCTION(Runtime_WasmRunInterpreter) {
-  DCHECK_EQ(3, args.length());
+  DCHECK_EQ(2, args.length());
  HandleScope scope(isolate);
-  CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0);
-  CONVERT_NUMBER_CHECKED(int32_t, func_index, Int32, args[1]);
-  CONVERT_ARG_HANDLE_CHECKED(Object, arg_buffer_obj, 2);
+  CONVERT_NUMBER_CHECKED(int32_t, func_index, Int32, args[0]);
+  CONVERT_ARG_HANDLE_CHECKED(Object, arg_buffer_obj, 1);
+  Handle<WasmInstanceObject> instance(GetWasmInstanceOnStackTop(isolate));

  // The arg buffer is the raw pointer to the caller's stack. It looks like a
  // Smi (lowest bit not set, as checked by IsSmi), but is no valid Smi. We just

--- a/src/runtime/runtime.h
+++ b/src/runtime/runtime.h
@@ -661,7 +661,7 @@ namespace internal {
  F(WasmGetExceptionRuntimeId, 0, 1) \
  F(WasmExceptionSetElement, 2, 1)   \
  F(WasmExceptionGetElement, 1, 1)   \
-  F(WasmRunInterpreter, 3, 1)        \
+  F(WasmRunInterpreter, 2, 1)        \
  F(WasmStackGuard, 0, 1)            \
  F(WasmCompileLazy, 0, 1)