[wasm] Change the signature interpretation for generic wrapper

Use a Foreign pointer for the signature in the generic JS-to-Wasm wrapper.

Bug: v8:10701
Change-Id: I30d5894e8b8a48c258b7a6e003813c8403c1075e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369178Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69580}

src/builtins/x64/builtins-x64.cc

@@ -3271,20 +3271,36 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
       MemOperand(function_data,
                  WasmExportedFunctionData::kInstanceOffset - kHeapObjectTag));
 
-  // Int signature_type gives the number of int32 params (can be only 0 or 1).
-  Register signature_type = r9;
-  __ SmiUntagField(
-      signature_type,
-      MemOperand(function_data, WasmExportedFunctionData::kSignatureTypeOffset -
-                                    kHeapObjectTag));
+  // Get the signature for the parameter count.
+  Register foreign_signature = r9;
+
+  __ LoadAnyTaggedField(
+      foreign_signature,
+      MemOperand(function_data,
+                 WasmExportedFunctionData::kSignatureOffset - kHeapObjectTag));
+  Register signature = r9;
+  __ movq(signature,
+          MemOperand(foreign_signature, wasm::ObjectAccess::ToTagged(
+                                            Foreign::kForeignAddressOffset)));
+  foreign_signature = no_reg;
+
+  Register param_count = r9;
+  __ movq(param_count,
+          MemOperand(signature, wasm::FunctionSig::kParameterCountOffset));
+  signature = no_reg;
 
-  __ cmpl(signature_type, Immediate(0));
+  __ cmpl(param_count, Immediate(0));
 
   // In 0 param case jump through parameter handling.
   Label params_done;
   __ j(equal, &params_done);
 
-  // Param handling.
+  // 1 Param handling.
+  // Make sure we have exactly one argument in order to be able to load the
+  // argument using static offsets below.
+  __ cmpl(kJavaScriptCallArgCountRegister, Immediate(1));
+  __ Check(equal, AbortReason::kInvalidNumberOfJsArgs);
+
   Register param = rax;
 #ifdef V8_REVERSE_JSARGS
   const int firstParamOffset = kFPOnStackSize + kPCOnStackSize +
@@ -3331,12 +3347,12 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
   jump_table_offset = no_reg;
   jump_table_start = no_reg;
 
-  __ pushq(signature_type);
+  __ pushq(param_count);
 
   __ call(function_entry);
   function_entry = no_reg;
 
-  __ popq(signature_type);
+  __ popq(param_count);
 
   // Unset thread_in_wasm_flag.
   thread_in_wasm_flag_addr = r8;
@@ -3351,7 +3367,7 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
   // Deconstrunct the stack frame.
   __ LeaveFrame(StackFrame::JS_TO_WASM);
 
-  __ cmpl(signature_type, Immediate(0));
+  __ cmpl(param_count, Immediate(0));
 
   Label ret_0_param;
   __ j(equal, &ret_0_param);
@@ -3366,7 +3382,7 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
 
   // The order of pushes is important. We want the heap objects, that should be
   // scanned by GC, to be on the top of the stack.
-  __ pushq(signature_type);
+  __ pushq(param_count);
   __ pushq(wasm_instance);
   __ pushq(function_data);
   __ LoadAnyTaggedField(
@@ -3380,7 +3396,7 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
 
   __ popq(function_data);
   __ popq(wasm_instance);
-  __ popq(signature_type);
+  __ popq(param_count);
 
   __ jmp(&params_done);
 }

src/codegen/bailout-reason.h

@@ -30,6 +30,7 @@ namespace internal {
   V(kInvalidJumpTableIndex, "Invalid jump table index")                       \
   V(kInvalidParametersAndRegistersInGenerator,                                \
     "invalid parameters and registers in generator")                          \
+  V(kInvalidNumberOfJsArgs, "Invalid number of JS arguments")                 \
   V(kMissingBytecodeArray, "Missing bytecode array from function")            \
   V(kObjectNotTagged, "The object is not tagged")                             \
   V(kObjectTagged, "The object is tagged")                                    \

src/codegen/signature.h

@@ -21,7 +21,12 @@ class Signature : public ZoneObject {
                       const T* reps)
       : return_count_(return_count),
         parameter_count_(parameter_count),
-        reps_(reps) {}
+        reps_(reps) {
+    DCHECK_EQ(kReturnCountOffset, offsetof(Signature, return_count_));
+    DCHECK_EQ(kParameterCountOffset, offsetof(Signature, parameter_count_));
+    DCHECK_EQ(kRepsOffset, offsetof(Signature, reps_));
+    STATIC_ASSERT(std::is_standard_layout<Signature<T>>::value);
+  }
 
   size_t return_count() const { return return_count_; }
   size_t parameter_count() const { return parameter_count_; }
@@ -99,6 +104,11 @@ class Signature : public ZoneObject {
     T* buffer_;
   };
 
+  static constexpr size_t kReturnCountOffset = 0;
+  static constexpr size_t kParameterCountOffset =
+      kReturnCountOffset + kSizetSize;
+  static constexpr size_t kRepsOffset = kParameterCountOffset + kSizetSize;
+
  protected:
   size_t return_count_;
   size_t parameter_count_;

src/wasm/wasm-objects-inl.h

@@ -330,7 +330,7 @@ ACCESSORS(WasmExportedFunctionData, c_wrapper_code, Object, kCWrapperCodeOffset)
 ACCESSORS(WasmExportedFunctionData, wasm_call_target, Object,
           kWasmCallTargetOffset)
 SMI_ACCESSORS(WasmExportedFunctionData, packed_args_size, kPackedArgsSizeOffset)
-SMI_ACCESSORS(WasmExportedFunctionData, signature_type, kSignatureTypeOffset)
+ACCESSORS(WasmExportedFunctionData, signature, Foreign, kSignatureOffset)
 
 // WasmJSFunction
 WasmJSFunction::WasmJSFunction(Address ptr) : JSFunction(ptr) {

src/wasm/wasm-objects.cc

@@ -1814,6 +1814,9 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
     DCHECK_GE(kMaxInt, jump_table_diff);
     jump_table_offset = static_cast<int>(jump_table_diff);
   }
+  const wasm::FunctionSig* sig = instance->module()->functions[func_index].sig;
+  Handle<Foreign> sig_foreign =
+      isolate->factory()->NewForeign(reinterpret_cast<Address>(sig));
   Handle<WasmExportedFunctionData> function_data =
       Handle<WasmExportedFunctionData>::cast(isolate->factory()->NewStruct(
           WASM_EXPORTED_FUNCTION_DATA_TYPE, AllocationType::kOld));
@@ -1824,9 +1827,7 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
   function_data->set_c_wrapper_code(Smi::zero(), SKIP_WRITE_BARRIER);
   function_data->set_wasm_call_target(Smi::zero(), SKIP_WRITE_BARRIER);
   function_data->set_packed_args_size(0);
-  const wasm::FunctionSig* sig = instance->module()->functions[func_index].sig;
-  sig->parameters().empty() ? function_data->set_signature_type(0)
-                            : function_data->set_signature_type(1);
+  function_data->set_signature(*sig_foreign);
 
   MaybeHandle<String> maybe_name;
   bool is_asm_js_module = instance->module_object().is_asm_js();

src/wasm/wasm-objects.h

@@ -768,7 +768,7 @@ class WasmExportedFunctionData : public Struct {
   DECL_ACCESSORS(c_wrapper_code, Object)
   DECL_ACCESSORS(wasm_call_target, Object)
   DECL_INT_ACCESSORS(packed_args_size)
-  DECL_INT_ACCESSORS(signature_type)
+  DECL_ACCESSORS(signature, Foreign)
 
   DECL_CAST(WasmExportedFunctionData)
 

src/wasm/wasm-objects.tq

@@ -14,7 +14,7 @@ extern class WasmExportedFunctionData extends Struct {
   c_wrapper_code: Object;
   wasm_call_target: Smi|Foreign;
   packed_args_size: Smi;
-  signature_type: Smi;
+  signature: Foreign;
 }
 
 extern class WasmJSFunctionData extends Struct {