[wasm] Open CodeSpaceMemoryModificationScope after imports got sanitized

Within SanitizeImports it is possible that JavaScript code gets executed therefore we have to open the CodeSpaceMemoryModificationScope after SanitizeImports. R=clemensh@chromium.org Bug: chromium:788469 Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f Reviewed-on: https://chromium-review.googlesource.com/789936 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49635}

[wasm] Open CodeSpaceMemoryModificationScope after imports got sanitized
Within SanitizeImports it is possible that JavaScript code gets executed therefore we have to open the CodeSpaceMemoryModificationScope after SanitizeImports. R=clemensh@chromium.org Bug: chromium:788469 Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f Reviewed-on: https://chromium-review.googlesource.com/789936 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49635}
e21bac5b · Andreas Haas · Commit Bot · e8151494 · e21bac5b · e21bac5b
Commit e21bac5b authored Nov 27, 2017 by Andreas Haas Committed by Commit Bot Nov 27, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 5 deletions

module-compiler.cc src/wasm/module-compiler.cc +5 -5

ffi.js test/mjsunit/wasm/ffi.js +15 -0

No files found.
--- a/src/wasm/module-compiler.cc
+++ b/src/wasm/module-compiler.cc
@@ -1598,11 +1598,6 @@ InstanceBuilder::InstanceBuilder(

 // Build an instance, in all of its glory.
 MaybeHandle<WasmInstanceObject> InstanceBuilder::Build() {
-  // TODO(6792): No longer needed once WebAssembly code is off heap.
-  // Use base::Optional to be able to close the scope before executing the start
-  // function.
-  base::Optional<CodeSpaceMemoryModificationScope> modification_scope(
-      base::in_place_t(), isolate_->heap());
  // Check that an imports argument was provided, if the module requires it.
  // No point in continuing otherwise.
  if (!module_->import_table.empty() && ffi_.is_null()) {
@@ -1614,6 +1609,11 @@ MaybeHandle<WasmInstanceObject> InstanceBuilder::Build() {
  SanitizeImports();
  if (thrower_->error()) return {};

+  // TODO(6792): No longer needed once WebAssembly code is off heap.
+  // Use base::Optional to be able to close the scope before executing the start
+  // function.
+  base::Optional<CodeSpaceMemoryModificationScope> modification_scope(
+      base::in_place_t(), isolate_->heap());
  // From here on, we expect the build pipeline to run without exiting to JS.
  // Exception is when we run the startup function.
  DisallowJavascriptExecution no_js(isolate_);

--- a/test/mjsunit/wasm/ffi.js
+++ b/test/mjsunit/wasm/ffi.js
@@ -385,3 +385,18 @@ testCallBinopVoid(kWasmF64);
  main();
  assertEquals(0, num_valueOf);
 })();
+
+(function ImportWithCustomGetter() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  builder.addImport("import", "func", kSig_v_v);
+
+  const ffi = {};
+  Object.defineProperty(ffi, 'import', {
+    get: _ => {
+      return {func: () => null };
+    }
+  });
+
+  builder.instantiate(ffi);
+})();