[wasm] Do not patch memory references in imported functions.

BUG=v8:5860 R=rossberg@chromium.org Review-Url: https://codereview.chromium.org/2653533003 Cr-Commit-Position: refs/heads/master@{#42622}

[wasm] Do not patch memory references in imported functions.
BUG=v8:5860 R=rossberg@chromium.org Review-Url: https://codereview.chromium.org/2653533003 Cr-Commit-Position: refs/heads/master@{#42622}
e9b22dde · titzer · Commit bot · dd310b43 · e9b22dde · e9b22dde
Commit e9b22dde authored Jan 24, 2017 by titzer Committed by Commit bot Jan 24, 2017
Showing with 58 additions and 20 deletions

wasm-module.cc src/wasm/wasm-module.cc +12 -6

wasm-objects.cc src/wasm/wasm-objects.cc +1 -0

wasm-objects.h src/wasm/wasm-objects.h +15 -14

regress-5860.js test/mjsunit/regress/wasm/regress-5860.js +30 -0

No files found.
--- a/src/wasm/wasm-module.cc
+++ b/src/wasm/wasm-module.cc
@@ -119,9 +119,11 @@ void* TryAllocateBackingStore(Isolate* isolate, size_t size,
 }

 void RelocateMemoryReferencesInCode(Handle<FixedArray> code_table,
+                                    uint32_t num_imported_functions,
                                    Address old_start, Address start,
                                    uint32_t prev_size, uint32_t new_size) {
-  for (int i = 0; i < code_table->length(); ++i) {
+  for (int i = static_cast<int>(num_imported_functions);
+       i < code_table->length(); ++i) {
    DCHECK(code_table->get(i)->IsCode());
    Handle<Code> code = Handle<Code>(Code::cast(code_table->get(i)));
    AllowDeferredHandleDereference embedding_raw_address;
@@ -564,7 +566,8 @@ static void ResetCompiledModule(Isolate* isolate, WasmInstanceObject* owner,
  if (fct_obj != nullptr && fct_obj != undefined &&
      (old_mem_size > 0 || globals_start != nullptr || function_tables)) {
    FixedArray* functions = FixedArray::cast(fct_obj);
-    for (int i = 0; i < functions->length(); ++i) {
+    for (int i = compiled_module->num_imported_functions();
+         i < functions->length(); ++i) {
      Code* code = Code::cast(functions->get(i));
      bool changed = false;
      for (RelocIterator it(code, mode_mask); !it.done(); it.next()) {
@@ -990,6 +993,7 @@ MaybeHandle<WasmCompiledModule> WasmModule::CompileFunctions(
  // serializable. Instantiation may occur off a deserialized version of this
  // object.
  Handle<WasmCompiledModule> ret = WasmCompiledModule::New(isolate, shared);
+  ret->set_num_imported_functions(num_imported_functions);
  ret->set_code_table(code_table);
  ret->set_min_mem_pages(min_mem_pages);
  ret->set_max_mem_pages(max_mem_pages);
@@ -1343,8 +1347,9 @@ class WasmInstanceBuilder {
              ? static_cast<Address>(
                    compiled_module_->memory()->backing_store())
              : nullptr;
-      RelocateMemoryReferencesInCode(code_table, old_mem_start, mem_start,
-                                     old_mem_size, mem_size);
+      RelocateMemoryReferencesInCode(
+          code_table, module_->num_imported_functions, old_mem_start, mem_start,
+          old_mem_size, mem_size);
      compiled_module_->set_memory(memory_);
    }

@@ -2380,8 +2385,9 @@ void UncheckedUpdateInstanceMemory(Isolate* isolate,
  Address new_mem_start = static_cast<Address>(new_buffer->backing_store());
  DCHECK_NOT_NULL(new_mem_start);
  Handle<FixedArray> code_table = instance->compiled_module()->code_table();
-  RelocateMemoryReferencesInCode(code_table, old_mem_start, new_mem_start,
-                                 old_size, new_size);
+  RelocateMemoryReferencesInCode(
+      code_table, instance->compiled_module()->module()->num_imported_functions,
+      old_mem_start, new_mem_start, old_size, new_size);
 }

 int32_t wasm::GrowWebAssemblyMemory(Isolate* isolate,

--- a/src/wasm/wasm-objects.cc
+++ b/src/wasm/wasm-objects.cc
@@ -737,6 +737,7 @@ Handle<WasmCompiledModule> WasmCompiledModule::New(
  Handle<WasmCompiledModule> compiled_module(
      reinterpret_cast<WasmCompiledModule*>(*ret), isolate);
  compiled_module->InitId();
+  compiled_module->set_num_imported_functions(0);
  compiled_module->set_shared(shared);
  compiled_module->set_native_context(isolate->native_context());
  return compiled_module;

--- a/src/wasm/wasm-objects.h
+++ b/src/wasm/wasm-objects.h
@@ -254,20 +254,21 @@ class WasmCompiledModule : public FixedArray {
    return handle(TYPE::cast(weak_##NAME()->value()));                      \
  }

-#define CORE_WCM_PROPERTY_TABLE(MACRO)                \
-  MACRO(WASM_OBJECT, WasmSharedModuleData, shared)    \
-  MACRO(OBJECT, Context, native_context)              \
-  MACRO(OBJECT, FixedArray, code_table)               \
-  MACRO(OBJECT, FixedArray, weak_exported_functions)  \
-  MACRO(OBJECT, FixedArray, function_tables)          \
-  MACRO(OBJECT, FixedArray, signature_tables)         \
-  MACRO(OBJECT, FixedArray, empty_function_tables)    \
-  MACRO(OBJECT, JSArrayBuffer, memory)                \
-  MACRO(SMALL_NUMBER, uint32_t, min_mem_pages)        \
-  MACRO(SMALL_NUMBER, uint32_t, max_mem_pages)        \
-  MACRO(WEAK_LINK, WasmCompiledModule, next_instance) \
-  MACRO(WEAK_LINK, WasmCompiledModule, prev_instance) \
-  MACRO(WEAK_LINK, JSObject, owning_instance)         \
+#define CORE_WCM_PROPERTY_TABLE(MACRO)                  \
+  MACRO(WASM_OBJECT, WasmSharedModuleData, shared)      \
+  MACRO(OBJECT, Context, native_context)                \
+  MACRO(SMALL_NUMBER, uint32_t, num_imported_functions) \
+  MACRO(OBJECT, FixedArray, code_table)                 \
+  MACRO(OBJECT, FixedArray, weak_exported_functions)    \
+  MACRO(OBJECT, FixedArray, function_tables)            \
+  MACRO(OBJECT, FixedArray, signature_tables)           \
+  MACRO(OBJECT, FixedArray, empty_function_tables)      \
+  MACRO(OBJECT, JSArrayBuffer, memory)                  \
+  MACRO(SMALL_NUMBER, uint32_t, min_mem_pages)          \
+  MACRO(SMALL_NUMBER, uint32_t, max_mem_pages)          \
+  MACRO(WEAK_LINK, WasmCompiledModule, next_instance)   \
+  MACRO(WEAK_LINK, WasmCompiledModule, prev_instance)   \
+  MACRO(WEAK_LINK, JSObject, owning_instance)           \
  MACRO(WEAK_LINK, WasmModuleObject, wasm_module)

 #if DEBUG

--- a/test/mjsunit/regress/wasm/regress-5860.js
+++ b/test/mjsunit/regress/wasm/regress-5860.js
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --expose-wasm
+
+load('test/mjsunit/wasm/wasm-constants.js');
+load('test/mjsunit/wasm/wasm-module-builder.js');
+
+let module1 = (() => {
+  let builder = new WasmModuleBuilder();
+  builder.addMemory(1, 1);
+  builder.addFunction('load', kSig_i_i)
+      .addBody([kExprI32Const, 0, kExprI32LoadMem, 0, 0])
+      .exportAs('load');
+  return new WebAssembly.Module(builder.toBuffer());
+})();
+
+let module2 = (() => {
+  let builder = new WasmModuleBuilder();
+  builder.addMemory(1, 1);
+  builder.addImport('A', 'load', kSig_i_i);
+  builder.addExportOfKind('load', kExternalFunction, 0);
+  return new WebAssembly.Module(builder.toBuffer());
+})();
+
+let instance1 = new WebAssembly.Instance(module1);
+let instance2 = new WebAssembly.Instance(module2, {A: instance1.exports});
+
+assertEquals(0, instance2.exports.load());