From 1a81a3920e58ae44b27daba2f9483264505b457d Mon Sep 17 00:00:00 2001
From: Clemens Hammacher <clemensh@chromium.org>
Date: Tue, 12 Mar 2019 16:43:37 +0100
Subject: [PATCH] [wasm] Sync wasm-module-builder.js back to spec version

In particular, remove {toUint8Array} method and make {toBuffer} return
a {Uint8Array} view to the buffer like before
https://crrev.com/c/1508352. Also, the returned view does not need to be
another copy of the bytes, it can really just be a view.

As a follow-up, this requires the test-only DeserializeWasmModule
runtime method to receive the wire bytes as Uint8Array, and also
requires the {IsWasmCompileAllowed} callback to handle
{ArrayBufferView} (like chromium's version already does).

R=ahaas@chromium.org

Change-Id: I87296cdbac14b74e7c8b38a372aa3df572ca6ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518172
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60195}
---
 src/runtime/runtime-test.cc                   | 23 +++++++++++++------
 .../wasm/compiled-module-serialization.js     |  5 ++--
 test/mjsunit/wasm/wasm-module-builder.js      | 10 +++-----
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/runtime/runtime-test.cc b/src/runtime/runtime-test.cc
index 265eb97347..09432556aa 100644
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@@ -58,6 +58,9 @@ bool IsWasmCompileAllowed(v8::Isolate* isolate, v8::Local<v8::Value> value,
   return (is_async && ctrls.AllowAnySizeForAsync) ||
          (value->IsArrayBuffer() &&
           v8::Local<v8::ArrayBuffer>::Cast(value)->ByteLength() <=
+              ctrls.MaxWasmBufferSize) ||
+         (value->IsArrayBufferView() &&
+          v8::Local<v8::ArrayBufferView>::Cast(value)->ByteLength() <=
               ctrls.MaxWasmBufferSize);
 }
 
@@ -1063,17 +1066,23 @@ RUNTIME_FUNCTION(Runtime_DeserializeWasmModule) {
   HandleScope scope(isolate);
   DCHECK_EQ(2, args.length());
   CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, buffer, 0);
-  CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, wire_bytes, 1);
+  CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, wire_bytes, 1);
+  CHECK(!buffer->was_detached());
+  CHECK(!wire_bytes->WasDetached());
+
+  Handle<JSArrayBuffer> wire_bytes_buffer = wire_bytes->GetBuffer();
+  Vector<const uint8_t> wire_bytes_vec{
+      reinterpret_cast<const uint8_t*>(wire_bytes_buffer->backing_store()) +
+          wire_bytes->byte_offset(),
+      wire_bytes->byte_length()};
+  Vector<uint8_t> buffer_vec{
+      reinterpret_cast<uint8_t*>(buffer->backing_store()),
+      buffer->byte_length()};
 
   // Note that {wasm::DeserializeNativeModule} will allocate. We assume the
   // JSArrayBuffer backing store doesn't get relocated.
   MaybeHandle<WasmModuleObject> maybe_module_object =
-      wasm::DeserializeNativeModule(
-          isolate,
-          {reinterpret_cast<uint8_t*>(buffer->backing_store()),
-           buffer->byte_length()},
-          {reinterpret_cast<uint8_t*>(wire_bytes->backing_store()),
-           wire_bytes->byte_length()});
+      wasm::DeserializeNativeModule(isolate, buffer_vec, wire_bytes_vec);
   Handle<WasmModuleObject> module_object;
   if (!maybe_module_object.ToHandle(&module_object)) {
     return ReadOnlyRoots(isolate).undefined_value();
diff --git a/test/mjsunit/wasm/compiled-module-serialization.js b/test/mjsunit/wasm/compiled-module-serialization.js
index 9c28a7746d..ae73e0dd87 100644
--- a/test/mjsunit/wasm/compiled-module-serialization.js
+++ b/test/mjsunit/wasm/compiled-module-serialization.js
@@ -76,9 +76,10 @@ load("test/mjsunit/wasm/wasm-module-builder.js");
 
 (function DeserializeInvalidObject() {
   print(arguments.callee.name);
-  var invalid_buffer = new ArrayBuffer(10);
+  const invalid_buffer = new ArrayBuffer(10);
+  const invalid_buffer_view = new Uint8Array(10);
 
-  module = %DeserializeWasmModule(invalid_buffer, invalid_buffer);
+  module = %DeserializeWasmModule(invalid_buffer, invalid_buffer_view);
   assertEquals(module, undefined);
 })();
 
diff --git a/test/mjsunit/wasm/wasm-module-builder.js b/test/mjsunit/wasm/wasm-module-builder.js
index a34b2bc2f2..afcee98a51 100644
--- a/test/mjsunit/wasm/wasm-module-builder.js
+++ b/test/mjsunit/wasm/wasm-module-builder.js
@@ -508,7 +508,7 @@ class Binary {
   }
 
   trunc_buffer() {
-    return this.buffer = this.buffer.slice(0, this.length);
+    return new Uint8Array(this.buffer.buffer, 0, this.length);
   }
 
   reset() {
@@ -911,7 +911,7 @@ class WasmModuleBuilder {
     return this;
   }
 
-  toUint8Array(debug = false) {
+  toBuffer(debug = false) {
     let binary = new Binary;
     let wasm = this;
 
@@ -1287,12 +1287,8 @@ class WasmModuleBuilder {
     return binary.trunc_buffer();
   }
 
-  toBuffer(debug = false) {
-    return this.toUint8Array(debug).buffer;
-  }
-
   toArray(debug = false) {
-    return Array.from(this.toUint8Array(debug));
+    return Array.from(this.toBuffer(debug));
   }
 
   instantiate(ffi) {