[wasm][turbofan] Always define an instance node

The runtime function 'WasmIsValidRefValue' can be called from C-API and JS wrappers and needs to be passed an instance. Therefore, we always have to define an instance node, even when it is just undefined. See also https://chromium-review.googlesource.com/c/v8/v8/+/3236719. Bug: v8:11510, chromium:1266080 Change-Id: Ib9712fe3a3880db8656ee4882bec0ae7635cc60f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257708 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77677}
2021-11-03 09:31:51 +00:00 · 2021-11-03 09:31:51 +00:00 · 725654b353
commit 725654b353
parent 548c40ed07
3 changed files with 20 additions and 9 deletions
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@ -518,6 +518,9 @@ void WasmGraphBuilder::Start(unsigned params) {
              Param(Linkage::kJSCallClosureParamIndex, "%closure")));
      break;
    case kWasmApiFunctionRefMode:
+      // We need an instance node anyway, because FromJS() needs to pass it to
+      // the  WasmIsValidRefValue runtime function.
+      instance_node_ = UndefinedValue();
      break;
  }
  graph()->SetEnd(graph()->NewNode(mcgraph()->common()->End(0)));
@ -648,10 +651,7 @@ Node* WasmGraphBuilder::NoContextConstant() {
  return mcgraph()->IntPtrConstant(0);
 }

-Node* WasmGraphBuilder::GetInstance() {
-  DCHECK_NE(parameter_mode_, kWasmApiFunctionRefMode);
-  return instance_node_.get();
-}
+Node* WasmGraphBuilder::GetInstance() { return instance_node_.get(); }

 Node* WasmGraphBuilder::BuildLoadIsolateRoot() {
  switch (parameter_mode_) {
@ -676,6 +676,10 @@ Node* WasmGraphBuilder::Int64Constant(int64_t value) {
  return mcgraph()->Int64Constant(value);
 }

+Node* WasmGraphBuilder::UndefinedValue() {
+  return LOAD_ROOT(UndefinedValue, undefined_value);
+}
+
 void WasmGraphBuilder::StackCheck(wasm::WasmCodePosition position) {
  DCHECK_NOT_NULL(env_);  // Wrappers don't get stack checks.
  if (!FLAG_wasm_stack_checks || !env_->runtime_exception_support) {
@ -6207,8 +6211,6 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
               : gasm_->GetBuiltinPointerTarget(builtin);
  }

-  Node* UndefinedValue() { return LOAD_ROOT(UndefinedValue, undefined_value); }
-
  Node* BuildChangeInt32ToNumber(Node* value) {
    // We expect most integers at runtime to be Smis, so it is important for
    // wrapper performance that Smi conversion be inlined.
@ -6486,6 +6488,8 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
                               wasm::ValueType type) {
    // Make sure ValueType fits in a Smi.
    STATIC_ASSERT(wasm::ValueType::kLastUsedBit + 1 <= kSmiValueSize);
+    // The instance node is always defined: if an instance is not available, it
+    // is the undefined value.
    Node* inputs[] = {GetInstance(), input,
                      mcgraph()->IntPtrConstant(
                          IntToSmi(static_cast<int>(type.raw_bit_field())))};
--- a/src/compiler/wasm-compiler.h
+++ b/src/compiler/wasm-compiler.h
@ -548,6 +548,7 @@ class WasmGraphBuilder {

  Node* GetInstance();
  Node* BuildLoadIsolateRoot();
+  Node* UndefinedValue();

  // MemBuffer is only called with valid offsets (after bounds checking), so the
  // offset fits in a platform-dependent uintptr_t.
--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@ -100,17 +100,23 @@ RUNTIME_FUNCTION(Runtime_WasmIsValidRefValue) {
                 !trap_handler::IsThreadInWasm());
  HandleScope scope(isolate);
  DCHECK_EQ(3, args.length());
-  CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0)
+  // 'raw_instance' can be either a WasmInstanceObject or undefined.
+  CONVERT_ARG_HANDLE_CHECKED(Object, raw_instance, 0)
  CONVERT_ARG_HANDLE_CHECKED(Object, value, 1);
  // Make sure ValueType fits properly in a Smi.
  STATIC_ASSERT(wasm::ValueType::kLastUsedBit + 1 <= kSmiValueSize);
  CONVERT_SMI_ARG_CHECKED(raw_type, 2);

+  const wasm::WasmModule* module =
+      raw_instance->IsWasmInstanceObject()
+          ? Handle<WasmInstanceObject>::cast(raw_instance)->module()
+          : nullptr;
+
  wasm::ValueType type = wasm::ValueType::FromRawBitField(raw_type);
  const char* error_message;

-  bool result = internal::wasm::TypecheckJSObject(isolate, instance->module(),
-                                                  value, type, &error_message);
+  bool result = internal::wasm::TypecheckJSObject(isolate, module, value, type,
+                                                  &error_message);
  return Smi::FromInt(result);
 }