[wasm] Fix cloned deserialization of JS-to-WASM wrappers.

This fixes a corner-case where deserialization of a module containing multiple exported functions of the same signature forgot to properly unprotect the code-space. Test coverage has been added. R=clemensh@chromium.org TEST=mjsunit/wasm/compiled-module-serialization BUG=chromium:804767 Change-Id: I0082303db19bcc14c4de30f29d604665e281d79d Reviewed-on: https://chromium-review.googlesource.com/880844 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50799}
2018-01-23 11:54:18 +01:00 · 2018-01-23 11:54:18 +01:00 · 7900db4f9a
commit 7900db4f9a
parent 66ce6153df
2 changed files with 24 additions and 0 deletions
--- a/src/wasm/wasm-serialization.cc
+++ b/src/wasm/wasm-serialization.cc
@ -741,6 +741,10 @@ MaybeHandle<WasmCompiledModule> DeserializeNativeModule(
                                        compiled_module->GetNativeModule());
  if (!deserializer.Read(data)) return {};

+  // TODO(6792): Wrappers below might be cloned using {Factory::CopyCode}. This
+  // requires unlocking the code space here. This should be moved into the
+  // allocator eventually.
+  CodeSpaceMemoryModificationScope modification_scope(isolate->heap());
  CompileJsToWasmWrappers(isolate, compiled_module, isolate->counters());
  WasmCompiledModule::ReinitializeAfterDeserialization(isolate,
                                                       compiled_module);
--- a/test/mjsunit/wasm/compiled-module-serialization.js
+++ b/test/mjsunit/wasm/compiled-module-serialization.js
@ -98,6 +98,26 @@ load("test/mjsunit/wasm/wasm-module-builder.js");
  assertEquals(clone.constructor, compiled_module.constructor);
 })();

+(function SerializeWrappersWithSameSignature() {
+  let builder = new WasmModuleBuilder();
+  builder.addFunction("main", kSig_i_v)
+    .addBody([kExprI32Const, 42])
+    .exportFunc();
+  builder.addFunction("main_same_signature", kSig_i_v)
+    .addBody([kExprI32Const, 23])
+    .exportFunc();
+
+  var wire_bytes = builder.toBuffer();
+  var compiled_module = new WebAssembly.Module(wire_bytes);
+  var serialized = %SerializeWasmModule(compiled_module);
+  var clone = %DeserializeWasmModule(serialized, wire_bytes);
+
+  assertNotNull(clone);
+  assertFalse(clone == undefined);
+  assertFalse(clone == compiled_module);
+  assertEquals(clone.constructor, compiled_module.constructor);
+})();
+
 (function SerializeAfterInstantiation() {
  let builder = new WasmModuleBuilder();
  builder.addFunction("main", kSig_i_v)