[wasm] Change the constant kV8MaxWasmTableSize to a command line flag.

Similar to the maximum memory size this limit caused problems for
the fuzzer due to oom issues. With the command line flag we can limit
the maximum table size for the fuzzer.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2648223004
Cr-Commit-Position: refs/heads/master@{#42623}

src/flag-definitions.h

@@ -503,7 +503,10 @@ DEFINE_BOOL(wasm_disable_structured_cloning, false,
             "disable WASM structured cloning")
 DEFINE_INT(wasm_num_compilation_tasks, 10,
            "number of parallel compilation tasks for wasm")
-DEFINE_UINT(wasm_max_mem_pages, 16384, "maximum memory size of a wasm instance")
+DEFINE_UINT(wasm_max_mem_pages, v8::internal::wasm::kV8MaxWasmMemoryPages,
+            "maximum memory size of a wasm instance")
+DEFINE_UINT(wasm_max_table_size, v8::internal::wasm::kV8MaxWasmTableSize,
+            "maximum table size of a wasm instance")
 DEFINE_BOOL(trace_wasm_encoder, false, "trace encoding of wasm code")
 DEFINE_BOOL(trace_wasm_decoder, false, "trace decoding of wasm code")
 DEFINE_BOOL(trace_wasm_decode_time, false, "trace decoding time of wasm code")

src/flags.cc

@@ -15,6 +15,7 @@
 #include "src/list-inl.h"
 #include "src/ostreams.h"
 #include "src/utils.h"
+#include "src/wasm/wasm-limits.h"
 
 namespace v8 {
 namespace internal {

src/wasm/module-decoder.cc

@@ -313,8 +313,8 @@ class ModuleDecoder : public Decoder {
             expect_u8("element type", kWasmAnyFunctionTypeForm);
             WasmIndirectFunctionTable* table = &module->function_tables.back();
             consume_resizable_limits("element count", "elements",
-                                     kV8MaxWasmTableSize, &table->min_size,
-                                     &table->has_max, kV8MaxWasmTableSize,
+                                     FLAG_wasm_max_table_size, &table->min_size,
+                                     &table->has_max, FLAG_wasm_max_table_size,
                                      &table->max_size);
             break;
           }
@@ -381,9 +381,10 @@ class ModuleDecoder : public Decoder {
                                            false, false, SignatureMap()});
         WasmIndirectFunctionTable* table = &module->function_tables.back();
         expect_u8("table type", kWasmAnyFunctionTypeForm);
-        consume_resizable_limits(
-            "table elements", "elements", kV8MaxWasmTableSize, &table->min_size,
-            &table->has_max, kV8MaxWasmTableSize, &table->max_size);
+        consume_resizable_limits("table elements", "elements",
+                                 FLAG_wasm_max_table_size, &table->min_size,
+                                 &table->has_max, FLAG_wasm_max_table_size,
+                                 &table->max_size);
       }
       section_iter.advance();
     }
@@ -526,7 +527,7 @@ class ModuleDecoder : public Decoder {
     // ===== Elements section ================================================
     if (section_iter.section_code() == kElementSectionCode) {
       uint32_t element_count =
-          consume_count("element count", kV8MaxWasmTableSize);
+          consume_count("element count", FLAG_wasm_max_table_size);
       for (uint32_t i = 0; ok() && i < element_count; ++i) {
         const byte* pos = pc();
         uint32_t table_index = consume_u32v("table index");

src/wasm/wasm-js.cc

@@ -460,7 +460,7 @@ void WebAssemblyTable(const v8::FunctionCallbackInfo<v8::Value>& args) {
   int initial = 0;
   if (!GetIntegerProperty(isolate, &thrower, context, descriptor,
                           v8_str(isolate, "initial"), &initial, 0,
-                          i::wasm::kV8MaxWasmTableSize)) {
+                          i::FLAG_wasm_max_table_size)) {
     return;
   }
   // The descriptor's 'maximum'.
@@ -567,8 +567,8 @@ void WebAssemblyTableGrow(const v8::FunctionCallbackInfo<v8::Value>& args) {
 
   int64_t max_size64 = receiver->maximum_length();
   if (max_size64 < 0 ||
-      max_size64 > static_cast<int64_t>(i::wasm::kV8MaxWasmTableSize)) {
-    max_size64 = i::wasm::kV8MaxWasmTableSize;
+      max_size64 > static_cast<int64_t>(i::FLAG_wasm_max_table_size)) {
+    max_size64 = i::FLAG_wasm_max_table_size;
   }
 
   if (new_size64 < old_size || new_size64 > max_size64) {

src/wasm/wasm-limits.h

@@ -17,8 +17,8 @@ const size_t kV8MaxWasmImports = 100000;
 const size_t kV8MaxWasmExports = 100000;
 const size_t kV8MaxWasmGlobals = 1000000;
 const size_t kV8MaxWasmDataSegments = 100000;
-// kV8MaxWasmMemoryPages is defined by FLAG_wasm_max_mem_pages
-// const size_t kV8MaxWasmMemoryPages = 16384;  // = 1 GiB
+// Don't use this limit directly, but use the value of FLAG_wasm_max_mem_pages.
+const size_t kV8MaxWasmMemoryPages = 16384;  // = 1 GiB
 const size_t kV8MaxWasmStringSize = 100000;
 const size_t kV8MaxWasmModuleSize = 1024 * 1024 * 1024;  // = 1 GiB
 const size_t kV8MaxWasmFunctionSize = 128 * 1024;
@@ -26,6 +26,7 @@ const size_t kV8MaxWasmFunctionLocals = 50000;
 const size_t kV8MaxWasmFunctionParams = 1000;
 const size_t kV8MaxWasmFunctionMultiReturns = 1000;
 const size_t kV8MaxWasmFunctionReturns = 1;
+// Don't use this limit directly, but use the value of FLAG_wasm_max_table_size.
 const size_t kV8MaxWasmTableSize = 10000000;
 const size_t kV8MaxWasmTableEntries = 10000000;
 const size_t kV8MaxWasmTables = 1;

src/wasm/wasm-module.cc

@@ -1989,7 +1989,7 @@ class WasmInstanceBuilder {
               module_->function_tables[exp.index];
           if (table_instance.table_object.is_null()) {
             uint32_t maximum =
-                table.has_max ? table.max_size : kV8MaxWasmTableSize;
+                table.has_max ? table.max_size : FLAG_wasm_max_table_size;
             table_instance.table_object = WasmTableObject::New(
                 isolate_, table.min_size, maximum, &table_instance.js_wrappers);
           }

test/fuzzer/wasm-asmjs.cc

@@ -17,8 +17,10 @@
 #include "test/fuzzer/fuzzer-support.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  unsigned int flag_value = v8::internal::FLAG_wasm_max_mem_pages;
+  unsigned int max_mem_flag_value = v8::internal::FLAG_wasm_max_mem_pages;
+  unsigned int max_table_flag_value = v8::internal::FLAG_wasm_max_table_size;
   v8::internal::FLAG_wasm_max_mem_pages = 32;
+  v8::internal::FLAG_wasm_max_table_size = 100;
   v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
   v8::Isolate* isolate = support->GetIsolate();
   v8::internal::Isolate* i_isolate =
@@ -37,6 +39,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   v8::internal::wasm::testing::CompileAndRunWasmModule(
       i_isolate, data, data + size,
       v8::internal::wasm::ModuleOrigin::kAsmJsOrigin);
-  v8::internal::FLAG_wasm_max_mem_pages = flag_value;
+  v8::internal::FLAG_wasm_max_mem_pages = max_mem_flag_value;
+  v8::internal::FLAG_wasm_max_table_size = max_table_flag_value;
   return 0;
 }

test/fuzzer/wasm.cc

@@ -17,8 +17,10 @@
 #include "test/fuzzer/fuzzer-support.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  unsigned int flag_value = v8::internal::FLAG_wasm_max_mem_pages;
+  unsigned int max_mem_flag_value = v8::internal::FLAG_wasm_max_mem_pages;
+  unsigned int max_table_flag_value = v8::internal::FLAG_wasm_max_table_size;
   v8::internal::FLAG_wasm_max_mem_pages = 32;
+  v8::internal::FLAG_wasm_max_table_size = 100;
   v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
   v8::Isolate* isolate = support->GetIsolate();
   v8::internal::Isolate* i_isolate =
@@ -36,6 +38,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   v8::internal::wasm::testing::SetupIsolateForWasmModule(i_isolate);
   v8::internal::wasm::testing::CompileAndRunWasmModule(
       i_isolate, data, data + size, v8::internal::wasm::kWasmOrigin);
-  v8::internal::FLAG_wasm_max_mem_pages = flag_value;
+  v8::internal::FLAG_wasm_max_mem_pages = max_mem_flag_value;
+  v8::internal::FLAG_wasm_max_table_size = max_table_flag_value;
   return 0;
 }