[wasm][asm.js] Allow asm.js->wasm codegen in unsafe-eval situations.

A recent change to disallow wasm compilation in contexts where CSP unsafe-eval would disallow eval also ended up banning asm.js there: https://codereview.chromium.org/2646713002 This ends up banning non-evaled asm.js even in some places it should be allowed. NOTE: Although asm.js code converted to wasm generates an intermediate wasm module. asm.js code evaled in a disallowed context can't even get that far (as it's stoped at the eval site). BUG=683867 R=mtrofin@chromium.org,titzer@chromium.org,adamk@chromium.org Review-Url: https://codereview.chromium.org/2656463004 Cr-Commit-Position: refs/heads/master@{#42616}
2017-01-23 21:00:35 -08:00 · 2017-01-23 21:00:35 -08:00 · e53f6469d9
commit e53f6469d9
parent 23442ed450
4 changed files with 38 additions and 1 deletions
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@ -699,6 +699,21 @@ RUNTIME_FUNCTION(Runtime_IsAsmWasmCode) {
  return isolate->heap()->true_value();
 }

+namespace {
+bool DisallowCodegenFromStringsCallback(v8::Local<v8::Context> context) {
+  return false;
+}
+}
+
+RUNTIME_FUNCTION(Runtime_DisallowCodegenFromStrings) {
+  SealHandleScope shs(isolate);
+  DCHECK_EQ(0, args.length());
+  v8::Isolate* v8_isolate = reinterpret_cast<v8::Isolate*>(isolate);
+  v8_isolate->SetAllowCodeGenerationFromStringsCallback(
+      DisallowCodegenFromStringsCallback);
+  return isolate->heap()->undefined_value();
+}
+
 RUNTIME_FUNCTION(Runtime_IsWasmCode) {
  SealHandleScope shs(isolate);
  DCHECK_EQ(1, args.length());
--- a/src/runtime/runtime.h
+++ b/src/runtime/runtime.h
@ -912,6 +912,7 @@ namespace internal {
  F(DeserializeWasmModule, 2, 1)              \
  F(IsAsmWasmCode, 1, 1)                      \
  F(IsWasmCode, 1, 1)                         \
+  F(DisallowCodegenFromStrings, 0, 1)         \
  F(ValidateWasmInstancesChain, 2, 1)         \
  F(ValidateWasmModuleState, 1, 1)            \
  F(ValidateWasmOrphanedInstance, 1, 1)       \
--- a/src/wasm/wasm-module.cc
+++ b/src/wasm/wasm-module.cc
@ -2237,7 +2237,8 @@ MaybeHandle<WasmModuleObject> wasm::CreateModuleObjectFromBytes(
    Vector<const byte> asm_js_offset_table_bytes) {
  MaybeHandle<WasmModuleObject> nothing;

-  if (!IsWasmCodegenAllowed(isolate, isolate->native_context())) {
+  if (origin != kAsmJsOrigin &&
+      !IsWasmCodegenAllowed(isolate, isolate->native_context())) {
    thrower->CompileError("Wasm code generation disallowed in this context");
    return nothing;
  }
--- a/test/mjsunit/wasm/asm-with-wasm-off.js
+++ b/test/mjsunit/wasm/asm-with-wasm-off.js
@ -0,0 +1,20 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --validate-asm --allow-natives-syntax
+
+// NOTE: This is in it's own file because it calls %DisallowCodegenFromStrings,
+// which messes with the isolate's state.
+(function testAsmWithWasmOff() {
+  % DisallowCodegenFromStrings();
+  function Module() {
+    'use asm';
+    function foo() {
+      return 0;
+    }
+    return {foo: foo};
+  }
+  Module();
+  assertTrue(% IsAsmWasmCode(Module));
+})();