deps: V8: backport d89d185f

Original commit message:

    [fastcall] expose wasm memory to cfunction

    Load current Memory start/size off of the wasm instance when entering
    fast calls, so they can use that info for whatever they need to do.
    Fast calls from JS set the memory to null, and the memory does not
    need to be piped from wasm to slow callbacks as wasm always calls
    the fast function.

    Change-Id: Ibfa33cdd7dba85300f95cbdacc9a56b3f7181663
    Bug: chromium:1052746
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719005
    Reviewed-by: Maya Lekova <[email protected]>
    Commit-Queue: snek <[email protected]>
    Reviewed-by: Manos Koukoutos <[email protected]>
    Reviewed-by: Toon Verwaest <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#81538}

Author: devsnek

common.gypi

@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.9',
+    'v8_embedder_string': '-node.10',
 
     ##### V8 defaults for Node.js #####
 

deps/v8/include/v8-fast-api-calls.h

@@ -544,7 +544,7 @@ struct FastApiCallbackOptions {
    * returned instance may be filled with mock data.
    */
   static FastApiCallbackOptions CreateForTesting(Isolate* isolate) {
-    return {false, {0}};
+    return {false, {0}, nullptr};
   }
 
   /**
@@ -568,6 +568,11 @@ struct FastApiCallbackOptions {
     uintptr_t data_ptr;
     v8::Value data;
   };
+
+  /**
+   * When called from WebAssembly, a view of the calling module's memory.
+   */
+  FastApiTypedArray<uint8_t>* const wasm_memory;
 };
 
 namespace internal {

deps/v8/src/compiler/effect-control-linearizer.cc

@@ -5171,6 +5171,15 @@ Node* EffectControlLinearizer::LowerFastApiCall(Node* node) {
                 CheckForMinusZeroMode::kCheckForMinusZero);
         }
       },
+      // Initialize js-specific callback options.
+      [this](Node* options_stack_slot) {
+        __ Store(
+            StoreRepresentation(MachineType::PointerRepresentation(),
+                                kNoWriteBarrier),
+            options_stack_slot,
+            static_cast<int>(offsetof(v8::FastApiCallbackOptions, wasm_memory)),
+            __ IntPtrConstant(0));
+      },
       // Generate slow fallback if fast call fails
       [this, node]() -> Node* { return GenerateSlowApiCall(node); });
 }

deps/v8/src/compiler/fast-api-calls.cc

@@ -125,12 +125,14 @@ class FastApiCallBuilder {
                      GraphAssembler* graph_assembler,
                      const GetParameter& get_parameter,
                      const ConvertReturnValue& convert_return_value,
+                     const InitializeOptions& initialize_options,
                      const GenerateSlowApiCall& generate_slow_api_call)
       : isolate_(isolate),
         graph_(graph),
         graph_assembler_(graph_assembler),
         get_parameter_(get_parameter),
         convert_return_value_(convert_return_value),
+        initialize_options_(initialize_options),
         generate_slow_api_call_(generate_slow_api_call) {}
 
   Node* Build(const FastApiCallFunctionVector& c_functions,
@@ -150,6 +152,7 @@ class FastApiCallBuilder {
   GraphAssembler* graph_assembler_;
   const GetParameter& get_parameter_;
   const ConvertReturnValue& convert_return_value_;
+  const InitializeOptions& initialize_options_;
   const GenerateSlowApiCall& generate_slow_api_call_;
 };
 
@@ -291,12 +294,12 @@ Node* FastApiCallBuilder::Build(const FastApiCallFunctionVector& c_functions,
 
   Node* stack_slot = nullptr;
   if (c_signature->HasOptions()) {
-    int kAlign = alignof(v8::FastApiCallbackOptions);
-    int kSize = sizeof(v8::FastApiCallbackOptions);
+    const int kAlign = alignof(v8::FastApiCallbackOptions);
+    const int kSize = sizeof(v8::FastApiCallbackOptions);
     // If this check fails, you've probably added new fields to
     // v8::FastApiCallbackOptions, which means you'll need to write code
     // that initializes and reads from them too.
-    CHECK_EQ(kSize, sizeof(uintptr_t) * 2);
+    static_assert(kSize == sizeof(uintptr_t) * 3);
     stack_slot = __ StackSlot(kSize, kAlign);
 
     __ Store(
@@ -310,6 +313,8 @@ Node* FastApiCallBuilder::Build(const FastApiCallFunctionVector& c_functions,
              static_cast<int>(offsetof(v8::FastApiCallbackOptions, data)),
              data_argument);
 
+    initialize_options_(stack_slot);
+
     builder.AddParam(MachineType::Pointer());  // stack_slot
   }
 
@@ -366,9 +371,11 @@ Node* BuildFastApiCall(Isolate* isolate, Graph* graph,
                        const CFunctionInfo* c_signature, Node* data_argument,
                        const GetParameter& get_parameter,
                        const ConvertReturnValue& convert_return_value,
+                       const InitializeOptions& initialize_options,
                        const GenerateSlowApiCall& generate_slow_api_call) {
   FastApiCallBuilder builder(isolate, graph, graph_assembler, get_parameter,
-                             convert_return_value, generate_slow_api_call);
+                             convert_return_value, initialize_options,
+                             generate_slow_api_call);
   return builder.Build(c_functions, c_signature, data_argument);
 }
 

deps/v8/src/compiler/fast-api-calls.h

@@ -49,6 +49,7 @@ bool CanOptimizeFastSignature(const CFunctionInfo* c_signature);
 using GetParameter = std::function<Node*(int, OverloadsResolutionResult&,
                                          GraphAssemblerLabel<0>*)>;
 using ConvertReturnValue = std::function<Node*(const CFunctionInfo*, Node*)>;
+using InitializeOptions = std::function<void(Node*)>;
 using GenerateSlowApiCall = std::function<Node*()>;
 
 Node* BuildFastApiCall(Isolate* isolate, Graph* graph,
@@ -57,6 +58,7 @@ Node* BuildFastApiCall(Isolate* isolate, Graph* graph,
                        const CFunctionInfo* c_signature, Node* data_argument,
                        const GetParameter& get_parameter,
                        const ConvertReturnValue& convert_return_value,
+                       const InitializeOptions& initialize_options,
                        const GenerateSlowApiCall& generate_slow_api_call);
 
 }  // namespace fast_api_call

deps/v8/src/compiler/wasm-compiler.cc

@@ -560,9 +560,9 @@ void WasmGraphBuilder::Start(unsigned params) {
               Param(Linkage::kJSCallClosureParamIndex, "%closure")));
       break;
     case kWasmApiFunctionRefMode:
-      // We need an instance node anyway, because FromJS() needs to pass it to
-      // the  WasmIsValidRefValue runtime function.
-      instance_node_ = UndefinedValue();
+      instance_node_ = gasm_->Load(
+          MachineType::TaggedPointer(), Param(0),
+          wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kInstanceOffset));
       break;
   }
   graph()->SetEnd(graph()->NewNode(mcgraph()->common()->End(0)));
@@ -7454,6 +7454,38 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
         [](const CFunctionInfo* signature, Node* c_return_value) {
           return c_return_value;
         },
+        // Initialize wasm-specific callback options fields
+        [this](Node* options_stack_slot) {
+#ifdef V8_SANDBOXED_POINTERS
+          Node* mem_start = LOAD_INSTANCE_FIELD_NO_ELIMINATION(
+              MemoryStart, MachineType::SandboxedPointer());
+#else
+          Node* mem_start = LOAD_INSTANCE_FIELD_NO_ELIMINATION(
+              MemoryStart, MachineType::UintPtr());
+#endif
+
+          Node* mem_size = LOAD_INSTANCE_FIELD_NO_ELIMINATION(
+              MemorySize, MachineType::UintPtr());
+
+          constexpr int kSize = sizeof(FastApiTypedArray<uint8_t>);
+          constexpr int kAlign = alignof(FastApiTypedArray<uint8_t>);
+
+          Node* stack_slot = gasm_->StackSlot(kSize, kAlign);
+
+          gasm_->Store(StoreRepresentation(MachineType::PointerRepresentation(),
+                                           kNoWriteBarrier),
+                       stack_slot, 0, mem_size);
+          gasm_->Store(StoreRepresentation(MachineType::PointerRepresentation(),
+                                           kNoWriteBarrier),
+                       stack_slot, sizeof(size_t), mem_start);
+
+          gasm_->Store(StoreRepresentation(MachineType::PointerRepresentation(),
+                                           kNoWriteBarrier),
+                       options_stack_slot,
+                       static_cast<int>(
+                           offsetof(v8::FastApiCallbackOptions, wasm_memory)),
+                       stack_slot);
+        },
         // Generate fallback slow call if fast call fails
         [this, callable_node, native_context, receiver_node]() -> Node* {
           int wasm_count = static_cast<int>(sig_->parameter_count());

deps/v8/src/d8/d8-test.cc

@@ -186,6 +186,8 @@ class FastCApiObject {
     CHECK_SELF_OR_FALLBACK(0);
     self->fast_call_count_++;
 
+    CHECK_NULL(options.wasm_memory);
+
     if (should_fallback) {
       options.fallback = true;
       return 0;
@@ -598,6 +600,30 @@ class FastCApiObject {
     args.GetReturnValue().Set(Boolean::New(isolate, result));
   }
 
+  static bool TestWasmMemoryFastCallback(Local<Object> receiver,
+                                         uint32_t address,
+                                         FastApiCallbackOptions& options) {
+    FastCApiObject* self = UnwrapObject(receiver);
+    CHECK_SELF_OR_FALLBACK(false);
+    self->fast_call_count_++;
+
+    CHECK_NOT_NULL(options.wasm_memory);
+    uint8_t* memory = nullptr;
+    CHECK(options.wasm_memory->getStorageIfAligned(&memory));
+    memory[address] = 42;
+
+    return true;
+  }
+
+  static void TestWasmMemorySlowCallback(
+      const FunctionCallbackInfo<Value>& args) {
+    FastCApiObject* self = UnwrapObject(args.This());
+    CHECK_SELF_OR_THROW();
+    self->slow_call_count_++;
+
+    args.GetIsolate()->ThrowError("should be unreachable from wasm");
+  }
+
   static void FastCallCount(const FunctionCallbackInfo<Value>& args) {
     FastCApiObject* self = UnwrapObject(args.This());
     CHECK_SELF_OR_THROW();
@@ -856,6 +882,15 @@ Local<FunctionTemplate> Shell::CreateTestFastCApiTemplate(Isolate* isolate) {
             Local<Value>(), signature, 1, ConstructorBehavior::kThrow,
             SideEffectType::kHasSideEffect, &is_valid_api_object_c_func));
 
+    CFunction test_wasm_memory_c_func =
+        CFunction::Make(FastCApiObject::TestWasmMemoryFastCallback);
+    api_obj_ctor->PrototypeTemplate()->Set(
+        isolate, "test_wasm_memory",
+        FunctionTemplate::New(
+            isolate, FastCApiObject::TestWasmMemorySlowCallback, Local<Value>(),
+            Local<Signature>(), 1, ConstructorBehavior::kThrow,
+            SideEffectType::kHasSideEffect, &test_wasm_memory_c_func));
+
     api_obj_ctor->PrototypeTemplate()->Set(
         isolate, "fast_call_count",
         FunctionTemplate::New(

deps/v8/src/heap/factory.cc

@@ -1521,7 +1521,8 @@ Handle<WasmTypeInfo> Factory::NewWasmTypeInfo(
 }
 
 Handle<WasmApiFunctionRef> Factory::NewWasmApiFunctionRef(
-    Handle<JSReceiver> callable, Handle<HeapObject> suspender) {
+    Handle<JSReceiver> callable, Handle<HeapObject> suspender,
+    Handle<WasmInstanceObject> instance) {
   Map map = *wasm_api_function_ref_map();
   auto result = WasmApiFunctionRef::cast(AllocateRawWithImmortalMap(
       map.instance_size(), AllocationType::kOld, map));
@@ -1538,6 +1539,11 @@ Handle<WasmApiFunctionRef> Factory::NewWasmApiFunctionRef(
   } else {
     result.set_suspender(*undefined_value());
   }
+  if (!instance.is_null()) {
+    result.set_instance(*instance);
+  } else {
+    result.set_instance(*undefined_value());
+  }
   return handle(result, isolate());
 }
 
@@ -1560,7 +1566,8 @@ Handle<WasmJSFunctionData> Factory::NewWasmJSFunctionData(
     Address opt_call_target, Handle<JSReceiver> callable, int return_count,
     int parameter_count, Handle<PodArray<wasm::ValueType>> serialized_sig,
     Handle<CodeT> wrapper_code, Handle<Map> rtt, Handle<HeapObject> suspender) {
-  Handle<WasmApiFunctionRef> ref = NewWasmApiFunctionRef(callable, suspender);
+  Handle<WasmApiFunctionRef> ref = NewWasmApiFunctionRef(
+      callable, suspender, Handle<WasmInstanceObject>());
   Handle<WasmInternalFunction> internal =
       NewWasmInternalFunction(opt_call_target, ref, rtt);
   Map map = *wasm_js_function_data_map();
@@ -1621,8 +1628,8 @@ Handle<WasmCapiFunctionData> Factory::NewWasmCapiFunctionData(
     Address call_target, Handle<Foreign> embedder_data,
     Handle<CodeT> wrapper_code, Handle<Map> rtt,
     Handle<PodArray<wasm::ValueType>> serialized_sig) {
-  Handle<WasmApiFunctionRef> ref =
-      NewWasmApiFunctionRef(Handle<JSReceiver>(), Handle<HeapObject>());
+  Handle<WasmApiFunctionRef> ref = NewWasmApiFunctionRef(
+      Handle<JSReceiver>(), Handle<HeapObject>(), Handle<WasmInstanceObject>());
   Handle<WasmInternalFunction> internal =
       NewWasmInternalFunction(call_target, ref, rtt);
   Map map = *wasm_capi_function_data_map();

deps/v8/src/heap/factory.h

@@ -609,7 +609,8 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
       Address call_target, Handle<Object> ref, int func_index,
       Address sig_address, int wrapper_budget, Handle<Map> rtt);
   Handle<WasmApiFunctionRef> NewWasmApiFunctionRef(
-      Handle<JSReceiver> callable, Handle<HeapObject> suspender);
+      Handle<JSReceiver> callable, Handle<HeapObject> suspender,
+      Handle<WasmInstanceObject> instance);
   // {opt_call_target} is kNullAddress for JavaScript functions, and
   // non-null for exported Wasm functions.
   Handle<WasmJSFunctionData> NewWasmJSFunctionData(

deps/v8/src/wasm/wasm-objects.cc

@@ -1101,7 +1101,7 @@ void ImportedFunctionEntry::SetWasmToJs(
   DCHECK(wasm_to_js_wrapper->kind() == wasm::WasmCode::kWasmToJsWrapper ||
          wasm_to_js_wrapper->kind() == wasm::WasmCode::kWasmToCapiWrapper);
   Handle<WasmApiFunctionRef> ref =
-      isolate->factory()->NewWasmApiFunctionRef(callable, suspender);
+      isolate->factory()->NewWasmApiFunctionRef(callable, suspender, instance_);
   instance_->imported_function_refs().set(index_, *ref);
   instance_->imported_function_targets()[index_] =
       wasm_to_js_wrapper->instruction_start();
@@ -1502,7 +1502,7 @@ void WasmInstanceObject::ImportWasmJSFunctionIntoTable(
   // Update the dispatch table.
   Handle<HeapObject> suspender = handle(js_function->GetSuspender(), isolate);
   Handle<WasmApiFunctionRef> ref =
-      isolate->factory()->NewWasmApiFunctionRef(callable, suspender);
+      isolate->factory()->NewWasmApiFunctionRef(callable, suspender, instance);
   WasmIndirectFunctionTable::cast(
       instance->indirect_function_tables().get(table_index))
       .Set(entry_index, sig_id, call_target, *ref);