Bug 1276028 - Baldr: address review comments (r=bbouvier)

--HG--
extra : rebase_source : 974c969fb580b41396aa25e78f379efac96487d8

js/src/asmjs/AsmJS.cpp

@@ -7965,7 +7965,7 @@ static Module&
 AsmJSModuleFunctionToModule(JSFunction* fun)
 {
     MOZ_ASSERT(IsAsmJSModule(fun));
-    const Value& v = fun->getExtendedSlot(FunctionExtended::WASM_MODULE_SLOT);
+    const Value& v = fun->getExtendedSlot(FunctionExtended::ASMJS_MODULE_SLOT);
     return v.toObject().as<WasmModuleObject>().module();
 }
 
@@ -8005,7 +8005,7 @@ NewAsmJSModuleFunction(ExclusiveContext* cx, JSFunction* origFun, HandleObject m
     if (!moduleFun)
         return nullptr;
 
-    moduleFun->setExtendedSlot(FunctionExtended::WASM_MODULE_SLOT, ObjectValue(*moduleObj));
+    moduleFun->setExtendedSlot(FunctionExtended::ASMJS_MODULE_SLOT, ObjectValue(*moduleObj));
 
     MOZ_ASSERT(IsAsmJSModule(moduleFun));
     return moduleFun;

js/src/asmjs/WasmFrameIterator.cpp

@@ -812,10 +812,11 @@ wasm::ToggleProfiling(const Instance& instance, const CodeRange& codeRange, bool
     if (!codeRange.isFunction())
         return;
 
-    uint8_t* profilingEntry     = instance.codeSegment().code() + codeRange.funcProfilingEntry();
-    uint8_t* tableProfilingJump = instance.codeSegment().code() + codeRange.funcTableProfilingJump();
-    uint8_t* profilingJump      = instance.codeSegment().code() + codeRange.funcProfilingJump();
-    uint8_t* profilingEpilogue  = instance.codeSegment().code() + codeRange.funcProfilingEpilogue();
+    uint8_t* code = instance.codeSegment().code();
+    uint8_t* profilingEntry     = code + codeRange.funcProfilingEntry();
+    uint8_t* tableProfilingJump = code + codeRange.funcTableProfilingJump();
+    uint8_t* profilingJump      = code + codeRange.funcProfilingJump();
+    uint8_t* profilingEpilogue  = code + codeRange.funcProfilingEpilogue();
 
     if (enabled) {
         MacroAssembler::patchNopToNearJump(tableProfilingJump, profilingEntry);

js/src/asmjs/WasmGenerator.cpp

@@ -18,6 +18,7 @@
 
 #include "asmjs/WasmGenerator.h"
 
+#include "mozilla/CheckedInt.h"
 #include "mozilla/EnumeratedRange.h"
 
 #include "asmjs/WasmBaselineCompile.h"
@@ -30,6 +31,7 @@ using namespace js;
 using namespace js::jit;
 using namespace js::wasm;
 
+using mozilla::CheckedInt;
 using mozilla::MakeEnumeratedRange;
 
 // ****************************************************************************
@@ -543,14 +545,19 @@ ModuleGenerator::addImport(const Sig& sig, uint32_t globalDataOffset)
 bool
 ModuleGenerator::allocateGlobalBytes(uint32_t bytes, uint32_t align, uint32_t* globalDataOffset)
 {
-    uint32_t pad = ComputeByteAlignment(linkData_.globalDataLength, align);
-    if (UINT32_MAX - linkData_.globalDataLength < pad + bytes)
+    CheckedInt<uint32_t> newGlobalDataLength(linkData_.globalDataLength);
+
+    newGlobalDataLength += ComputeByteAlignment(newGlobalDataLength.value(), align);
+    if (!newGlobalDataLength.isValid())
         return false;
 
-    linkData_.globalDataLength += pad;
-    *globalDataOffset = linkData_.globalDataLength;
-    linkData_.globalDataLength += bytes;
+    *globalDataOffset = newGlobalDataLength.value();
+    newGlobalDataLength += bytes;
 
+    if (!newGlobalDataLength.isValid())
+        return false;
+
+    linkData_.globalDataLength = newGlobalDataLength.value();
     return true;
 }
 

js/src/asmjs/WasmInstance.cpp

@@ -376,15 +376,15 @@ NewExportedFunction(JSContext* cx, Handle<WasmInstanceObject*> instanceObj, uint
     if (!fun)
         return nullptr;
 
-    fun->setExtendedSlot(FunctionExtended::WASM_MODULE_SLOT, ObjectValue(*instanceObj));
+    fun->setExtendedSlot(FunctionExtended::WASM_INSTANCE_SLOT, ObjectValue(*instanceObj));
     fun->setExtendedSlot(FunctionExtended::WASM_EXPORT_INDEX_SLOT, Int32Value(exportIndex));
     return fun;
 }
 
 static bool
 CreateExportObject(JSContext* cx,
-                   Handle<WasmInstanceObject*> instanceObj,
-                   Handle<ArrayBufferObjectMaybeShared*> heap,
+                   HandleWasmInstanceObject instanceObj,
+                   HandleArrayBufferObjectMaybeShared heap,
                    const ExportMap& exportMap,
                    const ExportVector& exports,
                    MutableHandleObject exportObj)
@@ -887,7 +887,7 @@ Instance&
 wasm::ExportedFunctionToInstance(JSFunction* fun)
 {
     MOZ_ASSERT(IsExportedFunction(fun));
-    const Value& v = fun->getExtendedSlot(FunctionExtended::WASM_MODULE_SLOT);
+    const Value& v = fun->getExtendedSlot(FunctionExtended::WASM_INSTANCE_SLOT);
     return v.toObject().as<WasmInstanceObject>().instance();
 }
 

js/src/asmjs/WasmJS.cpp

@@ -121,7 +121,7 @@ const ClassOps WasmModuleObject::classOps_ =
 const Class WasmModuleObject::class_ =
 {
     "WasmModuleObject",
-    JSCLASS_IS_ANONYMOUS | JSCLASS_DELAY_METADATA_BUILDER |
+    JSCLASS_DELAY_METADATA_BUILDER |
     JSCLASS_HAS_RESERVED_SLOTS(WasmModuleObject::RESERVED_SLOTS),
     &WasmModuleObject::classOps_,
 };
@@ -136,7 +136,7 @@ WasmModuleObject::finalize(FreeOp* fop, JSObject* obj)
 WasmModuleObject::create(ExclusiveContext* cx, UniqueModule module)
 {
     AutoSetNewObjectMetadata metadata(cx);
-    auto obj = NewObjectWithGivenProto<WasmModuleObject>(cx, nullptr);
+    auto* obj = NewObjectWithGivenProto<WasmModuleObject>(cx, nullptr);
     if (!obj)
         return nullptr;
 
@@ -170,7 +170,7 @@ const ClassOps WasmInstanceObject::classOps_ =
 const Class WasmInstanceObject::class_ =
 {
     "WasmInstanceObject",
-    JSCLASS_IS_ANONYMOUS | JSCLASS_DELAY_METADATA_BUILDER |
+    JSCLASS_DELAY_METADATA_BUILDER |
     JSCLASS_HAS_RESERVED_SLOTS(WasmInstanceObject::RESERVED_SLOTS),
     &WasmInstanceObject::classOps_,
 };

js/src/asmjs/WasmModule.cpp

@@ -314,8 +314,8 @@ Module::addSizeOfMisc(MallocSizeOf mallocSizeOf,
 bool
 Module::instantiate(JSContext* cx,
                     Handle<FunctionVector> funcImports,
-                    Handle<ArrayBufferObjectMaybeShared*> heap,
-                    MutableHandle<WasmInstanceObject*> instanceObj) const
+                    HandleArrayBufferObjectMaybeShared heap,
+                    MutableHandleWasmInstanceObject instanceObj) const
 {
     MOZ_ASSERT(funcImports.length() == metadata_->imports.length());
 

js/src/asmjs/WasmModule.h

@@ -139,7 +139,7 @@ struct ExportMap
 // operations: instantiation and serialization. A Module can be instantiated any
 // number of times to produce new Instance objects. A Module can be serialized
 // any number of times such that the serialized bytes can be deserialized later
-// to produce and new, equivalent Module.
+// to produce a new, equivalent Module.
 //
 // Since fully linked-and-instantiated code (represented by CodeSegment) cannot
 // be shared between instances, Module stores an unlinked, uninstantiated copy

js/src/jsfun.h

@@ -704,10 +704,10 @@ class FunctionExtended : public JSFunction
     static const unsigned METHOD_HOMEOBJECT_SLOT = 0;
 
     /*
-     * All asm.js/wasm functions store their compiled module (either
-     * WasmModuleObject or AsmJSModuleObject) in the first extended slot.
+     * Exported asm.js/wasm functions store their WasmInstanceObject in the
+     * first slot.
      */
-    static const unsigned WASM_MODULE_SLOT = 0;
+    static const unsigned WASM_INSTANCE_SLOT = 0;
 
     /*
      * wasm/asm.js exported functions store the index of the export in the
@@ -715,6 +715,12 @@ class FunctionExtended : public JSFunction
      */
     static const unsigned WASM_EXPORT_INDEX_SLOT = 1;
 
+    /*
+     * asm.js module functions store their WasmModuleObject in the first slot.
+     */
+    static const unsigned ASMJS_MODULE_SLOT = 0;
+
+
     static inline size_t offsetOfExtendedSlot(unsigned which) {
         MOZ_ASSERT(which < NUM_EXTENDED_SLOTS);
         return offsetof(FunctionExtended, extendedSlots) + which * sizeof(GCPtrValue);