1 files changed, 43 insertions, 22 deletions

diff --git a/deps/v8/test/cctest/wasm/test-run-wasm-module.cc b/deps/v8/test/cctest/wasm/test-run-wasm-module.cc
index b023afb0b6..fac0e09f66 100644
--- a/deps/v8/test/cctest/wasm/test-run-wasm-module.cc
+++ b/deps/v8/test/cctest/wasm/test-run-wasm-module.cc
@@ -9,7 +9,6 @@
 #include "src/snapshot/code-serializer.h"
 #include "src/version.h"
 #include "src/wasm/module-decoder.h"
-#include "src/wasm/wasm-macro-gen.h"
 #include "src/wasm/wasm-module-builder.h"
 #include "src/wasm/wasm-module.h"
 #include "src/wasm/wasm-objects.h"
@@ -17,6 +16,7 @@
 
 #include "test/cctest/cctest.h"
 #include "test/common/wasm/test-signatures.h"
+#include "test/common/wasm/wasm-macro-gen.h"
 #include "test/common/wasm/wasm-module-runner.h"
 
 using namespace v8::base;
@@ -62,7 +62,9 @@ void TestModuleException(Zone* zone, WasmModuleBuilder* builder) {
   isolate->clear_pending_exception();
 }
 
-void ExportAsMain(WasmFunctionBuilder* f) { f->ExportAs(CStrVector("main")); }
+void ExportAsMain(WasmFunctionBuilder* f) {
+  f->builder()->AddExport(CStrVector("main"), f);
+}
 
 #define EMIT_CODE_WITH_END(f, code)  \
   do {                               \
@@ -226,7 +228,7 @@ class WasmSerializationTest {
     WasmFunctionBuilder* f = builder->AddFunction(sigs.i_i());
     byte code[] = {WASM_GET_LOCAL(0), kExprI32Const, 1, kExprI32Add};
     EMIT_CODE_WITH_END(f, code);
-    f->ExportAs(CStrVector(kFunctionName));
+    builder->AddExport(CStrVector(kFunctionName), f);
 
     builder->WriteTo(*buffer);
   }
@@ -1098,39 +1100,38 @@ TEST(Run_WasmModule_Buffer_Externalized_GrowMem) {
             ModuleOrigin::kWasmOrigin);
     CHECK(!instance.is_null());
     Handle<JSArrayBuffer> memory(instance->memory_buffer(), isolate);
+    void* const old_allocation_base = memory->allocation_base();
+    size_t const old_allocation_length = memory->allocation_length();
 
     // Fake the Embedder flow by creating a memory object, externalize and grow.
     Handle<WasmMemoryObject> mem_obj =
         WasmMemoryObject::New(isolate, memory, 100);
 
-    // TODO(eholk): Skipping calls to externalize when guard pages are enabled
-    // for now. This will have to be dealt with when turning on guard pages as
-    // currently gin assumes that it can take ownership of the ArrayBuffer.
-    // Potential for crashes as this might lead to externalizing an already
-    // externalized buffer.
-    if (!memory->has_guard_region()) v8::Utils::ToLocal(memory)->Externalize();
-    void* backing_store = memory->backing_store();
-    uint64_t byte_length = NumberToSize(memory->byte_length());
+    v8::Utils::ToLocal(memory)->Externalize();
+
     uint32_t result = WasmMemoryObject::Grow(isolate, mem_obj, 4);
-    wasm::DetachWebAssemblyMemoryBuffer(isolate, memory, true);
+    const bool free_memory = true;
+    wasm::DetachWebAssemblyMemoryBuffer(isolate, memory, free_memory);
     CHECK_EQ(16, result);
-    if (!memory->has_guard_region()) {
-      isolate->array_buffer_allocator()->Free(backing_store, byte_length);
-    }
     memory = handle(mem_obj->buffer());
-    byte_length = NumberToSize(memory->byte_length());
     instance->set_memory_buffer(*memory);
     // Externalize should make no difference without the JS API as in this case
     // the buffer is not detached.
-    if (!memory->has_guard_region()) v8::Utils::ToLocal(memory)->Externalize();
+    v8::Utils::ToLocal(memory)->Externalize();
     result = testing::RunWasmModuleForTesting(isolate, instance, 0, nullptr,
                                               ModuleOrigin::kWasmOrigin);
     CHECK_EQ(kExpectedValue, result);
     // Free the buffer as the tracker does not know about it.
-    if (!memory->has_guard_region()) {
-      isolate->array_buffer_allocator()->Free(
-          memory->backing_store(), NumberToSize(memory->byte_length()));
-    }
+    const v8::ArrayBuffer::Allocator::AllocationMode allocation_mode =
+        memory->allocation_mode();
+    CHECK_NOT_NULL(memory->allocation_base());
+    isolate->array_buffer_allocator()->Free(memory->allocation_base(),
+                                            memory->allocation_length(),
+                                            allocation_mode);
+    isolate->array_buffer_allocator()->Free(
+        old_allocation_base, old_allocation_length, allocation_mode);
+    memory->set_allocation_base(nullptr);
+    memory->set_allocation_length(0);
   }
   Cleanup();
 }
@@ -1142,7 +1143,8 @@ TEST(Run_WasmModule_Buffer_Externalized_GrowMemMemSize) {
     void* backing_store =
         isolate->array_buffer_allocator()->Allocate(16 * WasmModule::kPageSize);
     Handle<JSArrayBuffer> buffer = wasm::SetupArrayBuffer(
-        isolate, backing_store, 16 * WasmModule::kPageSize, false, false);
+        isolate, backing_store, 16 * WasmModule::kPageSize, backing_store,
+        16 * WasmModule::kPageSize, false, false);
     Handle<WasmMemoryObject> mem_obj =
         WasmMemoryObject::New(isolate, buffer, 100);
     v8::Utils::ToLocal(buffer)->Externalize();
@@ -1155,3 +1157,22 @@ TEST(Run_WasmModule_Buffer_Externalized_GrowMemMemSize) {
   }
   Cleanup();
 }
+
+TEST(Run_WasmModule_Buffer_Externalized_Detach) {
+  {
+    // Regression test for
+    // https://bugs.chromium.org/p/chromium/issues/detail?id=731046
+    Isolate* isolate = CcTest::InitIsolateOnce();
+    HandleScope scope(isolate);
+    void* backing_store =
+        isolate->array_buffer_allocator()->Allocate(16 * WasmModule::kPageSize);
+    Handle<JSArrayBuffer> buffer = wasm::SetupArrayBuffer(
+        isolate, backing_store, 16 * WasmModule::kPageSize, backing_store,
+        16 * WasmModule::kPageSize, false, false);
+    v8::Utils::ToLocal(buffer)->Externalize();
+    wasm::DetachWebAssemblyMemoryBuffer(isolate, buffer, true);
+    isolate->array_buffer_allocator()->Free(backing_store,
+                                            16 * WasmModule::kPageSize);
+  }
+  Cleanup();
+}