Bug 1629780 - Make users of ArgTypeVector::length explicitly include/exclude stack results arg r=lth

Differential Revision: https://phabricator.services.mozilla.com/D70806 --HG-- extra : moz-landing-system : lando
2020-04-15 12:01:11 +00:00 · 2020-04-15 12:01:11 +00:00 · 5ac664ca0b
--- a/js/src/wasm/WasmBaselineCompile.cpp
+++ b/js/src/wasm/WasmBaselineCompile.cpp
@ -9169,7 +9169,7 @@ bool BaseCompiler::emitCallArgs(const ValTypeVector& argTypes,

  ArgTypeVector args(argTypes, results.stackResults());
  uint32_t naturalArgCount = argTypes.length();
-  uint32_t abiArgCount = args.length();
+  uint32_t abiArgCount = args.lengthWithStackResults();
  startCallArgs(StackArgAreaSizeUnaligned(args), baselineCall);

  // Args are deeper on the stack than the stack result area, if any.
--- a/js/src/wasm/WasmInstance.cpp
+++ b/js/src/wasm/WasmInstance.cpp
@ -425,7 +425,7 @@ bool Instance::callImport(JSContext* cx, uint32_t funcImportIndex,
    return false;
  }

-  MOZ_ASSERT(argTypes.length() == argc);
+  MOZ_ASSERT(argTypes.lengthWithStackResults() == argc);
  Maybe<char*> stackResultPointer;
  for (size_t i = 0; i < argc; i++) {
    const void* rawArgLoc = &argv[i];
@ -2105,7 +2105,8 @@ bool Instance::callExport(JSContext* cx, uint32_t funcIndex, CallArgs args) {
  // stored in the first element of the array (which, therefore, must have
  // length >= 1).
  Vector<ExportArg, 8> exportArgs(cx);
-  if (!exportArgs.resize(std::max<size_t>(1, argTypes.length()))) {
+  if (!exportArgs.resize(
+          std::max<size_t>(1, argTypes.lengthWithStackResults()))) {
    return false;
  }

@ -2115,7 +2116,7 @@ bool Instance::callExport(JSContext* cx, uint32_t funcIndex, CallArgs args) {
  DebugCodegen(DebugChannel::Function, "wasm-function[%d] arguments [",
               funcIndex);
  RootedValue v(cx);
-  for (size_t i = 0; i < argTypes.length(); ++i) {
+  for (size_t i = 0; i < argTypes.lengthWithStackResults(); ++i) {
    void* rawArgLoc = &exportArgs[i];
    if (argTypes.isSyntheticStackResultPointerArg(i)) {
      *reinterpret_cast<void**>(rawArgLoc) = results.stackResultsArea();
@ -2158,7 +2159,7 @@ bool Instance::callExport(JSContext* cx, uint32_t funcIndex, CallArgs args) {
  if (refs.length() > 0) {
    DebugCodegen(DebugChannel::Function, "; ");
    size_t nextRef = 0;
-    for (size_t i = 0; i < argTypes.length(); ++i) {
+    for (size_t i = 0; i < argTypes.lengthWithStackResults(); ++i) {
      if (argTypes.isSyntheticStackResultPointerArg(i)) {
        continue;
      }
--- a/js/src/wasm/WasmStubs.cpp
+++ b/js/src/wasm/WasmStubs.cpp
@ -1888,7 +1888,7 @@ static bool GenerateImportInterpExit(MacroAssembler& masm, const FuncImport& fi,
  unsigned argOffset =
      AlignBytes(StackArgBytes(invokeArgTypes), sizeof(double));
  // The abiArgCount includes a stack result pointer argument if needed.
-  unsigned abiArgCount = ArgTypeVector(fi.funcType()).length();
+  unsigned abiArgCount = ArgTypeVector(fi.funcType()).lengthWithStackResults();
  unsigned argBytes = std::max<size_t>(1, abiArgCount) * sizeof(Value);
  unsigned framePushed =
      StackDecrementForCall(ABIStackAlignment,
--- a/js/src/wasm/WasmTypes.h
+++ b/js/src/wasm/WasmTypes.h
@ -50,6 +50,8 @@ namespace js {
 namespace jit {
 class JitScript;
 enum class RoundingMode;
+template <class VecT>
+class ABIArgIter;
 }  // namespace jit

 // This is a widespread header, so lets keep out the core wasm impl types.
@ -1211,6 +1213,14 @@ class ArgTypeVector {
  const ValTypeVector& args_;
  bool hasStackResults_;

+  // To allow ABIArgIter<ArgTypeVector>, we define a private length()
+  // method.  To prevent accidental errors, other users need to be
+  // explicit and call lengthWithStackResults() or
+  // lengthWithoutStackResults().
+  size_t length() const { return args_.length() + size_t(hasStackResults_); }
+  friend jit::ABIArgIter<ArgTypeVector>;
+  friend jit::ABIArgIter<const ArgTypeVector>;
+
 public:
  ArgTypeVector(const ValTypeVector& args, StackResults stackResults)
      : args_(args),
@ -1226,7 +1236,7 @@ class ArgTypeVector {
  bool isSyntheticStackResultPointerArg(size_t idx) const {
    // The pointer to stack results area, if present, is a synthetic argument
    // tacked on at the end.
-    MOZ_ASSERT(idx < length());
+    MOZ_ASSERT(idx < lengthWithStackResults());
    return idx == args_.length();
  }
  bool isNaturalArg(size_t idx) const {
@ -1239,9 +1249,9 @@ class ArgTypeVector {
    return idx;
  }

-  size_t length() const { return args_.length() + size_t(hasStackResults_); }
+  size_t lengthWithStackResults() const { return length(); }
  jit::MIRType operator[](size_t i) const {
-    MOZ_ASSERT(i < length());
+    MOZ_ASSERT(i < lengthWithStackResults());
    if (isSyntheticStackResultPointerArg(i)) {
      return jit::MIRType::StackResults;
    }