[wasm] Adjust atomics wait/notify semantics

Adjust atomics.wait, atomics.notify semantics for when they are used
with non-shared Wasm memory to mirror the spec change introduced
in: WebAssembly/threads#147. This does not
need to be gated by the flag here, as this will only decode if
the flag is enabled.

Bug: v8:9921
Change-Id: I7f2e018fed6bd131ad4c386def1e838626c28a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256863
Reviewed-by: Ben Smith <[email protected]>
Commit-Queue: Deepti Gandluri <[email protected]>
Cr-Commit-Position: refs/heads/master@{#68468}

Author: dtig

src/runtime/runtime-wasm.cc

@@ -209,15 +209,12 @@ RUNTIME_FUNCTION(Runtime_WasmCompileLazy) {
 }
 
 // Should be called from within a handle scope
-Handle<JSArrayBuffer> GetSharedArrayBuffer(Handle<WasmInstanceObject> instance,
-                                           Isolate* isolate, uint32_t address) {
+Handle<JSArrayBuffer> GetArrayBuffer(Handle<WasmInstanceObject> instance,
+                                     Isolate* isolate, uint32_t address) {
   DCHECK(instance->has_memory_object());
   Handle<JSArrayBuffer> array_buffer(instance->memory_object().array_buffer(),
                                      isolate);
 
-  // Validation should have failed if the memory was not shared.
-  DCHECK(array_buffer->is_shared());
-
   // Should have trapped if address was OOB
   DCHECK_LT(address, array_buffer->byte_length());
   return array_buffer;
@@ -231,8 +228,12 @@ RUNTIME_FUNCTION(Runtime_WasmAtomicNotify) {
   CONVERT_NUMBER_CHECKED(uint32_t, address, Uint32, args[1]);
   CONVERT_NUMBER_CHECKED(uint32_t, count, Uint32, args[2]);
   Handle<JSArrayBuffer> array_buffer =
-      GetSharedArrayBuffer(instance, isolate, address);
-  return FutexEmulation::Wake(array_buffer, address, count);
+      GetArrayBuffer(instance, isolate, address);
+  if (array_buffer->is_shared()) {
+    return FutexEmulation::Wake(array_buffer, address, count);
+  } else {
+    return Smi::FromInt(0);
+  }
 }
 
 RUNTIME_FUNCTION(Runtime_WasmI32AtomicWait) {
@@ -245,7 +246,12 @@ RUNTIME_FUNCTION(Runtime_WasmI32AtomicWait) {
   CONVERT_ARG_HANDLE_CHECKED(BigInt, timeout_ns, 3);
 
   Handle<JSArrayBuffer> array_buffer =
-      GetSharedArrayBuffer(instance, isolate, address);
+      GetArrayBuffer(instance, isolate, address);
+
+  // Trap if memory is not shared
+  if (!array_buffer->is_shared()) {
+    return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed);
+  }
   return FutexEmulation::WaitWasm32(isolate, array_buffer, address,
                                     expected_value, timeout_ns->AsInt64());
 }
@@ -260,7 +266,12 @@ RUNTIME_FUNCTION(Runtime_WasmI64AtomicWait) {
   CONVERT_ARG_HANDLE_CHECKED(BigInt, timeout_ns, 3);
 
   Handle<JSArrayBuffer> array_buffer =
-      GetSharedArrayBuffer(instance, isolate, address);
+      GetArrayBuffer(instance, isolate, address);
+
+  // Trap if memory is not shared
+  if (!array_buffer->is_shared()) {
+    return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed);
+  }
   return FutexEmulation::WaitWasm64(isolate, array_buffer, address,
                                     expected_value->AsInt64(),
                                     timeout_ns->AsInt64());

test/mjsunit/wasm/atomics-non-shared.js

@@ -58,3 +58,67 @@ load("test/mjsunit/wasm/wasm-module-builder.js");
   let module = new WebAssembly.Module(builder.toBuffer());
   let instance = new WebAssembly.Instance(module, {m: {memory}});
 })();
+
+(function TestWasmAtomicNotifyResult() {
+  print(arguments.callee.name);
+  let builder = new WasmModuleBuilder();
+  builder.addImportedMemory("m", "memory", 0, 20);
+  builder.addFunction("main", kSig_i_ii)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 1,
+      kAtomicPrefix,
+      kExprAtomicNotify, 0, 0])
+    .exportAs("main");
+
+  // Instantiate module, get function exports
+  let module = new WebAssembly.Module(builder.toBuffer());
+  let memory = new WebAssembly.Memory({initial: 1, maximum: 1});
+  let instance = new WebAssembly.Instance(module, {m: {memory}});
+  assertEquals(0, instance.exports.main(0, 100));
+})();
+
+(function TestWasmI32AtomicWaitTraps() {
+  print(arguments.callee.name);
+  let builder = new WasmModuleBuilder();
+  builder.addImportedMemory("m", "memory", 0, 20);
+  builder.addFunction("main",
+    makeSig([kWasmI32, kWasmI32, kWasmF64], [kWasmI32]))
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 1,
+      kExprLocalGet, 2,
+      kExprI64SConvertF64,
+      kAtomicPrefix,
+      kExprI32AtomicWait, 0, 0])
+      .exportAs("main");
+
+  // Instantiate module, get function exports
+  let module = new WebAssembly.Module(builder.toBuffer());
+  let memory = new WebAssembly.Memory({initial: 1, maximum: 1});
+  let instance = new WebAssembly.Instance(module, {m: {memory}});
+  assertThrows(() => instance.exports.main(0, 5, 0), WebAssembly.RuntimeError);
+})();
+
+(function TestWasmI64AtomicWaitTraps() {
+  print(arguments.callee.name);
+  let builder = new WasmModuleBuilder();
+  builder.addImportedMemory("m", "memory", 0, 20);
+  builder.addFunction("main",
+    makeSig([kWasmI32, kWasmI32, kWasmF64], [kWasmI32]))
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 1,
+      kExprI64UConvertI32,
+      kExprLocalGet, 2,
+      kExprI64SConvertF64,
+      kAtomicPrefix,
+      kExprI64AtomicWait, 0, 0])
+      .exportAs("main");
+
+  // Instantiate module, get function exports
+  let module = new WebAssembly.Module(builder.toBuffer());
+  let memory = new WebAssembly.Memory({initial: 1, maximum: 1});
+  let instance = new WebAssembly.Instance(module, {m: {memory}});
+  assertThrows(() => instance.exports.main(0, 5, 0), WebAssembly.RuntimeError);
+})();