[wasm] Fix import of reexported API function

When a function is exported from a WebAssembly module, it is implicitly
wrapped in a WasmExportedFunction. For functions that were imports into
this module, the exported function appears like other Wasm function,
e.g. can be used in tables. When that exported function was re-imported
to another module, the logic to compute the import kind mistakenly
assumed the exported function was indeed originally a Wasm function
and tried to call it directly, instead of treating it like an imported
JS function.

R=ahaas@chromium.org
BUG=v8:8947

Change-Id: Ib8fac81fbe0f49c50cfbfb2e69d9bb60aef91fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503632
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60031}

src/compiler/wasm-compiler.cc

@@ -5541,14 +5541,17 @@ WasmImportCallKind GetWasmImportCallKind(Handle<JSReceiver> target,
                                          bool has_bigint_feature) {
   if (WasmExportedFunction::IsWasmExportedFunction(*target)) {
     auto imported_function = WasmExportedFunction::cast(*target);
-    wasm::FunctionSig* imported_sig =
-        imported_function->instance()
-            ->module()
-            ->functions[imported_function->function_index()]
-            .sig;
+    auto func_index = imported_function->function_index();
+    auto module = imported_function->instance()->module();
+    wasm::FunctionSig* imported_sig = module->functions[func_index].sig;
     if (*imported_sig != *expected_sig) {
       return WasmImportCallKind::kLinkError;
     }
+    if (static_cast<uint32_t>(func_index) < module->num_imported_functions) {
+      // TODO(wasm): this redirects all imported-reexported functions
+      // through the call builtin. Fall through to JS function cases below?
+      return WasmImportCallKind::kUseCallBuiltin;
+    }
     return WasmImportCallKind::kWasmToWasm;
   }
   // Assuming we are calling to JS, check whether this would be a runtime error.

test/mjsunit/mjsunit.status

@@ -351,6 +351,7 @@
   'regress/regress-crbug-816961': [SKIP],
   'regress/wasm/*': [SKIP],
   'tools/compiler-trace-flags': [SKIP],
+  'regress/regress-8947': [SKIP],
   'wasm/*': [SKIP],
 
   # Other tests that use asm / wasm / optimized code.

test/mjsunit/regress/regress-8947.js

+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-wasm
+
+load("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function testCallReexportedJSFunc() {
+ print(arguments.callee.name);
+
+  function dothrow() {
+    throw "exception";
+  }
+
+  var builder = new WasmModuleBuilder();
+  const imp_index = builder.addImport("w", "m", kSig_i_v);
+  builder.addExport("exp", imp_index);
+  var exp = builder.instantiate({w: {m: dothrow}}).exports.exp;
+
+  builder.addImport("w", "m", kSig_i_v);
+  builder.addFunction("main", kSig_i_v)
+    .addBody([
+      kExprCallFunction, 0, // --
+    ])                             // --
+    .exportFunc();
+
+  var main = builder.instantiate({w: {m: exp}}).exports.main;
+  assertThrowsEquals(main, "exception");
+})();
+
+(function testCallReexportedAPIFunc() {
+ print(arguments.callee.name);
+
+  var builder = new WasmModuleBuilder();
+  const imp_index = builder.addImport("w", "m", kSig_i_v);
+  builder.addExport("exp", imp_index);
+  var exp = builder.instantiate({w: {m: WebAssembly.Module}}).exports.exp;
+
+  builder.addImport("w", "m", kSig_i_v);
+  builder.addFunction("main", kSig_i_v)
+    .addBody([
+      kExprCallFunction, 0, // --
+    ])                             // --
+    .exportFunc();
+
+  var main = builder.instantiate({w: {m: exp}}).exports.main;
+  assertThrows(main, TypeError);
+})();