Only allow |0 and *1.0 for asm validator foreign variables.

Require that foreign variable imports have a correct type annotation,
_including_ checking the value of the multiplier is 0 or 1.0 as appropriate.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1691723004

Cr-Commit-Position: refs/heads/master@{#33923}

src/typing-asm.cc

@@ -1121,6 +1121,18 @@ void AsmTyper::VisitBinaryOperation(BinaryOperation* expr) {
         !expr->right()->IsLiteral()) {
       FAIL(expr, "illegal computation inside module body");
     }
+    DCHECK(expr->right()->AsLiteral() != nullptr);
+    const AstValue* right_value = expr->right()->AsLiteral()->raw_value();
+    if (expr->op() == Token::BIT_OR) {
+      if (right_value->AsNumber() != 0.0 || right_value->ContainsDot()) {
+        FAIL(expr, "illegal integer annotation value");
+      }
+    }
+    if (expr->op() == Token::MUL) {
+      if (right_value->AsNumber() != 1.0 && right_value->ContainsDot()) {
+        FAIL(expr, "illegal double annotation value");
+      }
+    }
   }
   switch (expr->op()) {
     case Token::COMMA: {

test/cctest/test-asm-validator.cc

@@ -2101,6 +2101,62 @@ TEST(BadVariableReference) {
            Validate(zone, test_function, &types));
 }
 
+TEST(BadForeignVariableReferenceValueOr) {
+  const char test_function[] =
+      "function TestModule(stdlib, foreign, buffer) {\n"
+      "  \"use asm\";\n"
+      "  var fint = foreign.bar | 1;\n"
+      "}\n";
+  v8::V8::Initialize();
+  HandleAndZoneScope handles;
+  Zone* zone = handles.main_zone();
+  ZoneVector<ExpressionTypeEntry> types(zone);
+  CHECK_EQ("asm: line 3: illegal integer annotation value\n",
+           Validate(zone, test_function, &types));
+}
+
+TEST(BadForeignVariableReferenceValueOrDot) {
+  const char test_function[] =
+      "function TestModule(stdlib, foreign, buffer) {\n"
+      "  \"use asm\";\n"
+      "  var fint = foreign.bar | 1.0;\n"
+      "}\n";
+  v8::V8::Initialize();
+  HandleAndZoneScope handles;
+  Zone* zone = handles.main_zone();
+  ZoneVector<ExpressionTypeEntry> types(zone);
+  CHECK_EQ("asm: line 3: illegal integer annotation value\n",
+           Validate(zone, test_function, &types));
+}
+
+TEST(BadForeignVariableReferenceValueMul) {
+  const char test_function[] =
+      "function TestModule(stdlib, foreign, buffer) {\n"
+      "  \"use asm\";\n"
+      "  var fint = foreign.bar * 2.0;\n"
+      "}\n";
+  v8::V8::Initialize();
+  HandleAndZoneScope handles;
+  Zone* zone = handles.main_zone();
+  ZoneVector<ExpressionTypeEntry> types(zone);
+  CHECK_EQ("asm: line 3: illegal double annotation value\n",
+           Validate(zone, test_function, &types));
+}
+
+TEST(BadForeignVariableReferenceValueMulNoDot) {
+  const char test_function[] =
+      "function TestModule(stdlib, foreign, buffer) {\n"
+      "  \"use asm\";\n"
+      "  var fint = foreign.bar * 1;\n"
+      "}\n";
+  v8::V8::Initialize();
+  HandleAndZoneScope handles;
+  Zone* zone = handles.main_zone();
+  ZoneVector<ExpressionTypeEntry> types(zone);
+  CHECK_EQ("asm: line 3: ill-typed arithmetic operation\n",
+           Validate(zone, test_function, &types));
+}
+
 TEST(Imports) {
   const char test_function[] =
       "function TestModule(stdlib, foreign, buffer) {\n"