[wasm] Indirect calls without function table cause validation errors.

The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.

The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
   not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
   if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
   table cause a validation error.

R=rossberg@chromium.org
CC=titzer@chromium.org

TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash

Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40852}

src/compiler/wasm-compiler.cc

@@ -2168,15 +2168,7 @@ Node* WasmGraphBuilder::CallIndirect(uint32_t sig_index, Node** args,
   uint32_t table_index = 0;
   wasm::FunctionSig* sig = module_->GetSignature(sig_index);
 
-  if (!module_->IsValidTable(table_index)) {
-    // No function table. Generate a trap and return a constant.
-    trap_->AddTrapIfFalse(wasm::kTrapFuncInvalid, Int32Constant(0), position);
-    (*rets) = Buffer(sig->return_count());
-    for (size_t i = 0; i < sig->return_count(); i++) {
-      (*rets)[i] = trap_->GetTrapValue(sig->GetReturn(i));
-    }
-    return trap_->GetTrapValue(sig);
-  }
+  DCHECK(module_->IsValidTable(table_index));
 
   EnsureFunctionTableNodes();
   MachineOperatorBuilder* machine = jsgraph()->machine();

src/wasm/ast-decoder.cc

@@ -227,6 +227,11 @@ class WasmDecoder : public Decoder {
   }
 
   inline bool Validate(const byte* pc, CallIndirectOperand& operand) {
+    uint32_t table_index = 0;
+    if (!module_->IsValidTable(table_index)) {
+      error("function table has to exist to execute call_indirect");
+      return false;
+    }
     if (Complete(pc, operand)) {
       return true;
     }

src/wasm/signature-map.h

@@ -17,7 +17,7 @@ namespace wasm {
 // A signature map canonicalizes signatures into a range of indices so that
 // two different {FunctionSig} instances with the same contents map to the
 // same index.
-class SignatureMap {
+class V8_EXPORT_PRIVATE SignatureMap {
  public:
   // Gets the index for a signature, assigning a new index if necessary.
   uint32_t FindOrInsert(FunctionSig* sig);

test/cctest/wasm/test-run-wasm.cc

@@ -2686,28 +2686,6 @@ WASM_EXEC_TEST(MultipleCallIndirect) {
   CHECK_TRAP(r.Call(2, 1, 0));
 }
 
-WASM_EXEC_TEST(CallIndirect_NoTable) {
-  TestSignatures sigs;
-  TestingModule module(execution_mode);
-
-  // One function.
-  WasmFunctionCompiler t1(sigs.i_ii(), &module);
-  BUILD(t1, WASM_I32_ADD(WASM_GET_LOCAL(0), WASM_GET_LOCAL(1)));
-  t1.CompileAndAdd(/*sig_index*/ 1);
-
-  // Signature table.
-  module.AddSignature(sigs.f_ff());
-  module.AddSignature(sigs.i_ii());
-
-  // Builder the caller function.
-  WasmRunner<int32_t> r(&module, MachineType::Int32());
-  BUILD(r, WASM_CALL_INDIRECT2(1, WASM_GET_LOCAL(0), WASM_I8(66), WASM_I8(22)));
-
-  CHECK_TRAP(r.Call(0));
-  CHECK_TRAP(r.Call(1));
-  CHECK_TRAP(r.Call(2));
-}
-
 WASM_EXEC_TEST(CallIndirect_EmptyTable) {
   TestSignatures sigs;
   TestingModule module(execution_mode);

test/mjsunit/wasm/trap-location.js

@@ -56,6 +56,7 @@ builder.addFunction("main", kSig_i_i)
       kExprEnd,
   ])
   .exportAs("main");
+builder.appendToTable([0]);
 
 var module = builder.instantiate();
 

test/unittests/wasm/ast-decoder-unittest.cc

@@ -11,6 +11,7 @@
 #include "src/objects.h"
 
 #include "src/wasm/ast-decoder.h"
+#include "src/wasm/signature-map.h"
 #include "src/wasm/wasm-macro-gen.h"
 #include "src/wasm/wasm-module.h"
 #include "src/wasm/wasm-opcodes.h"
@@ -1311,6 +1312,11 @@ class TestModuleEnv : public ModuleEnv {
     return result;
   }
 
+  void InitializeFunctionTable() {
+    mod.function_tables.push_back(
+        {0, 0, true, std::vector<int32_t>(), false, false, SignatureMap()});
+  }
+
  private:
   WasmModule mod;
 };
@@ -1421,6 +1427,7 @@ TEST_F(AstDecoderTest, MultiReturnType) {
 TEST_F(AstDecoderTest, SimpleIndirectCalls) {
   FunctionSig* sig = sigs.i_i();
   TestModuleEnv module_env;
+  module_env.InitializeFunctionTable();
   module = &module_env;
 
   byte f0 = module_env.AddSignature(sigs.i_v());
@@ -1436,6 +1443,7 @@ TEST_F(AstDecoderTest, SimpleIndirectCalls) {
 TEST_F(AstDecoderTest, IndirectCallsOutOfBounds) {
   FunctionSig* sig = sigs.i_i();
   TestModuleEnv module_env;
+  module_env.InitializeFunctionTable();
   module = &module_env;
 
   EXPECT_FAILURE_S(sig, WASM_CALL_INDIRECT0(0, WASM_ZERO));
@@ -1452,6 +1460,7 @@ TEST_F(AstDecoderTest, IndirectCallsOutOfBounds) {
 TEST_F(AstDecoderTest, IndirectCallsWithMismatchedSigs3) {
   FunctionSig* sig = sigs.i_i();
   TestModuleEnv module_env;
+  module_env.InitializeFunctionTable();
   module = &module_env;
 
   byte f0 = module_env.AddFunction(sigs.i_f());
@@ -1471,6 +1480,21 @@ TEST_F(AstDecoderTest, IndirectCallsWithMismatchedSigs3) {
   EXPECT_FAILURE_S(sig, WASM_CALL_INDIRECT1(f1, WASM_ZERO, WASM_F32(17.6)));
 }
 
+TEST_F(AstDecoderTest, IndirectCallsWithoutTableCrash) {
+  FunctionSig* sig = sigs.i_i();
+  TestModuleEnv module_env;
+  module = &module_env;
+
+  byte f0 = module_env.AddSignature(sigs.i_v());
+  byte f1 = module_env.AddSignature(sigs.i_i());
+  byte f2 = module_env.AddSignature(sigs.i_ii());
+
+  EXPECT_FAILURE_S(sig, WASM_CALL_INDIRECT0(f0, WASM_ZERO));
+  EXPECT_FAILURE_S(sig, WASM_CALL_INDIRECT1(f1, WASM_ZERO, WASM_I8(22)));
+  EXPECT_FAILURE_S(
+      sig, WASM_CALL_INDIRECT2(f2, WASM_ZERO, WASM_I8(32), WASM_I8(72)));
+}
+
 TEST_F(AstDecoderTest, SimpleImportCalls) {
   FunctionSig* sig = sigs.i_i();
   TestModuleEnv module_env;