[wasm][interpreter] Fix stack underflow behavior

Popping values from an empty stack is allowed in unreachable code, but the stack height cannot be negative and stays at 0 instead. R=clemensb@chromium.org Bug: chromium:1190291 Change-Id: I84df7ab81ba6f5a9056c8341d88a4c47121363ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778273Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#73566}

[wasm][interpreter] Fix stack underflow behavior
Popping values from an empty stack is allowed in unreachable code, but the stack height cannot be negative and stays at 0 instead. R=clemensb@chromium.org Bug: chromium:1190291 Change-Id: I84df7ab81ba6f5a9056c8341d88a4c47121363ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778273Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#73566}
5c78ac48 · Thibaud Michaud · Commit Bot · 1abc946a · 5c78ac48 · 5c78ac48
Commit 5c78ac48 authored Mar 22, 2021 by Thibaud Michaud Committed by Commit Bot Mar 22, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 3 deletions

test-run-wasm-exceptions.cc test/cctest/wasm/test-run-wasm-exceptions.cc +10 -0

wasm-interpreter.cc test/common/wasm/wasm-interpreter.cc +8 -3

No files found.
--- a/test/cctest/wasm/test-run-wasm-exceptions.cc
+++ b/test/cctest/wasm/test-run-wasm-exceptions.cc
@@ -600,6 +600,16 @@ TEST(Regress1187896) {
  CHECK_EQ(kResult, r.CallInterpreter());
 }

+TEST(Regress1190291) {
+  TestSignatures sigs;
+  EXPERIMENTAL_FLAG_SCOPE(eh);
+  WasmRunner<uint32_t> r(TestExecutionTier::kInterpreter);
+  byte try_sig = r.builder().AddSignature(sigs.v_i());
+  BUILD(r, kExprUnreachable, kExprTry, try_sig, kExprCatchAll, kExprEnd,
+        kExprI32Const, 0);
+  r.CallInterpreter();
+}
+
 }  // namespace test_run_wasm_exceptions
 }  // namespace wasm
 }  // namespace internal

--- a/test/common/wasm/wasm-interpreter.cc
+++ b/test/common/wasm/wasm-interpreter.cc
@@ -894,9 +894,14 @@ class SideTable : public ZoneObject {
          }
          TRACE("control @%u: Try, arity %d->%d\n", i.pc_offset(),
                imm.in_arity(), imm.out_arity());
-          CLabel* end_label =
-              CLabel::New(&control_transfer_zone, stack_height - imm.in_arity(),
-                          imm.out_arity());
+          int target_stack_height = stack_height - imm.in_arity();
+          if (target_stack_height < 0) {
+            // Allowed in unreachable code, but the stack height stays at 0.
+            DCHECK(unreachable);
+            target_stack_height = 0;
+          }
+          CLabel* end_label = CLabel::New(&control_transfer_zone,
+                                          target_stack_height, imm.out_arity());
          CLabel* catch_label =
              CLabel::New(&control_transfer_zone, stack_height, 0);
          control_stack.emplace_back(i.pc(), end_label, catch_label,