[wasm] Fix canonicalization bug for function signatures in CallIndirect.

R=ahaas@chromium.org
BUG=chromium:654231

Review-Url: https://chromiumcodereview.appspot.com/2439613003
Cr-Commit-Position: refs/heads/master@{#40463}

src/compiler/wasm-compiler.cc

@@ -2176,10 +2176,11 @@ Node* WasmGraphBuilder::CallIndirect(uint32_t index, Node** args, Node*** rets,
                                           Int32Constant(kPointerSizeLog2)),
                          Int32Constant(fixed_offset)),
         *effect_, *control_);
-    int32_t key = module_->module->function_tables[0].map.Find(sig);
-    DCHECK_GE(key, 0);
-    Node* sig_match = graph()->NewNode(machine->WordEqual(), load_sig,
-                                       jsgraph()->SmiConstant(key));
+    auto map = const_cast<wasm::SignatureMap&>(
+        module_->module->function_tables[0].map);
+    Node* sig_match = graph()->NewNode(
+        machine->WordEqual(), load_sig,
+        jsgraph()->SmiConstant(static_cast<int>(map.FindOrInsert(sig))));
     trap_->AddTrapIfFalse(wasm::kTrapFuncSigMismatch, sig_match, position);
   }
 

test/cctest/wasm/test-run-wasm.cc

@@ -2640,6 +2640,29 @@ WASM_EXEC_TEST(CallIndirect_NoTable) {
   CHECK_TRAP(r.Call(2));
 }
 
+WASM_EXEC_TEST(CallIndirect_EmptyTable) {
+  TestSignatures sigs;
+  TestingModule module(execution_mode);
+
+  // One function.
+  WasmFunctionCompiler t1(sigs.i_ii(), &module);
+  BUILD(t1, WASM_I32_ADD(WASM_GET_LOCAL(0), WASM_GET_LOCAL(1)));
+  t1.CompileAndAdd(/*sig_index*/ 1);
+
+  // Signature table.
+  module.AddSignature(sigs.f_ff());
+  module.AddSignature(sigs.i_ii());
+  module.AddIndirectFunctionTable(nullptr, 0);
+
+  // Builder the caller function.
+  WasmRunner<int32_t> r(&module, MachineType::Int32());
+  BUILD(r, WASM_CALL_INDIRECT2(1, WASM_GET_LOCAL(0), WASM_I8(66), WASM_I8(22)));
+
+  CHECK_TRAP(r.Call(0));
+  CHECK_TRAP(r.Call(1));
+  CHECK_TRAP(r.Call(2));
+}
+
 WASM_EXEC_TEST(CallIndirect_canonical) {
   TestSignatures sigs;
   TestingModule module(execution_mode);