Reland "[asm] Reject import calls with too many parameters"

This is a reland of commit a664aef0. The test is made ~25x faster by using integer parameters instead of floating point. Original change's description: > [asm] Reject import calls with too many parameters > > The asm parser was missing a check for too many parameters for calls to > imported functions. For regular functions this check implicitly existed > because the limit was checked at the function declaration, and the call > site needs to match the declared parameter count. > > R=mslekova@chromium.org > > Bug: chromium:1302596 > Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79415} Bug: chromium:1302596 Change-Id: I138561742b38939a1c2c9a69a6fa508d4f3a028d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513613Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79424}

Reland "[asm] Reject import calls with too many parameters"
This is a reland of commit a664aef0. The test is made ~25x faster by using integer parameters instead of floating point. Original change's description: > [asm] Reject import calls with too many parameters > > The asm parser was missing a check for too many parameters for calls to > imported functions. For regular functions this check implicitly existed > because the limit was checked at the function declaration, and the call > site needs to match the declared parameter count. > > R=mslekova@chromium.org > > Bug: chromium:1302596 > Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79415} Bug: chromium:1302596 Change-Id: I138561742b38939a1c2c9a69a6fa508d4f3a028d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513613Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79424}
9b810b9f · Clemens Backes · V8 LUCI CQ · 60ac45f0 · 9b810b9f · 9b810b9f
Commit 9b810b9f authored Mar 09, 2022 by Clemens Backes Committed by V8 LUCI CQ Mar 09, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 2 deletions

asm-parser.cc src/asmjs/asm-parser.cc +4 -1

asm-validation.js test/mjsunit/asm/asm-validation.js +27 -1

No files found.
--- a/src/asmjs/asm-parser.cc
+++ b/src/asmjs/asm-parser.cc
@@ -760,7 +760,7 @@ void AsmJsParser::ValidateFunction() {
  ValidateFunctionParams(&params);

  // Check against limit on number of parameters.
-  if (params.size() >= kV8MaxWasmFunctionParams) {
+  if (params.size() > kV8MaxWasmFunctionParams) {
    FAIL("Number of parameters exceeds internal limit");
  }

@@ -2246,6 +2246,9 @@ AsmType* AsmJsParser::ValidateCall() {
  // also determined the complete function type and can perform checking against
  // the expected type or update the expected type in case of first occurrence.
  if (function_info->kind == VarKind::kImportedFunction) {
+    if (param_types.size() > kV8MaxWasmFunctionParams) {
+      FAILn("Number of parameters exceeds internal limit");
+    }
    for (auto t : param_specific_types) {
      if (!t->IsA(AsmType::Extern())) {
        FAILn("Imported function args must be type extern");

--- a/test/mjsunit/asm/asm-validation.js
+++ b/test/mjsunit/asm/asm-validation.js
@@ -8,7 +8,7 @@
 // valid asm.js and then break them with invalid instantiation arguments. If
 // this script is run more than once (e.g. --stress-opt) then modules remain
 // broken in the second run and assertions would fail. We prevent re-runs.
-// Flags: --nostress-opt
+// Flags: --no-stress-opt

 function assertValidAsm(func) {
  assertTrue(%IsAsmWasmCode(func));
@@ -533,3 +533,29 @@ function assertValidAsm(func) {
      /Uint8Array is not a constructor/);
  assertFalse(%IsAsmWasmCode(regress1068355));
 })();
+
+(function TestTooManyParametersToImport() {
+  function MakeModule(num_arguments) {
+    let template = `
+      'use asm';
+      var imported = foreign.imported;
+      function main() {
+        imported(ARGS);
+      }
+
+      return main;
+      `;
+    let args = new Array(num_arguments).fill('0').join(', ');
+    return new Function('stdlib', 'foreign', template.replace('ARGS', args));
+  }
+
+  // V8 has an internal limit of 1000 parameters (see wasm-limits.h).
+  let Module1000Params = MakeModule(1000);
+  let Module1001Params = MakeModule(1001);
+
+  Module1000Params({}, {imported: i => i});
+  Module1001Params({}, {imported: i => i});
+
+  assertTrue(%IsAsmWasmCode(Module1000Params));
+  assertFalse(%IsAsmWasmCode(Module1001Params));
+})();