[wasm] Handle potentially null callee-pc

This only happens if there is a asm.js-wasm-frame on top of the stack
trace, which was not covered by our tests so far. The regression test
create a stack overflow in asm.js code, triggering this case.

R=mstarzinger@chromium.org
CC=titzer@chromium.org, bradnelson@chromium.org
BUG=chromium:673241

Review-Url: https://codereview.chromium.org/2562333002
Cr-Commit-Position: refs/heads/master@{#41639}

src/frames.h

@@ -484,7 +484,9 @@ class StackFrame BASE_EMBEDDED {
   // Accessors.
   Address sp() const { return state_.sp; }
   Address fp() const { return state_.fp; }
-  Address callee_pc() const { return *state_.callee_pc_address; }
+  Address callee_pc() const {
+    return state_.callee_pc_address ? *state_.callee_pc_address : nullptr;
+  }
   Address caller_sp() const { return GetCallerStackPointer(); }
 
   // If this frame is optimized and was dynamically aligned return its old

test/mjsunit/regress/regress-673241.js

+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --validate-asm
+
+function generateAsmJs() {
+  'use asm';
+  function fun() { fun(); }
+  return fun;
+}
+
+assertThrows(generateAsmJs());