[wasm] Support undefined indirect table entries, behind a flag.

src/compiler/wasm-compiler.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/wasm-compiler.h"
 
 #include "src/isolate-inl.h"
 
 #include "src/base/platform/elapsed-timer.h"
 #include "src/base/platform/platform.h"
@@ skipping 1908 matching lines @@
   DCHECK(module_ && module_->instance);
 
   MachineOperatorBuilder* machine = jsgraph()->machine();
 
   // Compute the code object by loading it from the function table.
   Node* key = args[0];
 
   // Bounds check the index.
   int table_size = static_cast<int>(module_->FunctionTableSize());
   if (table_size > 0) {
-    // Bounds check against the table size.
-    Node* size = Int32Constant(static_cast<int>(table_size));
-    Node* in_bounds = graph()->NewNode(machine->Uint32LessThan(), key, size);
-    trap_->AddTrapIfFalse(wasm::kTrapFuncInvalid, in_bounds, position);
+    if (FLAG_wasm_jit_prototype) {
+      int indirect_table_size =
+          static_cast<int>(module_->instance->function_table->length());
+
+      Node* upper_bound = Int32Constant(indirect_table_size / 2);
+      Node* less_than_upper_bound =
+          graph()->NewNode(machine->Uint32LessThan(), key, upper_bound);
+      trap_->AddTrapIfFalse(wasm::kTrapFuncInvalid, less_than_upper_bound,
+                            position);
+
+      Node* lower_bound = Int32Constant(indirect_table_size / 2 -
+                                        module_->instance->padded_entries);

[bradn, 2016/06/14 02:02:46]

Hey Ritesh.
Actually this isn't quite right.
We don't want to add extra runtime cost to check for an invalid signature.
Instead, we should have it thunk out to something that traps.

[titzer, 2016/06/14 20:58:05]

Agree.

[bradn, 2016/06/14 21:00:25]

Actually since it can't run (since we don't know the caller signature will
match), we should just lean on the signature mismatch exception instead.
(Which keeps the cost / callsite the same)

+      Node* more_than_lower_bound =
+          graph()->NewNode(machine->Uint32LessThanOrEqual(), lower_bound, key);
+      trap_->AddTrapIfTrue(wasm::kTrapDefaultFuncCall, more_than_lower_bound,
+                           position);
+    } else {
+      // Bounds check against the table size.
+      Node* size = Int32Constant(static_cast<int>(table_size));
+      Node* in_bounds = graph()->NewNode(machine->Uint32LessThan(), key, size);
+      trap_->AddTrapIfFalse(wasm::kTrapFuncInvalid, in_bounds, position);
+    }
   } else {
     // No function table. Generate a trap and return a constant.
     trap_->AddTrapIfFalse(wasm::kTrapFuncInvalid, Int32Constant(0), position);
     return trap_->GetTrapValue(module_->GetSignature(index));
   }
   Node* table = FunctionTable();
 
   // Load signature from the table and check.
   // The table is a FixedArray; signatures are encoded as SMIs.
   // [sig1, sig2, sig3, ...., code1, code2, code3 ...]
@@ skipping 1168 matching lines @@
                                  const wasm::WasmFunction* function) {
   WasmCompilationUnit* unit =
       CreateWasmCompilationUnit(thrower, isolate, module_env, function, 0);
   ExecuteCompilation(unit);
   return FinishCompilation(unit);
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8