[wasm] Add stack checks to loops.

src/wasm/ast-decoder.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/signature.h"
 
 #include "src/bit-vector.h"
 #include "src/flags.h"
 #include "src/handles.h"
 #include "src/zone/zone-containers.h"
@@ skipping 666 matching lines @@
                 ssa_env_->locals[operand.index] = exception_as_i32;
               }
             }
 
             break;
           }
           case kExprLoop: {
             BlockTypeOperand operand(this, pc_);
             SsaEnv* finish_try_env = Steal(ssa_env_);
             // The continue environment is the inner environment.
-            PrepareForLoop(pc_, finish_try_env);
-            SetEnv("loop:start", Split(finish_try_env));
+            SsaEnv* loop_body_env = PrepareForLoop(pc_, finish_try_env);
+            SetEnv("loop:start", loop_body_env);
             ssa_env_->SetNotMerged();
             PushLoop(finish_try_env);
             SetBlockType(&control_.back(), operand);
             len = 1 + operand.length;
             break;
           }
           case kExprIf: {
             // Condition on top of stack. Split environments for branches.
             BlockTypeOperand operand(this, pc_);
             Value cond = Pop(0, kAstI32);
@@ skipping 905 matching lines @@
     } else if (tnode != fnode) {
       uint32_t count = builder_->InputCount(merge);
       TFNode** vals = builder_->Buffer(count);
       for (uint32_t j = 0; j < count - 1; j++) vals[j] = tnode;
       vals[count - 1] = fnode;
       return builder_->Phi(type, count, vals, merge);
     }
     return tnode;
   }
 
-  void PrepareForLoop(const byte* pc, SsaEnv* env) {
-    if (!env->go()) return;
+  SsaEnv* PrepareForLoop(const byte* pc, SsaEnv* env) {
+    if (!builder_) return Split(env);
+    if (!env->go()) return Split(env);
     env->state = SsaEnv::kMerged;
-    if (!builder_) return;
 
     env->control = builder_->Loop(env->control);
     env->effect = builder_->EffectPhi(1, &env->effect, env->control);
     builder_->Terminate(env->effect, env->control);
     if (FLAG_wasm_loop_assignment_analysis) {
       BitVector* assigned = AnalyzeLoopAssignment(pc);
       if (assigned != nullptr) {
         // Only introduce phis for variables assigned in this loop.
         for (int i = EnvironmentCount() - 1; i >= 0; i--) {
           if (!assigned->Contains(i)) continue;
           env->locals[i] = builder_->Phi(local_type_vec_[i], 1, &env->locals[i],
                                          env->control);
         }
-        return;
+        SsaEnv* loop_body_env = Split(env);
+        builder_->StackCheck(position(), &(loop_body_env->effect),
+                             &(loop_body_env->control));
+        return loop_body_env;
       }
     }
 
     // Conservatively introduce phis for all local variables.
     for (int i = EnvironmentCount() - 1; i >= 0; i--) {
       env->locals[i] =
           builder_->Phi(local_type_vec_[i], 1, &env->locals[i], env->control);
     }
+
+    SsaEnv* loop_body_env = Split(env);
+    builder_->StackCheck(position(), &(loop_body_env->effect),
+                         &(loop_body_env->control));
+    return loop_body_env;
   }
 
   // Create a complete copy of the {from}.
   SsaEnv* Split(SsaEnv* from) {
     DCHECK_NOT_NULL(from);
     SsaEnv* result = reinterpret_cast<SsaEnv*>(zone_->New(sizeof(SsaEnv)));
     size_t size = sizeof(TFNode*) * EnvironmentCount();
     result->control = from->control;
     result->effect = from->effect;
 
@@ skipping 286 matching lines @@
 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals,
                                            const byte* start, const byte* end) {
   FunctionBody body = {nullptr, nullptr, nullptr, start, end};
   WasmFullDecoder decoder(zone, nullptr, body);
   return decoder.AnalyzeLoopAssignmentForTesting(start, num_locals);
 }
 
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8