[wasm] Fix bounds check for zero initial memory.

src/compiler/wasm-compiler.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/wasm-compiler.h"
 
 #include <memory>
 
 #include "src/isolate-inl.h"
 
@@ skipping 2776 matching lines @@
 
   *effect_ = call;
   return result;
 }
 
 Node* WasmGraphBuilder::MemSize(uint32_t offset) {
   DCHECK(module_ && module_->instance);
   uint32_t size = static_cast<uint32_t>(module_->instance->mem_size);
   if (offset == 0) {
     if (!mem_size_)
+      // The memory size rmode in this case does not matter so using dword as
+      // default
       mem_size_ = jsgraph()->RelocatableInt32Constant(
-          size, RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
+          size, RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE);
     return mem_size_;
   } else {
     return jsgraph()->RelocatableInt32Constant(
-        size + offset, RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
+        size + offset, RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE);
   }
 }
 
 Node* WasmGraphBuilder::FunctionTable(uint32_t index) {
   DCHECK(module_ && module_->instance &&
          index < module_->instance->function_tables.size());
   if (!function_tables_.size()) {
     for (size_t i = 0; i < module_->instance->function_tables.size(); ++i) {
       DCHECK(!module_->instance->function_tables[i].is_null());
       function_tables_.push_back(
@@ skipping 31 matching lines @@
   *effect_ = node;
   return node;
 }
 
 void WasmGraphBuilder::BoundsCheckMem(MachineType memtype, Node* index,
                                       uint32_t offset,
                                       wasm::WasmCodePosition position) {
   DCHECK(module_ && module_->instance);
   uint32_t size = module_->instance->mem_size;
   byte memsize = wasm::WasmOpcodes::MemSize(memtype);
+  RelocInfo::Mode size_rmode;
+  switch (memsize) {
+    case 1:
+      size_rmode = RelocInfo::WASM_MEMORY_BYTE_SIZE_REFERENCE;
+      break;
+    case 2:
+      size_rmode = RelocInfo::WASM_MEMORY_WORD_SIZE_REFERENCE;
+      break;
+    case 4:
+      size_rmode = RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE;
+      break;
+    case 8:
+      size_rmode = RelocInfo::WASM_MEMORY_QWORD_SIZE_REFERENCE;
+      break;
+    default:
+      size_rmode = RelocInfo::NONE32;
+  }
 
   // Check against the effective size.
   size_t effective_size;
   if (size == 0) {
     effective_size = 0;
   } else if (offset >= size ||
              (static_cast<uint64_t>(offset) + memsize) > size) {
     // Two checks are needed in the case where the offset is statically
     // out of bounds; one check for the offset being in bounds, and the next for
     // the offset + index being out of bounds for code to be patched correctly
     // on relocation.
     effective_size = size - memsize + 1;
-    Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(),
-                                  jsgraph()->IntPtrConstant(offset),
-                                  jsgraph()->RelocatableInt32Constant(
-                                      static_cast<uint32_t>(effective_size),
-                                      RelocInfo::WASM_MEMORY_SIZE_REFERENCE));
+    Node* cond = graph()->NewNode(
+        jsgraph()->machine()->Uint32LessThan(),
+        jsgraph()->IntPtrConstant(offset),
+        jsgraph()->RelocatableInt32Constant(
+            static_cast<uint32_t>(effective_size), size_rmode));
     trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position);
     DCHECK(offset >= effective_size);
     effective_size = offset - effective_size;
   } else {
     effective_size = size - offset - memsize + 1;
     CHECK(effective_size <= kMaxUInt32);
 
     Uint32Matcher m(index);
     if (m.HasValue()) {
       uint32_t value = m.Value();
       if (value < effective_size) {
         // The bounds check will always succeed.
         return;
       }
     }
   }
 
-  Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(), index,
-                                jsgraph()->RelocatableInt32Constant(
-                                    static_cast<uint32_t>(effective_size),
-                                    RelocInfo::WASM_MEMORY_SIZE_REFERENCE));
+  Node* cond =
+      graph()->NewNode(jsgraph()->machine()->Uint32LessThan(), index,
+                       jsgraph()->RelocatableInt32Constant(
+                           static_cast<uint32_t>(effective_size), size_rmode));
   trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position);
 }
 
 
 Node* WasmGraphBuilder::LoadMem(wasm::LocalType type, MachineType memtype,
                                 Node* index, uint32_t offset,
                                 uint32_t alignment,
                                 wasm::WasmCodePosition position) {
   Node* load;
 
@@ skipping 507 matching lines @@
                             function_->code_start_offset),
            compile_ms);
   }
 
   return code;
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8