From 8f3047531d1b524b6536d3cb2d31c7a5a795e2b8 Mon Sep 17 00:00:00 2001
From: Matthias Liedtke <mliedtke@chromium.org>
Date: Mon, 24 Oct 2022 16:13:29 +0200
Subject: [PATCH] [wasm] ref.call: Consume sig index immediate

Follow-up to commit 61687829257e9cf09b48fd72be9ae3d731ad8197
With this change 0x14 now also consumes a sig index immediate.
This will allow users to switch from 0x17 back to 0x14 without
breaking changes. After another grace period, 0x17 can be removed.

Change-Id: I5d0039fd1ca9d62c3d42e5834fe7924de45ad7ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974512
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83890}
---
 src/wasm/function-body-decoder-impl.h    | 30 ++++++++----------------
 src/wasm/wasm-opcodes.h                  |  4 ++--
 test/mjsunit/wasm/wasm-module-builder.js |  2 +-
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/src/wasm/function-body-decoder-impl.h b/src/wasm/function-body-decoder-impl.h
index 3a6c0755eb..30f7eb7f50 100644
--- a/src/wasm/function-body-decoder-impl.h
+++ b/src/wasm/function-body-decoder-impl.h
@@ -1881,13 +1881,13 @@ class WasmDecoder : public Decoder {
         if (io) io->CallIndirect(imm);
         return 1 + imm.length;
       }
+      case kExprCallRefDeprecated:  // TODO(7748): Drop after grace period.
       case kExprCallRef:
       case kExprReturnCallRef: {
         SigIndexImmediate imm(decoder, pc + 1, validate);
         if (io) io->TypeIndex(imm);
         return 1 + imm.length;
       }
-      case kExprCallRefDeprecated:  // TODO(7748): Drop after grace period.
       case kExprDrop:
       case kExprSelect:
       case kExprCatchAll:
@@ -3737,27 +3737,17 @@ class WasmFullDecoder : public WasmDecoder<ValidationTag, decoding_mode> {
   // TODO(7748): After a certain grace period, drop this in favor of "CallRef".
   DECODE(CallRefDeprecated) {
     CHECK_PROTOTYPE_OPCODE(typed_funcref);
-    Value func_ref = Peek(0);
-    ValueType func_type = func_ref.type;
-    if (func_type == kWasmBottom) {
-      // We are in unreachable code, maintain the polymorphic stack.
-      return 1;
-    }
-    if (!VALIDATE(func_type.is_object_reference() && func_type.has_index() &&
-                  this->module_->has_signature(func_type.ref_index()))) {
-      PopTypeError(0, func_ref, "function reference");
-      return 0;
-    }
-    const FunctionSig* sig = this->module_->signature(func_type.ref_index());
-    ArgVector args = PeekArgs(sig, 1);
-    ReturnVector returns = CreateReturnValues(sig);
-    CALL_INTERFACE_IF_OK_AND_REACHABLE(CallRef, func_ref, sig,
-                                       func_type.ref_index(), args.begin(),
-                                       returns.begin());
+    SigIndexImmediate<validate> imm(this, this->pc_ + 1);
+    if (!this->Validate(this->pc_ + 1, imm)) return 0;
+    Value func_ref = Peek(0, 0, ValueType::RefNull(imm.index));
+    ArgVector args = PeekArgs(imm.sig, 1);
+    ReturnVector returns = CreateReturnValues(imm.sig);
+    CALL_INTERFACE_IF_OK_AND_REACHABLE(CallRef, func_ref, imm.sig, imm.index,
+                                       args.begin(), returns.begin());
     Drop(func_ref);
-    DropArgs(sig);
+    DropArgs(imm.sig);
     PushReturns(returns);
-    return 1;
+    return 1 + imm.length;
   }
 
   DECODE(CallRef) {
diff --git a/src/wasm/wasm-opcodes.h b/src/wasm/wasm-opcodes.h
index 17ed53a197..ef7f62117a 100644
--- a/src/wasm/wasm-opcodes.h
+++ b/src/wasm/wasm-opcodes.h
@@ -60,9 +60,9 @@ bool V8_EXPORT_PRIVATE IsJSCompatibleSignature(const FunctionSig* sig,
   V(CallIndirect, 0x11, _, "call_indirect")                                  \
   V(ReturnCall, 0x12, _, "return_call")                                      \
   V(ReturnCallIndirect, 0x13, _, "return_call_indirect")                     \
-  V(CallRefDeprecated, 0x14, _, "call_ref")    /* typed_funcref prototype */ \
+  V(CallRef, 0x14, _, "call_ref")              /* typed_funcref prototype */ \
   V(ReturnCallRef, 0x15, _, "return_call_ref") /* typed_funcref prototype */ \
-  V(CallRef, 0x17, _, "call_ref")              /* temporary, for compat.*/   \
+  V(CallRefDeprecated, 0x17, _, "call_ref")    /* temporary, for compat.*/   \
   V(Drop, 0x1a, _, "drop")                                                   \
   V(Select, 0x1b, _, "select")                                               \
   V(SelectWithType, 0x1c, _, "select")                                       \
diff --git a/test/mjsunit/wasm/wasm-module-builder.js b/test/mjsunit/wasm/wasm-module-builder.js
index 42c6cb1cc3..e3cd3b0fda 100644
--- a/test/mjsunit/wasm/wasm-module-builder.js
+++ b/test/mjsunit/wasm/wasm-module-builder.js
@@ -272,7 +272,7 @@ const kWasmOpcodes = {
   'CallIndirect': 0x11,
   'ReturnCall': 0x12,
   'ReturnCallIndirect': 0x13,
-  'CallRef': 0x17,  // TODO(7748): Temporary. Switch back to 0x14.
+  'CallRef': 0x14,
   'ReturnCallRef': 0x15,
   'Delegate': 0x18,
   'Drop': 0x1a,