[wasm][interpreter] Clear thread in wasm flag on exceptional return

A stack overflow can be thrown by JSEntryStub, which means the
thread-in-wasm flag will not have the expected value. To accommodate
this, we now clear the flag during exceptional returns if it is set.

Bug: chromium:834624
Change-Id: I8359af79886ab98dfecc2fb39ca19118b7fa38eb
Reviewed-on: https://chromium-review.googlesource.com/1019570
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52891}

src/wasm/wasm-interpreter.cc

@@ -2349,7 +2349,12 @@ class ThreadImpl {
           maybe_retval.is_null() ? " with exception" : "");
 
     if (maybe_retval.is_null()) {
-      DCHECK(!trap_handler::IsThreadInWasm());
+      // JSEntryStub may through a stack overflow before we actually get to wasm
+      // code or back to the interpreter, meaning the thread-in-wasm flag won't
+      // be cleared.
+      if (trap_handler::IsThreadInWasm()) {
+        trap_handler::ClearThreadInWasm();
+      }
       return TryHandleException(isolate);
     }
 

test/mjsunit/regress/wasm/regress-834624.js

@@ -0,0 +1,30 @@
+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-interpret-all
+
+load("test/mjsunit/wasm/wasm-constants.js");
+load("test/mjsunit/wasm/wasm-module-builder.js");
+
+let instance;
+(function DoTest() {
+  function call_main() {
+    instance.exports.main();
+  }
+  let module = new WasmModuleBuilder();
+  module.addImport('mod', 'func', kSig_v_i);
+  module.addFunction('main', kSig_v_i)
+    .addBody([kExprGetLocal, 0, kExprCallFunction, 0])
+    .exportFunc();
+  instance = module.instantiate({
+    mod: {
+      func: call_main
+    }
+  });
+  try {
+    instance.exports.main();
+  } catch (e) {
+    // ignore
+  }
+})();