[asm.js] Fix handling of bogus code after export statement.

This makes the asm.js validator reject source with trailing expressions after the module exporting return statement. Most of the time trailing statements would not affect semantics, since they are unreachable. In some cases we might hide an expected ReferenceError tough. R=leszeks@chromium.org TEST=mjsunit/regress/regress-crbug-934138 BUG=chromium:934138 Change-Id: I790366204f5e9c943715a065b5229f2442e2c86e Reviewed-on: https://chromium-review.googlesource.com/c/1481216 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#59766}
2019-02-21 12:41:30 +01:00 · 2019-02-21 12:41:30 +01:00 · cc787e174e
commit cc787e174e
parent 285519582b
5 changed files with 43 additions and 2 deletions
--- a/src/asmjs/asm-parser.cc
+++ b/src/asmjs/asm-parser.cc
@ -353,6 +353,8 @@ void AsmJsParser::ValidateModule() {
    RECURSE(ValidateFunctionTable());
  }
  RECURSE(ValidateExport());
+  RECURSE(SkipSemicolon());
+  EXPECT_TOKEN('}');

  // Check that all functions were eventually defined.
  for (auto& info : global_var_info_) {
--- a/test/message/asm-function-undefined.out
+++ b/test/message/asm-function-undefined.out
@ -2,4 +2,4 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

-*%(basename)s:12: Invalid asm.js: Undefined function
+*%(basename)s:13: Invalid asm.js: Undefined function
--- a/test/message/asm-table-undefined.out
+++ b/test/message/asm-table-undefined.out
@ -2,4 +2,4 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

-*%(basename)s:13: Invalid asm.js: Undefined function table
+*%(basename)s:14: Invalid asm.js: Undefined function table
--- a/test/mjsunit/mjsunit.status
+++ b/test/mjsunit/mjsunit.status
@ -377,6 +377,7 @@
  'regress/regress-6700': [SKIP],
  'regress/regress-6838-2': [SKIP],
  'regress/regress-6838-3': [SKIP],
+  'regress/regress-crbug-934138': [SKIP],

  # Timeouts in lite / jitless mode.
  'asm/embenchen/*': [SKIP],
--- a/test/mjsunit/regress/regress-crbug-934138.js
+++ b/test/mjsunit/regress/regress-crbug-934138.js
@ -0,0 +1,38 @@
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+(function TestTrailingJunkAfterExport() {
+  function Module() {
+    "use asm";
+    function f() {}
+    return {f: f}
+    %kaboom;
+  }
+  assertThrows(() => Module(), ReferenceError);
+  assertFalse(%IsAsmWasmCode(Module));
+})();
+
+(function TestExportWithSemicolon() {
+  function Module() {
+    "use asm";
+    function f() {}
+    return {f: f};
+    // appreciate the semicolon
+  }
+  assertDoesNotThrow(() => Module());
+  assertTrue(%IsAsmWasmCode(Module));
+})();
+
+(function TestExportWithoutSemicolon() {
+  function Module() {
+    "use asm";
+    function f() {}
+    return {f: f}
+    // appreciate the nothingness
+  }
+  assertDoesNotThrow(() => Module());
+  assertTrue(%IsAsmWasmCode(Module));
+})();