[asm.js] Fix validation failure in module variable import.

R=clemensh@chromium.org
TEST=message/asm-import-wrong-object
BUG=chromium:718653

Change-Id: Ib903d7041ffb6a67c1b3c7be3e0f9455229acd90
Reviewed-on: https://chromium-review.googlesource.com/497747
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45129}

src/asmjs/asm-parser.cc

@@ -41,7 +41,6 @@ namespace wasm {
 
 #define FAIL(msg) FAIL_AND_RETURN(, msg)
 #define FAILn(msg) FAIL_AND_RETURN(nullptr, msg)
-#define FAILf(msg) FAIL_AND_RETURN(false, msg)
 
 #define EXPECT_TOKEN_OR_RETURN(ret, token)      \
   do {                                          \
@@ -53,7 +52,6 @@ namespace wasm {
 
 #define EXPECT_TOKEN(token) EXPECT_TOKEN_OR_RETURN(, token)
 #define EXPECT_TOKENn(token) EXPECT_TOKEN_OR_RETURN(nullptr, token)
-#define EXPECT_TOKENf(token) EXPECT_TOKEN_OR_RETURN(false, token)
 
 #define RECURSE_OR_RETURN(ret, call)                                       \
   do {                                                                     \
@@ -67,7 +65,6 @@ namespace wasm {
 
 #define RECURSE(call) RECURSE_OR_RETURN(, call)
 #define RECURSEn(call) RECURSE_OR_RETURN(nullptr, call)
-#define RECURSEf(call) RECURSE_OR_RETURN(false, call)
 
 #define TOK(name) AsmJsScanner::kToken_##name
 
@@ -469,8 +466,8 @@ void AsmJsParser::ValidateModuleVar(bool mutable_variable) {
   } else if (Check(stdlib_name_)) {
     EXPECT_TOKEN('.');
     RECURSE(ValidateModuleVarStdlib(info));
-  } else if (ValidateModuleVarImport(info, mutable_variable)) {
+  } else if (Peek(foreign_name_) || Peek('+')) {
-    // Handled inside.
+    RECURSE(ValidateModuleVarImport(info, mutable_variable));
   } else if (scanner_.IsGlobal()) {
     RECURSE(ValidateModuleVarFromGlobal(info, mutable_variable));
   } else {
@@ -527,32 +524,30 @@ void AsmJsParser::ValidateModuleVarFromGlobal(VarInfo* info,
 }
 
 // 6.1 ValidateModule - foreign imports
-bool AsmJsParser::ValidateModuleVarImport(VarInfo* info,
+void AsmJsParser::ValidateModuleVarImport(VarInfo* info,
                                           bool mutable_variable) {
   if (Check('+')) {
-    EXPECT_TOKENf(foreign_name_);
+    EXPECT_TOKEN(foreign_name_);
-    EXPECT_TOKENf('.');
+    EXPECT_TOKEN('.');
     Vector<const char> name = CopyCurrentIdentifierString();
     AddGlobalImport(name, AsmType::Double(), kWasmF64, mutable_variable, info);
     scanner_.Next();
-    return true;
+  } else {
-  } else if (Check(foreign_name_)) {
+    EXPECT_TOKEN(foreign_name_);
-    EXPECT_TOKENf('.');
+    EXPECT_TOKEN('.');
     Vector<const char> name = CopyCurrentIdentifierString();
     scanner_.Next();
     if (Check('|')) {
       if (!CheckForZero()) {
-        FAILf("Expected |0 type annotation for foreign integer import");
+        FAIL("Expected |0 type annotation for foreign integer import");
       }
       AddGlobalImport(name, AsmType::Int(), kWasmI32, mutable_variable, info);
-      return true;
+    } else {
+      info->kind = VarKind::kImportedFunction;
+      info->import = new (zone()->New(sizeof(FunctionImportInfo)))
+          FunctionImportInfo({name, WasmModuleBuilder::SignatureMap(zone())});
     }
-    info->kind = VarKind::kImportedFunction;
-    info->import = new (zone()->New(sizeof(FunctionImportInfo)))
-        FunctionImportInfo({name, WasmModuleBuilder::SignatureMap(zone())});
-    return true;
   }
-  return false;
 }
 
 // 6.1 ValidateModule - one variable

src/asmjs/asm-parser.h

@@ -276,7 +276,7 @@ class AsmJsParser {
   void ValidateModuleParameters();
   void ValidateModuleVars();
   void ValidateModuleVar(bool mutable_variable);
-  bool ValidateModuleVarImport(VarInfo* info, bool mutable_variable);
+  void ValidateModuleVarImport(VarInfo* info, bool mutable_variable);
   void ValidateModuleVarStdlib(VarInfo* info);
   void ValidateModuleVarNewStdlib(VarInfo* info);
   void ValidateModuleVarFromGlobal(VarInfo* info, bool mutable_variable);

test/message/asm-import-wrong-annotation.js

@@ -0,0 +1,11 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --validate-asm --no-stress-opt --no-stress-validate-asm --no-suppress-asm-messages
+
+function Module(stdlib, foreign, heap) {
+  "use asm"
+  var x = foreign.x | 1;
+}
+Module(this, { x:0 });

test/message/asm-import-wrong-annotation.out

@@ -0,0 +1,5 @@
+# Copyright 2017 the V8 project authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+*%(basename)s:9: Invalid asm.js: Expected |0 type annotation for foreign integer import

test/message/asm-import-wrong-object.js

@@ -0,0 +1,11 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --validate-asm --no-stress-opt --no-stress-validate-asm --no-suppress-asm-messages
+
+function Module(stdlib, foreign, heap) {
+  "use asm"
+  var x = +stdlib.x;
+}
+Module(this, { x:0 });

test/message/asm-import-wrong-object.out

@@ -0,0 +1,5 @@
+# Copyright 2017 the V8 project authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+*%(basename)s:9: Invalid asm.js: Unexpected token