[ctor-eval] Fix evalling of overlapping table segments (#4440)

Author: kripken

src/tools/wasm-ctor-eval.cpp

@@ -319,6 +319,7 @@ struct CtorEvalExternalInterface : EvallingModuleInstance::ExternalInterface {
                               extra);
   }
 
+  // We assume the table is not modified FIXME
   Literals callTable(Name tableName,
                      Index index,
                      HeapType sig,
@@ -333,8 +334,9 @@ struct CtorEvalExternalInterface : EvallingModuleInstance::ExternalInterface {
       throw FailToEvalException("callTable on non-existing table");
     }
 
-    // we assume the table is not modified (hmm)
-    // look through the segments, try to find the function
+    // Look through the segments and find the function. Segments can overlap,
+    // so we want the last one.
+    Name targetFunc;
     for (auto& segment : wasm->elementSegments) {
       if (segment->table != tableName) {
         continue;
@@ -357,29 +359,33 @@ struct CtorEvalExternalInterface : EvallingModuleInstance::ExternalInterface {
       if (start <= index && index < end) {
         auto entry = segment->data[index - start];
         if (auto* get = entry->dynCast<RefFunc>()) {
-          auto name = get->func;
-          // if this is one of our functions, we can call it; if it was
-          // imported, fail
-          auto* func = wasm->getFunction(name);
-          if (func->type != sig) {
-            throw FailToEvalException(
-              std::string("callTable signature mismatch: ") + name.str);
-          }
-          if (!func->imported()) {
-            return instance.callFunctionInternal(name, arguments);
-          } else {
-            throw FailToEvalException(
-              std::string("callTable on imported function: ") + name.str);
-          }
+          targetFunc = get->func;
         } else {
           throw FailToEvalException(
             std::string("callTable on uninitialized entry"));
         }
       }
     }
-    throw FailToEvalException(
-      std::string("callTable on index not found in static segments: ") +
-      std::to_string(index));
+
+    if (!targetFunc.is()) {
+      throw FailToEvalException(
+        std::string("callTable on index not found in static segments: ") +
+        std::to_string(index));
+    }
+
+    // If this is one of our functions, we can call it; if it was
+    // imported, fail.
+    auto* func = wasm->getFunction(targetFunc);
+    if (func->type != sig) {
+      throw FailToEvalException(std::string("callTable signature mismatch: ") +
+                                targetFunc.str);
+    }
+    if (!func->imported()) {
+      return instance.callFunctionInternal(targetFunc, arguments);
+    } else {
+      throw FailToEvalException(
+        std::string("callTable on imported function: ") + targetFunc.str);
+    }
   }
 
   Index tableSize(Name tableName) override {

test/ctor-eval/overlapping-segments.wast

@@ -0,0 +1,27 @@
+(module
+  (type $none_=>_i32 (func (result i32)))
+
+  (table $0 46 funcref)
+  (elem $0 (i32.const 9) $1)
+  (elem $1 (i32.const 9) $0)
+
+  (export "test1" (func $2))
+
+  (func $0 (result i32)
+    (unreachable)
+  )
+  (func $1 (result i32)
+    (i32.const 65)
+  )
+  (func $2
+    (drop
+      (call_indirect (type $none_=>_i32)
+        ;; Calling the item at index $9 should call $0, which appears in the
+        ;; last of the overlapping segments. That function traps, which stops
+        ;; us from evalling anything here.
+        (i32.const 9)
+      )
+    )
+  )
+)
+

test/ctor-eval/overlapping-segments.wast.ctors

@@ -0,0 +1 @@
+test1

test/ctor-eval/overlapping-segments.wast.out

@@ -0,0 +1,21 @@
+(module
+ (type $none_=>_i32 (func (result i32)))
+ (type $none_=>_none (func))
+ (table $0 46 funcref)
+ (elem $0 (i32.const 9) $1)
+ (elem $1 (i32.const 9) $0)
+ (export "test1" (func $2))
+ (func $0 (result i32)
+  (unreachable)
+ )
+ (func $1 (result i32)
+  (i32.const 65)
+ )
+ (func $2
+  (drop
+   (call_indirect $0 (type $none_=>_i32)
+    (i32.const 9)
+   )
+  )
+ )
+)