[vm] Unsound execution due to missing type check leads to undefined behavior

[mkustermann]

Here's a repro:

void main() {
  testTypeParameterForwardingStub();
}

void testTypeParameterForwardingStub() {
  final PBox<Object> object = PSub();
  object.foo<List<Object>>(<Object>['a']);
}

abstract class PBox<T> {
  void foo<H extends List<T>>(H a);
}

class PBase {
  void foo<H extends List<int>>(List<int> a) =>
      print('PBase.foo<$H>(${1 + a[0]})');
}

class PSub extends PBase implements PBox<int> {}

Running this in JIT results in a weird error:

% dart repro.dart
Unhandled exception:
NoSuchMethodError: Class 'String' has no instance method '_addFromInteger'.
Receiver: "a"
Tried calling: _addFromInteger(1)
#0      Object.noSuchMethod (dart:core-patch/object_patch.dart:38:5)
#1      int.+ (dart:core-patch/integers.dart:12:38)
#2      PBase.foo (file:///usr/local/google/home/kustermann/src/dart-sdk-gclient/sdk/tests/web/wasm/regress_forwarding_stub_field_test.dart:22:32)
#3      PSub.foo (file:///usr/local/google/home/kustermann/src/dart-sdk-gclient/sdk/tests/web/wasm/regress_forwarding_stub_field_test.dart)
#4      testTypeParameterForwardingStub (file:///usr/local/google/home/kustermann/src/dart-sdk-gclient/sdk/tests/web/wasm/regress_forwarding_stub_field_test.dart:13:10)
#5      main (file:///usr/local/google/home/kustermann/src/dart-sdk-gclient/sdk/tests/web/wasm/regress_forwarding_stub_field_test.dart:8:3)
#6      _delayEntrypointInvocation.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:314:19)
#7      _RawReceivePort._handleMessage (dart:isolate-patch/isolate_patch.dart:193:12)

Running this in AOT results in incorrect execution

% dart compile exe repro.dart
Generated: repro.exe
% ./repro.exe
PBase.foo<List<Object>>(3)

In reality it should throw a TypeError in the forwarding stub injected by the CFE that checks the type parameter against the bound.