Stack switching validation (#8467)

Now that we want to fuzz stack switching against a real implementation
in V8, add proper validation. Copy in the stack switching tests,
commenting out parts we do not handle for other reasons, to test that
the new validation logic is correct. Fix DAE2 and a couple of stack
switching tests that were not actually valid to begin with.

Author: tlively

src/cfg/cfg-traversal.h

@@ -453,7 +453,9 @@ struct CFGWalker : public PostWalker<SubType, VisitorType> {
     auto handlerBlocks = BranchUtils::getUniqueTargets(*currp);
     // Add branches to the targets.
     for (auto target : handlerBlocks) {
-      self->branches[target].push_back(self->currBasicBlock);
+      if (target) {
+        self->branches[target].push_back(self->currBasicBlock);
+      }
     }
   }
 

src/passes/DeadArgumentElimination2.cpp

@@ -52,6 +52,7 @@
 #include "ir/type-updating.h"
 #include "pass.h"
 #include "support/index.h"
+#include "support/mixed_arena.h"
 #include "support/utilities.h"
 #include "wasm-builder.h"
 #include "wasm-traversal.h"
@@ -354,9 +355,25 @@ struct GraphBuilder : public WalkerPass<ExpressionStackWalker<GraphBuilder>> {
     }
   }
 
-  void visitResume(Resume* curr) { noteContinuation(curr->cont->type); }
+  void visitResumeHandlers(const ArenaVector<Name>& labels) {
+    for (Index i = 0; i < labels.size(); ++i) {
+      if (labels[i]) {
+        auto* target = findBreakTarget(labels[i]);
+        assert(target->type.size() >= 1);
+        auto newContType = target->type[target->type.size() - 1];
+        assert(newContType.isContinuation());
+        noteContinuation(newContType);
+      }
+    }
+  }
+
+  void visitResume(Resume* curr) {
+    noteContinuation(curr->cont->type);
+    visitResumeHandlers(curr->handlerBlocks);
+  }
   void visitResumeThrow(ResumeThrow* curr) {
     noteContinuation(curr->cont->type);
+    visitResumeHandlers(curr->handlerBlocks);
   }
   void visitStackSwitch(StackSwitch* curr) {
     noteContinuation(curr->cont->type);

src/wasm/wasm-ir-builder.cpp

@@ -1974,6 +1974,9 @@ Result<> IRBuilder::makeRefTest(Type type) {
 }
 
 Result<> IRBuilder::makeRefCast(Type type, bool isDesc) {
+  if (!type.isCastable()) {
+    return Err{"ref.cast cannot cast to invalid type"};
+  }
   std::optional<HeapType> descriptor;
   if (isDesc) {
     assert(type.isRef());
@@ -2027,6 +2030,9 @@ Result<> IRBuilder::makeBrOn(Index label,
   curr.op = op;
   curr.castType = out;
   curr.desc = nullptr;
+  if (op != BrOnNull && op != BrOnNonNull && !out.isCastable()) {
+    return Err{"br_on cannot cast to invalid type"};
+  }
   CHECK_ERR(visitBrOn(&curr));
 
   // Validate type immediates before we forget them.