Respect the Web limitation on Table size

src/ir/memory-utils.h

@@ -23,6 +23,7 @@
 #include "literal.h"
 #include "wasm-binary.h"
 #include "wasm-builder.h"
+#include "wasm-limits.h"
 #include "wasm.h"
 
 namespace wasm::MemoryUtils {

src/passes/MemoryPacking.cpp

@@ -37,6 +37,7 @@
 #include "support/stdckdint.h"
 #include "wasm-binary.h"
 #include "wasm-builder.h"
+#include "wasm-limits.h"
 #include "wasm.h"
 
 namespace wasm {

src/wasm-binary.h

@@ -43,15 +43,6 @@ enum {
   MaxLEB32Bytes = 5,
 };
 
-// wasm VMs on the web have decided to impose some limits on what they
-// accept
-enum WebLimitations : uint32_t {
-  MaxDataSegments = 100 * 1000,
-  MaxFunctionBodySize = 128 * 1024,
-  MaxFunctionLocals = 50 * 1000,
-  MaxFunctionParams = 1000
-};
-
 template<typename T, typename MiniT> struct LEB {
   static_assert(sizeof(MiniT) == 1, "MiniT must be a byte");
 

src/wasm-interpreter.h

@@ -35,6 +35,7 @@
 #include "support/stdckdint.h"
 #include "support/string.h"
 #include "wasm-builder.h"
+#include "wasm-limits.h"
 #include "wasm-traversal.h"
 #include "wasm.h"
 
@@ -3138,6 +3139,9 @@ class ModuleRunnerBase : public ExpressionRunner<SubType> {
       return fail;
     }
     Index newSize = tableSize + delta;
+    if (newSize > WebLimitations::MaxTableSize) {
+      return fail;
+    }
     if (!info.interface->growTable(
           tableName, valueFlow.getSingleValue(), tableSize, newSize)) {
       // We failed to grow the table in practice, even though it was valid

src/wasm-limits.h

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 WebAssembly Community Group participants
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef wasm_wasm_limits_h
+#define wasm_wasm_limits_h
+
+#include <stdint.h>
+
+namespace wasm {
+
+// wasm VMs on the web have decided to impose some limits on what they
+// accept (see e.g. https://github.com/v8/v8/blob/main/src/wasm/wasm-limits.h).
+enum WebLimitations : uint32_t {
+  MaxDataSegments = 100 * 1000,
+  MaxTableSize = 10 * 1000 * 1000,
+  MaxFunctionBodySize = 128 * 1024,
+  MaxFunctionLocals = 50 * 1000,
+  MaxFunctionParams = 1000
+};
+
+} // namespace wasm
+
+#endif // wasm_wasm_limits_h

src/wasm/wasm-binary.cpp

@@ -26,6 +26,7 @@
 #include "support/string.h"
 #include "wasm-binary.h"
 #include "wasm-debug.h"
+#include "wasm-limits.h"
 #include "wasm-stack.h"
 
 #define DEBUG_TYPE "binary"

test/lit/exec/table.grow.wast

@@ -0,0 +1,28 @@
+;; NOTE: Assertions have been generated by update_lit_checks.py --output=fuzz-exec and should not be edited.
+
+;; RUN: wasm-opt %s -all --fuzz-exec-before -q -o /dev/null 2>&1 | filecheck %s
+
+(module
+ (table $0 0 funcref)
+
+ ;; CHECK:      [fuzz-exec] calling just-right
+ ;; CHECK-NEXT: [fuzz-exec] note result: just-right => 0
+ (func $just-right (export "just-right") (result i32)
+  ;; Growing up to the limit of 10*1000*1000 will succeed.
+  (table.grow $0
+   (ref.null nofunc)
+   (i32.const 10000000)
+  )
+ )
+
+ ;; CHECK:      [fuzz-exec] calling too-much
+ ;; CHECK-NEXT: [fuzz-exec] note result: too-much => -1
+ (func $too-much (export "too-much") (result i32)
+  ;; Growing beyond the limit will error and return -1.
+  (table.grow $0
+   (ref.null nofunc)
+   (i32.const 10000001)
+  )
+ )
+)
+