WebAssembly stack overflow crash

[jmid]

Consider the following Wasm module with two mutually recursive functions:

(module
  (type $0 (func (result i32)))
  (type $1 (func (result i32)))
  (func $0
    (type 0)
    (call 1)
  )
  (func $1
    (type 1)
    (i32.const 0)
    (if
      (result i32)
      (then (i32.const 0) (br 1))
      (else (call 0))
    )
    (unreachable)
  )
  (export "runi32" (func 0))
)

This can be wrapped as follows in a corresponding, self-contained JS-program:

let buffer = new Uint8Array([ 0,97,115,109,1,0,0,0,1,9,2,96,0,1,127,96,0,1,127,3,3,2,0,1,7,10,1,6,114,117,110,105,51,50,0,0,10,22,2,4,0,16,1,11,15,0,65,0,4,127,65,0,12,1,5,16,0,11,0,11 ]);

let m = new WebAssembly.Instance(new WebAssembly.Module(buffer));
try { m.exports.runi32() }
catch (e) {
    print("caught ", e.name, e.message)
}

This consistently crashes Chakra v1.11.22.0 under both Linux and Mac OS X with a segmentation fault:

$ ch example.js
Segmentation fault (core dumped)

In comparison V8, SpiderMonkey, and JavaScriptCore all throw an exception:

$ v8 example.js
caught  RangeError Maximum call stack size exceeded
$ sm example.js
caught  InternalError too much recursion
$ jsc example.js
caught  RangeError Maximum call stack size exceeded.

Note: I'm running the pre-built Chakra binaries installed via jsvu.
I've not tried the above in an Edge browser yet.

[Fly-Style]

Thank you for your report!

[ppenzin]

The issue is not that we cannot execute this, but rather that we are crashing instead of throwing an error.