Refrain from setting array indices outside the array length

The code `array[i] = foo` where `i >= array.length` does, for obvious
reasons, not work inside unchecked contexts. Code like this was the
cause of crashes when compiling with `--uncheckedBehavior always`. In
my opinion, this practice is sloppy, although my workarounds can be
considered equally sloppy.

Author: CountBleck

src/builtins.ts

@@ -10329,17 +10329,17 @@ export function compileVisitMembers(compiler: Compiler): void {
     let instanceId = _keys[i];
     assert(instanceId == nextId++);
     let instance = assert(managedClasses.get(instanceId));
-    names[i] = instance.internalName;
+    names.push(instance.internalName);
     if (instance.isPointerfree) {
-      cases[i] = module.return();
+      cases.push(module.return());
     } else {
-      cases[i] = module.block(null, [
+      cases.push(module.block(null, [
         module.call(`${instance.internalName}~visit`, [
           module.local_get(0, sizeTypeRef), // this
           module.local_get(1, TypeRef.I32)  // cookie
         ], TypeRef.None),
         module.return()
-      ], TypeRef.None);
+      ], TypeRef.None));
       ensureVisitMembersOf(compiler, instance);
     }
   }

src/compiler.ts

@@ -1715,8 +1715,9 @@ export class Compiler extends DiagnosticEmitter {
         this.makeFieldInitializationInConstructor(classInstance, allocStmts);
 
         // Insert right before the body
-        for (let i = stmts.length - 1; i >= bodyStartIndex; --i) {
-          stmts[i + 1] = stmts[i];
+        let bodyEndIndex = stmts.length++;
+        for (let i = bodyEndIndex; i > bodyStartIndex; --i) {
+          stmts[i] = stmts[i - 1];
         }
         stmts[bodyStartIndex] = module.flatten(allocStmts, TypeRef.None);
 
@@ -2755,7 +2756,7 @@ export class Compiler extends DiagnosticEmitter {
     let outerFlow = this.currentFlow;
     let tempLocal = outerFlow.getTempLocal(Type.u32);
     let tempLocalIndex = tempLocal.index;
-    let breaks = new Array<ExpressionRef>(1 + numCases);
+    let breaks = new Array<ExpressionRef>(2 + numCases);
     breaks[0] = module.local_set(tempLocalIndex, condExpr, false); // u32
 
     // Make one br_if per labeled case and leave it to Binaryen to optimize the
@@ -2784,6 +2785,7 @@ export class Compiler extends DiagnosticEmitter {
       ? `case${defaultIndex}|${label}`
       : `break|${label}`
     );
+    breaks.length = breakIndex + 1;
 
     // Nest the case blocks in order, to be targeted by the br_if sequence
     let currentBlock = module.block(`case0|${label}`, breaks, TypeRef.None);
@@ -6373,7 +6375,7 @@ export class Compiler extends DiagnosticEmitter {
     }
     let numOptional = assert(maxOperands - minOperands);
 
-    let forwardedOperands = new Array<ExpressionRef>(minOperands);
+    let forwardedOperands = new Array<ExpressionRef>(maxOperands);
     let operandIndex = 0;
     let stmts = new Array<ExpressionRef>();
 
@@ -6597,7 +6599,7 @@ export class Compiler extends DiagnosticEmitter {
     let body: ExpressionRef;
     let instanceClass = instance.getBoundClassOrInterface();
     if (!instance.is(CommonFlags.Abstract) && !(instanceClass && instanceClass.kind == ElementKind.Interface)) {
-      let paramExprs = new Array<ExpressionRef>(numParameters);
+      let paramExprs = new Array<ExpressionRef>(numParameters + 1);
       paramExprs[0] = module.local_get(0, sizeTypeRef); // this
       for (let i = 0, k = parameterTypes.length; i < k; ++i) {
         paramExprs[1 + i] = module.local_get(1 + i, parameterTypes[i].toRef());

src/flow.ts

@@ -524,15 +524,25 @@ export class Flow {
   setLocalFlag(index: i32, flag: LocalFlags): void {
     if (index < 0) return;
     let localFlags = this.localFlags;
-    let flags = index < localFlags.length ? unchecked(localFlags[index]) : 0;
+    let flags = 0;
+    if (index < localFlags.length) {
+      flags = unchecked(localFlags[index]);
+    } else {
+      localFlags.length = index + 1;
+    }
     localFlags[index] = flags | flag;
   }
 
   /** Unsets the specified flag or flags on the local at the specified index. */
   unsetLocalFlag(index: i32, flag: LocalFlags): void {
     if (index < 0) return;
     let localFlags = this.localFlags;
-    let flags = index < localFlags.length ? unchecked(localFlags[index]) : 0;
+    let flags = 0;
+    if (index < localFlags.length) {
+      flags = unchecked(localFlags[index]);
+    } else {
+      localFlags.length = index + 1;
+    }
     localFlags[index] = flags & ~flag;
   }
 
@@ -717,7 +727,7 @@ export class Flow {
     let numThisLocalFlags = thisLocalFlags.length;
     let otherLocalFlags = other.localFlags;
     let numOtherLocalFlags = otherLocalFlags.length;
-    let maxLocalFlags = max(numThisLocalFlags, numOtherLocalFlags);
+    let maxLocalFlags = thisLocalFlags.length = max(numThisLocalFlags, numOtherLocalFlags);
     for (let i = 0; i < maxLocalFlags; ++i) {
       let thisFlags = i < numThisLocalFlags ? thisLocalFlags[i] : 0;
       let otherFlags = i < numOtherLocalFlags ? otherLocalFlags[i] : 0;
@@ -829,21 +839,23 @@ export class Flow {
     if (leftFlags & FlowFlags.Terminates) {
       if (!(rightFlags & FlowFlags.Terminates)) {
         let rightLocalFlags = right.localFlags;
-        for (let i = 0, k = rightLocalFlags.length; i < k; ++i) {
+        const numRightLocalFlags = thisLocalFlags.length = rightLocalFlags.length;
+        for (let i = 0, k = numRightLocalFlags; i < k; ++i) {
           thisLocalFlags[i] = rightLocalFlags[i];
         }
       }
     } else if (rightFlags & FlowFlags.Terminates) {
       let leftLocalFlags = left.localFlags;
-      for (let i = 0, k = leftLocalFlags.length; i < k; ++i) {
+      const numLeftLocalFlags = thisLocalFlags.length = leftLocalFlags.length;
+      for (let i = 0, k = numLeftLocalFlags; i < k; ++i) {
         thisLocalFlags[i] = leftLocalFlags[i];
       }
     } else {
       let leftLocalFlags = left.localFlags;
       let numLeftLocalFlags = leftLocalFlags.length;
       let rightLocalFlags = right.localFlags;
       let numRightLocalFlags = rightLocalFlags.length;
-      let maxLocalFlags = max(numLeftLocalFlags, numRightLocalFlags);
+      let maxLocalFlags = thisLocalFlags.length = max(numLeftLocalFlags, numRightLocalFlags);
       for (let i = 0; i < maxLocalFlags; ++i) {
         let leftFlags = i < numLeftLocalFlags ? leftLocalFlags[i] : 0;
         let rightFlags = i < numRightLocalFlags ? rightLocalFlags[i] : 0;

src/passes/shadowstack.ts

@@ -467,7 +467,7 @@ export class ShadowStackPass extends Pass {
     let results = _BinaryenFunctionGetResults(funcRef);
     let body = assert(_BinaryenFunctionGetBody(funcRef));
     let numVars = _BinaryenFunctionGetNumVars(funcRef);
-    let vars = new Array<TypeRef>();
+    let vars = new Array<TypeRef>(numVars);
     for (let i: Index = 0; i < numVars; ++i) {
       vars[i] = _BinaryenFunctionGetVar(funcRef, i);
     }

src/program.ts

@@ -3783,7 +3783,7 @@ export class Function extends TypedElement {
         let scopedLocals = this.flow.scopedLocals;
         if (!scopedLocals) this.flow.scopedLocals = scopedLocals = new Map();
         scopedLocals.set(CommonNames.this_, local);
-        this.localsByIndex[local.index] = local;
+        this.localsByIndex.push(local);
         flow.setLocalFlag(local.index, LocalFlags.Initialized);
       }
       let parameterTypes = signature.parameterTypes;
@@ -3799,7 +3799,7 @@ export class Function extends TypedElement {
         let scopedLocals = this.flow.scopedLocals;
         if (!scopedLocals) this.flow.scopedLocals = scopedLocals = new Map();
         scopedLocals.set(parameterName, local);
-        this.localsByIndex[local.index] = local;
+        this.localsByIndex.push(local);
         flow.setLocalFlag(local.index, LocalFlags.Initialized);
       }
     }
@@ -3858,7 +3858,7 @@ export class Function extends TypedElement {
       if (scopedLocals.has(name)) throw new Error("duplicate local name");
       scopedLocals.set(name, local);
     }
-    localsByIndex[localIndex] = local;
+    localsByIndex.push(local);
     return local;
   }