fix(validator): detect excess values on stack in unreachable code #146
Description
Problem
The WAST validator does not detect excess concrete values on the stack at block/function boundaries in unreachable code. This causes 22 failures in unreached-invalid.wast.
Example
;; This should be invalid — function returns void but has an unconsumed i32
(module (func (unreachable) (i32.const 0)))After unreachable, the stack becomes polymorphic. However, i32.const 0 pushes a concrete value. At end, the spec requires that the stack height matches — excess concrete values are a type mismatch.
Attempted Fix
Adding if stack.len() > unreachable_height { return Err(...) } at block end correctly catches these 22 cases, but causes ~400 regressions. The issue is that select and other polymorphic instructions in unreachable code can "consume" phantom values from below the polymorphic base and push concrete results, which the naive check wrongly flags.
Correct Approach
The proper fix requires distinguishing phantom values (synthesized by polymorphic underflow) from concrete values (actually pushed). Options:
- Tag stack entries with a
phantomflag - Track a separate "concrete push count" per frame
- Only check excess when no polymorphic pops occurred in the block
Impact
- 22 assertions in
unreached-invalid.wast
Files
kiln-build-core/src/wast_validator.rs—validate_function_body()end-of-block handling (~line 1088-1152)