[wasm] Alignment information of wasm programs cannot be trusted

This CL removes code which is based on the assumption that if WebAssembly code says that memory accesses are aligned, that they are really aligned. On arm, memory accesses crashed when this assumption was violated. Most likely this CL will cause a performance regression on arm. At the moment we plan to fix this regression eventually by using arm NEON instructions in V8. R=titzer@chromium.org Change-Id: Ibb60fa1ef0173c13af813a3cb7eb26bfa2a847c2 Reviewed-on: https://chromium-review.googlesource.com/451297 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44179}
2017-03-23 11:29:25 +01:00 · 2017-03-23 11:29:25 +01:00 · 53af0d1ad3
commit 53af0d1ad3
parent ddcdbf6fef
3 changed files with 66 additions and 10 deletions
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@ -3016,11 +3016,8 @@ Node* WasmGraphBuilder::LoadMem(wasm::ValueType type, MachineType memtype,
  if (!FLAG_wasm_trap_handler || !V8_TRAP_HANDLER_SUPPORTED) {
    BoundsCheckMem(memtype, index, offset, position);
  }
-  bool aligned = static_cast<int>(alignment) >=
-                 ElementSizeLog2Of(memtype.representation());

-  if (aligned ||
-      jsgraph()->machine()->UnalignedLoadSupported(memtype, alignment)) {
+  if (jsgraph()->machine()->UnalignedLoadSupported(memtype, alignment)) {
    if (FLAG_wasm_trap_handler && V8_TRAP_HANDLER_SUPPORTED) {
      DCHECK(FLAG_wasm_guard_pages);
      Node* position_node = jsgraph()->Int32Constant(position);
@ -3070,17 +3067,12 @@ Node* WasmGraphBuilder::StoreMem(MachineType memtype, Node* index,
  if (!FLAG_wasm_trap_handler || !V8_TRAP_HANDLER_SUPPORTED) {
    BoundsCheckMem(memtype, index, offset, position);
  }
-  StoreRepresentation rep(memtype.representation(), kNoWriteBarrier);
-
-  bool aligned = static_cast<int>(alignment) >=
-                 ElementSizeLog2Of(memtype.representation());

 #if defined(V8_TARGET_BIG_ENDIAN)
  val = BuildChangeEndianness(val, memtype);
 #endif

-  if (aligned ||
-      jsgraph()->machine()->UnalignedStoreSupported(memtype, alignment)) {
+  if (jsgraph()->machine()->UnalignedStoreSupported(memtype, alignment)) {
    if (FLAG_wasm_trap_handler && V8_TRAP_HANDLER_SUPPORTED) {
      Node* position_node = jsgraph()->Int32Constant(position);
      store = graph()->NewNode(
--- a/test/cctest/wasm/test-run-wasm-64.cc
+++ b/test/cctest/wasm/test-run-wasm-64.cc
@ -1528,6 +1528,22 @@ WASM_EXEC_TEST(StoreMem_offset_oob_i64) {
  }
 }

+WASM_EXEC_TEST(UnalignedInt64Load) {
+  WasmRunner<uint64_t> r(execution_mode);
+  r.module().AddMemoryElems<int64_t>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Int64(), WASM_ONE, 3));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedInt64Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<uint64_t>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Int64(), WASM_ONE, 3,
+                                             WASM_I64V_1(1)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
 #define ADD_CODE(vec, ...)                                              \
  do {                                                                  \
    byte __buf[] = {__VA_ARGS__};                                       \
--- a/test/cctest/wasm/test-run-wasm.cc
+++ b/test/cctest/wasm/test-run-wasm.cc
@ -1092,6 +1092,54 @@ WASM_EXEC_TEST(LoadStoreLoad) {
  }
 }

+WASM_EXEC_TEST(UnalignedFloat32Load) {
+  WasmRunner<float> r(execution_mode);
+  r.module().AddMemoryElems<float>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Float32(), WASM_ONE, 2));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedFloat64Load) {
+  WasmRunner<double> r(execution_mode);
+  r.module().AddMemoryElems<double>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Float64(), WASM_ONE, 3));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedInt32Load) {
+  WasmRunner<uint32_t> r(execution_mode);
+  r.module().AddMemoryElems<uint32_t>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Int32(), WASM_ONE, 2));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedInt32Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<uint32_t>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Int32(), WASM_ONE, 2,
+                                             WASM_I32V_1(1)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedFloat32Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<float>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Float32(), WASM_ONE,
+                                             2, WASM_F32(1.0)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedFloat64Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<double>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Float64(), WASM_ONE,
+                                             3, WASM_F64(1.0)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
 WASM_EXEC_TEST(VoidReturn1) {
  const int32_t kExpected = -414444;
  WasmRunner<int32_t> r(execution_mode);