[wasm] Alignment information of wasm programs cannot be trusted

This CL removes code which is based on the assumption that if
WebAssembly code says that memory accesses are aligned, that they are
really aligned. On arm, memory accesses crashed when this assumption
was violated.

Most likely this CL will cause a performance regression on arm. At the
moment we plan to fix this regression eventually by using arm NEON
instructions in V8.

R=titzer@chromium.org

Change-Id: Ibb60fa1ef0173c13af813a3cb7eb26bfa2a847c2
Reviewed-on: https://chromium-review.googlesource.com/451297Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44179}

src/compiler/wasm-compiler.cc

@@ -3016,11 +3016,8 @@ Node* WasmGraphBuilder::LoadMem(wasm::ValueType type, MachineType memtype,
   if (!FLAG_wasm_trap_handler || !V8_TRAP_HANDLER_SUPPORTED) {
     BoundsCheckMem(memtype, index, offset, position);
   }
-  bool aligned = static_cast<int>(alignment) >=
-                 ElementSizeLog2Of(memtype.representation());
 
-  if (aligned ||
-      jsgraph()->machine()->UnalignedLoadSupported(memtype, alignment)) {
+  if (jsgraph()->machine()->UnalignedLoadSupported(memtype, alignment)) {
     if (FLAG_wasm_trap_handler && V8_TRAP_HANDLER_SUPPORTED) {
       DCHECK(FLAG_wasm_guard_pages);
       Node* position_node = jsgraph()->Int32Constant(position);
@@ -3070,17 +3067,12 @@ Node* WasmGraphBuilder::StoreMem(MachineType memtype, Node* index,
   if (!FLAG_wasm_trap_handler || !V8_TRAP_HANDLER_SUPPORTED) {
     BoundsCheckMem(memtype, index, offset, position);
   }
-  StoreRepresentation rep(memtype.representation(), kNoWriteBarrier);
-
-  bool aligned = static_cast<int>(alignment) >=
-                 ElementSizeLog2Of(memtype.representation());
 
 #if defined(V8_TARGET_BIG_ENDIAN)
   val = BuildChangeEndianness(val, memtype);
 #endif
 
-  if (aligned ||
-      jsgraph()->machine()->UnalignedStoreSupported(memtype, alignment)) {
+  if (jsgraph()->machine()->UnalignedStoreSupported(memtype, alignment)) {
     if (FLAG_wasm_trap_handler && V8_TRAP_HANDLER_SUPPORTED) {
       Node* position_node = jsgraph()->Int32Constant(position);
       store = graph()->NewNode(

test/cctest/wasm/test-run-wasm-64.cc

@@ -1528,6 +1528,22 @@ WASM_EXEC_TEST(StoreMem_offset_oob_i64) {
   }
 }
 
+WASM_EXEC_TEST(UnalignedInt64Load) {
+  WasmRunner<uint64_t> r(execution_mode);
+  r.module().AddMemoryElems<int64_t>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Int64(), WASM_ONE, 3));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedInt64Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<uint64_t>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Int64(), WASM_ONE, 3,
+                                             WASM_I64V_1(1)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
 #define ADD_CODE(vec, ...)                                              \
   do {                                                                  \
     byte __buf[] = {__VA_ARGS__};                                       \

test/cctest/wasm/test-run-wasm.cc

@@ -1092,6 +1092,54 @@ WASM_EXEC_TEST(LoadStoreLoad) {
   }
 }
 
+WASM_EXEC_TEST(UnalignedFloat32Load) {
+  WasmRunner<float> r(execution_mode);
+  r.module().AddMemoryElems<float>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Float32(), WASM_ONE, 2));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedFloat64Load) {
+  WasmRunner<double> r(execution_mode);
+  r.module().AddMemoryElems<double>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Float64(), WASM_ONE, 3));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedInt32Load) {
+  WasmRunner<uint32_t> r(execution_mode);
+  r.module().AddMemoryElems<uint32_t>(8);
+  BUILD(r, WASM_LOAD_MEM_ALIGNMENT(MachineType::Int32(), WASM_ONE, 2));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedInt32Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<uint32_t>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Int32(), WASM_ONE, 2,
+                                             WASM_I32V_1(1)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedFloat32Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<float>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Float32(), WASM_ONE,
+                                             2, WASM_F32(1.0)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
+WASM_EXEC_TEST(UnalignedFloat64Store) {
+  WasmRunner<int32_t> r(execution_mode);
+  r.module().AddMemoryElems<double>(8);
+  BUILD(r, WASM_SEQ(WASM_STORE_MEM_ALIGNMENT(MachineType::Float64(), WASM_ONE,
+                                             3, WASM_F64(1.0)),
+                    WASM_I32V_1(12)));
+  r.Call();
+}
+
 WASM_EXEC_TEST(VoidReturn1) {
   const int32_t kExpected = -414444;
   WasmRunner<int32_t> r(execution_mode);