MIPS[64]: Fix unaligned arguments storage in Wasm-to-interpreter entry

In Wasm-to-interpeter entry creation, arguments for the interpreter are stored in an argument buffer. Depending on the order of the arguments some arguments may be misaligned and this causes crashes on those architectures that do not support unaligned memory access. TEST=cctest/test-wasm-interpreter-entry/TestArgumentPassing_AllTypes BUG= Review-Url: https://codereview.chromium.org/2705293011 Cr-Commit-Position: refs/heads/master@{#43476}

MIPS[64]: Fix unaligned arguments storage in Wasm-to-interpreter entry
In Wasm-to-interpeter entry creation, arguments for the interpreter are stored in an argument buffer. Depending on the order of the arguments some arguments may be misaligned and this causes crashes on those architectures that do not support unaligned memory access. TEST=cctest/test-wasm-interpreter-entry/TestArgumentPassing_AllTypes BUG= Review-Url: https://codereview.chromium.org/2705293011 Cr-Commit-Position: refs/heads/master@{#43476}
84ff6e4c · ivica.bogosavljevic · Commit bot · 7467f16d · 84ff6e4c · 84ff6e4c
Commit 84ff6e4c authored Feb 28, 2017 by ivica.bogosavljevic Committed by Commit bot Feb 28, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 7 deletions

wasm-compiler.cc src/compiler/wasm-compiler.cc +15 -3

utils.h src/utils.h +5 -0

wasm-debug.cc src/wasm/wasm-debug.cc +4 -4

No files found.
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@@ -2951,7 +2951,8 @@ void WasmGraphBuilder::BuildWasmInterpreterEntry(
  // Compute size for the argument buffer.
  int args_size_bytes = 0;
  for (int i = 0; i < wasm_count; i++) {
-    args_size_bytes += 1 << ElementSizeLog2Of(sig->GetParam(i));
+    args_size_bytes +=
+        RoundUpToMultipleOfPowOf2(1 << ElementSizeLog2Of(sig->GetParam(i)), 8);
  }

  // The return value is also passed via this buffer:
@@ -2980,7 +2981,13 @@ void WasmGraphBuilder::BuildWasmInterpreterEntry(
    *effect_ =
        graph()->NewNode(jsgraph()->machine()->Store(store_rep), arg_buffer,
                         Int32Constant(offset), param, *effect_, *control_);
-    offset += 1 << ElementSizeLog2Of(param_rep);
+
+    if (is_i64_as_two_params) {
+      offset += 1 << ElementSizeLog2Of(wasm::kWasmI32);
+    } else {
+      offset += RoundUpToMultipleOfPowOf2(1 << ElementSizeLog2Of(param_rep), 8);
+    }
+
    // TODO(clemensh): Respect endianess here. Might need to swap upper and
    // lower word.
    if (is_i64_as_two_params) {
@@ -2993,6 +3000,8 @@ void WasmGraphBuilder::BuildWasmInterpreterEntry(
                           Int32Constant(offset), param, *effect_, *control_);
      offset += 1 << ElementSizeLog2Of(wasm::kWasmI32);
    }
+
+    DCHECK(IsAligned(offset, 8));
  }
  DCHECK_EQ(param_count, param_index);
  DCHECK_EQ(args_size_bytes, offset);
@@ -3904,7 +3913,10 @@ Handle<Code> CompileWasmInterpreterEntry(Isolate* isolate, uint32_t func_index,
  Zone zone(isolate->allocator(), ZONE_NAME);
  Graph graph(&zone);
  CommonOperatorBuilder common(&zone);
-  MachineOperatorBuilder machine(&zone);
+  MachineOperatorBuilder machine(
+      &zone, MachineType::PointerRepresentation(),
+      InstructionSelector::SupportedMachineOperatorFlags(),
+      InstructionSelector::AlignmentRequirements());
  JSGraph jsgraph(isolate, &graph, &common, nullptr, nullptr, &machine);

  Node* control = nullptr;

--- a/src/utils.h
+++ b/src/utils.h
@@ -192,6 +192,11 @@ inline bool IsAddressAligned(Address addr,
  return IsAligned(offs, alignment);
 }

+template <typename T, typename U>
+inline T RoundUpToMultipleOfPowOf2(T value, U multiple) {
+  DCHECK(multiple && ((multiple & (multiple - 1)) == 0));
+  return (value + multiple - 1) & ~(multiple - 1);
+}

 // Returns the maximum of the two parameters.
 template <typename T>

--- a/src/wasm/wasm-debug.cc
+++ b/src/wasm/wasm-debug.cc
@@ -85,11 +85,11 @@ class InterpreterHandle {
    ScopedVector<WasmVal> wasm_args(num_params);
    uint8_t* arg_buf_ptr = arg_buffer;
    for (int i = 0; i < num_params; ++i) {
-      uint32_t param_size = 1 << ElementSizeLog2Of(sig->GetParam(i));
+      int param_size = 1 << ElementSizeLog2Of(sig->GetParam(i));
 #define CASE_ARG_TYPE(type, ctype)                                  \
  case type:                                                        \
    DCHECK_EQ(param_size, sizeof(ctype));                           \
-    wasm_args[i] = WasmVal(ReadUnalignedValue<ctype>(arg_buf_ptr)); \
+    wasm_args[i] = WasmVal(*reinterpret_cast<ctype*>(arg_buf_ptr)); \
    break;
      switch (sig->GetParam(i)) {
        CASE_ARG_TYPE(kWasmI32, uint32_t)
@@ -100,7 +100,7 @@ class InterpreterHandle {
        default:
          UNREACHABLE();
      }
-      arg_buf_ptr += param_size;
+      arg_buf_ptr += RoundUpToMultipleOfPowOf2(param_size, 8);
    }

    WasmInterpreter::Thread* thread = interpreter_.GetThread(0);
@@ -143,7 +143,7 @@ class InterpreterHandle {
 #define CASE_RET_TYPE(type, ctype)                                       \
  case type:                                                             \
    DCHECK_EQ(1 << ElementSizeLog2Of(sig->GetReturn(0)), sizeof(ctype)); \
-    WriteUnalignedValue<ctype>(arg_buffer, ret_val.to<ctype>());         \
+    *reinterpret_cast<ctype*>(arg_buffer) = ret_val.to<ctype>();         \
    break;
      switch (sig->GetReturn(0)) {
        CASE_RET_TYPE(kWasmI32, uint32_t)