x64: fix misaligned load fault with sunk load when AVX is disabled (#10417)

abrown · web-flow · commit ac030755272a · 2025-03-18T14:22:31.000Z
In [#10408], the new assembler re-opened an old issue related to unaligned loads with SSE instructions. SSE instructions expect 128-bit aligned loads when using the `m128` operand and fault if that is not the case. This had been fixed previously by disallowing load-sinking for `XmmMem` ([#4891]) but more recently we had adopted the use of `XmmMemAligned` in `cranelift-codegen`. Since [#10316] had no knowledge of `XmmMemAligned` (only `XmmMem`), it caused the same kind fault--an OOB trap that was in fact an unaligned load. Why didn't CI catch this? Since all the CI machines have AVX and we do not explicitly test the SSE-only case, these unaligned, sunk loads would use the AVX lowering in CI. AVX loads handle unaligned accesses without a fault. This was only discovered during fuzzing when AVX was disabled (i.e., `--target x86_64-unknown-linux-gnu`). To fix this, this change adopts the `XmmMemAligned` type in the generated assembler code. This is temporary, though: a more lasting fix should pass along an "alignment required" bit from the assembler AST. In the meantime, this closes #10408. [#10408]: #10408 [#4891]: #4891 [#10316]: #10316
diff --git a/cranelift/codegen/meta/src/gen_asm.rs b/cranelift/codegen/meta/src/gen_asm.rs
@@ -15,7 +15,7 @@ pub fn rust_param_raw(op: &Operand) -> String {
             }
         }
         OperandKind::RegMem(rm) => match rm.bits() {
-            128 => "&XmmMem".to_string(),
+            128 => "&XmmMemAligned".to_string(),
             _ => "&GprMem".to_string(),
         },
         OperandKind::Reg(r) => match r.bits() {
@@ -204,7 +204,7 @@ pub fn isle_param_raw(op: &Operand) -> String {
         },
         OperandKind::FixedReg(_) => "Gpr".to_string(),
         OperandKind::RegMem(rm) => match rm.bits() {
-            128 => "XmmMem".to_string(),
+            128 => "XmmMemAligned".to_string(),
             _ => "GprMem".to_string(),
         },
     }
diff --git a/cranelift/codegen/src/isa/x64/lower/isle.rs b/cranelift/codegen/src/isa/x64/lower/isle.rs
@@ -1058,7 +1058,10 @@ impl IsleContext<'_, '_, MInst, X64Backend> {
     }
 
     /// Helper used by code generated by the `cranelift-assembler-x64` crate.
-    fn convert_xmm_mem_to_assembler_read_xmm_mem(&self, read: &XmmMem) -> asm::XmmMem<Xmm, Gpr> {
+    fn convert_xmm_mem_to_assembler_read_xmm_mem(
+        &self,
+        read: &XmmMemAligned,
+    ) -> asm::XmmMem<Xmm, Gpr> {
         match read.clone().into() {
             RegMem::Reg { reg } => asm::XmmMem::Xmm(Xmm::new(reg).unwrap()),
             RegMem::Mem { addr } => asm::XmmMem::Mem(addr.into()),

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ pub fn rust_param_raw(op: &Operand) -> String {`
`15`	`15`	`}`
`16`	`16`	`}`
`17`	`17`	`OperandKind::RegMem(rm) => match rm.bits() {`
`18`		`- 128 => "&XmmMem".to_string(),`
	`18`	`+ 128 => "&XmmMemAligned".to_string(),`
`19`	`19`	`_ => "&GprMem".to_string(),`
`20`	`20`	`},`
`21`	`21`	`OperandKind::Reg(r) => match r.bits() {`
`@@ -204,7 +204,7 @@ pub fn isle_param_raw(op: &Operand) -> String {`
`204`	`204`	`},`
`205`	`205`	`OperandKind::FixedReg(_) => "Gpr".to_string(),`
`206`	`206`	`OperandKind::RegMem(rm) => match rm.bits() {`
`207`		`- 128 => "XmmMem".to_string(),`
	`207`	`+ 128 => "XmmMemAligned".to_string(),`
`208`	`208`	`_ => "GprMem".to_string(),`
`209`	`209`	`},`
`210`	`210`	`}`