Shuffle fields in VMRuntimeLimits (#9739)

* Shuffle fields in `VMRuntimeLimits`

Right now this structure has a pointer-sized field, two 64-bit integers,
and then three pointer-sized fields. This structure's layout is
nontrivial to calculate on 32-bit platforms as it needs to take the
alignment of 64-bit integers into account which differs between ARM and
x86 for example. To make this easier shuffle all the 64-bit integers are now
first, which means we don't have to worry about alignment.

I'll note that this particular ordering is still a bit brittle because
we might need to shuffle things again if more fields are added. That
being said any misalignment is caught during testing of the `wasmtime`
crate so there's not much danger in adding more things, it'll just
require updating a few more locations.

* Update test expectations

crates/environ/src/vmoffsets.rs

@@ -144,27 +144,27 @@ pub trait PtrSize {
 
     // Offsets within `VMRuntimeLimits`
 
-    /// Return the offset of the `stack_limit` field of `VMRuntimeLimits`
-    #[inline]
-    fn vmruntime_limits_stack_limit(&self) -> u8 {
-        0
-    }
-
     /// Return the offset of the `fuel_consumed` field of `VMRuntimeLimits`
     #[inline]
     fn vmruntime_limits_fuel_consumed(&self) -> u8 {
-        self.size()
+        0
     }
 
     /// Return the offset of the `epoch_deadline` field of `VMRuntimeLimits`
     #[inline]
     fn vmruntime_limits_epoch_deadline(&self) -> u8 {
-        self.vmruntime_limits_fuel_consumed() + 8 // `stack_limit` is a pointer; `fuel_consumed` is an `i64`
+        self.vmruntime_limits_fuel_consumed() + 8
+    }
+
+    /// Return the offset of the `stack_limit` field of `VMRuntimeLimits`
+    #[inline]
+    fn vmruntime_limits_stack_limit(&self) -> u8 {
+        self.vmruntime_limits_epoch_deadline() + 8
     }
 
     /// Return the offset of the `last_wasm_exit_fp` field of `VMRuntimeLimits`.
     fn vmruntime_limits_last_wasm_exit_fp(&self) -> u8 {
-        self.vmruntime_limits_epoch_deadline() + 8
+        self.vmruntime_limits_stack_limit() + self.size()
     }
 
     /// Return the offset of the `last_wasm_exit_pc` field of `VMRuntimeLimits`.

crates/wasmtime/src/runtime/vm/vmcontext.rs

@@ -827,11 +827,11 @@ const _: () = {
 #[derive(Debug)]
 #[repr(C)]
 pub struct VMRuntimeLimits {
-    /// Current stack limit of the wasm module.
-    ///
-    /// For more information see `crates/cranelift/src/lib.rs`.
-    pub stack_limit: UnsafeCell<usize>,
-
+    // NB: 64-bit integer fields are located first with pointer-sized fields
+    // trailing afterwards. That makes the offsets in this structure easier to
+    // calculate on 32-bit platforms as we don't have to worry about the
+    // alignment of 64-bit integers.
+    //
     /// Indicator of how much fuel has been consumed and is remaining to
     /// WebAssembly.
     ///
@@ -846,6 +846,11 @@ pub struct VMRuntimeLimits {
     /// yield if running asynchronously.
     pub epoch_deadline: UnsafeCell<u64>,
 
+    /// Current stack limit of the wasm module.
+    ///
+    /// For more information see `crates/cranelift/src/lib.rs`.
+    pub stack_limit: UnsafeCell<usize>,
+
     /// The value of the frame pointer register when we last called from Wasm to
     /// the host.
     ///

tests/disas/arith.wat

@@ -17,7 +17,7 @@
 ;; function u0:0(i64 vmctx, i64) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):

tests/disas/basic-wat-test.wat

@@ -12,7 +12,7 @@
 ;; function u0:0(i64 vmctx, i64, i32, i32) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96

tests/disas/br_table.wat

@@ -34,7 +34,7 @@
 ;; function u0:0(i64 vmctx, i64) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):
@@ -70,7 +70,7 @@
 ;; function u0:1(i64 vmctx, i64) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):
@@ -106,7 +106,7 @@
 ;; function u0:2(i64 vmctx, i64) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):
@@ -130,7 +130,7 @@
 ;; function u0:3(i64 vmctx, i64) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):

tests/disas/byteswap.wat

@@ -74,7 +74,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64, v2: i32):
@@ -88,7 +88,7 @@
 ;; function u0:1(i64 vmctx, i64, i64) -> i64 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64, v2: i64):

tests/disas/call-simd.wat

@@ -18,7 +18,7 @@
 ;; function u0:0(i64 vmctx, i64) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     sig0 = (i64 vmctx, i64, i8x16, i8x16) -> i8x16 tail
 ;;     fn0 = colocated u0:1 sig0
 ;;     const0 = 0x00000004000000030000000200000001
@@ -37,7 +37,7 @@
 ;; function u0:1(i64 vmctx, i64, i8x16, i8x16) -> i8x16 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64, v2: i8x16, v3: i8x16):

tests/disas/call.wat

@@ -14,7 +14,7 @@
 ;; function u0:0(i64 vmctx, i64) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     sig0 = (i64 vmctx, i64) -> i32 tail
 ;;     fn0 = colocated u0:1 sig0
 ;;     stack_limit = gv2
@@ -32,7 +32,7 @@
 ;; function u0:1(i64 vmctx, i64) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):

tests/disas/dead-code.wat

@@ -24,7 +24,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64, v2: i32):
@@ -49,7 +49,7 @@
 ;; function u0:1(i64 vmctx, i64, i32) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64, v2: i32):
@@ -62,7 +62,7 @@
 ;; function u0:2(i64 vmctx, i64) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64):
@@ -75,7 +75,7 @@
 ;; function u0:3(i64 vmctx, i64, i32) -> i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     stack_limit = gv2
 ;;
 ;;                                 block0(v0: i64, v1: i64, v2: i32):

tests/disas/duplicate-loads-dynamic-memory.wat

@@ -25,7 +25,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> i32, i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned checked gv3+96
@@ -49,7 +49,7 @@
 ;; function u0:1(i64 vmctx, i64, i32) -> i32, i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned checked gv3+96

tests/disas/duplicate-loads-static-memory.wat

@@ -20,7 +20,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> i32, i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96
@@ -40,7 +40,7 @@
 ;; function u0:1(i64 vmctx, i64, i32) -> i32, i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96

tests/disas/dynamic-memory-no-spectre-access-same-index-different-offsets.wat

@@ -38,7 +38,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> i32, i32, i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned checked gv3+96
@@ -79,7 +79,7 @@
 ;; function u0:1(i64 vmctx, i64, i32, i32, i32, i32) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned checked gv3+96

tests/disas/dynamic-memory-yes-spectre-access-same-index-different-offsets.wat

@@ -34,7 +34,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> i32, i32, i32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned checked gv3+96
@@ -69,7 +69,7 @@
 ;; function u0:1(i64 vmctx, i64, i32, i32, i32, i32) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned checked gv3+96

tests/disas/epoch-interruption-x86.wat

@@ -8,32 +8,32 @@
 ;;       pushq   %rbp
 ;;       movq    %rsp, %rbp
 ;;       movq    8(%rdi), %r10
-;;       movq    (%r10), %r10
+;;       movq    0x10(%r10), %r10
 ;;       addq    $0x30, %r10
 ;;       cmpq    %rsp, %r10
-;;       ja      0x7f
-;;   18: subq    $0x20, %rsp
+;;       ja      0x80
+;;   19: subq    $0x20, %rsp
 ;;       movq    %rbx, (%rsp)
 ;;       movq    %r12, 8(%rsp)
 ;;       movq    %r13, 0x10(%rsp)
 ;;       movq    8(%rdi), %r12
 ;;       movq    0x20(%rdi), %rbx
 ;;       movq    %rdi, %r13
 ;;       movq    (%rbx), %r9
-;;       movq    0x10(%r12), %rax
+;;       movq    8(%r12), %rax
 ;;       cmpq    %rax, %r9
-;;       jae     0x57
-;;   46: movq    (%rbx), %rdi
+;;       jae     0x58
+;;   47: movq    (%rbx), %rdi
 ;;       cmpq    %rax, %rdi
-;;       jae     0x64
-;;       jmp     0x46
-;;   57: movq    %r13, %rdi
-;;       callq   0x117
-;;       jmp     0x46
-;;   64: movq    0x10(%r12), %rax
+;;       jae     0x65
+;;       jmp     0x47
+;;   58: movq    %r13, %rdi
+;;       callq   0x118
+;;       jmp     0x47
+;;   65: movq    8(%r12), %rax
 ;;       cmpq    %rax, %rdi
-;;       jb      0x46
-;;   72: movq    %r13, %rdi
-;;       callq   0x117
-;;       jmp     0x46
-;;   7f: ud2
+;;       jb      0x47
+;;   73: movq    %r13, %rdi
+;;       callq   0x118
+;;       jmp     0x47
+;;   80: ud2

tests/disas/epoch-interruption.wat

@@ -7,7 +7,7 @@
 ;; function u0:0(i64 vmctx, i64) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     sig0 = (i64 vmctx) -> i64 tail
 ;;     fn0 = colocated u1:16 sig0
@@ -17,7 +17,7 @@
 ;; @0016                               v3 = load.i64 notrap aligned v0+8
 ;; @0016                               v5 = load.i64 notrap aligned v0+32
 ;; @0016                               v6 = load.i64 notrap aligned v5
-;; @0016                               v7 = load.i64 notrap aligned v3+16
+;; @0016                               v7 = load.i64 notrap aligned v3+8
 ;; @0016                               v8 = icmp uge v6, v7
 ;; @0016                               brif v8, block3, block2(v7)
 ;;
@@ -34,7 +34,7 @@
 ;; @0017                               brif v14, block7, block6(v13)
 ;;
 ;;                                 block7 cold:
-;; @0017                               v15 = load.i64 notrap aligned v3+16
+;; @0017                               v15 = load.i64 notrap aligned v3+8
 ;; @0017                               v16 = icmp.i64 uge v12, v15
 ;; @0017                               brif v16, block8, block6(v15)
 ;;

tests/disas/f32-load.wat

@@ -9,7 +9,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> f32 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96

tests/disas/f32-store.wat

@@ -12,7 +12,7 @@
 ;; function u0:0(i64 vmctx, i64, i32, f32) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96

tests/disas/f64-load.wat

@@ -11,7 +11,7 @@
 ;; function u0:0(i64 vmctx, i64, i32) -> f64 tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96

tests/disas/f64-store.wat

@@ -12,7 +12,7 @@
 ;; function u0:0(i64 vmctx, i64, i32, f64) tail {
 ;;     gv0 = vmctx
 ;;     gv1 = load.i64 notrap aligned readonly gv0+8
-;;     gv2 = load.i64 notrap aligned gv1
+;;     gv2 = load.i64 notrap aligned gv1+16
 ;;     gv3 = vmctx
 ;;     gv4 = load.i64 notrap aligned gv3+104
 ;;     gv5 = load.i64 notrap aligned readonly checked gv3+96