Implement limiting WebAssembly execution with fuel (#2611)

* Consume fuel during function execution This commit adds codegen infrastructure necessary to instrument wasm code to consume fuel as it executes. Currently nothing is really done with the fuel, but that'll come in later commits. The focus of this commit is to implement the codegen infrastructure necessary to consume fuel and account for fuel consumed correctly. * Periodically check remaining fuel in wasm JIT code This commit enables wasm code to periodically check to see if fuel has run out. When fuel runs out an intrinsic is called which can do what it needs to do in the result of fuel running out. For now a trap is thrown to have at least some semantics in synchronous stores, but another planned use for this feature is for asynchronous stores to periodically yield back to the host based on fuel running out. Checks for remaining fuel happen in the same locations as interrupt checks, which is to say the start of the function as well as loop headers. * Improve codegen by caching `*const VMInterrupts` The location of the shared interrupt value and fuel value is through a double-indirection on the vmctx (load through the vmctx and then load through that pointer). The second pointer in this chain, however, never changes, so we can alter codegen to account for this and remove some extraneous load instructions and hopefully reduce some register pressure even maybe. * Add tests fuel can abort infinite loops * More fuzzing with fuel Use fuel to time out modules in addition to time, using fuzz input to figure out which. * Update docs on trapping instructions * Fix doc links * Fix a fuzz test * Change setting fuel to adding fuel * Fix a doc link * Squelch some rustdoc warnings
2021-01-29 08:57:17 -06:00
parent 78f312799e
commit 0e41861662
26 changed files with 936 additions and 67 deletions
--- a/crates/runtime/src/vmcontext.rs
+++ b/crates/runtime/src/vmcontext.rs
@@ -4,6 +4,7 @@
 use crate::externref::VMExternRef;
 use crate::instance::Instance;
 use std::any::Any;
+use std::cell::UnsafeCell;
 use std::ptr::NonNull;
 use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
 use std::u32;
@@ -612,6 +613,7 @@ impl VMBuiltinFunctionsArray {
            wasmtime_memory_atomic_wait64 as usize;
        ptrs[BuiltinFunctionIndex::imported_memory_atomic_wait64().index() as usize] =
            wasmtime_imported_memory_atomic_wait64 as usize;
+        ptrs[BuiltinFunctionIndex::out_of_gas().index() as usize] = wasmtime_out_of_gas as usize;

        if cfg!(debug_assertions) {
            for i in 0..ptrs.len() {
@@ -658,8 +660,7 @@ impl VMInvokeArgument {
    }
 }

-/// Structure used to control interrupting wasm code, currently with only one
-/// atomic flag internally used.
+/// Structure used to control interrupting wasm code.
 #[derive(Debug)]
 #[repr(C)]
 pub struct VMInterrupts {
@@ -668,6 +669,14 @@ pub struct VMInterrupts {
    /// This is used to control both stack overflow as well as interrupting wasm
    /// modules. For more information see `crates/environ/src/cranelift.rs`.
    pub stack_limit: AtomicUsize,
+
+    /// Indicator of how much fuel has been consumed and is remaining to
+    /// WebAssembly.
+    ///
+    /// This field is typically negative and increments towards positive. Upon
+    /// turning positive a wasm trap will be generated. This field is only
+    /// modified if wasm is configured to consume fuel.
+    pub fuel_consumed: UnsafeCell<i64>,
 }

 impl VMInterrupts {
@@ -682,6 +691,7 @@ impl Default for VMInterrupts {
    fn default() -> VMInterrupts {
        VMInterrupts {
            stack_limit: AtomicUsize::new(usize::max_value()),
+            fuel_consumed: UnsafeCell::new(0),
        }
    }
 }