T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement limiting WebAssembly execution with fuel (#2611)

Browse Source 
* Consume fuel during function execution

This commit adds codegen infrastructure necessary to instrument wasm
code to consume fuel as it executes. Currently nothing is really done
with the fuel, but that'll come in later commits.

The focus of this commit is to implement the codegen infrastructure
necessary to consume fuel and account for fuel consumed correctly.

* Periodically check remaining fuel in wasm JIT code

This commit enables wasm code to periodically check to see if fuel has
run out. When fuel runs out an intrinsic is called which can do what it
needs to do in the result of fuel running out. For now a trap is thrown
to have at least some semantics in synchronous stores, but another
planned use for this feature is for asynchronous stores to periodically
yield back to the host based on fuel running out.

Checks for remaining fuel happen in the same locations as interrupt
checks, which is to say the start of the function as well as loop
headers.

* Improve codegen by caching `*const VMInterrupts`

The location of the shared interrupt value and fuel value is through a
double-indirection on the vmctx (load through the vmctx and then load
through that pointer). The second pointer in this chain, however, never
changes, so we can alter codegen to account for this and remove some
extraneous load instructions and hopefully reduce some register
pressure even maybe.

* Add tests fuel can abort infinite loops

* More fuzzing with fuel

Use fuel to time out modules in addition to time, using fuzz input to
figure out which.

* Update docs on trapping instructions

* Fix doc links

* Fix a fuzz test

* Change setting fuel to adding fuel

* Fix a doc link

* Squelch some rustdoc warnings
This commit is contained in:
Alex Crichton
2021-01-29 08:57:17 -06:00
committed by GitHub
parent 78f312799e
commit 0e41861662
26 changed files with 936 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
tests/all/fuel.rs Normal file
View File

@@ -0,0 +1,124 @@
use anyhow::Result;
use wasmtime::*;
use wast::parser::{self, Parse, ParseBuffer, Parser};
mod kw {
wast::custom_keyword!(assert_fuel);
}
struct FuelWast<'a> {
assertions: Vec<(wast::Span, u64, wast::Module<'a>)>,
}
impl<'a> Parse<'a> for FuelWast<'a> {
fn parse(parser: Parser<'a>) -> parser::Result<Self> {
let mut assertions = Vec::new();
while !parser.is_empty() {
assertions.push(parser.parens(|p| {
let span = p.parse::<kw::assert_fuel>()?.0;
Ok((span, p.parse()?, p.parens(|p| p.parse())?))
})?);
}
Ok(FuelWast { assertions })
}
}
#[test]
fn run() -> Result<()> {
let test = std::fs::read_to_string("tests/all/fuel.wast")?;
let buf = ParseBuffer::new(&test)?;
let mut wast = parser::parse::<FuelWast<'_>>(&buf)?;
for (span, fuel, module) in wast.assertions.iter_mut() {
let consumed = fuel_consumed(&module.encode()?);
if consumed == *fuel {
continue;
}
let (line, col) = span.linecol_in(&test);
panic!(
"tests/all/fuel.wast:{}:{} - expected {} fuel, found {}",
line + 1,
col + 1,
fuel,
consumed
);
}
Ok(())
}
fn fuel_consumed(wasm: &[u8]) -> u64 {
let mut config = Config::new();
config.consume_fuel(true);
let engine = Engine::new(&config);
let module = Module::new(&engine, wasm).unwrap();
let store = Store::new(&engine);
store.add_fuel(u64::max_value());
drop(Instance::new(&store, &module, &[]));
store.fuel_consumed().unwrap()
}
#[test]
fn iloop() {
iloop_aborts(
r#"
(module
(start 0)
(func loop br 0 end)
)
"#,
);
iloop_aborts(
r#"
(module
(start 0)
(func loop i32.const 1 br_if 0 end)
)
"#,
);
iloop_aborts(
r#"
(module
(start 0)
(func loop i32.const 0 br_table 0 end)
)
"#,
);
iloop_aborts(
r#"
(module
(start 0)
(func $f0 call $f1 call $f1)
(func $f1 call $f2 call $f2)
(func $f2 call $f3 call $f3)
(func $f3 call $f4 call $f4)
(func $f4 call $f5 call $f5)
(func $f5 call $f6 call $f6)
(func $f6 call $f7 call $f7)
(func $f7 call $f8 call $f8)
(func $f8 call $f9 call $f9)
(func $f9 call $f10 call $f10)
(func $f10 call $f11 call $f11)
(func $f11 call $f12 call $f12)
(func $f12 call $f13 call $f13)
(func $f13 call $f14 call $f14)
(func $f14 call $f15 call $f15)
(func $f15 call $f16 call $f16)
(func $f16)
)
"#,
);
fn iloop_aborts(wat: &str) {
let mut config = Config::new();
config.consume_fuel(true);
let engine = Engine::new(&config);
let module = Module::new(&engine, wat).unwrap();
let store = Store::new(&engine);
store.add_fuel(10_000);
let error = Instance::new(&store, &module, &[]).err().unwrap();
assert!(
error.to_string().contains("all fuel consumed"),
"bad error: {}",
error
);
}
}

208
tests/all/fuel.wast Normal file
View File

@@ -0,0 +1,208 @@
(assert_fuel 0 (module))
(assert_fuel 1
(module
(func $f)
(start $f)))
(assert_fuel 2
(module
(func $f
i32.const 0
drop
)
(start $f)))
(assert_fuel 1
(module
(func $f
block
end
)
(start $f)))
(assert_fuel 1
(module
(func $f
unreachable
)
(start $f)))
(assert_fuel 7
(module
(func $f
i32.const 0
i32.const 0
i32.const 0
i32.const 0
i32.const 0
i32.const 0
unreachable
)
(start $f)))
(assert_fuel 1
(module
(func $f
return
i32.const 0
i32.const 0
i32.const 0
i32.const 0
i32.const 0
i32.const 0
unreachable
)
(start $f)))
(assert_fuel 3
(module
(func $f
i32.const 0
if
call $f
end
)
(start $f)))
(assert_fuel 4
(module
(func $f
i32.const 1
if
i32.const 0
drop
end
)
(start $f)))
(assert_fuel 4
(module
(func $f
i32.const 1
if
i32.const 0
drop
else
call $f
end
)
(start $f)))
(assert_fuel 4
(module
(func $f
i32.const 0
if
call $f
else
i32.const 0
drop
end
)
(start $f)))
(assert_fuel 3
(module
(func $f
block
i32.const 1
br_if 0
i32.const 0
drop
end
)
(start $f)))
(assert_fuel 4
(module
(func $f
block
i32.const 0
br_if 0
i32.const 0
drop
end
)
(start $f)))
;; count code before unreachable
(assert_fuel 2
(module
(func $f
i32.const 0
unreachable
)
(start $f)))
;; count code before return
(assert_fuel 2
(module
(func $f
i32.const 0
return
)
(start $f)))
;; cross-function fuel works
(assert_fuel 3
(module
(func $f
call $other
)
(func $other)
(start $f)))
(assert_fuel 5
(module
(func $f
i32.const 0
call $other
i32.const 0
drop
)
(func $other (param i32))
(start $f)))
(assert_fuel 4
(module
(func $f
call $other
drop
)
(func $other (result i32)
i32.const 0
)
(start $f)))
(assert_fuel 4
(module
(func $f
i32.const 0
call_indirect
)
(func $other)
(table funcref (elem $other))
(start $f)))
;; loops!
(assert_fuel 1
(module
(func $f
loop
end
)
(start $f)))
(assert_fuel 53 ;; 5 loop instructions, 10 iterations, 2 header instrs, 1 func
(module
(func $f
(local i32)
i32.const 10
local.set 0
loop
local.get 0
i32.const 1
i32.sub
local.tee 0
br_if 0
end
)
(start $f)))

4
tests/all/fuzzing.rs
View File

@@ -6,7 +6,7 @@
//! `include_bytes!("./fuzzing/some-descriptive-name.wasm")`.
use wasmtime::{Config, Strategy};
use wasmtime_fuzzing::oracles;
use wasmtime_fuzzing::oracles::{self, Timeout};
#[test]
fn instantiate_empty_module() {
@@ -26,5 +26,5 @@ fn instantiate_module_that_compiled_to_x64_has_register_32() {
let mut config = Config::new();
config.debug_info(true);
let data = wat::parse_str(include_str!("./fuzzing/issue694.wat")).unwrap();
oracles::instantiate_with_config(&data, true, config, None);
oracles::instantiate_with_config(&data, true, config, Timeout::None);
}

1
tests/all/main.rs
View File

@@ -2,6 +2,7 @@ mod cli_tests;
mod custom_signal_handler;
mod debug;
mod externals;
mod fuel;
mod func;
mod fuzzing;
mod globals;