T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the ModuleLimits pooling configuration structure (#3837)

Browse Source 
* Remove the `ModuleLimits` pooling configuration structure

This commit is an attempt to improve the usability of the pooling
allocator by removing the need to configure a `ModuleLimits` structure.
Internally this structure has limits on all forms of wasm constructs but
this largely bottoms out in the size of an allocation for an instance in
the instance pooling allocator. Maintaining this list of limits can be
cumbersome as modules may get tweaked over time and there's otherwise no
real reason to limit the number of globals in a module since the main
goal is to limit the memory consumption of a `VMContext` which can be
done with a memory allocation limit rather than fine-tuned control over
each maximum and minimum.

The new approach taken in this commit is to remove `ModuleLimits`. Some
fields, such as `tables`, `table_elements` , `memories`, and
`memory_pages` are moved to `InstanceLimits` since they're still
enforced at runtime. A new field `size` is added to `InstanceLimits`
which indicates, in bytes, the maximum size of the `VMContext`
allocation. If the size of a `VMContext` for a module exceeds this value
then instantiation will fail.

This involved adding a few more checks to `{Table, Memory}::new_static`
to ensure that the minimum size is able to fit in the allocation, since
previously modules were validated at compile time of the module that
everything fit and that validation no longer happens (it happens at
runtime).

A consequence of this commit is that Wasmtime will have no built-in way
to reject modules at compile time if they'll fail to be instantiated
within a particular pooling allocator configuration. Instead a module
must attempt instantiation see if a failure happens.

* Fix benchmark compiles

* Fix some doc links

* Fix a panic by ensuring modules have limited tables/memories

* Review comments

* Add back validation at `Module` time instantiation is possible

This allows for getting an early signal at compile time that a module
will never be instantiable in an engine with matching settings.

* Provide a better error message when sizes are exceeded

Improve the error message when an instance size exceeds the maximum by
providing a breakdown of where the bytes are all going and why the large
size is being requested.

* Try to fix test in qemu

* Flag new test as 64-bit only

Sizes are all specific to 64-bit right now
This commit is contained in:
Alex Crichton
2022-02-25 09:11:51 -06:00
committed by GitHub
parent b064e60087
commit 15bb0c6903
20 changed files with 574 additions and 1095 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
tests/all/pooling_allocator.rs
View File

@@ -7,12 +7,12 @@ fn successful_instantiation() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 1,
memory_pages: 1,
table_elements: 10,
..Default::default()
},
instance_limits: InstanceLimits { count: 1 },
});
config.dynamic_memory_guard_size(0);
config.static_memory_guard_size(0);
@@ -33,25 +33,36 @@ fn memory_limit() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 1,
memory_pages: 3,
table_elements: 10,
..Default::default()
},
instance_limits: InstanceLimits { count: 1 },
});
config.dynamic_memory_guard_size(0);
config.static_memory_guard_size(65536);
config.static_memory_maximum_size(3 * 65536);
config.wasm_multi_memory(true);
let engine = Engine::new(&config)?;
// Module should fail to validate because the minimum is greater than the configured limit
match Module::new(&engine, r#"(module (memory 4))"#) {
Ok(_) => panic!("module compilation should fail"),
// Module should fail to instantiate because it has too many memories
match Module::new(&engine, r#"(module (memory 1) (memory 1))"#) {
Ok(_) => panic!("module instantiation should fail"),
Err(e) => assert_eq!(
e.to_string(),
"memory index 0 has a minimum page size of 4 which exceeds the limit of 3"
"defined memories count of 2 exceeds the limit of 1",
),
}
// Module should fail to instantiate because the minimum is greater than
// the configured limit
match Module::new(&engine, r#"(module (memory 4))"#) {
Ok(_) => panic!("module instantiation should fail"),
Err(e) => assert_eq!(
e.to_string(),
"memory index 0 has a minimum page size of 4 which exceeds the limit of 3",
),
}
@@ -101,13 +112,10 @@ fn memory_init() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
memory_pages: 2,
table_elements: 0,
..Default::default()
},
instance_limits: InstanceLimits {
count: 1,
memory_pages: 2,
table_elements: 0,
..Default::default()
},
});
@@ -137,13 +145,10 @@ fn memory_guard_page_trap() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
memory_pages: 2,
table_elements: 0,
..Default::default()
},
instance_limits: InstanceLimits {
count: 1,
memory_pages: 2,
table_elements: 0,
..Default::default()
},
});
@@ -196,12 +201,12 @@ fn memory_zeroed() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 1,
memory_pages: 1,
table_elements: 0,
..Default::default()
},
instance_limits: InstanceLimits { count: 1 },
});
config.dynamic_memory_guard_size(0);
config.static_memory_guard_size(0);
@@ -239,12 +244,12 @@ fn table_limit() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 1,
memory_pages: 1,
table_elements: TABLE_ELEMENTS,
..Default::default()
},
instance_limits: InstanceLimits { count: 1 },
});
config.dynamic_memory_guard_size(0);
config.static_memory_guard_size(0);
@@ -252,12 +257,22 @@ fn table_limit() -> Result<()> {
let engine = Engine::new(&config)?;
// Module should fail to validate because the minimum is greater than the configured limit
// Module should fail to instantiate because it has too many tables
match Module::new(&engine, r#"(module (table 1 funcref) (table 1 funcref))"#) {
Ok(_) => panic!("module compilation should fail"),
Err(e) => assert_eq!(
e.to_string(),
"defined tables count of 2 exceeds the limit of 1",
),
}
// Module should fail to instantiate because the minimum is greater than
// the configured limit
match Module::new(&engine, r#"(module (table 31 funcref))"#) {
Ok(_) => panic!("module compilation should fail"),
Err(e) => assert_eq!(
e.to_string(),
"table index 0 has a minimum element size of 31 which exceeds the limit of 10"
"table index 0 has a minimum element size of 31 which exceeds the limit of 10",
),
}
@@ -316,13 +331,10 @@ fn table_init() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
memory_pages: 0,
table_elements: 6,
..Default::default()
},
instance_limits: InstanceLimits {
count: 1,
memory_pages: 0,
table_elements: 6,
..Default::default()
},
});
@@ -369,12 +381,12 @@ fn table_zeroed() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 1,
memory_pages: 1,
table_elements: 10,
..Default::default()
},
instance_limits: InstanceLimits { count: 1 },
});
config.dynamic_memory_guard_size(0);
config.static_memory_guard_size(0);
@@ -413,14 +425,12 @@ fn instantiation_limit() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: INSTANCE_LIMIT,
memory_pages: 1,
table_elements: 10,
..Default::default()
},
instance_limits: InstanceLimits {
count: INSTANCE_LIMIT,
},
});
config.dynamic_memory_guard_size(0);
config.static_memory_guard_size(0);
@@ -465,12 +475,12 @@ fn preserve_data_segments() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 2,
memory_pages: 1,
table_elements: 10,
..Default::default()
},
instance_limits: InstanceLimits { count: 2 },
});
let engine = Engine::new(&config)?;
let m = Module::new(
@@ -520,13 +530,12 @@ fn multi_memory_with_imported_memories() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: ModuleLimits {
instance_limits: InstanceLimits {
count: 1,
memories: 2,
memory_pages: 1,
imported_memories: 1,
memories: 1,
..Default::default()
},
instance_limits: InstanceLimits { count: 1 },
});
config.wasm_multi_memory(true);
@@ -567,8 +576,10 @@ fn drop_externref_global_during_module_init() -> Result<()> {
config.wasm_reference_types(true);
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
module_limits: Default::default(),
instance_limits: InstanceLimits { count: 1 },
instance_limits: InstanceLimits {
count: 1,
..Default::default()
},
});
let engine = Engine::new(&config)?;
@@ -606,3 +617,50 @@ fn drop_externref_global_during_module_init() -> Result<()> {
Ok(())
}
#[test]
#[cfg(target_pointer_width = "64")]
fn instance_too_large() -> Result<()> {
let mut config = Config::new();
config.allocation_strategy(InstanceAllocationStrategy::Pooling {
strategy: PoolingAllocationStrategy::NextAvailable,
instance_limits: InstanceLimits {
size: 16,
count: 1,
..Default::default()
},
});
let engine = Engine::new(&config)?;
let expected = "\
instance allocation for this module requires 304 bytes which exceeds the \
configured maximum of 16 bytes; breakdown of allocation requirement:
* 78.95% - 240 bytes - instance state management
* 5.26% - 16 bytes - jit store state
";
match Module::new(&engine, "(module)") {
Ok(_) => panic!("should have failed to compile"),
Err(e) => assert_eq!(e.to_string(), expected),
}
let mut lots_of_globals = format!("(module");
for _ in 0..100 {
lots_of_globals.push_str("(global i32 i32.const 0)\n");
}
lots_of_globals.push_str(")");
let expected = "\
instance allocation for this module requires 1904 bytes which exceeds the \
configured maximum of 16 bytes; breakdown of allocation requirement:
* 12.61% - 240 bytes - instance state management
* 84.03% - 1600 bytes - defined globals
";
match Module::new(&engine, &lots_of_globals) {
Ok(_) => panic!("should have failed to compile"),
Err(e) => assert_eq!(e.to_string(), expected),
}
Ok(())
}