Additional PR feedback changes.

* Add more comments.
* Use `contains` from bitflags.
* Format wasi-test source.
* Remove permission check from Windows `path_open` impl.

crates/test-programs/wasi-tests/src/lib.rs

@@ -25,8 +25,10 @@ pub fn open_scratch_directory(path: &str) -> Result<wasi::Fd, String> {
             dst.set_len(stat.u.dir.pr_name_len);
             if dst == path.as_bytes() {
                 let (base, inherit) = fd_get_rights(i);
-                return Ok(wasi::path_open(i, 0, ".", wasi::OFLAGS_DIRECTORY, base, inherit, 0)
+                return Ok(
-                    .expect("failed to open dir"));
+                    wasi::path_open(i, 0, ".", wasi::OFLAGS_DIRECTORY, base, inherit, 0)
+                        .expect("failed to open dir"),
+                );
             }
         }
 
@@ -51,17 +53,11 @@ pub unsafe fn fd_get_rights(fd: wasi::Fd) -> (wasi::Rights, wasi::Rights) {
     (fdstat.fs_rights_base, fdstat.fs_rights_inheriting)
 }
 
-pub unsafe fn drop_rights(
+pub unsafe fn drop_rights(fd: wasi::Fd, drop_base: wasi::Rights, drop_inheriting: wasi::Rights) {
-    fd: wasi::Fd,
-    drop_base: wasi::Rights,
-    drop_inheriting: wasi::Rights,
-) {
     let (current_base, current_inheriting) = fd_get_rights(fd);
 
     let new_base = current_base & !drop_base;
     let new_inheriting = current_inheriting & !drop_inheriting;
 
-        wasi::fd_fdstat_set_rights(fd, new_base, new_inheriting).expect(
+    wasi::fd_fdstat_set_rights(fd, new_base, new_inheriting).expect("dropping fd rights");
-        "dropping fd rights",
-    );
 }

crates/wasi-common/src/sys/windows/hostcalls_impl/fs.rs

@@ -88,8 +88,9 @@ pub(crate) fn fd_fdstat_set_flags(
 
     let new_access_mode = file_access_mode_from_fdflags(
         fdflags,
-        (access_mode & AccessMode::FILE_READ_DATA).bits() != 0,
+        access_mode.contains(AccessMode::FILE_READ_DATA),
-        (access_mode & (AccessMode::FILE_WRITE_DATA | AccessMode::FILE_APPEND_DATA)).bits() != 0,
+        access_mode.contains(AccessMode::FILE_WRITE_DATA)
+            | access_mode.contains(AccessMode::FILE_APPEND_DATA),
     );
 
     unsafe {
@@ -139,13 +140,11 @@ pub(crate) fn path_open(
     let is_trunc = oflags & wasi::__WASI_OFLAGS_TRUNC != 0;
 
     if is_trunc {
-        // Windows requires write access for truncation
+        // Windows does not support append mode when opening for truncation
-        if !write {
+        // This is because truncation requires `GENERIC_WRITE` access, which will override the removal
-            return Err(Error::ENOTCAPABLE);
+        // of the `FILE_WRITE_DATA` permission.
-        }
-        // Windows does not support append mode with truncation
         if fdflags & wasi::__WASI_FDFLAGS_APPEND != 0 {
-            return Err(Error::EINVAL);
+            return Err(Error::ENOTSUP);
         }
     }
 
@@ -232,6 +231,9 @@ fn file_access_mode_from_fdflags(
 ) -> AccessMode {
     let mut access_mode = AccessMode::READ_CONTROL;
 
+    // Note that `GENERIC_READ` and `GENERIC_WRITE` cannot be used to properly support append-only mode
+    // The file-specific flags `FILE_GENERIC_READ` and `FILE_GENERIC_WRITE` are used here instead
+    // These flags have the same semantic meaning for file objects, but allow removal of specific permissions (see below)
     if read {
         access_mode.insert(AccessMode::FILE_GENERIC_READ);
     }

crates/wasi-common/winx/src/file.rs

@@ -436,6 +436,8 @@ pub fn query_mode_information(handle: RawHandle) -> Result<FileModeInformation>
 }
 
 pub fn reopen_file(handle: RawHandle, access_mode: AccessMode, flags: Flags) -> Result<RawHandle> {
+    // Files on Windows are opened with DELETE, READ, and WRITE share mode by default (see OpenOptions in stdlib)
+    // This keeps the same share mode when reopening the file handle
     let new_handle = unsafe {
         winbase::ReOpenFile(
             handle,