Bring back Module::deserialize (#2858)

* Bring back `Module::deserialize` I thought I was being clever suggesting that `Module::deserialize` was removed from #2791 by funneling all module constructors into `Module::new`. As our studious fuzzers have found, though, this means that `Module::new` is not safe currently to pass arbitrary user-defined input into. Now one might pretty reasonable expect to be able to do that, however, being a WebAssembly engine and all. This PR as a result separates the `deserialize` part of `Module::new` back into `Module::deserialize`. This means that binary blobs created with `Module::serialize` and `Engine::precompile_module` will need to be passed to `Module::deserialize` to "rehydrate" them back into a `Module`. This restores the property that it should be safe to pass arbitrary input to `Module::new` since it's always expected to be a wasm module. This also means that fuzzing will no longer attempt to fuzz `Module::deserialize` which isn't something we want to do anyway. * Fix an example * Mark `Module::deserialize` as `unsafe`
2021-04-27 10:55:12 -05:00
parent 4a830b1159
commit 8384f3a347
10 changed files with 110 additions and 65 deletions
--- a/tests/all/module.rs
+++ b/tests/all/module.rs
@@ -27,35 +27,37 @@ fn caches_across_engines() {
        .serialize()
        .unwrap();

-    let res = Module::new(&Engine::new(&Config::new()).unwrap(), &bytes);
-    assert!(res.is_ok());
+    unsafe {
+        let res = Module::deserialize(&Engine::new(&Config::new()).unwrap(), &bytes);
+        assert!(res.is_ok());

-    // differ in shared cranelift flags
-    let res = Module::new(
-        &Engine::new(Config::new().cranelift_nan_canonicalization(true)).unwrap(),
-        &bytes,
-    );
-    assert!(res.is_err());
-
-    // differ in cranelift settings
-    let res = Module::new(
-        &Engine::new(Config::new().cranelift_opt_level(OptLevel::None)).unwrap(),
-        &bytes,
-    );
-    assert!(res.is_err());
-
-    // Missing required cpu flags
-    if cfg!(target_arch = "x86_64") {
-        let res = Module::new(
-            &Engine::new(
-                Config::new()
-                    .target(&target_lexicon::Triple::host().to_string())
-                    .unwrap(),
-            )
-            .unwrap(),
+        // differ in shared cranelift flags
+        let res = Module::deserialize(
+            &Engine::new(Config::new().cranelift_nan_canonicalization(true)).unwrap(),
            &bytes,
        );
        assert!(res.is_err());
+
+        // differ in cranelift settings
+        let res = Module::deserialize(
+            &Engine::new(Config::new().cranelift_opt_level(OptLevel::None)).unwrap(),
+            &bytes,
+        );
+        assert!(res.is_err());
+
+        // Missing required cpu flags
+        if cfg!(target_arch = "x86_64") {
+            let res = Module::deserialize(
+                &Engine::new(
+                    Config::new()
+                        .target(&target_lexicon::Triple::host().to_string())
+                        .unwrap(),
+                )
+                .unwrap(),
+                &bytes,
+            );
+            assert!(res.is_err());
+        }
    }
 }

@@ -66,7 +68,7 @@ fn aot_compiles() -> Result<()> {
        "(module (func (export \"f\") (param i32) (result i32) local.get 0))".as_bytes(),
    )?;

-    let module = Module::from_binary(&engine, &bytes)?;
+    let module = unsafe { Module::deserialize(&engine, &bytes)? };

    let store = Store::new(&engine);
    let instance = Instance::new(&store, &module, &[])?;
--- a/tests/all/module_linking.rs
+++ b/tests/all/module_linking.rs
@@ -39,7 +39,9 @@ fn compile() -> Result<()> {
    assert_eq!(m.imports().len(), 0);
    assert_eq!(m.exports().len(), 0);
    let bytes = m.serialize()?;
-    Module::new(&engine, &bytes)?;
+    unsafe {
+        Module::deserialize(&engine, &bytes)?;
+    }
    assert_eq!(m.imports().len(), 0);
    assert_eq!(m.exports().len(), 0);
    Ok(())
--- a/tests/all/module_serialize.rs
+++ b/tests/all/module_serialize.rs
@@ -6,8 +6,8 @@ fn serialize(engine: &Engine, wat: &'static str) -> Result<Vec<u8>> {
    Ok(module.serialize()?)
 }

-fn deserialize_and_instantiate(store: &Store, buffer: &[u8]) -> Result<Instance> {
-    let module = Module::new(store.engine(), buffer)?;
+unsafe fn deserialize_and_instantiate(store: &Store, buffer: &[u8]) -> Result<Instance> {
+    let module = Module::deserialize(store.engine(), buffer)?;
    Ok(Instance::new(&store, &module, &[])?)
 }

@@ -17,7 +17,7 @@ fn test_version_mismatch() -> Result<()> {
    let mut buffer = serialize(&engine, "(module)")?;
    buffer[13 /* header length */ + 1 /* version length */] = 'x' as u8;

-    match Module::new(&engine, &buffer) {
+    match unsafe { Module::deserialize(&engine, &buffer) } {
        Ok(_) => bail!("expected deserialization to fail"),
        Err(e) => assert!(e
            .to_string()
@@ -35,7 +35,7 @@ fn test_module_serialize_simple() -> Result<()> {
    )?;

    let store = Store::default();
-    let instance = deserialize_and_instantiate(&store, &buffer)?;
+    let instance = unsafe { deserialize_and_instantiate(&store, &buffer)? };
    let run = instance.get_typed_func::<(), i32>("run")?;
    let result = run.call(())?;

@@ -53,7 +53,7 @@ fn test_module_serialize_fail() -> Result<()> {
    let mut config = Config::new();
    config.cranelift_opt_level(OptLevel::None);
    let store = Store::new(&Engine::new(&config)?);
-    match deserialize_and_instantiate(&store, &buffer) {
+    match unsafe { deserialize_and_instantiate(&store, &buffer) } {
        Ok(_) => bail!("expected failure at deserialization"),
        Err(_) => (),
    }