Delete historical interruptable support in Wasmtime (#3925)

* Delete historical interruptable support in Wasmtime

This commit removes the `Config::interruptable` configuration along with
the `InterruptHandle` type from the `wasmtime` crate. The original
support for adding interruption to WebAssembly was added pretty early on
in the history of Wasmtime when there was no other method to prevent an
infinite loop from the host. Nowadays, however, there are alternative
methods for interruption such as fuel or epoch-based interruption.

One of the major downsides of `Config::interruptable` is that even when
it's not enabled it forces an atomic swap to happen when entering
WebAssembly code. This technically could be a non-atomic swap if the
configuration option isn't enabled but that produces even more branch-y
code on entry into WebAssembly which is already something we try to
optimize. Calling into WebAssembly is on the order of a dozens of
nanoseconds at this time and an atomic swap, even uncontended, can add
up to 5ns on some platforms.

The main goal of this PR is to remove this atomic swap on entry into
WebAssembly. This is done by removing the `Config::interruptable` field
entirely, moving all existing consumers to epochs instead which are
suitable for the same purposes. This means that the stack overflow check
is no longer entangled with the interruption check and perhaps one day
we could continue to optimize that further as well.

Some consequences of this change are:

* Epochs are now the only method of remote-thread interruption.
* There are no more Wasmtime traps that produces the `Interrupted` trap
  code, although we may wish to move future traps to this so I left it
  in place.
* The C API support for interrupt handles was also removed and bindings
  for epoch methods were added.
* Function-entry checks for interruption are a tiny bit less efficient
  since one check is performed for the stack limit and a second is
  performed for the epoch as opposed to the `Config::interruptable`
  style of bundling the stack limit and the interrupt check in one. It's
  expected though that this is likely to not really be measurable.
* The old `VMInterrupts` structure is renamed to `VMRuntimeLimits`.

crates/runtime/src/instance.rs

@@ -9,7 +9,7 @@ use crate::table::{Table, TableElement, TableElementType};
 use crate::traphandlers::Trap;
 use crate::vmcontext::{
     VMBuiltinFunctionsArray, VMCallerCheckedAnyfunc, VMContext, VMFunctionImport,
-    VMGlobalDefinition, VMGlobalImport, VMInterrupts, VMMemoryDefinition, VMMemoryImport,
+    VMGlobalDefinition, VMGlobalImport, VMMemoryDefinition, VMMemoryImport, VMRuntimeLimits,
     VMTableDefinition, VMTableImport,
 };
 use crate::{
@@ -240,8 +240,8 @@ impl Instance {
     }
 
     /// Return a pointer to the interrupts structure
-    pub fn interrupts(&self) -> *mut *const VMInterrupts {
-        unsafe { self.vmctx_plus_offset(self.offsets.vmctx_interrupts()) }
+    pub fn runtime_limits(&self) -> *mut *const VMRuntimeLimits {
+        unsafe { self.vmctx_plus_offset(self.offsets.vmctx_runtime_limits()) }
     }
 
     /// Return a pointer to the global epoch counter used by this instance.
@@ -888,7 +888,7 @@ impl Instance {
         assert!(std::ptr::eq(module, self.module().as_ref()));
 
         if let Some(store) = store.as_raw() {
-            *self.interrupts() = (*store).vminterrupts();
+            *self.runtime_limits() = (*store).vmruntime_limits();
             *self.epoch_ptr() = (*store).epoch_ptr();
             *self.externref_activations_table() = (*store).externref_activations_table().0;
             self.set_store(store);

crates/runtime/src/instance/allocator/pooling/uffd.rs

@@ -515,7 +515,7 @@ mod test {
                 info: MockModuleInfo,
             }
             unsafe impl Store for MockStore {
-                fn vminterrupts(&self) -> *mut crate::VMInterrupts {
+                fn vmruntime_limits(&self) -> *mut crate::VMRuntimeLimits {
                     std::ptr::null_mut()
                 }
                 fn externref_activations_table(

crates/runtime/src/lib.rs

@@ -65,7 +65,7 @@ pub use crate::traphandlers::{
 };
 pub use crate::vmcontext::{
     VMCallerCheckedAnyfunc, VMContext, VMFunctionBody, VMFunctionImport, VMGlobalDefinition,
-    VMGlobalImport, VMInterrupts, VMInvokeArgument, VMMemoryDefinition, VMMemoryImport,
+    VMGlobalImport, VMInvokeArgument, VMMemoryDefinition, VMMemoryImport, VMRuntimeLimits,
     VMSharedSignatureIndex, VMTableDefinition, VMTableImport, VMTrampoline, ValRaw,
 };
 
@@ -99,11 +99,11 @@ pub const VERSION: &str = env!("CARGO_PKG_VERSION");
 /// is that `wasmtime::Store` handles all this correctly.
 pub unsafe trait Store {
     /// Returns the raw pointer in memory where this store's shared
-    /// `VMInterrupts` structure is located.
+    /// `VMRuntimeLimits` structure is located.
     ///
     /// Used to configure `VMContext` initialization and store the right pointer
     /// in the `VMContext`.
-    fn vminterrupts(&self) -> *mut VMInterrupts;
+    fn vmruntime_limits(&self) -> *mut VMRuntimeLimits;
 
     /// Returns a pointer to the global epoch counter.
     ///

crates/runtime/src/traphandlers.rs

@@ -1,14 +1,13 @@
 //! WebAssembly trap handling, which is built on top of the lower-level
 //! signalhandling mechanisms.
 
-use crate::{VMContext, VMInterrupts};
+use crate::VMContext;
 use anyhow::Error;
 use backtrace::Backtrace;
 use std::any::Any;
 use std::cell::{Cell, UnsafeCell};
 use std::mem::MaybeUninit;
 use std::ptr;
-use std::sync::atomic::Ordering::SeqCst;
 use std::sync::Once;
 use wasmtime_environ::TrapCode;
 
@@ -122,10 +121,6 @@ pub enum Trap {
         pc: usize,
         /// Native stack backtrace at the time the trap occurred
         backtrace: Backtrace,
-        /// An indicator for whether this may have been a trap generated from an
-        /// interrupt, used for switching what would otherwise be a stack
-        /// overflow trap to be an interrupt trap.
-        maybe_interrupted: bool,
     },
 
     /// A trap raised from a wasm libcall
@@ -169,7 +164,6 @@ impl Trap {
 ///
 /// Highly unsafe since `closure` won't have any dtors run.
 pub unsafe fn catch_traps<'a, F>(
-    vminterrupts: *mut VMInterrupts,
     signal_handler: Option<*const SignalHandler<'static>>,
     callee: *mut VMContext,
     mut closure: F,
@@ -177,7 +171,7 @@ pub unsafe fn catch_traps<'a, F>(
 where
     F: FnMut(*mut VMContext),
 {
-    return CallThreadState::new(signal_handler).with(vminterrupts, |cx| {
+    return CallThreadState::new(signal_handler).with(|cx| {
         wasmtime_setjmp(
             cx.jmp_buf.as_ptr(),
             call_closure::<F>,
@@ -223,33 +217,21 @@ impl CallThreadState {
         }
     }
 
-    fn with(
-        self,
-        interrupts: *mut VMInterrupts,
-        closure: impl FnOnce(&CallThreadState) -> i32,
-    ) -> Result<(), Box<Trap>> {
+    fn with(self, closure: impl FnOnce(&CallThreadState) -> i32) -> Result<(), Box<Trap>> {
         let ret = tls::set(&self, || closure(&self))?;
         if ret != 0 {
             Ok(())
         } else {
-            Err(unsafe { self.read_trap(interrupts) })
+            Err(unsafe { self.read_trap() })
         }
     }
 
     #[cold]
-    unsafe fn read_trap(&self, interrupts: *mut VMInterrupts) -> Box<Trap> {
+    unsafe fn read_trap(&self) -> Box<Trap> {
         Box::new(match (*self.unwind.get()).as_ptr().read() {
             UnwindReason::UserTrap(data) => Trap::User(data),
             UnwindReason::LibTrap(trap) => trap,
-            UnwindReason::JitTrap { backtrace, pc } => {
-                let maybe_interrupted =
-                    (*interrupts).stack_limit.load(SeqCst) == wasmtime_environ::INTERRUPTED;
-                Trap::Jit {
-                    pc,
-                    backtrace,
-                    maybe_interrupted,
-                }
-            }
+            UnwindReason::JitTrap { backtrace, pc } => Trap::Jit { pc, backtrace },
             UnwindReason::Panic(panic) => std::panic::resume_unwind(panic),
         })
     }

crates/runtime/src/vmcontext.rs

@@ -7,7 +7,6 @@ use std::any::Any;
 use std::cell::UnsafeCell;
 use std::marker;
 use std::ptr::NonNull;
-use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
 use std::u32;
 
 /// An imported function.
@@ -669,12 +668,11 @@ impl VMInvokeArgument {
 /// Structure used to control interrupting wasm code.
 #[derive(Debug)]
 #[repr(C)]
-pub struct VMInterrupts {
+pub struct VMRuntimeLimits {
     /// Current stack limit of the wasm module.
     ///
-    /// This is used to control both stack overflow as well as interrupting wasm
-    /// modules. For more information see `crates/environ/src/cranelift.rs`.
-    pub stack_limit: AtomicUsize,
+    /// For more information see `crates/cranelift/src/lib.rs`.
+    pub stack_limit: UnsafeCell<usize>,
 
     /// Indicator of how much fuel has been consumed and is remaining to
     /// WebAssembly.
@@ -691,28 +689,17 @@ pub struct VMInterrupts {
     pub epoch_deadline: UnsafeCell<u64>,
 }
 
-// The `VMInterrupts` type is a pod-type with no destructor, and we
-// only access `stack_limit` from other threads, so add in these trait
-// impls which are otherwise not available due to the `fuel_consumed`
-// and `epoch_deadline` variables in `VMInterrupts`.
-//
-// Note that users of `fuel_consumed` understand that the unsafety encompasses
-// ensuring that it's only mutated/accessed from one thread dynamically.
-unsafe impl Send for VMInterrupts {}
-unsafe impl Sync for VMInterrupts {}
+// The `VMRuntimeLimits` type is a pod-type with no destructor, and we don't
+// access any fields from other threads, so add in these trait impls which are
+// otherwise not available due to the `fuel_consumed` and `epoch_deadline`
+// variables in `VMRuntimeLimits`.
+unsafe impl Send for VMRuntimeLimits {}
+unsafe impl Sync for VMRuntimeLimits {}
 
-impl VMInterrupts {
-    /// Flag that an interrupt should occur
-    pub fn interrupt(&self) {
-        self.stack_limit
-            .store(wasmtime_environ::INTERRUPTED, SeqCst);
-    }
-}
-
-impl Default for VMInterrupts {
-    fn default() -> VMInterrupts {
-        VMInterrupts {
-            stack_limit: AtomicUsize::new(usize::max_value()),
+impl Default for VMRuntimeLimits {
+    fn default() -> VMRuntimeLimits {
+        VMRuntimeLimits {
+            stack_limit: UnsafeCell::new(usize::max_value()),
             fuel_consumed: UnsafeCell::new(0),
             epoch_deadline: UnsafeCell::new(0),
         }
@@ -720,19 +707,27 @@ impl Default for VMInterrupts {
 }
 
 #[cfg(test)]
-mod test_vminterrupts {
-    use super::VMInterrupts;
+mod test_vmruntime_limits {
+    use super::VMRuntimeLimits;
     use memoffset::offset_of;
     use std::mem::size_of;
     use wasmtime_environ::{Module, VMOffsets};
 
     #[test]
-    fn check_vminterrupts_interrupted_offset() {
+    fn field_offsets() {
         let module = Module::new();
         let offsets = VMOffsets::new(size_of::<*mut u8>() as u8, &module);
         assert_eq!(
-            offset_of!(VMInterrupts, stack_limit),
-            usize::from(offsets.vminterrupts_stack_limit())
+            offset_of!(VMRuntimeLimits, stack_limit),
+            usize::from(offsets.vmruntime_limits_stack_limit())
+        );
+        assert_eq!(
+            offset_of!(VMRuntimeLimits, fuel_consumed),
+            usize::from(offsets.vmruntime_limits_fuel_consumed())
+        );
+        assert_eq!(
+            offset_of!(VMRuntimeLimits, epoch_deadline),
+            usize::from(offsets.vmruntime_limits_epoch_deadline())
         );
     }
 }