T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check safety of as_raw with a simplified borrow checker (#37)

Browse Source 
* wiggle-runtime: add as_raw method for [T]

* add trivial borrow checker back in

* integrate runtime borrow checker with as_raw methods

* handle pointer arith overflow correctly in as_raw, create PtrOverflow error

* runtime: add validation back to GuestType

* generate: impl validate for enums, flags, handles, ints

* oops! make validate its own method on trait GuestTypeTransparent

* fix transparent impls for enum, flag, handle, int

* some structs are transparent. fix tests.

* tests: define byte_slice_strat and friends

* wiggle-tests: i believe my allocator is working now

* some type juggling around memset for ease of use

* make GuestTypeTransparent an unsafe trait

* delete redundant validation of pointer align

* fix doc

* wiggle_test: aha, you cant use sets to track memory areas

* add multi-string test

which exercises the runtime borrow checker against
HostMemory::byte_slice_strat

* oops left debug panic in

* remove redundant (& incorrect, since unchecked) length calc

* redesign validate again, and actually hook to as_raw

* makr all validate impls as inline

this should hopefully allow as_raw's check loop to be unrolled to a
no-op in most cases!

* code review fixes
This commit is contained in:
Pat Hickey
2020-03-06 16:04:56 -08:00
committed by GitHub
parent 7669dee902
commit c78416912c
18 changed files with 655 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/arrays.rs
View File

@@ -67,9 +67,9 @@ impl ReduceExcusesExcercise {
},
)
.prop_filter("non-overlapping pointers", |e| {
let mut all = vec![&e.array_ptr_loc, &e.return_ptr_loc];
let mut all = vec![e.array_ptr_loc, e.return_ptr_loc];
all.extend(e.excuse_ptr_locs.iter());
MemArea::non_overlapping_set(&all)
MemArea::non_overlapping_set(all)
})
.boxed()
}
@@ -155,9 +155,9 @@ impl PopulateExcusesExcercise {
elements,
})
.prop_filter("non-overlapping pointers", |e| {
let mut all = vec![&e.array_ptr_loc];
let mut all = vec![e.array_ptr_loc];
all.extend(e.elements.iter());
MemArea::non_overlapping_set(&all)
MemArea::non_overlapping_set(all)
})
.boxed()
}

2
tests/flags.rs
View File

@@ -57,7 +57,7 @@ impl ConfigureCarExercise {
},
)
.prop_filter("non-overlapping ptrs", |e| {
MemArea::non_overlapping_set(&[&e.other_config_by_ptr, &e.return_ptr_loc])
MemArea::non_overlapping_set(&[e.other_config_by_ptr, e.return_ptr_loc])
})
.boxed()
}

8
tests/pointers.rs
View File

@@ -117,10 +117,10 @@ impl PointersAndEnumsExercise {
)
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[
&e.input2_loc,
&e.input3_loc,
&e.input4_loc,
&e.input4_ptr_loc,
e.input2_loc,
e.input3_loc,
e.input4_loc,
e.input4_ptr_loc,
])
})
.boxed()

144
tests/strings.rs
View File

@@ -1,6 +1,6 @@
use proptest::prelude::*;
use wiggle_runtime::{GuestError, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
use wiggle_runtime::{GuestBorrows, GuestError, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, MemAreas, WasiCtx};
wiggle::from_witx!({
witx: ["tests/strings.witx"],
@@ -11,12 +11,33 @@ impl_errno!(types::Errno);
impl strings::Strings for WasiCtx {
fn hello_string(&self, a_string: &GuestPtr<str>) -> Result<u32, types::Errno> {
let s = a_string.as_raw().expect("should be valid string");
let mut bc = GuestBorrows::new();
let s = a_string.as_raw(&mut bc).expect("should be valid string");
unsafe {
println!("a_string='{}'", &*s);
Ok((*s).len() as u32)
}
}
fn multi_string(
&self,
a: &GuestPtr<str>,
b: &GuestPtr<str>,
c: &GuestPtr<str>,
) -> Result<u32, types::Errno> {
let mut bc = GuestBorrows::new();
let sa = a.as_raw(&mut bc).expect("A should be valid string");
let sb = b.as_raw(&mut bc).expect("B should be valid string");
let sc = c.as_raw(&mut bc).expect("C should be valid string");
unsafe {
let total_len = (&*sa).len() + (&*sb).len() + (&*sc).len();
println!(
"len={}, a='{}', b='{}', c='{}'",
total_len, &*sa, &*sb, &*sc
);
Ok(total_len as u32)
}
}
}
fn test_string_strategy() -> impl Strategy<Value = String> {
@@ -46,7 +67,7 @@ impl HelloStringExercise {
return_ptr_loc,
})
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[&e.string_ptr_loc, &e.return_ptr_loc])
MemArea::non_overlapping_set(&[e.string_ptr_loc, e.return_ptr_loc])
})
.boxed()
}
@@ -85,3 +106,118 @@ proptest! {
e.test()
}
}
#[derive(Debug)]
struct MultiStringExercise {
a: String,
b: String,
c: String,
sa_ptr_loc: MemArea,
sb_ptr_loc: MemArea,
sc_ptr_loc: MemArea,
return_ptr_loc: MemArea,
}
impl MultiStringExercise {
pub fn strat() -> BoxedStrategy<Self> {
(
test_string_strategy(),
test_string_strategy(),
test_string_strategy(),
HostMemory::mem_area_strat(4),
)
.prop_flat_map(|(a, b, c, return_ptr_loc)| {
(
Just(a.clone()),
Just(b.clone()),
Just(c.clone()),
HostMemory::byte_slice_strat(a.len() as u32, &MemAreas::from([return_ptr_loc])),
Just(return_ptr_loc),
)
})
.prop_flat_map(|(a, b, c, sa_ptr_loc, return_ptr_loc)| {
(
Just(a.clone()),
Just(b.clone()),
Just(c.clone()),
Just(sa_ptr_loc),
HostMemory::byte_slice_strat(
b.len() as u32,
&MemAreas::from([sa_ptr_loc, return_ptr_loc]),
),
Just(return_ptr_loc),
)
})
.prop_flat_map(|(a, b, c, sa_ptr_loc, sb_ptr_loc, return_ptr_loc)| {
(
Just(a.clone()),
Just(b.clone()),
Just(c.clone()),
Just(sa_ptr_loc),
Just(sb_ptr_loc),
HostMemory::byte_slice_strat(
c.len() as u32,
&MemAreas::from([sa_ptr_loc, sb_ptr_loc, return_ptr_loc]),
),
Just(return_ptr_loc),
)
})
.prop_map(
|(a, b, c, sa_ptr_loc, sb_ptr_loc, sc_ptr_loc, return_ptr_loc)| {
MultiStringExercise {
a,
b,
c,
sa_ptr_loc,
sb_ptr_loc,
sc_ptr_loc,
return_ptr_loc,
}
},
)
.boxed()
}
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let write_string = |val: &str, loc: MemArea| {
let ptr = host_memory.ptr::<str>((loc.ptr, val.len() as u32));
for (slot, byte) in ptr.as_bytes().iter().zip(val.bytes()) {
slot.expect("should be valid pointer")
.write(byte)
.expect("failed to write");
}
};
write_string(&self.a, self.sa_ptr_loc);
write_string(&self.b, self.sb_ptr_loc);
write_string(&self.c, self.sc_ptr_loc);
let res = strings::multi_string(
&ctx,
&host_memory,
self.sa_ptr_loc.ptr as i32,
self.a.len() as i32,
self.sb_ptr_loc.ptr as i32,
self.b.len() as i32,
self.sc_ptr_loc.ptr as i32,
self.c.len() as i32,
self.return_ptr_loc.ptr as i32,
);
assert_eq!(res, types::Errno::Ok.into(), "multi string errno");
let given = host_memory
.ptr::<u32>(self.return_ptr_loc.ptr)
.read()
.expect("deref ptr to return value");
assert_eq!((self.a.len() + self.b.len() + self.c.len()) as u32, given);
}
}
proptest! {
#[test]
fn multi_string(e in MultiStringExercise::strat()) {
e.test()
}
}

8
tests/strings.witx
View File

@@ -5,4 +5,12 @@
(result $error $errno)
(result $total_bytes u32)
)
(@interface func (export "multi_string")
(param $a string)
(param $b string)
(param $c string)
(result $error $errno)
(result $total_bytes u32)
)
)

22
tests/structs.rs
View File

@@ -72,7 +72,7 @@ impl SumOfPairExercise {
return_loc,
})
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[&e.input_loc, &e.return_loc])
MemArea::non_overlapping_set(&[e.input_loc, e.return_loc])
})
.boxed()
}
@@ -157,10 +157,10 @@ impl SumPairPtrsExercise {
)
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[
&e.input_first_loc,
&e.input_second_loc,
&e.input_struct_loc,
&e.return_loc,
e.input_first_loc,
e.input_second_loc,
e.input_struct_loc,
e.return_loc,
])
})
.boxed()
@@ -245,11 +245,7 @@ impl SumIntAndPtrExercise {
},
)
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[
&e.input_first_loc,
&e.input_struct_loc,
&e.return_loc,
])
MemArea::non_overlapping_set(&[e.input_first_loc, e.input_struct_loc, e.return_loc])
})
.boxed()
}
@@ -371,11 +367,7 @@ impl ReturnPairPtrsExercise {
},
)
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[
&e.input_first_loc,
&e.input_second_loc,
&e.return_loc,
])
MemArea::non_overlapping_set(&[e.input_first_loc, e.input_second_loc, e.return_loc])
})
.boxed()
}

4
tests/union.rs
View File

@@ -99,7 +99,7 @@ impl GetTagExercise {
return_loc,
})
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[&e.input_loc, &e.return_loc])
MemArea::non_overlapping_set(&[e.input_loc, e.return_loc])
})
.boxed()
}
@@ -176,7 +176,7 @@ impl ReasonMultExercise {
},
)
.prop_filter("non-overlapping pointers", |e| {
MemArea::non_overlapping_set(&[&e.input_loc, &e.input_pointee_loc])
MemArea::non_overlapping_set(&[e.input_loc, e.input_pointee_loc])
})
.boxed()
}