wasmtime

Author SHA1 Message Date

Author	SHA1	Message	Date
Alex Crichton	11510ec426	Disallow values to cross stores (#1016 ) * Disallow values to cross stores Lots of internals in the wasmtime-{jit,runtime} crates are highly unsafe, so it's up to the `wasmtime` API crate to figure out how to make it safe. One guarantee we need to provide is that values never cross between stores. For example you can't take a function in one store and move it over into a different instance in a different store. This dynamic check can't be performed at compile time and it's up to `wasmtime` to do the check itself. This adds a number of checks, but not all of them, to the codebase for now. This primarily adds checks around instantiation, globals, and tables. The main hole in this is functions, where you can pass in arguments or return values that are not from the right store. For now though we can't compile modules with `anyref` parameters/returns anyway, so we should be good. Eventually when that is supported we'll need to put the guards in place. Closes #958 * Clarify how values test they come from stores * Allow null anyref to initialize tables	2020-03-10 09:28:31 -05:00
Alex Crichton	0bee67a852	Document and update the API of the `externals.rs` module (#812 ) * Document and update the API of the `externals.rs` module This commit ensures that all public methods and items are documented in the `externals.rs` module, notably all external values that can be imported and exported in WebAssembly. Along the way this also tidies up the API and fixes a few bugs: * `Global::new` now returns a `Result` and fails if the provided value does not match the type of the global. * `Global::set` now returns a `Result` and fails if the global is either immutable or the provided value doesn't match the type of the global. * `Table::new` now fails if the provided initializer does not match the element type. * `Table::get` now returns `Option<Val>` instead of implicitly returning null. * `Table::set` now returns `Result<()>`, returning an error on out of bounds or if the input type is of the wrong type. * `Table::grow` now returns `Result<u32>`, returning the previous number of table elements if succesful or an error if the maximum is reached or the initializer value is of the wrong type. Additionally a bug was fixed here where if the wrong initializer was provided the table would be grown still, but initialization would fail. * `Memory::data` was renamed to `Memory::data_unchecked_mut`. Additionally `Memory::data_unchecked` was added. Lots of caveats were written down about how using the method can go wrong. * `Memory::grow` now returns `Result<u32>`, returning an error if growth fails or the number of pages previous the growth if successful. * Run rustfmt * Fix another test * Update crates/api/src/externals.rs Co-Authored-By: Sergei Pepyakin <s.pepyakin@gmail.com> Co-authored-by: Sergei Pepyakin <s.pepyakin@gmail.com>	2020-01-17 09:43:35 -06:00

Alex Crichton

11510ec426

Disallow values to cross stores (#1016 )

* Disallow values to cross stores

Lots of internals in the wasmtime-{jit,runtime} crates are highly
unsafe, so it's up to the `wasmtime` API crate to figure out how to make
it safe. One guarantee we need to provide is that values never cross
between stores. For example you can't take a function in one store and
move it over into a different instance in a different store. This
dynamic check can't be performed at compile time and it's up to
`wasmtime` to do the check itself.

This adds a number of checks, but not all of them, to the codebase for
now. This primarily adds checks around instantiation, globals, and
tables. The main hole in this is functions, where you can pass in
arguments or return values that are not from the right store. For now
though we can't compile modules with `anyref` parameters/returns anyway,
so we should be good. Eventually when that is supported we'll need to
put the guards in place.

Closes #958

* Clarify how values test they come from stores

* Allow null anyref to initialize tables

2020-03-10 09:28:31 -05:00

Alex Crichton

0bee67a852

Document and update the API of the externals.rs module (#812 )

* Document and update the API of the `externals.rs` module

This commit ensures that all public methods and items are documented in
the `externals.rs` module, notably all external values that can be
imported and exported in WebAssembly. Along the way this also tidies up
the API and fixes a few bugs:

* `Global::new` now returns a `Result` and fails if the provided value
  does not match the type of the global.
* `Global::set` now returns a `Result` and fails if the global is either
  immutable or the provided value doesn't match the type of the global.
* `Table::new` now fails if the provided initializer does not match the
  element type.
* `Table::get` now returns `Option<Val>` instead of implicitly returning
  null.
* `Table::set` now returns `Result<()>`, returning an error on out of
  bounds or if the input type is of the wrong type.
* `Table::grow` now returns `Result<u32>`, returning the previous number
  of table elements if succesful or an error if the maximum is reached
  or the initializer value is of the wrong type. Additionally a bug was
  fixed here where if the wrong initializer was provided the table would
  be grown still, but initialization would fail.
* `Memory::data` was renamed to `Memory::data_unchecked_mut`.
  Additionally `Memory::data_unchecked` was added. Lots of caveats were
  written down about how using the method can go wrong.
* `Memory::grow` now returns `Result<u32>`, returning an error if growth
  fails or the number of pages previous the growth if successful.

* Run rustfmt

* Fix another test

* Update crates/api/src/externals.rs

Co-Authored-By: Sergei Pepyakin <s.pepyakin@gmail.com>

Co-authored-by: Sergei Pepyakin <s.pepyakin@gmail.com>

2020-01-17 09:43:35 -06:00

2 Commits