T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3f3afb455ecc83c59d06aad4c22f885e6e084b98
wasmtime/.github/workflows/main.yml
Alex Crichton 3f3afb455e Remove support for userfaultfd (#4040) 
This commit removes support for the `userfaultfd` or "uffd" syscall on
Linux. This support was originally added for users migrating from Lucet
to Wasmtime, but the recent developments of kernel-supported
copy-on-write support for memory initialization wound up being more
appropriate for these use cases than usefaultfd. The main reason for
moving to copy-on-write initialization are:

* The `userfaultfd` feature was never necessarily intended for this
  style of use case with wasm and was susceptible to subtle and rare
  bugs that were extremely difficult to track down. We were never 100%
  certain that there were kernel bugs related to userfaultfd but the
  suspicion never went away.

* Handling faults with userfaultfd was always slow and single-threaded.
  Only one thread could handle faults and traveling to user-space to
  handle faults is inherently slower than handling them all in the
  kernel. The single-threaded aspect in particular presented a
  significant scaling bottleneck for embeddings that want to run many
  wasm instances in parallel.

* One of the major benefits of userfaultfd was lazy initialization of
  wasm linear memory which is also achieved with the copy-on-write
  initialization support we have right now.

* One of the suspected benefits of userfaultfd was less frobbing of the
  kernel vma structures when wasm modules are instantiated. Currently
  the copy-on-write support has a mitigation where we attempt to reuse
  the memory images where possible to avoid changing vma structures.
  When comparing this to userfaultfd's performance it was found that
  kernel modifications of vmas aren't a worrisome bottleneck so
  copy-on-write is suitable for this as well.

Overall there are no remaining benefits that userfaultfd gives that
copy-on-write doesn't, and copy-on-write solves a major downsides of
userfaultfd, the scaling issue with a single faulting thread.
Additionally copy-on-write support seems much more robust in terms of
kernel implementation since it's only using standard memory-management
syscalls which are heavily exercised. Finally copy-on-write support
provides a new bonus where read-only memory in WebAssembly can be mapped
directly to the same kernel cache page, even amongst many wasm instances
of the same module, which was never possible with userfaultfd.

In light of all this it's expected that all users of userfaultfd should
migrate to the copy-on-write initialization of Wasmtime (which is
enabled by default).
2022-04-18 12:42:26 -05:00

464 lines
17 KiB
YAML
Raw Blame History

name: CI
on:
push:
branches: [main]
tags-ignore: [dev]
paths-ignore:
- 'meetings/**'
pull_request:
branches: ['main', 'release-*']
paths-ignore:
- 'meetings/**'
defaults:
run:
shell: bash
# Cancel any in-flight jobs for the same PR/branch so there's only one active
# at a time
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# Check Code style quickly by running `rustfmt` over all code
rustfmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: rustup component add rustfmt
- run: cargo fmt --all -- --check
# Lint dependency graph for security advisories, duplicate versions, and
# incompatible licences
cargo_deny:
name: Cargo deny
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: |
set -e
curl -L https://github.com/EmbarkStudios/cargo-deny/releases/download/0.8.5/cargo-deny-0.8.5-x86_64-unknown-linux-musl.tar.gz | tar xzf -
mv cargo-deny-*-x86_64-unknown-linux-musl/cargo-deny cargo-deny
echo `pwd` >> $GITHUB_PATH
- run: cargo deny check bans licenses
doc:
name: Doc build
runs-on: ubuntu-latest
env:
CARGO_MDBOOK_VERSION: 0.4.8
RUSTDOCFLAGS: -Dbroken_intra_doc_links --cfg nightlydoc
OPENVINO_SKIP_LINKING: 1
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
with:
toolchain: nightly-2021-12-15
# Build C API documentation
- run: sudo apt-get update -y && sudo apt-get install -y libclang1-9 libclang-cpp9
- run: curl -L https://www.doxygen.nl/files/doxygen-1.9.3.linux.bin.tar.gz | tar xzf -
- run: echo "`pwd`/doxygen-1.9.3/bin" >> $GITHUB_PATH
- run: cd crates/c-api && doxygen doxygen.conf
# install mdbook, build the docs, and test the docs
- uses: actions/cache@v2
with:
path: ${{ runner.tool_cache }}/mdbook
key: cargo-mdbook-bin-${{ env.CARGO_MDBOOK_VERSION }}
- run: |
echo "${{ runner.tool_cache }}/mdbook/bin" >> $GITHUB_PATH
cargo install --root ${{ runner.tool_cache }}/mdbook --version ${{ env.CARGO_MDBOOK_VERSION }} mdbook
- run: (cd docs && mdbook build)
- run: cargo build -p wasmtime-wasi --features wasmtime/wat,wasmtime/cranelift
- run: (cd docs/rust_wasi_markdown_parser && cargo build)
- run: (cd docs && mdbook test -L ../target/debug/deps,./rust_wasi_markdown_parser/target/debug/deps)
# Build Rust API documentation
- run: |
cargo doc --no-deps --workspace \
--exclude wasmtime-cli \
--exclude test-programs \
--exclude cranelift-codegen-meta
- run: cargo doc --package cranelift-codegen-meta --document-private-items
# Assemble the documentation, and always upload it as an artifact for
# inspection on PRs and such.
- run: |
mv docs/book gh-pages
mv crates/c-api/html gh-pages/c-api
mv target/doc gh-pages/api
tar czf gh-pages.tar.gz gh-pages
- uses: actions/upload-artifact@v2
with:
name: gh-pages
path: gh-pages.tar.gz
# If this is a push to the main branch push to the `gh-pages` using a
# deploy key. Note that a deploy key is necessary for now because otherwise
# using the default token for github actions doesn't actually trigger a page
# rebuild.
- name: Push to gh-pages
run: curl -LsSf https://git.io/fhJ8n | rustc - && (cd gh-pages && ../rust_out)
env:
GITHUB_DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
BUILD_REPOSITORY_ID: ${{ github.repository }}
BUILD_SOURCEVERSION: ${{ github.sha }}
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# Quick checks of various feature combinations and whether things
# compile. The goal here isn't to run tests, mostly just serve as a
# double-check that Rust code compiles and is likely to work everywhere else.
checks:
name: Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
# Check some feature combinations of the `wasmtime` crate
- run: cargo check -p wasmtime --no-default-features
- run: cargo check -p wasmtime --no-default-features --features wat
- run: cargo check -p wasmtime --no-default-features --features jitdump
- run: cargo check -p wasmtime --no-default-features --features vtune
- run: cargo check -p wasmtime --no-default-features --features cache
- run: cargo check -p wasmtime --no-default-features --features async
- run: cargo check -p wasmtime --no-default-features --features pooling-allocator
- run: cargo check -p wasmtime --no-default-features --features cranelift
- run: cargo check -p wasmtime --no-default-features --features wasm-backtrace
- run: cargo check -p wasmtime --no-default-features --features cranelift,wat,async,cache,wasm-backtrace
# Check that benchmarks of the cranelift project build
- run: cargo check --benches -p cranelift-codegen
# Check some feature combinations of the `wasmtime-c-api` crate
- run: cargo check -p wasmtime-c-api --no-default-features
- run: cargo check -p wasmtime-c-api --no-default-features --features wat
- run: cargo check -p wasmtime-c-api --no-default-features --features wasi
# Check a few builds of the cranelift backend
# - only x86 backend support,
# - only arm64 backend support,
# - no debug_assertions.
- run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util --no-default-features --features=cranelift-codegen/arm64
- run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util --no-default-features --features=cranelift-codegen/x86
- run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util
env:
CARGO_PROFILE_DEV_DEBUG_ASSERTIONS: false
# Check whether `crates/wasi-common` cross-compiles to the following targets:
# * wasm32-unknown-emscripten
# * armv7-unknown-linux-gnueabihf
- run: |
rustup target add wasm32-unknown-emscripten
rustup target add armv7-unknown-linux-gnueabihf
sudo apt-get update && sudo apt-get install -y gcc-arm-linux-gnueabihf
- run: cargo check --target wasm32-unknown-emscripten -p wasi-common
- run: cargo check --target armv7-unknown-linux-gnueabihf -p wasi-common
fuzz_targets:
name: Fuzz Targets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
# Note that building with fuzzers requires nightly since it uses unstable
# flags to rustc.
- uses: ./.github/actions/install-rust
with:
toolchain: nightly-2021-12-15
- run: cargo install cargo-fuzz --vers "^0.11"
# Install OCaml packages necessary for 'differential_spec' fuzz target.
- run: sudo apt install -y ocaml-nox ocamlbuild ocaml-findlib libzarith-ocaml-dev
- run: cargo fetch
working-directory: ./fuzz
- run: cargo fuzz build --dev
# Check that the ISLE fuzz targets build too.
- run: cargo fuzz build --dev --fuzz-dir ./cranelift/isle/fuzz
rebuild_isle:
name: Rebuild ISLE
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
- name: Rebuild ISLE DSL files
run: cargo build -p cranelift-codegen --features "rebuild-isle"
- name: Reformat
run: cargo fmt -p cranelift-codegen
- name: Check that the ISLE DSL files are up-to-date
run: git diff --exit-code
# Perform all tests (debug mode) for `wasmtime`. This runs stable/beta/nightly
# channels of Rust as well as macOS/Linux/Windows.
test:
name: Test
runs-on: ${{ matrix.os }}
env:
QEMU_BUILD_VERSION: 6.1.0
strategy:
matrix:
include:
- os: ubuntu-latest
# defaults to x86_64-apple-darwin
- os: macos-latest
- os: windows-2019
- os: windows-2019
target: x86_64-pc-windows-gnu
- os: ubuntu-latest
target: aarch64-unknown-linux-gnu
gcc_package: gcc-aarch64-linux-gnu
gcc: aarch64-linux-gnu-gcc
qemu: qemu-aarch64 -L /usr/aarch64-linux-gnu
qemu_target: aarch64-linux-user
# FIXME(#3183) shouldn't be necessary to specify this
qemu_flags: -cpu max,pauth=off
- os: ubuntu-latest
target: s390x-unknown-linux-gnu
gcc_package: gcc-s390x-linux-gnu
gcc: s390x-linux-gnu-gcc
qemu: qemu-s390x -L /usr/s390x-linux-gnu
qemu_target: s390x-linux-user
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
# Install targets in order to build various tests throughout the repo
- run: rustup target add wasm32-wasi wasm32-unknown-unknown ${{ matrix.target }}
- run: echo CARGO_BUILD_TARGET=${{ matrix.target }} >> $GITHUB_ENV
if: matrix.target != ''
# Fix an ICE for now in gcc when compiling zstd with debuginfo (??)
- run: echo CFLAGS=-g0 >> $GITHUB_ENV
if: matrix.target == 'x86_64-pc-windows-gnu'
- run: cargo fetch --locked
- run: cargo fetch --locked --manifest-path crates/test-programs/wasi-tests/Cargo.toml
- uses: actions/cache@v2
with:
path: ${{ runner.tool_cache }}/qemu
key: qemu-${{ matrix.target }}-${{ env.QEMU_BUILD_VERSION }}-patchmadvise2
if: matrix.target != '' && matrix.os == 'ubuntu-latest'
- name: Install cross-compilation tools
run: |
set -ex
sudo apt-get update
sudo apt-get install -y ${{ matrix.gcc_package }} ninja-build
# Configure Cargo for cross compilation and tell it how it can run
# cross executables
upcase=$(echo ${{ matrix.target }} | awk '{ print toupper($0) }' | sed 's/-/_/g')
echo CARGO_TARGET_${upcase}_RUNNER=${{ runner.tool_cache }}/qemu/bin/${{ matrix.qemu }} ${{ matrix.qemu_flags }} >> $GITHUB_ENV
echo CARGO_TARGET_${upcase}_LINKER=${{ matrix.gcc }} >> $GITHUB_ENV
# QEMU emulation is not always the speediest, so total testing time
# goes down if we build the libs in release mode when running tests.
echo CARGO_PROFILE_DEV_OPT_LEVEL=2 >> $GITHUB_ENV
# See comments in the source for why we enable this during QEMU
# emulation.
echo WASMTIME_TEST_NO_HOG_MEMORY=1 >> $GITHUB_ENV
# See if qemu is already in the cache
if [ -f ${{ runner.tool_cache }}/qemu/built ]; then
exit 0
fi
# Download and build qemu from source since the most recent release is
# way faster at arm emulation than the current version github actions'
# ubuntu image uses. Disable as much as we can to get it to build
# quickly.
curl https://download.qemu.org/qemu-$QEMU_BUILD_VERSION.tar.xz | tar xJf -
cd qemu-$QEMU_BUILD_VERSION
patch -p1 < $GITHUB_WORKSPACE/ci/qemu-madvise.patch
./configure --target-list=${{ matrix.qemu_target }} --prefix=${{ runner.tool_cache}}/qemu --disable-tools --disable-slirp --disable-fdt --disable-capstone --disable-docs
ninja -C build install
touch ${{ runner.tool_cache }}/qemu/built
if: matrix.gcc != ''
# Ensure all our examples build and execute
- run: cargo run -p run-examples
env:
RUST_BACKTRACE: 1
if: matrix.target == ''
# Build and test all features
- run: ./ci/run-tests.sh --locked
env:
RUST_BACKTRACE: 1
# Test debug (DWARF) related functionality.
- run: |
sudo apt-get update && sudo apt-get install -y gdb lldb llvm
cargo test test_debug_dwarf -- --ignored --test-threads 1
if: matrix.os == 'ubuntu-latest' && matrix.target == ''
env:
RUST_BACKTRACE: 1
# Build and test the wasi-nn module.
test_wasi_nn:
name: Test wasi-nn module
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: rustup target add wasm32-wasi
- uses: ./.github/actions/install-openvino
- run: ./ci/run-wasi-nn-example.sh
env:
RUST_BACKTRACE: 1
# Build and test the wasi-crypto module.
test_wasi_crypto:
name: Test wasi-crypto module
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: rustup target add wasm32-wasi
- name: Install Rust
run: rustup update stable && rustup default stable
- run: ./ci/run-wasi-crypto-example.sh
env:
RUST_BACKTRACE: 1
bench:
name: Run benchmarks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: rustup target add wasm32-wasi
- name: Install Rust
run: rustup update stable && rustup default stable
- run: cargo test --benches --release
# Verify that cranelift's code generation is deterministic
meta_determinist_check:
name: Meta deterministic check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Install Rust
run: rustup update stable && rustup default stable
- run: cd cranelift/codegen && cargo build --features "all-arch completely-skip-isle-for-ci-deterministic-check"
- run: ci/ensure_deterministic_build.sh
# Perform release builds of `wasmtime` and `libwasmtime.so`. Builds on
# Windows/Mac/Linux, and artifacts are uploaded after the build is finished.
# Note that we also run tests here to test exactly what we're deploying.
build:
name: Build wasmtime
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- build: x86_64-linux
os: ubuntu-latest
- build: x86_64-macos
os: macos-latest
- build: aarch64-macos
os: macos-latest
target: aarch64-apple-darwin
- build: x86_64-windows
os: windows-latest
- build: x86_64-mingw
os: windows-latest
target: x86_64-pc-windows-gnu
- build: aarch64-linux
os: ubuntu-latest
target: aarch64-unknown-linux-gnu
gcc_package: gcc-aarch64-linux-gnu
gcc: aarch64-linux-gnu-gcc
- build: s390x-linux
os: ubuntu-latest
target: s390x-unknown-linux-gnu
gcc_package: gcc-s390x-linux-gnu
gcc: s390x-linux-gnu-gcc
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/actions/install-rust
- uses: ./.github/actions/binary-compatible-builds
if: matrix.target == ''
- name: Install cross-compilation tools
run: |
set -ex
sudo apt-get update
sudo apt-get install -y ${{ matrix.gcc_package }}
upcase=$(echo ${{ matrix.target }} | awk '{ print toupper($0) }' | sed 's/-/_/g')
echo CARGO_TARGET_${upcase}_LINKER=${{ matrix.gcc }} >> $GITHUB_ENV
if: matrix.target != '' && matrix.os == 'ubuntu-latest'
- run: |
echo CARGO_BUILD_TARGET=${{ matrix.target }} >> $GITHUB_ENV
rustup target add ${{ matrix.target }}
if: matrix.target != ''
# Build `wasmtime` and executables
- run: $CENTOS cargo build --release --bin wasmtime
# Build `libwasmtime.so`
- run: $CENTOS cargo build --release --manifest-path crates/c-api/Cargo.toml
# Assemble release artifats appropriate for this platform, then upload them
# unconditionally to this workflow's files so we have a copy of them.
- run: ./ci/build-tarballs.sh "${{ matrix.build }}" "${{ matrix.target }}"
- uses: actions/upload-artifact@v1
with:
name: bins-${{ matrix.build }}
path: dist
# ... and if this was an actual push (tag or `main`) then we publish a
# new release. This'll automatically publish a tag release or update `dev`
# with this `sha`. Note that `continue-on-error` is set here so if this hits
# a bug we can go back and fetch and upload the release ourselves.
- run: cd .github/actions/github-release && npm install --production
- name: Publish Release
uses: ./.github/actions/github-release
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
with:
files: "dist/*"
token: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
verify-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: rustup update stable && rustup default stable
- run: |
cd ${{ runner.tool_cache }}
curl -L https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz | tar xzf -
echo "`pwd`/sccache-0.2.13-x86_64-unknown-linux-musl" >> $GITHUB_PATH
echo RUSTC_WRAPPER=sccache >> $GITHUB_ENV
- run: |
rustc scripts/publish.rs
./publish verify
Reference in New Issue View Git Blame Copy Permalink