don't allow multiple run_start()s per instantiation/reset

lucet-runtime/lucet-runtime-internals/src/c_api.rs

@@ -79,6 +79,7 @@ pub enum lucet_error {
     InstanceNotReturned,
     InstanceNotYielded,
     InstanceNeedsStart,
+    StartAlreadyRun,
     StartYielded,
     Internal,
     Unsupported,
@@ -106,6 +107,7 @@ impl From<&Error> for lucet_error {
             Error::InstanceNotReturned => lucet_error::InstanceNotReturned,
             Error::InstanceNotYielded => lucet_error::InstanceNotYielded,
             Error::InstanceNeedsStart => lucet_error::InstanceNeedsStart,
+            Error::StartAlreadyRun => lucet_error::StartAlreadyRun,
             Error::StartYielded => lucet_error::StartYielded,
             Error::InternalError(_) => lucet_error::Internal,
             Error::Unsupported(_) => lucet_error::Unsupported,

lucet-runtime/lucet-runtime-internals/src/error.rs

@@ -58,6 +58,9 @@ pub enum Error {
     #[error("`Instance::run_start()` must be run before running other exported functions")]
     InstanceNeedsStart,
 
+    #[error("`Instance::run_start()` called multiple times after a single instantiation or reset")]
+    StartAlreadyRun,
+
     #[error("Start function yielded")]
     StartYielded,
 

lucet-runtime/lucet-runtime-internals/src/instance.rs

@@ -541,6 +541,9 @@ impl Instance {
     /// return `Error::StartYielded` if the start function attempts to yield. This should not arise
     /// as long as the start function does not attempt to use any imported functions.
     ///
+    /// This also returns `Error::StartAlreadyRun` if the start function has already run since the
+    /// instance was created or last reset.
+    ///
     /// # Safety
     ///
     /// The foreign code safety caveat of [`Instance::run()`][run]
@@ -550,6 +553,9 @@ impl Instance {
     /// [start]: https://webassembly.github.io/spec/core/syntax/modules.html#syntax-start
     pub fn run_start(&mut self) -> Result<(), Error> {
         if let Some(start) = self.module.get_start_func()? {
+            if !self.is_not_started() {
+                return Err(Error::StartAlreadyRun);
+            }
             let res = self.run_func(start, &[])?;
             if res.is_yielded() {
                 return Err(Error::StartYielded);

lucet-runtime/lucet-runtime-tests/src/start.rs

@@ -69,6 +69,22 @@ macro_rules! start_tests {
             }
         }
 
+        #[test]
+        fn no_start_without_reset() {
+            let module = test_module_wasm("start", "start_and_call.wat")
+                .expect("module compiled and loaded");
+            let region = TestRegion::create(1, &Limits::default()).expect("region can be created");
+            let mut inst = region
+                .new_instance(module)
+                .expect("instance can be created");
+
+            inst.run_start().expect("start section runs");
+            match inst.run_start().unwrap_err() {
+                Error::StartAlreadyRun => (),
+                e => panic!("unexpected error: {}", e),
+            }
+        }
+
         #[test]
         fn start_and_reset() {
             let module = test_module_wasm("start", "start_and_call.wat")

lucet-runtime/src/c_api.rs

@@ -49,6 +49,7 @@ pub extern "C" fn lucet_error_name(e: c_int) -> *const c_char {
             InstanceNotReturned => "lucet_error_instance_not_returned\0".as_ptr() as _,
             InstanceNotYielded => "lucet_error_instance_not_yielded\0".as_ptr() as _,
             InstanceNeedsStart => "lucet_error_instance_needs_start\0".as_ptr() as _,
+            StartAlreadyRun => "lucet_error_start_already_run\0".as_ptr() as _,
             StartYielded => "lucet_error_start_yielded\0".as_ptr() as _,
             Internal => "lucet_error_internal\0".as_ptr() as _,
             Unsupported => "lucet_error_unsupported\0".as_ptr() as _,