-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Wasmtime compatible with Stacked Borrows in MIRI #6338
Make Wasmtime compatible with Stacked Borrows in MIRI #6338
Commits on May 3, 2023
-
Make Wasmtime compatible with Stacked Borrows in MIRI
The fact that Wasmtime executes correctly under Tree Borrows but not Stacked Borrows is a bit suspect and given what I've since learned about the aliasing models I wanted to give it a stab to get things working with Stacked Borrows. It turns out that this wasn't all that difficult, but required two underlying changes: * First the implementation of `Instance::vmctx` is now specially crafted in an intentional way to preserve the provenance of the returned pointer. This way all `&Instance` pointers will return a `VMContext` pointer with the same provenance and acquiring the pointer won't accidentally invalidate all prior pointers. * Second the conversion from `VMContext` to `Instance` has been updated to work with provenance and such. Previously the conversion looked like `&mut VMContext -> &mut Instance`, but I think this didn't play well with MIRI because `&mut VMContext` has no provenance over any data since it's zero-sized. Instead now the conversion is from `*mut VMContext` to `&mut Instance` where we know that `*mut VMContext` has provenance over the entire instance allocation. This shuffled a fair bit around to handle the new closure-based API to prevent escaping pointers, but otherwise no major change other than the structure and the types in play. This commit additionally picks up a dependency on the `sptr` crate which is a crate for prototyping strict-provenance APIs in Rust. This is I believe intended to be upstreamed into Rust one day (it's in the standard library as a Nightly-only API right now) but in the meantime this is a stable alternative.
Configuration menu - View commit details
-
Copy full SHA for 8368f05 - Browse repository at this point
Copy the full SHA 8368f05View commit details -
Clean up manual
unsafe impl Send
implsThis commit adds a new wrapper type `SendSyncPtr<T>` which automatically impls the `Send` and `Sync` traits based on the `T` type contained. Otherwise it works similarly to `NonNull<T>`. This helps clean up a number of manual annotations of `unsafe impl {Send,Sync} for ...` throughout the runtime.
Configuration menu - View commit details
-
Copy full SHA for ecfe3a7 - Browse repository at this point
Copy the full SHA ecfe3a7View commit details -
Remove pointer-to-integer casts with tables
In an effort to enable MIRI's "strict provenance" mode this commit removes the integer-to-pointer casts in the runtime `Table` implementation for Wasmtime. Most of the bits were already there to track all this, so this commit plumbed around the various pointer types and with the help of the `sptr` crate preserves the provenance of all related pointers.
Configuration menu - View commit details
-
Copy full SHA for 38c568e - Browse repository at this point
Copy the full SHA 38c568eView commit details -
Remove integer-to-pointer casts in CoW management
The `MemoryImageSlot` type stored a `base: usize` field mostly because I was too lazy to have a `Send`/`Sync` type as a pointer, so this commit updates it to use `SendSyncPtr<u8>` and then plumbs the pointer-ness throughout the implementation. This removes all integer-to-pointer casts and has pointers stores as actual pointers when they're at rest.
Configuration menu - View commit details
-
Copy full SHA for 002aa3a - Browse repository at this point
Copy the full SHA 002aa3aView commit details -
Remove pointer-to-integer casts in "raw" representations
This commit changes the "raw" representation of `Func` and `ExternRef` to a `*mut c_void` instead of the previous `usize`. This is done to satisfy MIRI's requirements with strict provenance, properly marking the intermediate value as a pointer rather than round-tripping through integers.
Configuration menu - View commit details
-
Copy full SHA for 106fb15 - Browse repository at this point
Copy the full SHA 106fb15View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7b543dc - Browse repository at this point
Copy the full SHA 7b543dcView commit details -
Switch to Stacked Borrows for MIRI on CI
Additionally enable the strict-provenance features to force warnings emitted today to become errors.
Configuration menu - View commit details
-
Copy full SHA for df8c1fc - Browse repository at this point
Copy the full SHA df8c1fcView commit details
Commits on May 4, 2023
-
Configuration menu - View commit details
-
Copy full SHA for f753a7d - Browse repository at this point
Copy the full SHA f753a7dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 91bc932 - Browse repository at this point
Copy the full SHA 91bc932View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5933d9d - Browse repository at this point
Copy the full SHA 5933d9dView commit details -
Configuration menu - View commit details
-
Copy full SHA for d281e39 - Browse repository at this point
Copy the full SHA d281e39View commit details