You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

66 lines
2.0 KiB

# Documentation for this configuration file can be found here
# https://embarkstudios.github.io/cargo-deny/checks/cfg.html
targets = [
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "x86_64-apple-darwin" },
{ triple = "x86_64-pc-windows-msvc" },
{ triple = "aarch64-linux-android" },
]
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
allow = [
"Apache-2.0 WITH LLVM-exception",
"Apache-2.0",
"BSD-2-Clause",
Implement strings in adapter modules (#4623) * Implement strings in adapter modules This commit is a hefty addition to Wasmtime's support for the component model. This implements the final remaining type (in the current type hierarchy) unimplemented in adapter module trampolines: strings. Strings are the most complicated type to implement in adapter trampolines because they are highly structured chunks of data in memory (according to specific encodings). Additionally each lift/lower operation can choose its own encoding for strings meaning that Wasmtime, the host, may have to convert between any pairwise ordering of string encodings. The `CanonicalABI.md` in the component-model repo in general specifies all the fiddly bits of string encoding so there's not a ton of wiggle room for Wasmtime to get creative. This PR largely "just" implements that. The high-level architecture of this implementation is: * Fused adapters are first identified to determine src/dst string encodings. This statically fixes what transcoding operation is being performed. * The generated adapter will be responsible for managing calls to `realloc` and performing bounds checks. The adapter itself does not perform memory copies or validation of string contents, however. Instead each transcoding operation is modeled as an imported function into the adapter module. This means that the adapter module dynamically, during compile time, determines what string transcoders are needed. Note that an imported transcoder is not only parameterized over the transcoding operation but additionally which memory is the source and which is the destination. * The imported core wasm functions are modeled as a new `CoreDef::Transcoder` structure. These transcoders end up being small Cranelift-compiled trampolines. The Cranelift-compiled trampoline will load the actual base pointer of memory and add it to the relative pointers passed as function arguments. This trampoline then calls a transcoder "libcall" which enters Rust-defined functions for actual transcoding operations. * Each possible transcoding operation is implemented in Rust with a unique name and a unique signature depending on the needs of the transcoder. I've tried to document inline what each transcoder does. This means that the `Module::translate_string` in adapter modules is by far the largest translation method. The main reason for this is due to the management around calling the imported transcoder functions in the face of validating string pointer/lengths and performing the dance of `realloc`-vs-transcode at the right time. I've tried to ensure that each individual case in transcoding is documented well enough to understand what's going on as well. Additionally in this PR is a full implementation in the host for the `latin1+utf16` encoding which means that both lifting and lowering host strings now works with this encoding. Currently the implementation of each transcoder function is likely far from optimal. Where possible I've leaned on the standard library itself and for latin1-related things I'm leaning on the `encoding_rs` crate. I initially tried to implement everything with `encoding_rs` but was unable to uniformly do so easily. For now I settled on trying to get a known-correct (even in the face of endianness) implementation for all of these transcoders. If an when performance becomes an issue it should be possible to implement more optimized versions of each of these transcoding operations. Testing this commit has been somewhat difficult and my general plan, like with the `(list T)` type, is to rely heavily on fuzzing to cover the various cases here. In this PR though I've added a simple test that pushes some statically known strings through all the pairs of encodings between source and destination. I've attempted to pick "interesting" strings that one way or another stress the various paths in each transcoding operation to ideally get full branch coverage there. Additionally a suite of "negative" tests have also been added to ensure that validity of encoding is actually checked. * Fix a temporarily commented out case * Fix wasmtime-runtime tests * Update deny.toml configuration * Add `BSD-3-Clause` for the `encoding_rs` crate * Remove some unused licenses * Add an exemption for `encoding_rs` for now * Split up the `translate_string` method Move out all the closures and package up captured state into smaller lists of arguments. * Test out-of-bounds for zero-length strings
2 years ago
"BSD-3-Clause",
wasi-nn: turn it on by default (#2859) * wasi-nn: turn it on by default This change makes the wasi-nn Cargo feature a default feature. Previously, a wasi-nn user would have to build a separate Wasmtime binary (e.g. `cargo build --features wasi-nn ...`) to use wasi-nn and the resulting binary would require OpenVINO shared libraries to be present in the environment in order to run (otherwise it would fail immediately with linking errors). With recent changes to the `openvino` crate, the wasi-nn implementation can defer the loading of the OpenVINO shared libraries until runtime (i.e., when the user Wasm program calls `wasi_ephemeral_nn::load`) and display a user-level error if anything goes wrong (e.g., the OpenVINO libraries are not present on the system). This runtime-linking addition allows the wasi-nn feature to be turned on by default and shipped with upcoming releases of Wasmtime. This change should be transparent for users who do not use wasi-nn: the `openvino` crate is small and the newly-available wasi-nn imports only affect programs in which they are used. For those interested in reviewing the runtime linking approach added to the `openvino` crate, see https://github.com/intel/openvino-rs/pull/19. * wasi-nn spec path: don't use canonicalize * Allow dependencies using the ISC license The ISC license should be [just as permissive](https://choosealicense.com/licenses/isc) as MIT, e.g., with no additional limitations. * Add a `--wasi-modules` flag This flag controls which WASI modules are made available to the Wasm program. This initial commit enables `wasi-common` by default (equivalent to `--wasi-modules=all`) and allows `wasi-nn` and `wasi-crypto` to be added in either individually (e.g., `--wasi-modules=wasi-nn`) or as a group (e.g., `--wasi-modules=all-experimental`). * wasi-crypto: fix unused dependency Co-authored-by: Pat Hickey <pat@moreproductive.org>
4 years ago
"ISC",
"MIT",
"MPL-2.0",
"OpenSSL",
"Unicode-DFS-2016",
"Zlib",
]
[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 }
]
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
multiple-versions = "deny"
wildcards = "allow"
deny = []
skip-tree = [
Refactor test-programs to build modules and components (#6385) * wasi-tests and wasi-http-tests no longer have their own workspace * wasi-tests: fix warnings * rewrite the test-programs build.rs to generate {package}_modules.rs and _components.rs The style is cribbed from preview2-prototying repo, but I ended up refactoring it a bit. * better escaping should help with windows? * long form cap-std-sync and tokio test suites * convert wasi-http test * fixes, comments * apply cargo fmt to whole workspace * bump test-programs and wasi-http-tests to all use common dependency versions wit-bindgen 0.6.0 and wit-component 0.7.4 * add new audits * cargo vet prune * package and supply chain updates to fix vulnerabilities h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable remove_dir_all * deny: temporarily allow duplicate wasm-encoder, wasmparser, wit-parser prtest:full * convert more dependencies to { workspace = true } Alex asked me to do thsi for wit-component and wit-bindgen, and I found a few more (cfg-if, tempfile, filecheck, anyhow... I also reorganized the workspace dependencies section to make the ones our team maintains more clearly separated from our external dependencies. * test-programs build: ensure that the user writes a #[test] for each module, component * fix build of wasi-tests on windows * misspelled macos * mark wasi-tests crate test=false so we dont try building it natively... * mark wasi-http-tests test=false as well * try getting the cargo keys right * just exclude wasi-tests and wasi-http-tests in run-tests.sh * interesting paths fails on windows * misspelling so nice i did it twice * new cargo deny exception: ignore all of wit-bindgen's dependencies * auto-import wildcard vets
1 year ago
# wit-bindgen and wasmtime both depend on the wasm-tools crates, and
# wit-bindgen's latest release may sometimes lag behind when we bump
# wasmtime's dependencies on wasm-tools. wit-bindgen is only used for
# building component-based test programs, so we are going to ignore
# the multiple-versions errors it will introduce.
{ name = "wit-bindgen", depth = 20 },
Dependency gardening for Wasmtime (#6731) * Remove deny.toml exception for wasm-coredump-builder This isn't used any more so no need to continue to list this. * Update Wasmtime's pretty_env_logger dependency This removes a `deny.toml` exception for that crate, but `openvino-sys` still depends on `pretty_env_logger 0.4.0` so a new exception is added for that. * Update criterion and clap dependencies This commit started out by updating the `criterion` dependency to remove an entry in `deny.toml`, but that ended up transitively requiring a `clap` dependency upgrade from 3.x to 4.x because `criterion` uses pieces of clap 4.x. Most of this commit is then dedicated to updating clap 3.x to 4.x which was relatively simple, mostly renaming attributes here and there. * Update gimli-related dependencies I originally wanted to remove the `indexmap` clause in `deny.toml` but enough dependencies haven't updated from 1.9 to 2.0 that it wasn't possible. In the meantime though this updates some various dependencies to bring them to the latest and a few of them now use `indexmap` 2.0. * Update deps to remove `windows-sys 0.45.0` This involved updating tokio/mio and then providing new audits for new crates. The tokio exemption was updated from its old version to the new version and tokio remains un-audited. * Update `syn` to 2.x.x This required a bit of rewriting for the component-macro related bits but otherwise was pretty straightforward. The `syn` 1.x.x track is still present in the wasi-crypto tree at this time. I've additionally added some trusted audits for my own publications of `wasm-bindgen` * Update bitflags to 2.x.x This updates Wasmtime's dependency on the `bitflags` crate to the 2.x.x track to keep it up-to-date. * Update the cap-std family of crates This bumps them all to the next major version to keep up with updates. I've additionally added trusted entries for publishes of cap-std crates from Dan. There's still lingering references to rustix 0.37.x which will need to get weeded out over time. * Update memoffset dependency to latest Avoids having two versions in our crate graph. * Fix tests * Update try_from for wiggle flags * Fix build on AArch64 Linux * Enable `event` for rustix on Windows too
1 year ago
# proptest depends on bitflags 1.x.x while other crates depend on 2.x.x so
# ignore its dependency tree until it updates.
{ name = "proptest", depth = 20 },
# This is maintained externally and we allow it to have duplicate
# dependencies relative to Wasmtime's main dependency tree.
{ name = "witx", depth = 20 },
Dependency gardening for Wasmtime (#6731) * Remove deny.toml exception for wasm-coredump-builder This isn't used any more so no need to continue to list this. * Update Wasmtime's pretty_env_logger dependency This removes a `deny.toml` exception for that crate, but `openvino-sys` still depends on `pretty_env_logger 0.4.0` so a new exception is added for that. * Update criterion and clap dependencies This commit started out by updating the `criterion` dependency to remove an entry in `deny.toml`, but that ended up transitively requiring a `clap` dependency upgrade from 3.x to 4.x because `criterion` uses pieces of clap 4.x. Most of this commit is then dedicated to updating clap 3.x to 4.x which was relatively simple, mostly renaming attributes here and there. * Update gimli-related dependencies I originally wanted to remove the `indexmap` clause in `deny.toml` but enough dependencies haven't updated from 1.9 to 2.0 that it wasn't possible. In the meantime though this updates some various dependencies to bring them to the latest and a few of them now use `indexmap` 2.0. * Update deps to remove `windows-sys 0.45.0` This involved updating tokio/mio and then providing new audits for new crates. The tokio exemption was updated from its old version to the new version and tokio remains un-audited. * Update `syn` to 2.x.x This required a bit of rewriting for the component-macro related bits but otherwise was pretty straightforward. The `syn` 1.x.x track is still present in the wasi-crypto tree at this time. I've additionally added some trusted audits for my own publications of `wasm-bindgen` * Update bitflags to 2.x.x This updates Wasmtime's dependency on the `bitflags` crate to the 2.x.x track to keep it up-to-date. * Update the cap-std family of crates This bumps them all to the next major version to keep up with updates. I've additionally added trusted entries for publishes of cap-std crates from Dan. There's still lingering references to rustix 0.37.x which will need to get weeded out over time. * Update memoffset dependency to latest Avoids having two versions in our crate graph. * Fix tests * Update try_from for wiggle flags * Fix build on AArch64 Linux * Enable `event` for rustix on Windows too
1 year ago
# The openvino-sys crate uses an older version of `pretty_env_logger` so
# ignore its dependency tree for now until it updates.
{ name = "openvino-sys", depth = 20 },
# They want to publish version 2.0 to upgrade `hashbrown` so in the meantime
# it is duplicated for us.
{ name = "indexmap", depth = 2 },
# criterion is on old version, will update on next release.
{ name = "itertools" },
]