github
/
cranelift
mirror of https://github.com/bytecodealliance/wasmtime.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

wiggle: automate borrow checking, explicitly passing borrow checker throughout

pull/1717/head
Pat Hickey 5 years ago
parent
e229fbc79c
commit
52e8300f01
14 changed files with 312 additions and 190 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      crates/wiggle/generate/src/funcs.rs
  2. 132
      crates/wiggle/src/borrow.rs
  3. 2
      crates/wiggle/src/guest_type.rs
  4. 120
      crates/wiggle/src/lib.rs
  5. 38
      crates/wiggle/tests/arrays.rs
  6. 9
      crates/wiggle/tests/atoms.rs
  7. 8
      crates/wiggle/tests/flags.rs
  8. 11
      crates/wiggle/tests/handles.rs
  9. 6
      crates/wiggle/tests/ints.rs
  10. 16
      crates/wiggle/tests/pointers.rs
  11. 33
      crates/wiggle/tests/strings.rs
  12. 45
      crates/wiggle/tests/structs.rs
  13. 26
      crates/wiggle/tests/union.rs
  14. 18
      crates/wiggle/tests/wasi.rs

14
crates/wiggle/generate/src/funcs.rs
View File

@ -24,7 +24,9 @@ pub fn define_func(
});
let abi_args = quote!(
ctx: &#ctx_type, memory: &dyn #rt::GuestMemory,
ctx: &#ctx_type,
memory: &dyn #rt::GuestMemory,
bc: &#rt::BorrowChecker,
#(#params),*
);
let abi_ret = if let Some(ret) = &coretype.ret {
@ -210,7 +212,7 @@ fn marshal_arg(
let arg_name = names.func_ptr_binding(&param.name);
let name = names.func_param(&param.name);
quote! {
let #name = match #rt::GuestPtr::<#pointee_type>::new(memory, #arg_name as u32).read() {
let #name = match #rt::GuestPtr::<#pointee_type>::new(memory, bc, #arg_name as u32).read() {
Ok(r) => r,
Err(e) => {
#error_handling
@ -256,7 +258,7 @@ fn marshal_arg(
let len_name = names.func_len_binding(&param.name);
let name = names.func_param(&param.name);
quote! {
let #name = #rt::GuestPtr::<#lifetime, str>::new(memory, (#ptr_name as u32, #len_name as u32));
let #name = #rt::GuestPtr::<#lifetime, str>::new(memory, bc, (#ptr_name as u32, #len_name as u32));
}
}
},
@ -264,7 +266,7 @@ fn marshal_arg(
let pointee_type = names.type_ref(pointee, anon_lifetime());
let name = names.func_param(&param.name);
quote! {
let #name = #rt::GuestPtr::<#pointee_type>::new(memory, #name as u32);
let #name = #rt::GuestPtr::<#pointee_type>::new(memory, bc, #name as u32);
}
}
witx::Type::Struct(_) => read_conversion,
@ -274,7 +276,7 @@ fn marshal_arg(
let len_name = names.func_len_binding(&param.name);
let name = names.func_param(&param.name);
quote! {
let #name = #rt::GuestPtr::<[#pointee_type]>::new(memory, (#ptr_name as u32, #len_name as u32));
let #name = #rt::GuestPtr::<[#pointee_type]>::new(memory, bc, (#ptr_name as u32, #len_name as u32));
}
}
witx::Type::Union(_u) => read_conversion,
@ -303,7 +305,7 @@ where
let ptr_name = names.func_ptr_binding(&result.name);
let ptr_err_handling = error_handling(&format!("{}:result_ptr_mut", result.name.as_str()));
let pre = quote! {
let #ptr_name = #rt::GuestPtr::<#pointee_type>::new(memory, #ptr_name as u32);
let #ptr_name = #rt::GuestPtr::<#pointee_type>::new(memory, bc, #ptr_name as u32);
};
// trait binding returns func_param name.
let val_name = names.func_param(&result.name);

132
crates/wiggle/src/borrow.rs
View File

@ -1,64 +1,67 @@
use crate::error::GuestError;
use crate::region::Region;
use crate::{GuestError, GuestPtr, GuestType};
use std::cell::RefCell;
use std::collections::HashMap;
#[derive(Debug)]
pub struct GuestBorrows {
borrows: Vec<Region>,
#[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)]
pub struct BorrowHandle(usize);
pub struct BorrowChecker {
bc: RefCell<InnerBorrowChecker>,
}
impl GuestBorrows {
impl BorrowChecker {
pub fn new() -> Self {
Self {
borrows: Vec::new(),
BorrowChecker {
bc: RefCell::new(InnerBorrowChecker::new()),
}
}
pub fn borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
self.bc
.borrow_mut()
.borrow(r)
.ok_or_else(|| GuestError::PtrBorrowed(r))
}
pub fn unborrow(&self, h: BorrowHandle) {
self.bc.borrow_mut().unborrow(h)
}
}
fn is_borrowed(&self, r: Region) -> bool {
!self.borrows.iter().all(|b| !b.overlaps(r))
#[derive(Debug)]
struct InnerBorrowChecker {
borrows: HashMap<BorrowHandle, Region>,
next_handle: BorrowHandle,
}
pub(crate) fn borrow(&mut self, r: Region) -> Result<(), GuestError> {
if self.is_borrowed(r) {
Err(GuestError::PtrBorrowed(r))
} else {
self.borrows.push(r);
Ok(())
impl InnerBorrowChecker {
fn new() -> Self {
InnerBorrowChecker {
borrows: HashMap::new(),
next_handle: BorrowHandle(0),
}
}
/// Borrow the region of memory pointed to by a `GuestPtr`. This is required for safety if
/// you are dereferencing `GuestPtr`s while holding a reference to a slice via
/// `GuestPtr::as_raw`.
pub fn borrow_pointee<'a, T>(&mut self, p: &GuestPtr<'a, T>) -> Result<(), GuestError>
where
T: GuestType<'a>,
{
self.borrow(Region {
start: p.offset(),
len: T::guest_size(),
})
fn is_borrowed(&self, r: Region) -> bool {
!self.borrows.values().all(|b| !b.overlaps(r))
}
/// Borrow the slice of memory pointed to by a `GuestPtr<[T]>`. This is required for safety if
/// you are dereferencing the `GuestPtr`s while holding a reference to another slice via
/// `GuestPtr::as_raw`. Not required if using `GuestPtr::as_raw` on this pointer.
pub fn borrow_slice<'a, T>(&mut self, p: &GuestPtr<'a, [T]>) -> Result<(), GuestError>
where
T: GuestType<'a>,
{
let (start, elems) = p.offset();
let len = T::guest_size()
.checked_mul(elems)
.ok_or_else(|| GuestError::PtrOverflow)?;
self.borrow(Region { start, len })
fn new_handle(&mut self) -> BorrowHandle {
let h = self.next_handle;
self.next_handle = BorrowHandle(h.0 + 1);
h
}
/// Borrow the slice of memory pointed to by a `GuestPtr<str>`. This is required for safety if
/// you are dereferencing the `GuestPtr`s while holding a reference to another slice via
/// `GuestPtr::as_raw`. Not required if using `GuestPtr::as_raw` on this pointer.
pub fn borrow_str(&mut self, p: &GuestPtr<str>) -> Result<(), GuestError> {
let (start, len) = p.offset();
self.borrow(Region { start, len })
fn borrow(&mut self, r: Region) -> Option<BorrowHandle> {
if self.is_borrowed(r) {
return None;
}
let h = self.new_handle();
self.borrows.insert(h, r);
Some(h)
}
fn unborrow(&mut self, h: BorrowHandle) {
let _ = self.borrows.remove(&h);
}
}
@ -67,14 +70,14 @@ mod test {
use super::*;
#[test]
fn nonoverlapping() {
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(0, 10);
let r2 = Region::new(10, 10);
assert!(!r1.overlaps(r2));
bs.borrow(r1).expect("can borrow r1");
bs.borrow(r2).expect("can borrow r2");
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(10, 10);
let r2 = Region::new(0, 10);
assert!(!r1.overlaps(r2));
@ -84,35 +87,35 @@ mod test {
#[test]
fn overlapping() {
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(0, 10);
let r2 = Region::new(9, 10);
assert!(r1.overlaps(r2));
bs.borrow(r1).expect("can borrow r1");
assert!(bs.borrow(r2).is_err(), "cant borrow r2");
assert!(bs.borrow(r2).is_none(), "cant borrow r2");
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(0, 10);
let r2 = Region::new(2, 5);
assert!(r1.overlaps(r2));
bs.borrow(r1).expect("can borrow r1");
assert!(bs.borrow(r2).is_err(), "cant borrow r2");
assert!(bs.borrow(r2).is_none(), "cant borrow r2");
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(9, 10);
let r2 = Region::new(0, 10);
assert!(r1.overlaps(r2));
bs.borrow(r1).expect("can borrow r1");
assert!(bs.borrow(r2).is_err(), "cant borrow r2");
assert!(bs.borrow(r2).is_none(), "cant borrow r2");
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(2, 5);
let r2 = Region::new(0, 10);
assert!(r1.overlaps(r2));
bs.borrow(r1).expect("can borrow r1");
assert!(bs.borrow(r2).is_err(), "cant borrow r2");
assert!(bs.borrow(r2).is_none(), "cant borrow r2");
let mut bs = GuestBorrows::new();
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(2, 5);
let r2 = Region::new(10, 5);
let r3 = Region::new(15, 5);
@ -121,6 +124,23 @@ mod test {
bs.borrow(r1).expect("can borrow r1");
bs.borrow(r2).expect("can borrow r2");
bs.borrow(r3).expect("can borrow r3");
assert!(bs.borrow(r4).is_err(), "cant borrow r4");
assert!(bs.borrow(r4).is_none(), "cant borrow r4");
}
#[test]
fn unborrowing() {
let mut bs = InnerBorrowChecker::new();
let r1 = Region::new(0, 10);
let r2 = Region::new(10, 10);
assert!(!r1.overlaps(r2));
let _h1 = bs.borrow(r1).expect("can borrow r1");
let h2 = bs.borrow(r2).expect("can borrow r2");
assert!(bs.borrow(r2).is_none(), "can't borrow r2 twice");
bs.unborrow(h2);
let _h3 = bs
.borrow(r2)
.expect("can borrow r2 again now that its been unborrowed");
}
}

2
crates/wiggle/src/guest_type.rs
View File

@ -131,7 +131,7 @@ impl<'a, T> GuestType<'a> for GuestPtr<'a, T> {
fn read(ptr: &GuestPtr<'a, Self>) -> Result<Self, GuestError> {
let offset = ptr.cast::<u32>().read()?;
Ok(GuestPtr::new(ptr.mem(), offset))
Ok(GuestPtr::new(ptr.mem(), ptr.borrow_checker(), offset))
}
fn write(ptr: &GuestPtr<'_, Self>, val: Self) -> Result<(), GuestError> {

120
crates/wiggle/src/lib.rs
View File

@ -16,7 +16,8 @@ mod error;
mod guest_type;
mod region;
pub use borrow::GuestBorrows;
pub use borrow::BorrowChecker;
use borrow::BorrowHandle;
pub use error::GuestError;
pub use guest_type::{GuestErrorType, GuestType, GuestTypeTransparent};
pub use region::Region;
@ -150,12 +151,12 @@ pub unsafe trait GuestMemory {
/// Note that `T` can be almost any type, and typically `offset` is a `u32`.
/// The exception is slices and strings, in which case `offset` is a `(u32,
/// u32)` of `(offset, length)`.
fn ptr<'a, T>(&'a self, offset: T::Pointer) -> GuestPtr<'a, T>
fn ptr<'a, T>(&'a self, bc: &'a BorrowChecker, offset: T::Pointer) -> GuestPtr<'a, T>
where
Self: Sized,
T: ?Sized + Pointee,
{
GuestPtr::new(self, offset)
GuestPtr::new(self, bc, offset)
}
}
@ -237,6 +238,7 @@ unsafe impl<T: ?Sized + GuestMemory> GuestMemory for Arc<T> {
/// already-attached helper methods.
pub struct GuestPtr<'a, T: ?Sized + Pointee> {
mem: &'a (dyn GuestMemory + 'a),
bc: &'a BorrowChecker,
pointer: T::Pointer,
_marker: marker::PhantomData<&'a Cell<T>>,
}
@ -247,9 +249,14 @@ impl<'a, T: ?Sized + Pointee> GuestPtr<'a, T> {
/// Note that for sized types like `u32`, `GuestPtr<T>`, etc, the `pointer`
/// vlue is a `u32` offset into guest memory. For slices and strings,
/// `pointer` is a `(u32, u32)` offset/length pair.
pub fn new(mem: &'a (dyn GuestMemory + 'a), pointer: T::Pointer) -> GuestPtr<'_, T> {
pub fn new(
mem: &'a (dyn GuestMemory + 'a),
bc: &'a BorrowChecker,
pointer: T::Pointer,
) -> GuestPtr<'a, T> {
GuestPtr {
mem,
bc,
pointer,
_marker: marker::PhantomData,
}
@ -268,6 +275,11 @@ impl<'a, T: ?Sized + Pointee> GuestPtr<'a, T> {
self.mem
}
/// Returns the borrow checker that this pointer uses
pub fn borrow_checker(&self) -> &'a BorrowChecker {
self.bc
}
/// Casts this `GuestPtr` type to a different type.
///
/// This is a safe method which is useful for simply reinterpreting the type
@ -278,7 +290,7 @@ impl<'a, T: ?Sized + Pointee> GuestPtr<'a, T> {
where
T: Pointee<Pointer = u32>,
{
GuestPtr::new(self.mem, self.pointer)
GuestPtr::new(self.mem, self.bc, self.pointer)
}
/// Safely read a value from this pointer.
@ -345,7 +357,7 @@ impl<'a, T: ?Sized + Pointee> GuestPtr<'a, T> {
Some(o) => o,
None => return Err(GuestError::PtrOverflow),
};
Ok(GuestPtr::new(self.mem, offset))
Ok(GuestPtr::new(self.mem, self.bc, offset))
}
/// Returns a `GuestPtr` for an array of `T`s using this pointer as the
@ -354,7 +366,7 @@ impl<'a, T: ?Sized + Pointee> GuestPtr<'a, T> {
where
T: GuestType<'a> + Pointee<Pointer = u32>,
{
GuestPtr::new(self.mem, (self.pointer, elems))
GuestPtr::new(self.mem, self.bc, (self.pointer, elems))
}
}
@ -403,7 +415,7 @@ impl<'a, T> GuestPtr<'a, [T]> {
/// For safety against overlapping mutable borrows, the user must use the
/// same `GuestBorrows` to create all `*mut str` or `*mut [T]` that are alive
/// at the same time.
pub fn as_raw(&self, bc: &mut GuestBorrows) -> Result<*mut [T], GuestError>
pub fn as_slice(&self) -> Result<GuestSlice<'a, T>, GuestError>
where
T: GuestTypeTransparent<'a>,
{
@ -415,7 +427,7 @@ impl<'a, T> GuestPtr<'a, [T]> {
self.mem
.validate_size_align(self.pointer.0, T::guest_align(), len)? as *mut T;
bc.borrow(Region {
let borrow = self.bc.borrow(Region {
start: self.pointer.0,
len,
})?;
@ -428,10 +440,16 @@ impl<'a, T> GuestPtr<'a, [T]> {
// SAFETY: iff there are no overlapping borrows (all uses of as_raw use this same
// GuestBorrows), its valid to construct a *mut [T]
unsafe {
let ptr = unsafe {
let s = slice::from_raw_parts_mut(ptr, self.pointer.1 as usize);
Ok(s as *mut [T])
}
s as *mut [T]
};
Ok(GuestSlice {
ptr,
bc: self.bc,
borrow,
})
}
/// Copies the data pointed to by `slice` into this guest region.
@ -451,22 +469,20 @@ impl<'a, T> GuestPtr<'a, [T]> {
T: GuestTypeTransparent<'a> + Copy,
{
// bounds check ...
let raw = self.as_raw(&mut GuestBorrows::new())?;
unsafe {
let mut self_slice = self.as_slice()?;
// ... length check ...
if (*raw).len() != slice.len() {
if self_slice.len() != slice.len() {
return Err(GuestError::SliceLengthsDiffer);
}
// ... and copy!
(*raw).copy_from_slice(slice);
self_slice.copy_from_slice(slice);
Ok(())
}
}
/// Returns a `GuestPtr` pointing to the base of the array for the interior
/// type `T`.
pub fn as_ptr(&self) -> GuestPtr<'a, T> {
GuestPtr::new(self.mem, self.offset_base())
GuestPtr::new(self.mem, self.bc, self.offset_base())
}
}
@ -485,7 +501,7 @@ impl<'a> GuestPtr<'a, str> {
/// Returns a raw pointer for the underlying slice of bytes that this
/// pointer points to.
pub fn as_bytes(&self) -> GuestPtr<'a, [u8]> {
GuestPtr::new(self.mem, self.pointer)
GuestPtr::new(self.mem, self.bc, self.pointer)
}
/// Attempts to read a raw `*mut str` pointer from this pointer, performing
@ -505,27 +521,29 @@ impl<'a> GuestPtr<'a, str> {
/// For safety against overlapping mutable borrows, the user must use the
/// same `GuestBorrows` to create all `*mut str` or `*mut [T]` that are
/// alive at the same time.
pub fn as_raw(&self, bc: &mut GuestBorrows) -> Result<*mut str, GuestError> {
pub fn as_str(&self) -> Result<GuestStr<'a>, GuestError> {
let ptr = self
.mem
.validate_size_align(self.pointer.0, 1, self.pointer.1)?;
bc.borrow(Region {
let borrow = self.bc.borrow(Region {
start: self.pointer.0,
len: self.pointer.1,
})?;
// SAFETY: iff there are no overlapping borrows (all uses of as_raw use this same
// GuestBorrows), its valid to construct a *mut str
unsafe {
let s = slice::from_raw_parts_mut(ptr, self.pointer.1 as usize);
match str::from_utf8_mut(s) {
Ok(s) => Ok(s),
let ptr = unsafe { slice::from_raw_parts_mut(ptr, self.pointer.1 as usize) };
match str::from_utf8_mut(ptr) {
Ok(ptr) => Ok(GuestStr {
ptr,
bc: self.bc,
borrow,
}),
Err(e) => Err(GuestError::InvalidUtf8(e)),
}
}
}
}
impl<T: ?Sized + Pointee> Clone for GuestPtr<'_, T> {
fn clone(&self) -> Self {
@ -541,6 +559,56 @@ impl<T: ?Sized + Pointee> fmt::Debug for GuestPtr<'_, T> {
}
}
pub struct GuestSlice<'a, T> {
ptr: *mut [T],
bc: &'a BorrowChecker,
borrow: BorrowHandle,
}
impl<'a, T> std::ops::Deref for GuestSlice<'a, T> {
type Target = [T];
fn deref(&self) -> &Self::Target {
unsafe { self.ptr.as_ref().expect("ptr guaranteed to be non-null") }
}
}
impl<'a, T> std::ops::DerefMut for GuestSlice<'a, T> {
fn deref_mut(&mut self) -> &mut Self::Target {
unsafe { self.ptr.as_mut().expect("ptr guaranteed to be non-null") }
}
}
impl<'a, T> Drop for GuestSlice<'a, T> {
fn drop(&mut self) {
self.bc.unborrow(self.borrow)
}
}
pub struct GuestStr<'a> {
ptr: *mut str,
bc: &'a BorrowChecker,
borrow: BorrowHandle,
}
impl<'a> std::ops::Deref for GuestStr<'a> {
type Target = str;
fn deref(&self) -> &Self::Target {
unsafe { self.ptr.as_ref().expect("ptr guaranteed to be non-null") }
}
}
impl<'a> std::ops::DerefMut for GuestStr<'a> {
fn deref_mut(&mut self) -> &mut Self::Target {
unsafe { self.ptr.as_mut().expect("ptr guaranteed to be non-null") }
}
}
impl<'a> Drop for GuestStr<'a> {
fn drop(&mut self) {
self.bc.unborrow(self.borrow)
}
}
mod private {
pub trait Sealed {}
impl<T> Sealed for T {}

38
crates/wiggle/tests/arrays.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::{GuestMemory, GuestPtr};
use wiggle::{BorrowChecker, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -75,31 +75,35 @@ impl ReduceExcusesExcercise {
}
pub fn test(&self) {
let mut ctx = WasiCtx::new();
let mut host_memory = HostMemory::new();
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
// Populate memory with pointers to generated Excuse values
for (&excuse, ptr) in self.excuse_values.iter().zip(self.excuse_ptr_locs.iter()) {
host_memory
.ptr(ptr.ptr)
.ptr(&bc, ptr.ptr)
.write(excuse)
.expect("deref ptr mut to Excuse value");
}
// Populate the array with pointers to generated Excuse values
{
let array: GuestPtr<'_, [GuestPtr<types::Excuse>]> =
host_memory.ptr((self.array_ptr_loc.ptr, self.excuse_ptr_locs.len() as u32));
let array: GuestPtr<'_, [GuestPtr<types::Excuse>]> = host_memory.ptr(
&bc,
(self.array_ptr_loc.ptr, self.excuse_ptr_locs.len() as u32),
);
for (slot, ptr) in array.iter().zip(&self.excuse_ptr_locs) {
let slot = slot.expect("array should be in bounds");
slot.write(host_memory.ptr(ptr.ptr))
slot.write(host_memory.ptr(&bc, ptr.ptr))
.expect("should succeed in writing array");
}
}
let res = arrays::reduce_excuses(
&mut ctx,
&mut host_memory,
&ctx,
&host_memory,
&bc,
self.array_ptr_loc.ptr as i32,
self.excuse_ptr_locs.len() as i32,
self.return_ptr_loc.ptr as i32,
@ -112,7 +116,7 @@ impl ReduceExcusesExcercise {
.last()
.expect("generated vec of excuses should be non-empty");
let given: types::Excuse = host_memory
.ptr(self.return_ptr_loc.ptr)
.ptr(&bc, self.return_ptr_loc.ptr)
.read()
.expect("deref ptr to returned value");
assert_eq!(expected, given, "reduce excuses return val");
@ -165,28 +169,30 @@ impl PopulateExcusesExcercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
// Populate array with valid pointers to Excuse type in memory
let ptr = host_memory.ptr::<[GuestPtr<'_, types::Excuse>]>((
self.array_ptr_loc.ptr,
self.elements.len() as u32,
));
let ptr = host_memory.ptr::<[GuestPtr<'_, types::Excuse>]>(
&bc,
(self.array_ptr_loc.ptr, self.elements.len() as u32),
);
for (ptr, val) in ptr.iter().zip(&self.elements) {
ptr.expect("should be valid pointer")
.write(host_memory.ptr(val.ptr))
.write(host_memory.ptr(&bc, val.ptr))
.expect("failed to write value");
}
let res = arrays::populate_excuses(
&ctx,
&host_memory,
&bc,
self.array_ptr_loc.ptr as i32,
self.elements.len() as i32,
);
assert_eq!(res, types::Errno::Ok.into(), "populate excuses errno");
let arr: GuestPtr<'_, [GuestPtr<'_, types::Excuse>]> =
host_memory.ptr((self.array_ptr_loc.ptr, self.elements.len() as u32));
host_memory.ptr(&bc, (self.array_ptr_loc.ptr, self.elements.len() as u32));
for el in arr.iter() {
let ptr_to_ptr = el
.expect("valid ptr to ptr")

9
crates/wiggle/tests/atoms.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::GuestMemory;
use wiggle::{BorrowChecker, GuestMemory};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -31,8 +31,9 @@ impl IntFloatExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let e = atoms::int_float_args(&ctx, &host_memory, self.an_int as i32, self.an_float);
let e = atoms::int_float_args(&ctx, &host_memory, &bc, self.an_int as i32, self.an_float);
assert_eq!(e, types::Errno::Ok.into(), "int_float_args error");
}
@ -60,16 +61,18 @@ impl DoubleIntExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let e = atoms::double_int_return_float(
&ctx,
&host_memory,
&bc,
self.input as i32,
self.return_loc.ptr as i32,
);
let return_val = host_memory
.ptr::<types::AliasToFloat>(self.return_loc.ptr)
.ptr::<types::AliasToFloat>(&bc, self.return_loc.ptr)
.read()
.expect("failed to read return");
assert_eq!(e, types::Errno::Ok.into(), "errno");

8
crates/wiggle/tests/flags.rs
View File

@ -1,6 +1,6 @@
use proptest::prelude::*;
use std::convert::TryFrom;
use wiggle::{GuestMemory, GuestPtr};
use wiggle::{BorrowChecker, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -65,16 +65,18 @@ impl ConfigureCarExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
// Populate input ptr
host_memory
.ptr(self.other_config_by_ptr.ptr)
.ptr(&bc, self.other_config_by_ptr.ptr)
.write(self.other_config)
.expect("deref ptr mut to CarConfig");
let res = flags::configure_car(
&ctx,
&host_memory,
&bc,
self.old_config.into(),
self.other_config_by_ptr.ptr as i32,
self.return_ptr_loc.ptr as i32,
@ -82,7 +84,7 @@ impl ConfigureCarExercise {
assert_eq!(res, types::Errno::Ok.into(), "configure car errno");
let res_config = host_memory
.ptr::<types::CarConfig>(self.return_ptr_loc.ptr)
.ptr::<types::CarConfig>(&bc, self.return_ptr_loc.ptr)
.read()
.expect("deref to CarConfig value");

11
crates/wiggle/tests/handles.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::{GuestMemory, GuestType};
use wiggle::{BorrowChecker, GuestMemory, GuestType};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
const FD_VAL: u32 = 123;
@ -34,23 +34,24 @@ impl HandleExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let e = handle_examples::fd_create(&ctx, &host_memory, self.return_loc.ptr as i32);
let e = handle_examples::fd_create(&ctx, &host_memory, &bc, self.return_loc.ptr as i32);
assert_eq!(e, types::Errno::Ok.into(), "fd_create error");
let h_got: u32 = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("return ref_mut");
assert_eq!(h_got, 123, "fd_create return val");
let e = handle_examples::fd_consume(&ctx, &host_memory, h_got as i32);
let e = handle_examples::fd_consume(&ctx, &host_memory, &bc, h_got as i32);
assert_eq!(e, types::Errno::Ok.into(), "fd_consume error");
let e = handle_examples::fd_consume(&ctx, &host_memory, h_got as i32 + 1);
let e = handle_examples::fd_consume(&ctx, &host_memory, &bc, h_got as i32 + 1);
assert_eq!(
e,

6
crates/wiggle/tests/ints.rs
View File

@ -1,6 +1,6 @@
use proptest::prelude::*;
use std::convert::TryFrom;
use wiggle::GuestMemory;
use wiggle::{BorrowChecker, GuestMemory};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -46,17 +46,19 @@ impl CookieCutterExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let res = ints::cookie_cutter(
&ctx,
&host_memory,
&bc,
self.cookie.into(),
self.return_ptr_loc.ptr as i32,
);
assert_eq!(res, types::Errno::Ok.into(), "cookie cutter errno");
let is_cookie_start = host_memory
.ptr::<types::Bool>(self.return_ptr_loc.ptr)
.ptr::<types::Bool>(&bc, self.return_ptr_loc.ptr)
.read()
.expect("deref to Bool value");

16
crates/wiggle/tests/pointers.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::{GuestMemory, GuestPtr};
use wiggle::{BorrowChecker, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -128,30 +128,32 @@ impl PointersAndEnumsExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
host_memory
.ptr(self.input2_loc.ptr)
.ptr(&bc, self.input2_loc.ptr)
.write(self.input2)
.expect("input2 ref_mut");
host_memory
.ptr(self.input3_loc.ptr)
.ptr(&bc, self.input3_loc.ptr)
.write(self.input3)
.expect("input3 ref_mut");
host_memory
.ptr(self.input4_loc.ptr)
.ptr(&bc, self.input4_loc.ptr)
.write(self.input4)
.expect("input4 ref_mut");
host_memory
.ptr(self.input4_ptr_loc.ptr)
.ptr(&bc, self.input4_ptr_loc.ptr)
.write(self.input4_loc.ptr)
.expect("input4 ptr ref_mut");
let e = pointers::pointers_and_enums(
&ctx,
&host_memory,
&bc,
self.input1.into(),
self.input2_loc.ptr as i32,
self.input3_loc.ptr as i32,
@ -161,7 +163,7 @@ impl PointersAndEnumsExercise {
// Implementation of pointers_and_enums writes input3 to the input2_loc:
let written_to_input2_loc: i32 = host_memory
.ptr(self.input2_loc.ptr)
.ptr(&bc, self.input2_loc.ptr)
.read()
.expect("input2 ref");
@ -173,7 +175,7 @@ impl PointersAndEnumsExercise {
// Implementation of pointers_and_enums writes input2_loc to input4_ptr_loc:
let written_to_input4_ptr: u32 = host_memory
.ptr(self.input4_ptr_loc.ptr)
.ptr(&bc, self.input4_ptr_loc.ptr)
.read()
.expect("input4_ptr_loc ref");

33
crates/wiggle/tests/strings.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::{GuestBorrows, GuestMemory, GuestPtr};
use wiggle::{BorrowChecker, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, MemAreas, WasiCtx};
wiggle::from_witx!({
@ -11,12 +11,9 @@ impl_errno!(types::Errno, types::GuestErrorConversion);
impl<'a> strings::Strings for WasiCtx<'a> {
fn hello_string(&self, a_string: &GuestPtr<str>) -> Result<u32, types::Errno> {
let mut bc = GuestBorrows::new();
let s = a_string.as_raw(&mut bc).expect("should be valid string");
unsafe {
let s = a_string.as_str().expect("should be valid string");
println!("a_string='{}'", &*s);
Ok((*s).len() as u32)
}
Ok(s.len() as u32)
}
fn multi_string(
@ -25,12 +22,10 @@ impl<'a> strings::Strings for WasiCtx<'a> {
b: &GuestPtr<str>,
c: &GuestPtr<str>,
) -> Result<u32, types::Errno> {
let mut bc = GuestBorrows::new();
let sa = a.as_raw(&mut bc).expect("A should be valid string");
let sb = b.as_raw(&mut bc).expect("B should be valid string");
let sc = c.as_raw(&mut bc).expect("C should be valid string");
unsafe {
let total_len = (&*sa).len() + (&*sb).len() + (&*sc).len();
let sa = a.as_str().expect("A should be valid string");
let sb = b.as_str().expect("B should be valid string");
let sc = c.as_str().expect("C should be valid string");
let total_len = sa.len() + sb.len() + sc.len();
println!(
"len={}, a='{}', b='{}', c='{}'",
total_len, &*sa, &*sb, &*sc
@ -38,7 +33,6 @@ impl<'a> strings::Strings for WasiCtx<'a> {
Ok(total_len as u32)
}
}
}
fn test_string_strategy() -> impl Strategy<Value = String> {
"\\p{Greek}{1,256}"
@ -75,9 +69,11 @@ impl HelloStringExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
// Populate string in guest's memory
let ptr = host_memory.ptr::<str>((self.string_ptr_loc.ptr, self.test_word.len() as u32));
let ptr =
host_memory.ptr::<str>(&bc, (self.string_ptr_loc.ptr, self.test_word.len() as u32));
for (slot, byte) in ptr.as_bytes().iter().zip(self.test_word.bytes()) {
slot.expect("should be valid pointer")
.write(byte)
@ -87,6 +83,7 @@ impl HelloStringExercise {
let res = strings::hello_string(
&ctx,
&host_memory,
&bc,
self.string_ptr_loc.ptr as i32,
self.test_word.len() as i32,
self.return_ptr_loc.ptr as i32,
@ -94,7 +91,7 @@ impl HelloStringExercise {
assert_eq!(res, types::Errno::Ok.into(), "hello string errno");
let given = host_memory
.ptr::<u32>(self.return_ptr_loc.ptr)
.ptr::<u32>(&bc, self.return_ptr_loc.ptr)
.read()
.expect("deref ptr to return value");
assert_eq!(self.test_word.len() as u32, given);
@ -181,9 +178,10 @@ impl MultiStringExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let write_string = |val: &str, loc: MemArea| {
let ptr = host_memory.ptr::<str>((loc.ptr, val.len() as u32));
let ptr = host_memory.ptr::<str>(&bc, (loc.ptr, val.len() as u32));
for (slot, byte) in ptr.as_bytes().iter().zip(val.bytes()) {
slot.expect("should be valid pointer")
.write(byte)
@ -198,6 +196,7 @@ impl MultiStringExercise {
let res = strings::multi_string(
&ctx,
&host_memory,
&bc,
self.sa_ptr_loc.ptr as i32,
self.a.len() as i32,
self.sb_ptr_loc.ptr as i32,
@ -209,7 +208,7 @@ impl MultiStringExercise {
assert_eq!(res, types::Errno::Ok.into(), "multi string errno");
let given = host_memory
.ptr::<u32>(self.return_ptr_loc.ptr)
.ptr::<u32>(&bc, self.return_ptr_loc.ptr)
.read()
.expect("deref ptr to return value");
assert_eq!((self.a.len() + self.b.len() + self.c.len()) as u32, given);

45
crates/wiggle/tests/structs.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::{GuestMemory, GuestPtr};
use wiggle::{BorrowChecker, GuestMemory, GuestPtr};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -83,18 +83,20 @@ impl SumOfPairExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
host_memory
.ptr(self.input_loc.ptr)
.ptr(&bc, self.input_loc.ptr)
.write(self.input.first)
.expect("input ref_mut");
host_memory
.ptr(self.input_loc.ptr + 4)
.ptr(&bc, self.input_loc.ptr + 4)
.write(self.input.second)
.expect("input ref_mut");
let sum_err = structs::sum_of_pair(
&ctx,
&host_memory,
&bc,
self.input_loc.ptr as i32,
self.return_loc.ptr as i32,
);
@ -102,7 +104,7 @@ impl SumOfPairExercise {
assert_eq!(sum_err, types::Errno::Ok.into(), "sum errno");
let return_val: i64 = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("return ref");
@ -171,28 +173,30 @@ impl SumPairPtrsExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
host_memory
.ptr(self.input_first_loc.ptr)
.ptr(&bc, self.input_first_loc.ptr)
.write(self.input_first)
.expect("input_first ref");
host_memory
.ptr(self.input_second_loc.ptr)
.ptr(&bc, self.input_second_loc.ptr)
.write(self.input_second)
.expect("input_second ref");
host_memory
.ptr(self.input_struct_loc.ptr)
.ptr(&bc, self.input_struct_loc.ptr)
.write(self.input_first_loc.ptr)
.expect("input_struct ref");
host_memory
.ptr(self.input_struct_loc.ptr + 4)
.ptr(&bc, self.input_struct_loc.ptr + 4)
.write(self.input_second_loc.ptr)
.expect("input_struct ref");
let res = structs::sum_of_pair_of_ptrs(
&ctx,
&host_memory,
&bc,
self.input_struct_loc.ptr as i32,
self.return_loc.ptr as i32,
);
@ -200,7 +204,7 @@ impl SumPairPtrsExercise {
assert_eq!(res, types::Errno::Ok.into(), "sum of pair of ptrs errno");
let doubled: i64 = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("return ref");
@ -255,23 +259,25 @@ impl SumIntAndPtrExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
host_memory
.ptr(self.input_first_loc.ptr)
.ptr(&bc, self.input_first_loc.ptr)
.write(self.input_first)
.expect("input_first ref");
host_memory
.ptr(self.input_struct_loc.ptr)
.ptr(&bc, self.input_struct_loc.ptr)
.write(self.input_first_loc.ptr)
.expect("input_struct ref");
host_memory
.ptr(self.input_struct_loc.ptr + 4)
.ptr(&bc, self.input_struct_loc.ptr + 4)
.write(self.input_second)
.expect("input_struct ref");
let res = structs::sum_of_int_and_ptr(
&ctx,
&host_memory,
&bc,
self.input_struct_loc.ptr as i32,
self.return_loc.ptr as i32,
);
@ -279,7 +285,7 @@ impl SumIntAndPtrExercise {
assert_eq!(res, types::Errno::Ok.into(), "sum of int and ptr errno");
let doubled: i64 = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("return ref");
@ -312,13 +318,14 @@ impl ReturnPairInts {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let err = structs::return_pair_ints(&ctx, &host_memory, self.return_loc.ptr as i32);
let err = structs::return_pair_ints(&ctx, &host_memory, &bc, self.return_loc.ptr as i32);
assert_eq!(err, types::Errno::Ok.into(), "return struct errno");
let return_struct: types::PairInts = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("return ref");
@ -377,19 +384,21 @@ impl ReturnPairPtrsExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
host_memory
.ptr(self.input_first_loc.ptr)
.ptr(&bc, self.input_first_loc.ptr)
.write(self.input_first)
.expect("input_first ref");
host_memory
.ptr(self.input_second_loc.ptr)
.ptr(&bc, self.input_second_loc.ptr)
.write(self.input_second)
.expect("input_second ref");
let res = structs::return_pair_of_ptrs(
&ctx,
&host_memory,
&bc,
self.input_first_loc.ptr as i32,
self.input_second_loc.ptr as i32,
self.return_loc.ptr as i32,
@ -398,7 +407,7 @@ impl ReturnPairPtrsExercise {
assert_eq!(res, types::Errno::Ok.into(), "return pair of ptrs errno");
let ptr_pair_int_ptrs: types::PairIntPtrs<'_> = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("failed to read return location");
let ret_first_ptr = ptr_pair_int_ptrs.first;

26
crates/wiggle/tests/union.rs
View File

@ -1,5 +1,5 @@
use proptest::prelude::*;
use wiggle::{GuestMemory, GuestType};
use wiggle::{BorrowChecker, GuestMemory, GuestType};
use wiggle_test::{impl_errno, HostMemory, MemArea, WasiCtx};
wiggle::from_witx!({
@ -107,21 +107,22 @@ impl GetTagExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let discriminant: u8 = reason_tag(&self.input).into();
host_memory
.ptr(self.input_loc.ptr)
.ptr(&bc, self.input_loc.ptr)
.write(discriminant)
.expect("input discriminant ptr");
match self.input {
types::Reason::DogAte(f) => {
host_memory
.ptr(self.input_loc.ptr + 4)
.ptr(&bc, self.input_loc.ptr + 4)
.write(f)
.expect("input contents ref_mut");
}
types::Reason::Traffic(v) => host_memory
.ptr(self.input_loc.ptr + 4)
.ptr(&bc, self.input_loc.ptr + 4)
.write(v)
.expect("input contents ref_mut"),
types::Reason::Sleeping => {} // Do nothing
@ -129,6 +130,7 @@ impl GetTagExercise {
let e = union_example::get_tag(
&ctx,
&host_memory,
&bc,
self.input_loc.ptr as i32,
self.return_loc.ptr as i32,
);
@ -136,7 +138,7 @@ impl GetTagExercise {
assert_eq!(e, types::Errno::Ok.into(), "get_tag errno");
let return_val: types::Excuse = host_memory
.ptr(self.return_loc.ptr)
.ptr(&bc, self.return_loc.ptr)
.read()
.expect("return ref");
@ -184,27 +186,28 @@ impl ReasonMultExercise {
pub fn test(&self) {
let ctx = WasiCtx::new();
let host_memory = HostMemory::new();
let bc = BorrowChecker::new();
let discriminant: u8 = reason_tag(&self.input).into();
host_memory
.ptr(self.input_loc.ptr)
.ptr(&bc, self.input_loc.ptr)
.write(discriminant)
.expect("input discriminant ref_mut");
host_memory
.ptr(self.input_loc.ptr + 4)
.ptr(&bc, self.input_loc.ptr + 4)
.write(self.input_pointee_loc.ptr)
.expect("input pointer ref_mut");
match self.input {
types::Reason::DogAte(f) => {
host_memory
.ptr(self.input_pointee_loc.ptr)
.ptr(&bc, self.input_pointee_loc.ptr)
.write(f)
.expect("input contents ref_mut");
}
types::Reason::Traffic(v) => {
host_memory
.ptr(self.input_pointee_loc.ptr)
.ptr(&bc, self.input_pointee_loc.ptr)
.write(v)
.expect("input contents ref_mut");
}
@ -213,6 +216,7 @@ impl ReasonMultExercise {
let e = union_example::reason_mult(
&ctx,
&host_memory,
&bc,
self.input_loc.ptr as i32,
self.multiply_by as i32,
);
@ -222,7 +226,7 @@ impl ReasonMultExercise {
match self.input {
types::Reason::DogAte(f) => {
let f_result: f32 = host_memory
.ptr(self.input_pointee_loc.ptr)
.ptr(&bc, self.input_pointee_loc.ptr)
.read()
.expect("input contents ref_mut");
assert_eq!(
@ -233,7 +237,7 @@ impl ReasonMultExercise {
}
types::Reason::Traffic(v) => {
let v_result: i32 = host_memory
.ptr(self.input_pointee_loc.ptr)
.ptr(&bc, self.input_pointee_loc.ptr)
.read()
.expect("input contents ref_mut");
assert_eq!(

18
crates/wiggle/tests/wasi.rs
View File

@ -1,4 +1,4 @@
use wiggle::{GuestBorrows, GuestError, GuestErrorType, GuestPtr};
use wiggle::{GuestError, GuestErrorType, GuestPtr, GuestSlice};
use wiggle_test::WasiCtx;
// This test file exists to make sure that the entire `wasi.witx` file can be
@ -141,11 +141,11 @@ impl<'a> crate::wasi_snapshot_preview1::WasiSnapshotPreview1 for WasiCtx<'a> {
// that we can use the wiggle API to create the datastructures we want
// for efficient implementation of this function elsewhere.
let mut bc = GuestBorrows::new();
let mut slices: Vec<&'_ mut [u8]> = Vec::new();
let mut slices: Vec<GuestSlice<'_, u8>> = Vec::new();
// XXX FIXME make sure this property still holds:
// Mark the iov elements as borrowed, to ensure that they does not
// overlap with any of the as_raw regions.
bc.borrow_slice(&iovs).expect("borrow iovec array");
// bc.borrow_slice(&iovs).expect("borrow iovec array");
for iov_ptr in iovs.iter() {
let iov_ptr = iov_ptr.expect("iovec element pointer is valid");
@ -153,10 +153,14 @@ impl<'a> crate::wasi_snapshot_preview1::WasiSnapshotPreview1 for WasiCtx<'a> {
let base: GuestPtr<u8> = iov.buf;
let len: u32 = iov.buf_len;
let buf: GuestPtr<[u8]> = base.as_array(len);
let slice = buf.as_raw(&mut bc).expect("borrow slice from iovec");
slices.push(unsafe { &mut *slice });
let slice = buf.as_slice().expect("borrow slice from iovec");
slices.push(slice);
}
println!("iovec slices: {:?}", slices);
println!("iovec slices: [");
for slice in slices {
println!(" {:?},", &*slice);
}
println!("]");
unimplemented!("fd_pread")
}

Write Preview
Loading…
Cancel
Save