Like the rest of the `windows-*` crates published by Kenny Kerr, this
change also adds the `windows` crate itself to the trusted list. This is
necessary for use in #7807.
* Update several dependencies to windows-sys 0.52.
Update cap-std, rustix, io-extras, errno, fd-lock, fs-set-times, and
winx to versions which use windows-sys 0.52.
I started out hoping that everything could be updated to
windows-sys 0.52, however tokio and mio have not yet updated to
windows-sys 0.52 due to supporting an older MSRV.
* Link the C++ examples with CoreFoundation.
This is needed due to the iana-time-zone support.
prtest:full
* Fix compilation on non-Apple platfoms.
* Fix compilation on Apple platforms.
* wasi-nn: add test programs
This change adds new test programs for wasi-nn in a way fits in with the
existing WASI test infrastructure. The code is not new, though: this
reuses the wasi-nn `examples`, which are currently used by the
`run-wasi-nn-example.sh` CI script. Eventually the examples will be
removed in favor of these tests.
Because wasi-nn's component model support is still in flight, this
change also skips the generation of components for `nn_`-prefixed tests.
* wasi-nn: add `testing` module
This testing-only module has code (i.e., `check_test!`) to check whether
OpenVINO and some test artifacts are available. The test artifacts are
downloaded and cached if not present, expecting `curl` to be present on
the command line (as discussed in the previous version of this, #6895).
* wasi-nn: run `nn_*` test programs as integration tests
Following the pattern of other WASI crates, this change adds the
necessary infrastructure to run the `nn_*` files in
`crates/test-programs` (built by `test-program-artifacts`). These tests
are only run when two sets of conditions are true:
- statically: we only run these tests where we expect OpenVINO to be
easy to install and run (e.g., the `cfg_attr` parts)
- dynamically: we also only run these tests when the OpenVINO libraries
can be located and the model artifacts can be downloaded
* ci: install OpenVINO for running wasi-nn tests
prtest:full
* vet: certify the `wasi-nn` crate
* ci: remove wasi-nn test script
* mpk: allow checking for MPK without a config instance
It is inconvenient to have to construct a `PoolingAllocationConfig` in
order to check if memory protection keys are available. This removes
the unused `&self` restriction.
* mpk: improve logging of calculated slab layout
When double-checking the slab layout calculations it is quite convenient
to see the total slab size. This helps in correlating with mapped
regions.
* mpk: add an example testing the memory limits
This adds an example that can be run with `cargo run --example mpk`. Not
only does the example demonstrate how to build a pool-allocated engine
that uses MPK, it performs an exponential search to find the maximum
number of slots the system can support, with and without MPK.
* review: document Linux requirement
* review: `env_logger::init`
* review: replace `proc-maps` with manual parsing
* vet: audit `bytesize`
* fix: provide `main` for non-Linux systems
* fix: move `cfg` to avoid unused code
* Update `errno` crate to drop unused dependency
Small change to our dependency graph.
* Update rayon-core to drop some dependency edges
Just a bit of pruning for our dependency graph.
* Update num_cpus dependency to drop a dependency
Minor pruning of our dependency graph.
* Update wasm-tools crates
This commit updates the wasm-tools family of crate for a number of
notable updates:
* bytecodealliance/wasm-tools#1257 - wasmparser's ID-based
infrastructure has been refactored to have more precise types for each
ID rather than one all-purpose `TypeId`.
* bytecodealliance/wasm-tools#1262 - the implementation of
"implementation imports" for the component model which both updates
the binary format in addition to adding more syntactic forms of
imports.
* bytecodealliance/wasm-tools#1260 - a new encoding scheme for component
information for `wit-component` in objects (not used by Wasmtime but
used by bindings generators).
Translation for components needed to be updated to account for the first
change, but otherwise this was a straightforward update.
* Remove a TODO
* Update some crates to align on latest `rustix`
This commit addresses some dependabot warnings showing up on the
Wasmtime repository by updating all dependencies to using the latest
`rustix` release.
* Debug CI
prtest:full
* Downgrade rustix to 0.38.14
Works around bytecodealliance/rustix#901
Some notable changes here are:
* The `wasm-tools` crates have enabled the `relaxed-simd`, `threads`,
and `multi-memory` proposals by default. For now I've left these
disabled-by-default in Wasmtime to get enabled in a future PR.
* The `wast` crate has support for parsing `thread` and `wait`
constructs from the `threads` proposal for WebAssembly. They're left
unimplemented for now and return errors. This will get filled in in a
future update.
* Rename `Host*` things to avoid name conflicts with bindings.
* Update to the latest resource-enabled wit files.
* Adapting the code to the new bindings.
* Update wasi-http to the resource-enabled wit deps.
* Start adapting the wasi-http code to the new bindings.
* Make `get_directories` always return new owned handles.
* Simplify the `poll_one` implementation.
* Update the wasi-preview1-component-adapter.
FIXME: temporarily disable wasi-http tests.
Add logging to the cli world, since stderr is now a reseource that
can only be claimed once.
* Work around a bug hit by poll-list, fix a bug in poll-one.
* Comment out `test_fd_readwrite_invalid_fd`, which panics now.
* Fix a few FIXMEs.
* Use `.as_ref().trapping_unwrap()` instead of `TrappingUnwrapRef`.
* Use `drop_in_place`.
* Remove `State::with_mut`.
* Remove the `RefCell` around the `State`.
* Update to wit-bindgen 0.12.
* Update wasi-http to use resources for poll and I/O.
This required making incoming-body and outgoing-body resourrces too, to
work with `push_input_stream_child` and `push_output_stream_child`.
* Re-enable disabled tests, remove logging from the worlds.
* Remove the `poll_list` workarounds that are no longer needed.
* Remove logging from the adapter.
That said, there is no replacement yet, so add a FIXME comment.
* Reenable a test that now passes.
* Remove `.descriptors_mut` and use `with_descriptors_mut` instead.
Replace `.descriptors()` and `.descriptors_mut()` with functions
that take closures, which limits their scope, to prevent them from
invalid aliasing.
* Implement dynamic borrow checking for descriptors.
* Add a cargo-vet audit for wasmtime-wmemcheck.
* Update cargo vet for wit-bindgen 0.12.
* Cut down on duplicate sync/async resource types (#1)
* Allow calling `get-directories` more than once (#2)
For now `Clone` the directories into new descriptor slots as needed.
* Start to lift restriction of stdio only once (#3)
* Start to lift restriction of stdio only once
This commit adds new `{Stdin,Stdout}Stream` traits which take over the
job of the stdio streams in `WasiCtxBuilder` and `WasiCtx`. These traits
bake in the ability to create a stream at any time to satisfy the API
of `wasi:cli`. The TTY functionality is folded into them as while I was
at it.
The implementation for stdin is relatively trivial since the stdin
implementation already handles multiple streams reading it. Built-in
impls of the `StdinStream` trait are also provided for helper types in
`preview2::pipe` which resulted in the implementation of
`MemoryInputPipe` being updated to support `Clone` where all clones read
the same original data.
* Get tests building
* Un-ignore now-passing test
* Remove unneeded argument from `WasiCtxBuilder::build`
* Fix tests
* Remove some workarounds
Stdio functions can now be called multiple times.
* If `poll_oneoff` fails part-way through, clean up properly.
Fix the `Drop` implementation for pollables to only drop the pollables
that have been successfully added to the list.
This fixes the poll_oneoff_files failure and removes a FIXME.
---------
Co-authored-by: Alex Crichton <alex@alexcrichton.com>
* Move the incoming_handler impl into http_impl
* Remove the incoming handler -- we need to use it as a guest export
* Start adding a test-programs test for the server side of wasi-http
* Progress towards running a server test
* Implement incoming-request-method
* Validate outparam value
* Initial incoming handler test
* Implement more of the incoming api
* Finish the incoming api implementations
* Initial cut at `wasmtime serve`
* fix warning
* wasmtime-cli: invoke ServeCommand, and add enough stuff to the linker to run trivial test
* fix warnings
* fix warnings
* argument parsing: allow --addr to specify sockaddr
* rustfmt
* sync wit definitions between wasmtime-wasi and wasmtime-wasi-http
* cargo vet: add an import config and wildcard audit for wasmtime-wmemcheck
* cargo vet: audit signal-hook-registry
* Remove duplicate add_to_linker calls for preview2 interfaces
prtest:full
* Add a method to finish outgoing responses
Co-authored-by: Adam Foltzer <acfoltzer@fastly.com>
Co-authored-by: Pat Hickey <phickey@fastly.com>
* Mark the result of the incoming_{request,response}_consume methods as own
* Explicit versions for http-body and http-body-util
* Explicit `serve` feature for the `wasmtime serve` command
* Move the spawn outside of the future returned by `ProxyHandler::call`
* Review feedback
---------
Co-authored-by: Trevor Elliott <telliott@fastly.com>
Co-authored-by: Adam Foltzer <acfoltzer@fastly.com>
This only affects tests and the adapter itself, but not in any breaking
way. The tests for wasi-http are reorganized to be commands which is
also required to not have any exports currently since wit-bindgen for
Rust guests doesn't support generating bindings in one crate and
exporting in another.
* Implement the `tcp` interface of wasi-sockets.
Implement the `tcp`, `tcp-create-socket`, and `network` interfaces of
wasi-sockets.
* Minor cleanups.
* Update to the latest upstream wasi-sockets.
* Address review feedback.
* Handle zero-length reads and writes, and other cleanups.
* Fix compilation on macOS.
* Fix compilation on Windows.
* Update all the copies of wasi-socket wit files.
* Sync up more wit files.
* Fix the errno code for non-blocking `connect` on Windows.
prtest:full
* Tolerate `NOTCONN` errors when cleaning up with `shutdown`.
* Simplify the polling mechanism.
This requires an updated tokio for `Interest::ERROR`.
* Downgrade to tokio 1.29.1 for now.
* Move `tcp_state` out of the `Arc`.
* `accept` doesn't need a write lock.
* Remove `tcp_state`'s `RwLock`.
* Remove the implementation of wasi-crypto
This commit is a follow-up to the discussion on #6732. This removes
Wasmtime's implementation of the wasi-crypto proposal from in-tree along
with its various support in CI, configuration, etc. See the discussion
on #6732 for the full information but at a high level the main reasons
for removing the implementation at this time are:
* There is not currently an active maintainer of the Wasmtime
integration here for wasi-crypto.
* There are known issues with the code quality of the implementation
such as transmutes of guest-owned memory to `&'static mut [u8]` and
known unsafety in dependencies.
* The size and breadth of the dependency tree brings maintenance burden
and overhead to managing Wasmtime's dependency tree.
As mentioned on the issue this commit does not mean that Wasmtime
doesn't want to implement the wasi-crypto proposal. Instead the "tier 3"
status of wasi-crypto needs to be re-attained to be included back
in-tree, which would mean resolving the above issues.
Note that this commit is intentionally just after the 13.0.0 branch
point which means that this is slated for Wasmtime 14 to be released on
September 20.
* Remove some cfgs
* Remove wasi-crypto CI
Do this by updating `crossbeam-epoch` and auditing this update of
crossbeam. The newer version of crossbeam additionally updates its
version of `memoffset`.
This commit adds `cargo vet` trust entries for any crate published by
BurntSushi, of which a good number are in our dependency graph. This
additionally updates the `bstr` crate to its latest version and updates
regex-related dependencies from other crates to avoid duplication of
versions.
* Remove deny.toml exception for wasm-coredump-builder
This isn't used any more so no need to continue to list this.
* Update Wasmtime's pretty_env_logger dependency
This removes a `deny.toml` exception for that crate, but `openvino-sys`
still depends on `pretty_env_logger 0.4.0` so a new exception is added
for that.
* Update criterion and clap dependencies
This commit started out by updating the `criterion` dependency to remove
an entry in `deny.toml`, but that ended up transitively requiring a
`clap` dependency upgrade from 3.x to 4.x because `criterion` uses
pieces of clap 4.x. Most of this commit is then dedicated to updating
clap 3.x to 4.x which was relatively simple, mostly renaming attributes
here and there.
* Update gimli-related dependencies
I originally wanted to remove the `indexmap` clause in `deny.toml` but
enough dependencies haven't updated from 1.9 to 2.0 that it wasn't
possible. In the meantime though this updates some various dependencies
to bring them to the latest and a few of them now use `indexmap` 2.0.
* Update deps to remove `windows-sys 0.45.0`
This involved updating tokio/mio and then providing new audits for new
crates. The tokio exemption was updated from its old version to the new
version and tokio remains un-audited.
* Update `syn` to 2.x.x
This required a bit of rewriting for the component-macro related bits
but otherwise was pretty straightforward. The `syn` 1.x.x track is still
present in the wasi-crypto tree at this time.
I've additionally added some trusted audits for my own publications of
`wasm-bindgen`
* Update bitflags to 2.x.x
This updates Wasmtime's dependency on the `bitflags` crate to the 2.x.x
track to keep it up-to-date.
* Update the cap-std family of crates
This bumps them all to the next major version to keep up with updates.
I've additionally added trusted entries for publishes of cap-std crates
from Dan.
There's still lingering references to rustix 0.37.x which will need to
get weeded out over time.
* Update memoffset dependency to latest
Avoids having two versions in our crate graph.
* Fix tests
* Update try_from for wiggle flags
* Fix build on AArch64 Linux
* Enable `event` for rustix on Windows too
* Cranelift: upgrade to regalloc2 0.9.2.
This pulls in bytecodealliance/regalloc2#152, which fixes a bug that is
reachable on RISC-V: when two different register classes have the same
stackslot size, the register allocation result might share a slot
between two different classes, which can result in moves between classes
that will cause a panic. The fix properly separates slots by class.
* cargo-vet update for regalloc2 0.9.2.
* Update wasm-tools dependencies
* Get tests passing after wasm-tools update
Mostly dealing with updates to `wasmparser`'s API.
* Update `cargo vet` for new crates
* Add `equivalent`, `hashbrown`, and `quote` to the list of trusted
authors. We already trust these authors for other crates.
* Pull in some upstream audits for various deps.
* I've audited the `pulldown-cmark` dependency upgrade myself.
We discussed this in today's Wasmtime meeting and the consensus was that
we trust each of these people to have a sufficient standard of care for
anything they release.
This reduces our estimated audit backlog by about 184 kLOC.
For the most part, the trust records I'm adding here are identical to
trust records that Mozilla is using. The fact that they've also decided
these publishers are trustworthy is reassuring additional evidence for
our decision. The exceptions and notable cases are as follows:
I've chosen to not trust three crates by these authors that Mozilla did
not trust. I suspect Mozilla simply doesn't use these crates or has
manually audited them, rather than there being any problem with the
crates themselves. But I've chosen to be conservative about what we
trust.
- autocfg: we only have an exception for an old version, and that
version is only used transitively by wasi-crypto.
- env_logger: Mozilla has audited some versions; we should update, or
add delta audits.
- thread_local: only used by tracing-subscriber which is only used in
dev-dependencies.
I've trusted one crate that Mozilla did not: libm, when published by
Amanieu. We're trusting libc when published by the same author, and libm
is a small extension of the same trust.
Recent versions of the toml crate have been published by epage so I
looked at in this process, but Mozilla only trusts the older versions
which were published by alexcrichton. They've been delta-auditing the
newer versions. I've chosen to follow their lead on this; Alex is a
trusted contributor to Wasmtime anyway.
* Update v8 and proc-macro2 dependencies
Gets them both compiling on the latest nightly so we can unpin the Rust
compiler version in OSS-Fuzz.
* Update nightly in CI
The Bytecode Alliance didn't actually audit these crates but rather
simply trusts them, per the notes. Previously we didn't have a way
to express this distinction, but now we do.
* Upgrade file-per-thread-logger to v0.2.0
Signed-off-by: Benjamin Bouvier <public@benj.me>
* Update audits too
Signed-off-by: Benjamin Bouvier <public@benj.me>
---------
Signed-off-by: Benjamin Bouvier <public@benj.me>
* Remove some yanked crates from `Cargo.lock`
This commit fixes some warnings that are cropping up during publishing
about yanked crates being in our `Cargo.lock`.
* Remove an unneeded vet `imports.lock` entry
* wasi-tests and wasi-http-tests no longer have their own workspace
* wasi-tests: fix warnings
* rewrite the test-programs build.rs to generate {package}_modules.rs and _components.rs
The style is cribbed from preview2-prototying repo, but I ended up
refactoring it a bit.
* better escaping should help with windows?
* long form cap-std-sync and tokio test suites
* convert wasi-http test
* fixes, comments
* apply cargo fmt to whole workspace
* bump test-programs and wasi-http-tests to all use common dependency versions
wit-bindgen 0.6.0 and wit-component 0.7.4
* add new audits
* cargo vet prune
* package and supply chain updates to fix vulnerabilities
h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability
tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable
remove_dir_all
* deny: temporarily allow duplicate wasm-encoder, wasmparser, wit-parser
prtest:full
* convert more dependencies to { workspace = true }
Alex asked me to do thsi for wit-component and wit-bindgen, and I found
a few more (cfg-if, tempfile, filecheck, anyhow...
I also reorganized the workspace dependencies section to make the ones
our team maintains more clearly separated from our external
dependencies.
* test-programs build: ensure that the user writes a #[test] for each module, component
* fix build of wasi-tests on windows
* misspelled macos
* mark wasi-tests crate test=false so we dont try building it natively...
* mark wasi-http-tests test=false as well
* try getting the cargo keys right
* just exclude wasi-tests and wasi-http-tests in run-tests.sh
* interesting paths fails on windows
* misspelling so nice i did it twice
* new cargo deny exception: ignore all of wit-bindgen's dependencies
* auto-import wildcard vets
* Make Wasmtime compatible with Stacked Borrows in MIRI
The fact that Wasmtime executes correctly under Tree Borrows but not
Stacked Borrows is a bit suspect and given what I've since learned about
the aliasing models I wanted to give it a stab to get things working
with Stacked Borrows. It turns out that this wasn't all that difficult,
but required two underlying changes:
* First the implementation of `Instance::vmctx` is now specially crafted
in an intentional way to preserve the provenance of the returned
pointer. This way all `&Instance` pointers will return a `VMContext`
pointer with the same provenance and acquiring the pointer won't
accidentally invalidate all prior pointers.
* Second the conversion from `VMContext` to `Instance` has been updated
to work with provenance and such. Previously the conversion looked
like `&mut VMContext -> &mut Instance`, but I think this didn't play
well with MIRI because `&mut VMContext` has no provenance over any
data since it's zero-sized. Instead now the conversion is from `*mut
VMContext` to `&mut Instance` where we know that `*mut VMContext` has
provenance over the entire instance allocation. This shuffled a fair
bit around to handle the new closure-based API to prevent escaping
pointers, but otherwise no major change other than the structure and
the types in play.
This commit additionally picks up a dependency on the `sptr` crate which
is a crate for prototyping strict-provenance APIs in Rust. This is I
believe intended to be upstreamed into Rust one day (it's in the
standard library as a Nightly-only API right now) but in the meantime
this is a stable alternative.
* Clean up manual `unsafe impl Send` impls
This commit adds a new wrapper type `SendSyncPtr<T>` which automatically
impls the `Send` and `Sync` traits based on the `T` type contained.
Otherwise it works similarly to `NonNull<T>`. This helps clean up a
number of manual annotations of `unsafe impl {Send,Sync} for ...`
throughout the runtime.
* Remove pointer-to-integer casts with tables
In an effort to enable MIRI's "strict provenance" mode this commit
removes the integer-to-pointer casts in the runtime `Table`
implementation for Wasmtime. Most of the bits were already there to
track all this, so this commit plumbed around the various pointer types
and with the help of the `sptr` crate preserves the provenance of all
related pointers.
* Remove integer-to-pointer casts in CoW management
The `MemoryImageSlot` type stored a `base: usize` field mostly because I
was too lazy to have a `Send`/`Sync` type as a pointer, so this commit
updates it to use `SendSyncPtr<u8>` and then plumbs the pointer-ness
throughout the implementation. This removes all integer-to-pointer casts
and has pointers stores as actual pointers when they're at rest.
* Remove pointer-to-integer casts in "raw" representations
This commit changes the "raw" representation of `Func` and `ExternRef`
to a `*mut c_void` instead of the previous `usize`. This is done to
satisfy MIRI's requirements with strict provenance, properly marking the
intermediate value as a pointer rather than round-tripping through
integers.
* Minor remaining cleanups
* Switch to Stacked Borrows for MIRI on CI
Additionally enable the strict-provenance features to force warnings
emitted today to become errors.
* Fix a typo
* Replace a negative offset with `sub`
* Comment the sentinel value
* Use NonNull::dangling
This pulls in Kerollmops/slice-group-by#20 which is necessary to get
Cranelift "clean" in MIRI with Stacked Borrows. I plan on leveraging
this in a subsequent commit to #6332 which turns on Stacked Borrows for
Wasmtime, but currently it fails due to this transitive dependency of
Cranelift, hence the update.
`poll_oneoff` uses `system_interface::ReadReady` to compute how many
bytes are ready to be read, which is part of the Preview1 `poll_oneoff`
API. This updates to system-interface 0.25.7 which has a fix to handle
special files such as /dev/urandom and /dev/null properly.
Fixes#6239.
This updates to rustix 0.37.13, which contains some features we can use to
implement more features in wasi-common for the wasi-sockets API. This also
pulls in several other updates to avoid having multiple versions of rustix.
This does introduce multiple versions of windows-sys, as the errno and tokio
crates are currently using 0.45 while rustix and other dependencies have
updated to 0.48; PRs updating these are already in flight so this will
hopefully be resolved soon.
It also includes cap-std 1.0.14, which disables the use of `openat2` and
`statx` on Android, fixing a bug where some Android devices crash the
process when those syscalls are executed.
Trevor Elliott
Andrew Brown
Alex Crichton
Dan Gohman
Iceber Gu
Rahul
Pat Hickey
Chris Fallin
Jamey Sharp
Bobby Holley
Benjamin Bouvier
Nick Fitzgerald