This commit updates the wit-bindgen family of crates and additionally
adds a `features` key to the `bindgen!` macro. This brings it in line
with `wit-bindgen`'s support which enables usage of the new `@since` and
`@unstable` features of WIT.
* Update wit-bindgen
This commit updates wit-bindgen to 0.25 and applies some "extra
trickery" to work around the now-default providing of the realloc
symbol.
* Add audits
With cargo-vet the cross-organization trust model is not quite the same
with these two constructs in cargo-vet. Previously Wasmtime/wasm-tools
crates were flagged as `[[wildcard-audits]]` but now being changed to
all using `wasmtime-publish` to publish crates the `[[trusted]]` entries
were added at the recommendation of `cargo vet`. This means that other
organizations could no longer import our own audits since `[[trusted]]`
entries aren't imported, only suggested.
This commit changes all these entries to `wildcard-audits` with an
explanation as to why.
* Update Wasmtime's tier stability documentation
Move some items between tiers and add a few misc items here and there.
* Update platform support documentation
Re-word lots of this since it was originally written, link to the tiers
of support page, and rewrite the section on `no_std`.
* Update the `min-platform` example with no_std
This commit updates the preexisting `min-platform` example to no longer
require Nightly Rust and instead use the `no_std` support now added to
Wasmtime. This involved:
* Change the build process to produce a staticlib which is then manually
converted via `cc` into a shared library for the native Linux platform.
* Compile the modules outside of the embedding and only `deserialize`
within the embedding.
* Update the `indexmap` dependency to pick up a bug fix required in
`no_std` mode (apparently, it fails on indexmap@2.0.0 and passes at
2.2.6, I didn't dig much further).
This commit additionally makes the `wasmtime-platform.h` header file
generated by the example a release artifact for Wasmtime itself. The
header itself is touched up a bit by configuring some more `cbindgen`
options as well.
* Fix clippy build
prtest:full
* Review comments
* Pass gc-sections to linking the library
We can't meaningfully audit the other WebAssembly implementations that
we use for differential fuzzing, such as wasmi and especially v8. Let's
acknowledge that the effort to do so is not practical for us, and focus
our vetting efforts on crates that developers and users are more likely
to build.
This reduces our estimated audit backlog by over three million lines,
according to `cargo vet suggest`.
Note that our crates which depend on those engines, such as
wasmtime-fuzzing, are not published to crates.io, so if we fall victim
to a supply chain attack against dependencies of these crates, the folks
who might be impacted are limited.
Although there is value in also auditing code that might be run by
people who clone our git repository, in this case I propose that anyone
who is concerned about the risks of supply chain attacks against their
development systems should be running fuzzers inside a sandbox. After
all, it's a fuzzer: it's specifically designed to try to do anything.
* Expose `wasmtime-runtime` as `crate::runtime::vm` internally for the `wasmtime` crate
* Rewrite uses of `wasmtime_runtime` to `crate::runtime::vm`
* Remove dep on `wasmtime-runtime` from `wasmtime-cli`
* Move the `wasmtime-runtime` crate into the `wasmtime::runtime::vm` module
* Update labeler for merged crates
* Fix `publish verify`
prtest:full
Wasmtime and Cranelift have a few miscellaenous use cases for "just take
this Rust type and make it bytes", for example Wasmtime's serialization
of internal metadata into a compiled module. Previously Wasmtime used
the `bincode` crate for performing these tasks as the format was
generally optimized to be small and fast, not general purpose (e.g.
JSON). The `bincode` crate on crates.io doesn't work on `no_std`,
however, and with the work in #8341 that's an issue now for Wasmtime.
This crate switches instead to the `postcard` crate. This crate is
listed in Serde's documentation as:
> Postcard, a no_std and embedded-systems friendly compact binary
> format.
While I've not personally used it before it checks all the boxes we
relied on `bincode` for and additionally works with `no_std`. After
auditing the crate this commit then switches out Wasmtime's usage of
`bincode` for `postcard` throughout the repository.
* bump tokio-rustls
Note that rustls is not on the latest minor since tokio-rustls
has not updated yet.
* Add vet exemptions
* Update ureq to trim the crate graph
* Add vet for ureq
* Fix compile on riscv
---------
Co-authored-by: Alex Crichton <alex@alexcrichton.com>
This provides a bit of a nicer experience than the default "build your
own test harness" experience by providing things like filters and
parallel execution by default. This helps speed up the `disas` test
suite, for example, which previously had no parallelism.
* add an initial implemenation for onnxruntime backend of wasi-nn
Signed-off-by: David Justice <david@devigned.com>
* vet: audit ONNX dependencies
This change is the result of a long slog through the dependencies of the
`ort` library. The only missing dependency is `compact_str`, which needs
further discussion.
* vet: add ONNX audit entry for compact_str 0.7.1
Signed-off-by: David Justice <david@devigned.com>
* refactor tests to break out onnx and openvino
Signed-off-by: David Justice <david@devigned.com>
* mark wasi-nn onnx example as publish false
Signed-off-by: David Justice <david@devigned.com>
* update the ONNX classification example
* do not use wasi-nn onnx feature if riskv or s390
Signed-off-by: David Justice <david@devigned.com>
* prtest:full fix running WASI-NN ONNX tests across arch os
Signed-off-by: David Justice <david@devigned.com>
---------
Signed-off-by: David Justice <david@devigned.com>
Co-authored-by: Andrew Brown <andrew.brown@intel.com>
* Migrate mach to mach2
* Add audit for mach2 0.4.1 -> 0.4.2
* Use mach2 things instead of custom addons
* Fix build on aarch64-apple-darwin.
* Cast the u32 flags to i32.
* Add back custom definition that doesn't match `mach2`
prtest:full
* Fix x64 unused import
---------
Co-authored-by: Junji Takakura <j.takakura@gmail.com>
Co-authored-by: Chris Fallin <chris@cfallin.org>
Co-authored-by: Alex Crichton <alex@alexcrichton.com>
* update capstone dependency to 0.12.0
this is only used for benchmarking, so the cargo vet is just an exemption which I updated to the latest version.
* winch filetests: fix capstone changes
* Add WinML backend for wasi-nn.
* Log execution time.
* WinML backend supports execution target selection.
ExecutionTarget::Gpu is mapped to LearningModelDeviceKind::DirectX.
* Limit WinML backend on Windows only.
* Move wasi-nn WinML example to new test infra.
* Scale tensor data in test app.
App knows input and target data range, so it's better to let app to
handle scaling.
* Remove old example for wasi-nn WinML backend.
* Update image2tensor link.
* Format code.
* Upgrade image2tensor to 0.3.1.
* Upgrade windows to 0.52.0
* Use tensor data as input for wasi-nn WinML backend test.
To avoid involving too many external dependencies, input image is
converted to tensor data offline.
* Restore trailing new line for Cargo.toml.
* Remove unnecessary features for windows crate.
* Check input tensor types.
Only FP32 is supported right now. Reject other tensor types.
* Rename default model name to model.onnx.
It aligns with openvino backend.
prtest:full
* Run nn_image_classification_winml only when winml is enabled.
* vet: add trusted `windows` crate to lockfile
* Fix wasi-nn tests when both openvino and winml are enabled.
* Add check for WinML availability.
* vet: reapply vet lock
---------
Co-authored-by: Andrew Brown <andrew.brown@intel.com>
* Add a "custom" platform configuration for Wasmtime
This commit leverages adds a new "platform" to Wasmtime to be supported
in the `crates/runtime/src/sys` folder. This joins preexisting platforms
such as Unix and Windows. The goal of this platform is to be an opt-in
way to build Wasmtime for targets that don't have a predefined way to
run.
The new "custom" platform requires `--cfg wasmtime_custom_platform` to
be passed to the Rust compiler, for example by using `RUSTFLAGS`. This
new platform bottoms out in a C API that is intended to be small and
Linux-like. The C API is effectively the interface to virtual memory
that Wasmtime requires. This C API is also available as a header file at
`examples/min-platform/embedding/wasmtime-platform.h` (generated by
`cbindgen`).
The main purpose of this is to make it easier to experiment with porting
Wasmtime to new platforms. By decoupling a platform implementation from
Wasmtime itself it should be possible to run these experiments
out-of-tree. An example of this I've been working on is getting
Wasmtime running on bare-metal with a custom kernel. This support
enables defining the platform interface of the custom kernel's syscalls
outside of Wasmtime.
* Exclude wasmtime-platform.h from formatting
* Include build-wasmtime-target-wasm32 in final job
* Don't force any single toolchain
* Add notes to no_std docs
* Add rust-src to CI
* Review comments
* Change APIs to be fallible
* Only compile the min-platform example on Linux
* Fix compile of min-platform example
* Fix another compile error in the example
* Remove the `WASI` submodule
Historically the `WASI` submodule in this repository was used to pull
the sources of the `*.witx` files for preview1. This has never been used
by the `wasmtime-wasi` crate (which has its own copy in the
`crates/wasi/witx` folder) and was only ever used by `wasi-common`. This
submodule also served as a location for the `witx` crate itself.
Neither of these are really needed any more as the `*.witx` files are
unlikely to ever really change again. This commit removes the submodule
entirely, as well as the `path` dependency on `witx`, and copies the
`*.witx` files in the same manner as the `wasmtime-wasi` crate.
* Updated vet entries for witx
* Remove witx special cases in publish script
* Change how the wasi-common package is built
* Update the wasm-tools family of crates
Pulling in some updates to improve how WIT is managed in this
repository. No changes just yet, however, just pulling in the updates
first.
* Fix tests
* Fix fuzzer build
This fixes the build on the latest nightly Rust. I was able to vet
`ahash` itself but `zerocopy` is such a large and full-of-unsafe
dependency I've added an exemption for it. The documentation of it seems
to indicate it's a pretty well thought out crate with lots of care
behind it, so at least at a first glance it did not seem overly
worrisome.
* vet: prune lockfile
When running `cargo vet` in #7900, it warned me that we should consider
pruning some unused entries, etc. This is the result of running `cargo
vet prune`.
* vet: a couple more post-#7908
In #7846 I added `cargo-vet` entries to trust the `windows` crate, just
like we already trust several related `windows-*` crates. I did not,
however, update the lockfile, which means that #7807 continued to fail
the `cargo vet --locked` CI check. This change is the result of simply
running `cargo vet`.
Looks like it's been awhile since our last update. I've updated the
dependency here and additionally vetted the various dependency upgrades.
I notably did not vet `zstd-sys` since that would require vetting all of
zstd's C implementation itself which I am not, nor do I suspect many of
are, equipped to do. In lieu of that I've updated the exemption of
`zstd-sys` to the newer version.
Closes#7869
Like the rest of the `windows-*` crates published by Kenny Kerr, this
change also adds the `windows` crate itself to the trusted list. This is
necessary for use in #7807.
Alex Crichton
Nick Fitzgerald
Lann
wasmtime-publish
Jamey Sharp
Alexander Lyon
David Justice
Philip Craig
Pat Hickey
jianjunz
Trevor Elliott
Andrew Brown