When the top 32 bits of the value are zero and the upper_halfword of the lower
32 bits is u16::MAX, load_constant64_full will emit a single `movn` instruction.
In that case, add_range_fact only adds lower_halfword as the fact range, which
misses the upper halfword value. We should add the hole 32-bit value as the
fact range.
Co-authored-by: Feilong Jiang <jiangfeilong@huawei>
* Cranelift: use more `iconst_[su]` in opts, notably re-enabling some i128 cases
`iconst_u` and `iconst_s` support `$I128`, so we can now enable these even though they had to be excluded before to avoid generating `iconst.i128` that doesn't exist.
* Update for PR feedback
* Restore SO_REUSEADDR.
This inadvertently removed in 8ca8056945 when switching from `bind_existing_tcp_listener` to `rustix::net::bind`
* Remove AddressInUse workarounds by generating a random port.
* fmt
* Ignore unused_variables warning
* Prevent spurious test failures by trying again a few times on EADDRINUSE
* Fix grammar in .wit documentation
* windows-sys 0.52
Not locally tested due to C dependencies which I don't have the tooling for.
The intent is to use GH's CI.
* MEMORYMAPPEDVIEW_HANDLE -> MEMORY_MAPPED_VIEW_ADDRESS
* .Value instead of cast
* fmt
* Remove cast to MEMORY_MAPPED_VIEW_ADDRESS with struct creation
* Cast ptr from *mut u8 from *mut void
* Remove CI changes which were supposed to be on a distinct branch
* Update binutils when the target is x86_64-pc-windows-gnu
* Escape paths in CI
* Update .github/workflows/main.yml
Co-authored-by: Chris Denton <christophersdenton@gmail.com>
* Correct type from p2sh to pwsh
* Use | to correct YAML parsing error
* Fix msys2's installation of MinGW
* Finally fix msys2 handling
---------
Co-authored-by: Chris Denton <christophersdenton@gmail.com>
* wasi-nn: add test programs
This change adds new test programs for wasi-nn in a way fits in with the
existing WASI test infrastructure. The code is not new, though: this
reuses the wasi-nn `examples`, which are currently used by the
`run-wasi-nn-example.sh` CI script. Eventually the examples will be
removed in favor of these tests.
Because wasi-nn's component model support is still in flight, this
change also skips the generation of components for `nn_`-prefixed tests.
* wasi-nn: add `testing` module
This testing-only module has code (i.e., `check_test!`) to check whether
OpenVINO and some test artifacts are available. The test artifacts are
downloaded and cached if not present, expecting `curl` to be present on
the command line (as discussed in the previous version of this, #6895).
* wasi-nn: run `nn_*` test programs as integration tests
Following the pattern of other WASI crates, this change adds the
necessary infrastructure to run the `nn_*` files in
`crates/test-programs` (built by `test-program-artifacts`). These tests
are only run when two sets of conditions are true:
- statically: we only run these tests where we expect OpenVINO to be
easy to install and run (e.g., the `cfg_attr` parts)
- dynamically: we also only run these tests when the OpenVINO libraries
can be located and the model artifacts can be downloaded
* ci: install OpenVINO for running wasi-nn tests
prtest:full
* vet: certify the `wasi-nn` crate
* ci: remove wasi-nn test script
* Add API to WasiCtx for adding dynamic SocketAddr checks
The user can now specify a closure which gets run any time a connection
to an external address is attempted. If the closure returns true, the
address is allowed, but if it returns false, the underlying pool is then
checked. In otherwords, false does not imply denied, but rather, check
the underlyin pool.
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Get rid of Pool in favor of just a closure
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Add a SocketAddrUse arg to the SocketAddrCheck
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
---------
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Use the compilation cache for components as well
Co-authored-by: Pat Hickey <pat@moreproductive.org>
* Wrap artifacts in `Some`
---------
Co-authored-by: Pat Hickey <pat@moreproductive.org>
* Demote `simm32` and `uimm8` to lowering ISLE only
There seems to be nothing in opt ISLE that actually wanted them, just something that's more consistently done with using a 64-bit type to read from an Imm64.
And `simm32` feels like it's probably wrong to me -- `simm32` can't actually match `-1_i32` -- but I'm not confident enough in my analysis to actually change it.
* Cranelift: Add iconst shorthand to simplify ISLE opts
* Do a manually un-currying to avoid duplicating loading the `InstructionData`
* rustfmt is my nemesis
* PCC: Fix several aarch64 check_constant failures
This patch fixes several aarch64 check_constant failures:
1. `check_subsume` for `AluRRImmLogic` failed due to the mismatch of fact width
isle rule for `orr_imm` always generates fact with bit_width 64 regardless of
immediate type. So when Type is I32, `check_subsume` will be failed.
2. `MovN` generates incorrect fact range value when `first_is_inverted` is true
`running_value` should be calculated as !(((!imm16) & 0xffff) << shift) or
!(u64::from(imm.bits) << shift)
Added two test cases in cranelift/filetests/filetests/pcc/succeed/const.clif.
Additional fix for `get_fact_or_default`:
`trace!` treats `reg` as VirtualReg and it will panic when "reg" is RealReg and
`trace-log` feature is enabled.
* simplify get_fact_or_default
Co-authored-by: Nick Fitzgerald <fitzgen@gmail.com>
* fix missing comma
---------
Co-authored-by: Nick Fitzgerald <fitzgen@gmail.com>
* add `adapter_{open|close}_badfd` exports to Preview 1 adapter
This is to be used by `wasi-libc` to reserve file descriptors for its own use
(e.g. for sockets), ensuring that any attempt to pass them directly to Preview 1
functions will consistently return an error.
See https://github.com/WebAssembly/wasi-libc/issues/447 for further details.
Signed-off-by: Joel Dice <joel.dice@fermyon.com>
* add `preview2_adapter_badfd` test
Signed-off-by: Joel Dice <joel.dice@fermyon.com>
---------
Signed-off-by: Joel Dice <joel.dice@fermyon.com>
The test simply tries looking up example.com and ensuring it fails with
`PermanentResolverFailure`. Additionally, `PermanentResolverFailure` is
removed as one of the allowed errors in the normal ip name lookup test
as those allowed errors should only be transient lookup errors and
`PermanentResolverFailure` is very much not a transient error.
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Ensure remote_address is allowed when creating UDP stream
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Check addr validity after UDP state check and wrap pool in Arc
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Check provided addr in outgoing stream
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Add test for turning off udp
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Model pool on UDP types as optional to catch bad state bugs
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
---------
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* rename to ResourceTable, docs, and export
* wasi: use the table from wasmtime::component
* wasi-http: use wasmtime::component's resource table now
* rename file (somehow got lost)
* wasmtime-cli: fixes for resourcetable
* fix wasi-http tests
* more test fixes
* error messages
* fix warning
* cli: fix min build
prtest:full
* Add options to WasiCtx for toggling TCP and UDP on and off
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Address PR feedback
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
* Add test for turning off tcp
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
---------
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
This commit is an attempt to address the CI failure popping up in #7636.
I can reproduce the failure locally and it appears to be due to the fact
that macOS is giving spawned threads via `pthread_create` a 512K stack
by default. Cranelift when compiled in debug mode is taking more stack
than this (but working in release mode). I was talking with Trevor and
Jamey about possible ways to reduce the stack size here but for now I'm
going with Jamey's suggestion of increasing the stack size as the best
course of action for now.
* wasi-cli: update to version 0.2.0-rc-2023-12-05
* wasi-http: update to 0.2.0-rc-2023-12-05
* fix versions in extra (non-wasi) wits
* component adapter: fixes to use cli/imports world, correct versions
* wasmtime-wasi: cli/reactor is now cli/imports
* sync wasi-http/wit with wasi/wit
* fix cli-test component-basic.wat version
This change deduplicates some module documentation the pooling
allocator. Previously, the module-level documentation for `pooling.rs`
and `memory_pool.rs` had duplicated content which this change removes.
It also takes a stab at clarifying "how" and "why" MPK is used for
memory pooling.
I realized just now that we haven't actually documented our usage of
`cargo vet` anywhere in our contributing documentation (or not that I
could find), so I decided to try and rectify that!
* Rewrite wait/notify with wasm threads
This commit rewrites and refactors the `ParkingSpot` implementation in
Wasmtime. This is motivated by #7623 primarily which is something I haven't
been able to reproduce but it doesn't look like a spurious issue. Additionally
in reviewing the previous implementation I'm not sure if it was technically
spec-compliant.
Previously each parking spot was modeled with a single condition variable. All
threads blocking on the same address would block on the same condition
variable. When waking up N threads the condition variable would either use
`notify_all` or `notify_one` N times. The part I wasn't so sure about is that
each thread, when waking up, would "consume" a wakeup notification on the way
out, going back to sleep if a notification wasn't available. This was intended
to handle spurious wakeups from the OS condition variable in use. This could
mean, however, that a spurious wakeup of one thread could consume a
notification from another thread. This was documented already as a possibility
and "probably ok" but my gut is that this behavior led to #7623, although I
haven't been able to construct a trace that would lead the test here to
deadlock.
Out of caution, however, this commit rewrites the implementation to be similar
to what V8 and SpiderMonkey are doing. Both of those implementations are using
a linked list of waiters for threads that are blocked and then notifying
N threads dequeues N threads to wake them up. This makes the semantics
of knowing which thread is waken up easier to understand from an
implementation point of view since each wakeup notification
deterministically goes to a specified thread. The tricky part about this
implementation is that a doubly-linked-list needs to be maintained
within `ParkingSpot` to handle this.
While I was here I additionally refactored the interface of
`ParkingSpot` to more closely match the raw interface of WebAssembly.
This is intended to scope the problem being solved more narrowly to what
wasm needs rather than trying to solve a more general problem at the
same time.
Closes#7623
* Touch up some comments
This commit reworks the `br_table` logic so that it correctly handles
all the jumps involved to each of the targets.
Even though it is safe to use the default branch for type information,
it is not safe to use it to derive the base stack pointer and base value
stack length. This change ensures that each target offset is taken into
account to balance the value stack prior to each jump.
* Gate more functionality behind `debug-builtins`
This commit extends the gating behavior of the preexisting
`debug-builtins` Cargo feature to cover more GDB-related functionality
associated with debugging. This can additionally slim down the set of
exposed symbols from Wasmtime over the default with them included.
* Move timing in Cranelift behind a Cargo feature
This commit adds a `timing` feature to the `cranelift-codegen` crate
which is enabled by default. This feature gates the timing functionality
in Cranelift to enable turning it off if desired. The goal of this
commit is to remove a system dependency on `Instant` for possibly
esoteric environments.
* Consolidate platform-specific definitions in Wasmtime
Prior to this commit Wasmtime did not not have a style or system for
containing platform-specific logic in files. The goal of this commit is
to consolidate all platform-specific functionality into one location to
make it easier to port Wasmtime to new systems. This commit creates a
`sys` module within the `wasmtime-runtime` crate which conditionally
defines all of the platform support that Wasmtime requires, namely
things related to virtual memory management and trap handling. Many of
the previous `unix.rs` files interspersed throughout the tree are now
all located in a single `unix` directory. This additionally helps split
out `miri`-specific functionality by pretending `miri` is its own
platform.
This change additionally goes through `#[cfg]` directives throughout
`wasmtime-runtime`, `wasmtime-jit`, and `wasmtime` itself to place all
of this target-specific functionality within this `sys` directory. The
end state is that there are two new top-level modules in the
`wasmtime-runtime` crate:
* `arch` - this conditionally defines architecture-specific logic such
as the state used by backtraces, libcalls, etc.
* `sys` - this conditionally defines OS or platform-specific logic such
as virtual memory management.
One secondary goal of this commit is to enable the ability to easily
add new platforms to Wasmtime, even if it's in a fork of Wasmtime.
Previously patches might have to touch a good number of locations where
now they'd ideally only have to touch `sys/mod.rs` to declare a new
platform and `sys/$platform/*.rs` to define all the functionality.
* Fix build on Windows
prtest:full
* Fix some build warnings
* Fix miri build
* Include debug-builtins when testing
* Try to fix Windows tests
* Fix warnings on miri
* Fix miri build
* Fix debug-builtins feature
* More feature fixes
* Rename `fd` field
* Fix speeling
* Review comments
* mpk: allow checking for MPK without a config instance
It is inconvenient to have to construct a `PoolingAllocationConfig` in
order to check if memory protection keys are available. This removes
the unused `&self` restriction.
* mpk: improve logging of calculated slab layout
When double-checking the slab layout calculations it is quite convenient
to see the total slab size. This helps in correlating with mapped
regions.
* mpk: add an example testing the memory limits
This adds an example that can be run with `cargo run --example mpk`. Not
only does the example demonstrate how to build a pool-allocated engine
that uses MPK, it performs an exponential search to find the maximum
number of slots the system can support, with and without MPK.
* review: document Linux requirement
* review: `env_logger::init`
* review: replace `proc-maps` with manual parsing
* vet: audit `bytesize`
* fix: provide `main` for non-Linux systems
* fix: move `cfg` to avoid unused code
* mpk: optimize layout of protected stripes, again
This is another attempt at #7603, attempting reduce the slab layout
sizes of MPK-protected stripes. While experimenting with the limits of
MPK-protected memory pools, @alexcrichton and I discovered that the
current slab layout calculations were too conservative. This meant that
the memory pool could not pack in as many memories as it should have
been able: we were expecting, but not seeing, ~15x more memory slots
over non-MPK memory pools.
This change brings together several fixes:
- it more aggressively divides up the stripes (as in b212152)
- it eliminates an extra stripe (as in 8813a30)
- it replaces some uses of `checked_*` with `saturating_*` (as in
fb22a20)
- it improves some documentation
- and, crucially, it reports back a larger value for
`memory_and_guard_size`
The failures observed with #7603 when run with MPK
(`WASMTIME_TEST_FORCE_MPK=1 cargo test`) were due to `Store::wasm_fault`
not being able to identify which memory an OOB address belonged to.
This is because the `MemoryPool` was underreporting the size of the
region in which OOB accesses would fault. The correct value is provided
by the new `SlabLayout::bytes_to_next_stripe_slot`: any OOB access
within that larger region must fault because (1) the other stripes have
different protection keys and (2) a `Store` can only use one protection
key. We also use (2) to guarantee that `Store::wasm_fault` will be able
to calculate the Wasm address from the raw address.
This change also provides a new `traps` test that will reproduce the
failures from #7603; if we observe `SIGABRT` from that test, it will be
a regression.
* fix: make test x86-specific
This commit tightens the fuzzing criteria for Winch. The previous
implementation only accounted for unsupported instructions. However,
unsupported types can also cause the fuzzer to crash.
Winch currently doesn't support `v128` and most of the `Ref` types.
scottmcm
Alex Crichton
Feilong Jiang
wasmtime-publish
Brett Cannon
kajacx
Dave Bakker
Luke Parker
Andrew Brown
Harald Hoyer
Jeffrey Charles
Ryan Levick
Roman Volosatovs
Trevor Elliott
Bruce Mitchener
James Sturtevant
Joel Dice
Xinzhao Xu
Pat Hickey
Saúl Cabrera
Matthew Phillips