I would like to know if the guest component could rely on the soundness/validity of provided buffer being valid UTF-16/UTF-8.
When 2 components send each other string and the host could "do fused adapter"
Is the host (wasmtime, jco) responsible for validating the buffer ?
Or should the guest component (in our case dotnet) be responsible to validate strings ?
Is that defined in the spec ?
I found soundness discussion here, but I'm not sure what's the latest.
https://github.com/WebAssembly/interface-types/issues/128
Consider that if the host would do it, it could be implemented possibly in more optimized way than the guest could do it.
On the other hand, if it's guest's responsibility I'm not sure that declaring my component to be UTF-16 makes significant perf benefit (because I need to scan/parse the bytes again anyway).
This question is in context of code generated by wit-bindgen for C#
cc @Joel Dice
Tracing through the Wasmtime code, I can see that fused adapters call into the host to perform both validation and copying, so @Pavel Šavara and I are wondering if it's required by the spec to do that validation, i.e. can the guest rely on it?
Yes a guest is guaranteed that all bytes it receives are a valid encoding
Wasmtime doesn't validate strings going into a guest from the host but that's only because Rust provides the guarantee invalid utf8
Thanks. Is the guarantee made explicit in e.g. https://github.com/WebAssembly/component-model/blob/main/design/mvp/CanonicalABI.md? I couldn't find it.
In load_string_from_range the UnicodeError and trap() handle this
Where all strings are always valid and the only constructor in the abi is a lift operation
We really need a "canonical abi intro" document
FWIW this issue goes into the same question: https://github.com/WebAssembly/component-model/issues/224
Pavel Šavara has marked this topic as resolved.
Last updated: Dec 23 2024 at 12:05 UTC