Wasmtime GitHub notifications bot (Mar 10 2020 at 14:28): Wasmtime GitHub notifications bot (Mar 10 2020 at 14:28):alexcrichton closed Issue #958:
In reviewing some code today I started wondering what would happen if you started mixing
Storevalues and instances together. For example you can create twoInstanceobjects in twoStoreobjects, what would happen when they're linked?The concrete things I know of today we have to worry about are:
- Mainly the
Compilershared state in aStore. This notably contains two fields:
signaturesis aStore-local registry of all known wasm signatures, mapping them to an index for signature checks duringcall_indirect. This is actually memory unsafe today because if you mix twoStoreobjects then two different signatures could get the same shared index, meaningcall_indirectcould call the wrong thing.trap_registryis also aStore-local registry of information about traps. While I don't think this is related to memory safety it does mean that if you're calling code in one instance but started in another the trap in the second instance won't be resolved correctly and we'll get the wrong trap information out of it.- There's also maybe issues with the cache but I suspect not, it's not shared state across instances in a
Storethat I've looked at too too deeply.I started implementing a fix where we'd simply reject linking instances together if they come from two different
Storevalues, but this is also a problem with anyVal::FuncRefgetting stored in a table across instances. Especially with reference types this gets really hairy to guard, so I don't think it'll be easy to simply block access at all entry points.The only fix I can think of is to have a truly global map for all this, but it feels bad to have a truly global ever-expanding map that's never deallocated from. I think we'll want to figure out a way to remove items from the map at least when a
Storeis dropped (maybe sooner?). In any case wanted to make sure there was an open issue for this!
Last updated: Nov 22 2024 at 17:03 UTC