wasmtime / PR #11056 Fix another case of Miri unsoundness · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / PR #11056 Fix another case of Miri unsoundness

Wasmtime GitHub notifications bot (Jun 16 2025 at 22:16):

alexcrichton opened PR #11056 from alexcrichton:fix-miri-unsoundness to bytecodealliance:main:

This commit fixes another issue we've discovered in the wasip3 prototyping repository about a code pattern in wasm which Miri flags as un-sound. Specifically what happened was:

Invocation of WebAssembly went through VMFuncRef::array_call which takes a &self parameter.

Inside of WebAssembly though a ref.func instruction, or anything else that references the original exported function, will re-initialize the VMFuncRef which writes the &self up the stack, which is not sound.

Fixing this required changing the signature of array_call from &self to me: NonNull<VMFuncRef>, and the signature was already unsafe so this is a new unsafe contract for that signature.

In fixing this, however, it was discovered that a mistake was made in #10943 where some internal functions for re-initializing a VMFuncRef relied on the previous signature of &mut self but that PR switche to &self. This PR corrects these signatures to Pin<&mut Self> and then plumbs around the necessary changes, notably causing some refactoring in component-related bits.

Wasmtime GitHub notifications bot (Jun 16 2025 at 22:16):

alexcrichton requested fitzgen for a review on PR #11056.

Wasmtime GitHub notifications bot (Jun 16 2025 at 22:16):

alexcrichton requested wasmtime-core-reviewers for a review on PR #11056.

Wasmtime GitHub notifications bot (Jun 17 2025 at 15:55):

fitzgen submitted PR review:

:+1:

Wasmtime GitHub notifications bot (Jun 17 2025 at 16:17):

fitzgen merged PR #11056.

Last updated: Dec 06 2025 at 06:05 UTC