wasmtime / PR #12800 PCC: remove proof-carrying code (for... · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / PR #12800 PCC: remove proof-carrying code (for...

Wasmtime GitHub notifications bot (Mar 18 2026 at 14:09):

cfallin opened PR #12800 from cfallin:pcc-removal to bytecodealliance:main:

In late 2023, we built out an experimental feature called Proof-Carrying Code (PCC), where we attached "facts" to values in the CLIF IR and built verification of these facts after lowering to machine instructions. We also added "memory types" describing layout of memory and a "checked" flag on memory operations such that we could verify that any checked memory operation accessed valid memory (as defined by memory types attached to pointer values via facts). Wasmtime's Cranelift backend then put appropriate memory types and facts in its IR such that all accesses to memory (aspirationally) could be checked, taking the whole mid-end and lowering backend of Cranelift out of the trusted core that enforces SFI.

This basically worked, at the time, for static memories; but never for dynamic memories, and then work on the feature lost prioritization (aka I had to work on other things) and I wasn't able to complete it and put it in fuzzing/enable it as a production option.

Unfortunately since then it has bit-rotted significantly -- as we add new backend optimizations and instruction lowerings we haven't kept the PCC framework up to date.

Inspired by the discussion in #12497 I think it's time to delete it (hopefully just "for now"?) unless/until we can build it again. And when we do that, we should probably get it to the point of validating robust operation on all combinations of memory configurations before merging. (That implies a big experiment branch rather than a bunch of eager PRs in-tree, but so it goes.) I still believe it is possible to build this (and I have ideas on how to do it!) but not right now.

Wasmtime GitHub notifications bot (Mar 18 2026 at 14:09):

cfallin requested wasmtime-compiler-reviewers for a review on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 14:09):

cfallin requested alexcrichton for a review on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 14:09):

cfallin requested wasmtime-core-reviewers for a review on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 14:09):

cfallin requested wasmtime-fuzz-reviewers for a review on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 16:11):

cfallin updated PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:53):

github-actions[bot] added the label cranelift on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:53):

github-actions[bot] added the label cranelift:area:aarch64 on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:53):

github-actions[bot] added the label cranelift:area:machinst on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:53):

github-actions[bot] added the label cranelift:meta on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:53):

github-actions[bot] added the label cranelift:area:x64 on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:53):

github-actions[bot] added the label isle on PR #12800.

Wasmtime GitHub notifications bot (Mar 18 2026 at 19:54):

github-actions[bot] commented on PR #12800:

Subscribe to Label Action

cc @cfallin, @fitzgen

<details>
This issue or pull request has been labeled: "cranelift", "cranelift:area:aarch64", "cranelift:area:machinst", "cranelift:area:x64", "cranelift:meta", "isle"

Thus the following users have been cc'd because of the following labels:

cfallin: isle

fitzgen: isle

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

Last updated: Mar 23 2026 at 16:19 UTC