wasmtime / PR #12938 winch: respect the enable_nan_canoni... · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / PR #12938 winch: respect the enable_nan_canoni...

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near opened PR #12938 from r-near:winch-nan-canonicalization to bytecodealliance:main:

The enable_nan_canonicalization flag already flows through to Winch via the shared Flags, but Winch was ignoring it. This adds a canonicalize_nan method to the Masm trait that, when the flag is set, emits a compare-with-self + conditional branch to replace NaN results with the canonical quiet NaN after each float arithmetic op.

Covered operations: add, sub, mul, div, min, max, sqrt, ceil, floor, trunc, nearest, demote, and promote. Implemented for x64 and aarch64. Includes a scalar wast test (counterpart to simd/canonicalize-nan.wast).

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested Copilot for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested wasmtime-wasi-reviewers for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested fitzgen for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested wasmtime-core-reviewers for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested wasmtime-default-reviewers for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested wasmtime-fuzz-reviewers for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:47):

r-near requested wasmtime-compiler-reviewers for a review on PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:48):

r-near closed without merge PR #12938.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

The sum < MAX_READ_SIZE_ALLOC loop condition allows sum to exceed the limit because sum is incremented after receiving a datagram. If sum is just below the limit, one more large datagram can push sum far past the cap. To enforce the cap, compute the prospective increment and break/return before pushing when it would exceed the limit.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot submitted PR review:

Pull request overview

This PR’s stated goal is to make Winch respect enable_nan_canonicalization, but the diff as provided spans a much broader set of changes across Winch, Wasmtime runtime limits, WASI/http behaviors, pooling allocator/coredump behavior, CI/release automation, and a workspace-wide version bump.

Changes:

Add MacroAssembler::canonicalize_nan and invoke it after scalar float ops (and rounding builtins) in Winch; implement for x64 and aarch64; add a scalar NaN-canonicalization wast test.

Introduce/propagate several host-side resource limiting knobs (hostcall fuel, resource table capacity, random len cap, HTTP fields size cap) and apply allocation caps in various WASI/WASI-http codepaths.

Update release/versioning and publishing/release automation (36.0.6 / Cranelift 0.123.6, supply-chain audit config changes, GitHub release workflow tweaks).

Reviewed changes

Copilot reviewed 97 out of 109 changed files in this pull request and generated 7 comments.

<details>
<summary>Show a summary per file</summary>

File Description

winch/codegen/src/visitor.rs Call NaN canonicalization after scalar float ops and rounding builtins.

winch/codegen/src/masm.rs Extend MacroAssembler trait with canonicalize_nan.

winch/codegen/src/isa/x64/masm.rs Implement scalar NaN canonicalization for x64 backend.

winch/codegen/src/isa/aarch64/masm.rs Implement scalar NaN canonicalization for aarch64 backend; store shared flags.

tests/misc_testsuite/f64-copysign.wast Add regression test for f64.copysign + f64.load behavior.

tests/misc_testsuite/canonicalize-nan-scalar.wast Add scalar NaN-canonicalization test coverage for many float ops.

tests/disas/f64-copysign.wat Add disassembly-based compile test for f64.copysign regression.

tests/all/threads.rs Add test ensuring shared memory can’t be created via Memory::new.

tests/all/pooling_allocator.rs Add test ensuring memory slot reset after failed instantiation (no data leak).

tests/all/coredump.rs Add test for coredump behavior with shared memory.

tests/all/component_model/import.rs Add test for hostcall fuel limits across component boundary.

tests/all/cli_tests.rs Expand CLI integration tests for resource/fuel/random/http limits; adjust WASI hello tests.

supply-chain/config.toml Remove http exemption entry.

supply-chain/audits.toml Add trusted audit entry for http.

src/common.rs Plumb max random size and WASI-http field size into context creation.

src/commands/serve.rs Configure resource table max capacity, WASI-http ctx limits, and hostcall fuel.

src/commands/run.rs Configure WASI-http ctx limits; set preview1 table capacity and hostcall fuel.

scripts/publish.rs Adjust crates.io ownership verification logic and messaging.

RELEASES.md Populate release notes for 36.0.1–36.0.6 and mark 36.0.0 as released.

pulley/src/lib.rs Switch docsrs cfg feature to doc_cfg.

fuzz/fuzz_targets/component_api.rs Allow dead_code for fuzz-generated types.

crates/wiggle/generate/src/wasmtime.rs Propagate store hostcall fuel into Wiggle-generated context.

crates/wiggle/generate/src/module_trait.rs Add default set_hostcall_fuel hook to generated module traits.

crates/wast/src/spectest.rs Use SharedMemory::new when defining spectest shared memory.

crates/wast/Cargo.toml Enable threads feature on wasmtime dependency.

crates/wasmtime/tests/pooling_alloc_near_oom.rs Add near-OOM pooling allocator test harness (libtest_mimic).

crates/wasmtime/src/runtime/vm/memory.rs Remove no_clear_on_drop usage for MemoryImageSlot.

crates/wasmtime/src/runtime/vm/instance/allocator/pooling/memory_pool.rs Track image-slot state explicitly; reset unknown slots; adjust deallocation flow.

crates/wasmtime/src/runtime/vm/cow.rs Remove clear-on-drop mechanism; make reset method callable.

crates/wasmtime/src/runtime/memory.rs Reject shared memories created via Memory::new (require SharedMemory).

crates/wasmtime/src/runtime/instance.rs Adjust instantiate_async bounds to require T: Send with correct associated type.

crates/wasmtime/src/runtime/coredump.rs Filter shared memories from coredump memory list; adjust instance memory indexing.

crates/wasmtime/src/runtime/component/values.rs Consume hostcall fuel proportional to list sizes when lifting.

crates/wasmtime/src/runtime/component/store.rs Add store-level hostcall fuel storage + getters/setters and docs.

crates/wasmtime/src/runtime/component/resource_table.rs Add max-capacity limit and tests for resource table growth.

crates/wasmtime/src/runtime/component/func/typed.rs Consume hostcall fuel proportional to string/list sizes when lifting.

crates/wasmtime/src/runtime/component/func/options.rs Add hostcall fuel tracking to LiftContext and enforcement helper.

crates/wasmtime/src/lib.rs Switch docsrs cfg feature to doc_cfg.

crates/wasmtime/Cargo.toml Register new non-harness test target pooling_alloc_near_oom.

crates/wasi/tests/all/p2/sync.rs Add preview1 “sleep quickly but lots” sync test.

crates/wasi/tests/all/p2/preview1.rs Add preview1 “sleep quickly but lots” async test.

crates/wasi/tests/all/p2/async_.rs Add preview1 “sleep quickly but lots” async component test.

crates/wasi/src/random.rs Add default max random size configuration in WasiRandomCtx.

crates/wasi/src/preview1.rs Add preview1 hostcall fuel accounting for strings/iovecs/poll arrays.

crates/wasi/src/preview0.rs Forward hostcall fuel setter for preview0 trait.

crates/wasi/src/p2/tcp.rs Cap per-read allocation size.

crates/wasi/src/p2/pipe.rs Cap per-read allocation size; update backpressure tests.

crates/wasi/src/p2/host/udp.rs Add aggregate size cap for received datagrams.

crates/wasi/src/p2/host/random.rs Enforce max random byte request length.

crates/wasi/src/p2/host/filesystem.rs Cap allocation size for file reads.

crates/wasi/src/p2/filesystem.rs Cap allocation size for blocking file reads.

crates/wasi/src/lib.rs Add MAX_READ_SIZE_ALLOC constant; switch docsrs cfg feature to doc_cfg.

crates/wasi/src/ctx.rs Add builder knob for max random size; add ctx accessors.

crates/wasi/src/cli/file.rs Cap allocation size for input file reads.

crates/wasi-io/src/streams.rs Add check in write_zeroes and remove blocking helper implementation.

crates/wasi-io/src/impls.rs Reimplement blocking_write_zeroes via blocking_write_and_flush; adjust imports.

crates/wasi-http/tests/all/p2.rs Add field size limit wiring and new tests; improve error context.

crates/wasi-http/src/types.rs Add field size limit config; introduce FieldMap with size accounting and limit enforcement.

crates/wasi-http/src/types_impl.rs Use FieldMap in implementation; enforce size limits and adjust header access.

crates/wasi-http/src/http_impl.rs Iterate headers via FieldMap wrapper.

crates/wasi-http/src/body.rs Plumb field size limits through bodies/trailers; adjust trailer handling types.

crates/wasi-common/tests/all/sync.rs Add preview1 “sleep quickly but lots” sync test.

crates/wasi-common/tests/all/async_.rs Add preview1 “sleep quickly but lots” async test.

crates/wasi-common/src/tokio/sched/unix.rs Adjust poll_oneoff timeout handling (immediate deadline behavior).

crates/wasi-common/Cargo.toml Enable component-model feature on optional wasmtime dep.

crates/test-programs/src/bin/preview2_random.rs Make random-size configurable via env vars; use uninit buffer for preview1 random_get.

crates/test-programs/src/bin/preview1_sleep_quickly_but_lots.rs Add new preview1 stress test program for poll_oneoff.

crates/test-programs/src/bin/cli_p2_hostcall_fuel.rs Add CLI component test program for hostcall fuel/resource limits.

crates/test-programs/src/bin/cli_p1_hostcall_fuel.rs Add CLI preview1 test program for hostcall fuel limits.

crates/test-programs/src/bin/cli_max_resources.rs Add CLI test program for resource-table max capacity.

crates/test-programs/src/bin/cli_many_resources.rs Add CLI test program to exhaust resource table.

crates/test-programs/src/bin/cli_http_headers.rs Add CLI test program to stress HTTP Fields size limiting.

crates/test-programs/src/bin/api_proxy.rs Add handlers to exercise header growth/new fields in wasi-http.

crates/test-programs/artifacts/build.rs Minor build script robustness improvements.

crates/cli-flags/src/lib.rs Add CLI flags for resource/fuel/random/http header limits.

crates/c-api/include/wasmtime.h Bump C API version to 36.0.6.

cranelift/umbrella/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/srcgen/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/serde/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/reader/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/object/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/native/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/module/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/jit/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/isle/isle/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/interpreter/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/frontend/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/filetests/filetests/isa/x64/simd-bitwise-avx.clif Update expected x64 simd-bitwise-avx output.

cranelift/entity/Cargo.toml Bump Cranelift version to 0.123.6.

cranelift/

[message truncated]

File	Description
winch/codegen/src/visitor.rs	Call NaN canonicalization after scalar float ops and rounding builtins.
winch/codegen/src/masm.rs	Extend MacroAssembler trait with `canonicalize_nan`.
winch/codegen/src/isa/x64/masm.rs	Implement scalar NaN canonicalization for x64 backend.
winch/codegen/src/isa/aarch64/masm.rs	Implement scalar NaN canonicalization for aarch64 backend; store shared flags.
tests/misc_testsuite/f64-copysign.wast	Add regression test for f64.copysign + f64.load behavior.
tests/misc_testsuite/canonicalize-nan-scalar.wast	Add scalar NaN-canonicalization test coverage for many float ops.
tests/disas/f64-copysign.wat	Add disassembly-based compile test for f64.copysign regression.
tests/all/threads.rs	Add test ensuring shared memory can’t be created via `Memory::new`.
tests/all/pooling_allocator.rs	Add test ensuring memory slot reset after failed instantiation (no data leak).
tests/all/coredump.rs	Add test for coredump behavior with shared memory.
tests/all/component_model/import.rs	Add test for hostcall fuel limits across component boundary.
tests/all/cli_tests.rs	Expand CLI integration tests for resource/fuel/random/http limits; adjust WASI hello tests.
supply-chain/config.toml	Remove http exemption entry.
supply-chain/audits.toml	Add trusted audit entry for `http`.
src/common.rs	Plumb max random size and WASI-http field size into context creation.
src/commands/serve.rs	Configure resource table max capacity, WASI-http ctx limits, and hostcall fuel.
src/commands/run.rs	Configure WASI-http ctx limits; set preview1 table capacity and hostcall fuel.
scripts/publish.rs	Adjust crates.io ownership verification logic and messaging.
RELEASES.md	Populate release notes for 36.0.1–36.0.6 and mark 36.0.0 as released.
pulley/src/lib.rs	Switch docsrs cfg feature to `doc_cfg`.
fuzz/fuzz_targets/component_api.rs	Allow dead_code for fuzz-generated types.
crates/wiggle/generate/src/wasmtime.rs	Propagate store hostcall fuel into Wiggle-generated context.
crates/wiggle/generate/src/module_trait.rs	Add default `set_hostcall_fuel` hook to generated module traits.
crates/wast/src/spectest.rs	Use `SharedMemory::new` when defining spectest shared memory.
crates/wast/Cargo.toml	Enable `threads` feature on `wasmtime` dependency.
crates/wasmtime/tests/pooling_alloc_near_oom.rs	Add near-OOM pooling allocator test harness (libtest_mimic).
crates/wasmtime/src/runtime/vm/memory.rs	Remove `no_clear_on_drop` usage for MemoryImageSlot.
crates/wasmtime/src/runtime/vm/instance/allocator/pooling/memory_pool.rs	Track image-slot state explicitly; reset unknown slots; adjust deallocation flow.
crates/wasmtime/src/runtime/vm/cow.rs	Remove clear-on-drop mechanism; make reset method callable.
crates/wasmtime/src/runtime/memory.rs	Reject shared memories created via `Memory::new` (require `SharedMemory`).
crates/wasmtime/src/runtime/instance.rs	Adjust `instantiate_async` bounds to require `T: Send` with correct associated type.
crates/wasmtime/src/runtime/coredump.rs	Filter shared memories from coredump memory list; adjust instance memory indexing.
crates/wasmtime/src/runtime/component/values.rs	Consume hostcall fuel proportional to list sizes when lifting.
crates/wasmtime/src/runtime/component/store.rs	Add store-level hostcall fuel storage + getters/setters and docs.
crates/wasmtime/src/runtime/component/resource_table.rs	Add max-capacity limit and tests for resource table growth.
crates/wasmtime/src/runtime/component/func/typed.rs	Consume hostcall fuel proportional to string/list sizes when lifting.
crates/wasmtime/src/runtime/component/func/options.rs	Add hostcall fuel tracking to LiftContext and enforcement helper.
crates/wasmtime/src/lib.rs	Switch docsrs cfg feature to `doc_cfg`.
crates/wasmtime/Cargo.toml	Register new non-harness test target `pooling_alloc_near_oom`.
crates/wasi/tests/all/p2/sync.rs	Add preview1 “sleep quickly but lots” sync test.
crates/wasi/tests/all/p2/preview1.rs	Add preview1 “sleep quickly but lots” async test.
crates/wasi/tests/all/p2/async_.rs	Add preview1 “sleep quickly but lots” async component test.
crates/wasi/src/random.rs	Add default max random size configuration in WasiRandomCtx.
crates/wasi/src/preview1.rs	Add preview1 hostcall fuel accounting for strings/iovecs/poll arrays.
crates/wasi/src/preview0.rs	Forward hostcall fuel setter for preview0 trait.
crates/wasi/src/p2/tcp.rs	Cap per-read allocation size.
crates/wasi/src/p2/pipe.rs	Cap per-read allocation size; update backpressure tests.
crates/wasi/src/p2/host/udp.rs	Add aggregate size cap for received datagrams.
crates/wasi/src/p2/host/random.rs	Enforce max random byte request length.
crates/wasi/src/p2/host/filesystem.rs	Cap allocation size for file reads.
crates/wasi/src/p2/filesystem.rs	Cap allocation size for blocking file reads.
crates/wasi/src/lib.rs	Add MAX_READ_SIZE_ALLOC constant; switch docsrs cfg feature to `doc_cfg`.
crates/wasi/src/ctx.rs	Add builder knob for max random size; add ctx accessors.
crates/wasi/src/cli/file.rs	Cap allocation size for input file reads.
crates/wasi-io/src/streams.rs	Add check in write_zeroes and remove blocking helper implementation.
crates/wasi-io/src/impls.rs	Reimplement blocking_write_zeroes via blocking_write_and_flush; adjust imports.
crates/wasi-http/tests/all/p2.rs	Add field size limit wiring and new tests; improve error context.
crates/wasi-http/src/types.rs	Add field size limit config; introduce FieldMap with size accounting and limit enforcement.
crates/wasi-http/src/types_impl.rs	Use FieldMap in implementation; enforce size limits and adjust header access.
crates/wasi-http/src/http_impl.rs	Iterate headers via FieldMap wrapper.
crates/wasi-http/src/body.rs	Plumb field size limits through bodies/trailers; adjust trailer handling types.
crates/wasi-common/tests/all/sync.rs	Add preview1 “sleep quickly but lots” sync test.
crates/wasi-common/tests/all/async_.rs	Add preview1 “sleep quickly but lots” async test.
crates/wasi-common/src/tokio/sched/unix.rs	Adjust poll_oneoff timeout handling (immediate deadline behavior).
crates/wasi-common/Cargo.toml	Enable `component-model` feature on optional wasmtime dep.
crates/test-programs/src/bin/preview2_random.rs	Make random-size configurable via env vars; use uninit buffer for preview1 random_get.
crates/test-programs/src/bin/preview1_sleep_quickly_but_lots.rs	Add new preview1 stress test program for poll_oneoff.
crates/test-programs/src/bin/cli_p2_hostcall_fuel.rs	Add CLI component test program for hostcall fuel/resource limits.
crates/test-programs/src/bin/cli_p1_hostcall_fuel.rs	Add CLI preview1 test program for hostcall fuel limits.
crates/test-programs/src/bin/cli_max_resources.rs	Add CLI test program for resource-table max capacity.
crates/test-programs/src/bin/cli_many_resources.rs	Add CLI test program to exhaust resource table.
crates/test-programs/src/bin/cli_http_headers.rs	Add CLI test program to stress HTTP Fields size limiting.
crates/test-programs/src/bin/api_proxy.rs	Add handlers to exercise header growth/new fields in wasi-http.
crates/test-programs/artifacts/build.rs	Minor build script robustness improvements.
crates/cli-flags/src/lib.rs	Add CLI flags for resource/fuel/random/http header limits.
crates/c-api/include/wasmtime.h	Bump C API version to 36.0.6.
cranelift/umbrella/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/srcgen/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/serde/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/reader/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/object/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/native/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/module/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/jit/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/isle/isle/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/interpreter/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/frontend/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/filetests/filetests/isa/x64/simd-bitwise-avx.clif	Update expected x64 simd-bitwise-avx output.
cranelift/entity/Cargo.toml	Bump Cranelift version to 0.123.6.
cranelift/
[message truncated]

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

write_zeroes allocates a buffer of size nelem (Bytes::from_iter(..take(nelem))). Since check_write() can legitimately return very large values (e.g. usize::MAX for a sink stream), a guest can trigger an attempted huge host allocation here. Consider writing zeroes in bounded chunks (e.g. min(nelem, permit, fixed max)) or using a small static zero-buffer loop rather than allocating nelem bytes at once.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

Using unwrap_or(u32::MAX) as a sentinel for shared memories means instance memory indices in the core dump can point outside the serialized memories section. This risks producing an invalid core dump. Instead, consider filtering shared memories out of instance.all_memories(..) here (to match store_memories.retain(..)) or otherwise using a spec-defined encoding for "no memory" if one exists.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

octokit.rest.repos.updateRelease(...) is not awaited. Since runOnce is async and the action may exit immediately after runOnce returns, the release can remain a draft intermittently. Please await this call (and consider error handling/retry like the other API calls).
    try {
      await octokit.rest.repos.updateRelease({
          owner,
          repo,
          release_id: release.data.id,
          draft: false,
      });
    } catch (e) {
      console.log("ERROR: ", JSON.stringify(e, null, 2));
      core.info(`failed to update release draft status`);
      throw e;
    }

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

This PR is titled/described as a Winch NaN-canonicalization change, but the diff includes many unrelated changes (WASI limits/hostcall fuel, coredump/shared memory handling, supply-chain audits, release/version bumps, CI/release workflow tweaks, etc.). Please either update the PR description to cover the full scope or split these into focused PRs to make review and risk assessment tractable.

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

Doc comment formatting: "See [Store::set_hostcall_fuel] for more details." has an unmatched backtick and reads oddly. Consider changing to "See [Store::set_hostcall_fuel`] for more details."

Wasmtime GitHub notifications bot (Apr 02 2026 at 04:54):

Copilot created PR review comment:

The docs say "The default value for this is 128 MiB" but DEFAULT_HOSTCALL_FUEL is 2 << 30 (~2 GiB). Please make the docs and the actual default consistent (either adjust the constant or update the documented default).

Last updated: Apr 12 2026 at 23:10 UTC