Wasmtime GitHub notifications bot (Apr 24 2026 at 15:57): Wasmtime GitHub notifications bot (Apr 24 2026 at 15:57):fitzgen opened PR #13189 from fitzgen:wasmtime-issue-13173 to bytecodealliance:main:
The on-demand instance allocator's
allocate_memoryalways passedMemoryKind::LinearMemorytoMemory::new_dynamic, even when allocating the backing memory for a GC heap. This caused the GC heap to use the wrong set of tunables.The consequences were two distinct crash modes:
When
memory_reservation=0: the GC heap got a 0-byte reservation, so every growth triggered an mmap reallocation that changed the base pointer. Code held a stale cached copy of the old base pointer, causing use-after-free crashes.When
gc_heap_guard_size != memory_guard_size: Cranelift correctly compiled GC heap accesses usinggc_heap_guard_sizebytes of virtual guard, but the runtime memory incorrectly only hadmemory_guard_sizebytes of actual guard, so accesses beyond the actual guard caused uncaught segfaults.This commit fixes the bug by threading a
MemoryKindthrough theInstanceAllocator::allocate_memorytrait method.Also, now that the GC heap correctly uses
gc_heap_reservation, the workaround inMemoryTunables::may_movethat always returnedtruefor GC heaps is no longer needed. That workaround was masking the actual root cause, and with the fix,gc_heap_may_movecan now be respected correctly.There were three existing tests that were accidentally relying on the GC heap using linear-memory tunables; this commit adds explicit GC heap tunable configuration so they continue to work correctly.
Fixes https://github.com/bytecodealliance/wasmtime/issues/13173
<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
Wasmtime GitHub notifications bot (Apr 24 2026 at 15:57):fitzgen requested alexcrichton for a review on PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 15:57):fitzgen requested wasmtime-core-reviewers for a review on PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 17:03):github-actions[bot] added the label wasmtime:api on PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 17:24):alexcrichton submitted PR review.
Wasmtime GitHub notifications bot (Apr 24 2026 at 18:40):fitzgen updated PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 18:43):fitzgen updated PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 18:43):fitzgen has enabled auto merge for PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 18:56):fitzgen added PR #13189 Fix GC heap using wrong MemoryKind tunables in on-demand allocator to the merge queue.
Wasmtime GitHub notifications bot (Apr 24 2026 at 19:20):fitzgen merged PR #13189.
Wasmtime GitHub notifications bot (Apr 24 2026 at 19:20):fitzgen removed PR #13189 Fix GC heap using wrong MemoryKind tunables in on-demand allocator from the merge queue.
Last updated: May 03 2026 at 22:13 UTC