Stream: git-wasmtime

Topic: wasmtime / PR #13321 Harden Wasmtime's compiled GC code a...

Wasmtime GitHub notifications bot (May 07 2026 at 23:07):

alexcrichton opened PR #13321 from alexcrichton:harden-gc-compild-code to bytecodealliance:main:

In the spirit of #13320 this commit goes through the compiled code for the GC proposal to ensure that, in the face of GC corruption, Wasmtime by default can recover and return a "bug" to the embedder. This was also discussed a bit in #13112 as well, and the changes made here are:

• Plumbing traps from translation into the runtime now uses a new CompiledTrap enum instead of just the normal Trap. This new enum has branches for InternalAssert (not previously present) and additionally GcHeapCorrupted (now added).
• Whether or not CompiledTrap::{InternalAssert,GcHeapCorrupted} is encoded into the final *.cwasm is now a Tunables configuration option. Internal asserts are not encoded by default but GC heap corruption is.
• Traps caught as CompiledTrap::{InternalAssert,GcHeapCorrupted} are turned into WasmtimeBug and propagated upwards. Traps stay as normal traps.
• All memory accesses to the GC heap now use CompiledTrap::GcHeapCorrupted as their trap code. Additionally they're also no longer marked as readonly in a few places.
• A few locations in GC translation using InternalAssert now use GcHeapCorrupted, such as the checked arithmetic around array lengths. Other assertions which are about control flow are left untouched.

The end state is that faults in the GC heap in compiled code itself should show up as a bug! on the other end by default. This requires extra metadata in *.cwasms mapping traps, but this is similar to linear-memory-using-wasms which have lots of trap metadata for loads/stores. Being able to catch InternalAssert as a first-class error (as opposed to a signal) is a debugging nicety I've added here but remains off-by-default to avoid bloating *.cwasms for internal debugging.

Closes #13112

<!--
Please make sure you include the following information:

• If this work has been discussed elsewhere, please include a link to that
  conversation. If it was discussed in an issue, just mention "issue #...".

• Explain why this change is needed. If the details are in an issue already,
  this can be brief.

Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.html

Please ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->

Wasmtime GitHub notifications bot (May 07 2026 at 23:07):

alexcrichton requested fitzgen for a review on PR #13321.

Wasmtime GitHub notifications bot (May 07 2026 at 23:07):

alexcrichton requested wasmtime-compiler-reviewers for a review on PR #13321.

Wasmtime GitHub notifications bot (May 07 2026 at 23:07):

alexcrichton requested wasmtime-core-reviewers for a review on PR #13321.

Wasmtime GitHub notifications bot (May 07 2026 at 23:07):

alexcrichton requested wasmtime-fuzz-reviewers for a review on PR #13321.

Wasmtime GitHub notifications bot (May 07 2026 at 23:11):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 03:54):

github-actions[bot] added the label wasmtime:api on PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 03:54):

github-actions[bot] added the label wasmtime:config on PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 03:54):

github-actions[bot] added the label fuzzing on PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 03:55):

github-actions[bot] commented on PR #13321:

Subscribe to Label Action

cc @fitzgen

<details>
This issue or pull request has been labeled: "fuzzing", "wasmtime:api", "wasmtime:config"

Thus the following users have been cc'd because of the following labels:

• fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

Wasmtime GitHub notifications bot (May 08 2026 at 05:34):

github-actions[bot] commented on PR #13321:

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

• [ ] If you added a new Config method, you wrote extensive documentation for
  it.

  <details>

  Our documentation should be of the following form:

  ```text
  Short, simple summary sentence.

  More details. These details can be multiple paragraphs. There should be
  information about not just the method, but its parameters and results as
  well.

  Is this method fallible? If so, when can it return an error?

  Can this method panic? If so, when does it panic?

  Example

  Optional example here.
  ```

  </details>

• [ ] If you added a new Config method, or modified an existing one, you
  ensured that this configuration is exercised by the fuzz targets.

  <details>

  For example, if you expose a new strategy for allocating the next instance
  slot inside the pooling allocator, you should ensure that at least one of our
  fuzz targets exercises that new strategy.

  Often, all that is required of you is to ensure that there is a knob for this
  configuration option in [wasmtime_fuzzing::Config][fuzzing-config] (or one
  of its nested structs).

  Rarely, this may require authoring a new fuzz target to specifically test this
  configuration. See [our docs on fuzzing][fuzzing-docs] for more details.

  </details>

• [ ] If you are enabling a configuration option by default, make sure that it
  has been fuzzed for at least two weeks before turning it on by default.

[fuzzing-config]: https://github.com/bytecodealliance/wasmtime/blob/ca0e8d0a1d8cefc0496dba2f77a670571d8fdcab/crates/fuzzing/src/generators.rs#L182-L194
[fuzzing-docs]: https://docs.wasmtime.dev/contributing-fuzzing.html

---

<details>

To modify this label's message, edit the <code>.github/label-messager/wasmtime-config.md</code> file.

To add new label messages or remove existing label messages, edit the
<code>.github/label-messager.json</code> configuration file.

Learn more.

</details>

Wasmtime GitHub notifications bot (May 08 2026 at 16:45):

alexcrichton requested wasmtime-default-reviewers for a review on PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 16:45):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 16:48):

alexcrichton commented on PR #13321:

I've pushed up a significant follow-up for this as well now to get tests passing. Notably Pulley and the Cranelift backend for Pulley didn't support loads/stores with custom trap codes. Previously the only possible trapping loads/stores were those with the HeapOutOfBounds trap code that were little endian (aka wasm loads/stores). The stores here now have different trap codes (custom ones for Wasmtime) and additionally might be big-endian (as not all GC data is little-endian). To handle that I've done two changes to Pulley:

• The AddrZ addressing mode now carries a custom u8 payload for a trap code. This inflates the size of the payload by one byte.
• I've added big-endian variants of all loads/stores using AddrZ to the extended opcode namespace.

Together these are then able to handle all possible loads/stores that can trap coming out of GC translation.

Wasmtime GitHub notifications bot (May 08 2026 at 19:08):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 08 2026 at 19:09):

alexcrichton commented on PR #13321:

The AddrZ addressing mode now carries a custom u8 payload for a trap code

Just kidding, that ran into trap encoding issues. Now the Cranelift *_z instructions have a Cranelift TrapCode and that gets plumbed into the MachBuffer like usual. The trap code associated in the interpreter with AddrZ is now None, meaning that we look up in trap side tables for the actual code. That gets everything to align correctly.

Wasmtime GitHub notifications bot (May 08 2026 at 20:40):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 09 2026 at 00:02):

github-actions[bot] added the label cranelift on PR #13321.

Wasmtime GitHub notifications bot (May 09 2026 at 00:02):

github-actions[bot] added the label cranelift:meta on PR #13321.

Wasmtime GitHub notifications bot (May 09 2026 at 00:02):

github-actions[bot] added the label isle on PR #13321.

Wasmtime GitHub notifications bot (May 09 2026 at 00:02):

github-actions[bot] commented on PR #13321:

Subscribe to Label Action

cc @cfallin, @fitzgen

<details>
This issue or pull request has been labeled: "cranelift", "cranelift:meta", "isle"

Thus the following users have been cc'd because of the following labels:

• cfallin: isle
• fitzgen: isle

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:thumbs_up: fitzgen submitted PR review.

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

Doc comment for this?

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

This should still have readonly set

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

And this should also have readonly

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

readonly

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

readonly

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

Maybe provide more details here about what the consequences of enabling and disabling these options are? As a user, I would not have any idea after reading these docs.

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

            CompiledTrap::Normal(trap) => {
                let b = *trap as u8;
                debug_assert_ne!(b, CompiledTrap::InternalAssert.as_u8());
                debug_assert_ne!(b, CompiledTrap::GcHeapCorrupt.as_u8());
                b
            }
            CompiledTrap::InternalAssert => 0xFF,
            CompiledTrap::GcHeapCorrupt => 0xFE,

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

This is loading out of vmctx, not the GC heap, so should continue using trusted flags (and readonly)

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

This is loading out of the vmctx, not the GC heap, so should remain as trusted (and readonly)

Wasmtime GitHub notifications bot (May 12 2026 at 18:12):

:speech_balloon: fitzgen created PR review comment:

readonly

Wasmtime GitHub notifications bot (May 12 2026 at 19:53):

:memo: alexcrichton submitted PR review.

Wasmtime GitHub notifications bot (May 12 2026 at 19:53):

:speech_balloon: alexcrichton created PR review comment:

Is that safe to do? For example if a memory location of a readonly load is actually modified, isn't that technically UB in Cranelift? If it's "produces odd result" I think that's fine, but from other compilers my expectation is that if a flag like readonly is violated it's UB

Wasmtime GitHub notifications bot (May 12 2026 at 19:59):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 12 2026 at 22:00):

:memo: fitzgen submitted PR review.

Wasmtime GitHub notifications bot (May 12 2026 at 22:00):

:speech_balloon: fitzgen created PR review comment:

readonly just allows for GVNing these loads, which means if it is misconfigured then we can get stale values. Cranelift won't ever "take advantage" of seeing a readonly load from a location that is later stored to and go crazy poisoning/undefing everything like LLVM can.

Wasmtime GitHub notifications bot (May 12 2026 at 22:11):

:memo: cfallin submitted PR review.

Wasmtime GitHub notifications bot (May 12 2026 at 22:11):

:speech_balloon: cfallin created PR review comment:

More broadly, one can think of Cranelift's CLIF semantics w.r.t. UB (which we define and control, since we maintain Cranelift!) as: violations of memory-related contracts may remove certain memory operations, or cause them to get incorrect (e.g. stale) results, but will not cause arbitrary other side effects including memory accesses.

Wasmtime GitHub notifications bot (May 12 2026 at 22:21):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 12 2026 at 22:25):

alexcrichton has enabled auto merge for PR #13321.

Wasmtime GitHub notifications bot (May 12 2026 at 22:35):

alexcrichton added PR #13321 Harden Wasmtime's compiled GC code against corruption to the merge queue.

Wasmtime GitHub notifications bot (May 12 2026 at 23:01):

github-merge-queue[bot] removed PR #13321 Harden Wasmtime's compiled GC code against corruption from the merge queue.

Wasmtime GitHub notifications bot (May 13 2026 at 14:32):

alexcrichton updated PR #13321.

Wasmtime GitHub notifications bot (May 13 2026 at 14:32):

alexcrichton has enabled auto merge for PR #13321.

Wasmtime GitHub notifications bot (May 13 2026 at 14:47):

alexcrichton added PR #13321 Harden Wasmtime's compiled GC code against corruption to the merge queue.

Wasmtime GitHub notifications bot (May 13 2026 at 15:13):

:check: alexcrichton merged PR #13321.

Wasmtime GitHub notifications bot (May 13 2026 at 15:13):

alexcrichton removed PR #13321 Harden Wasmtime's compiled GC code against corruption from the merge queue.

Last updated: Jun 01 2026 at 09:49 UTC