Stream: git-wasmtime

Topic: wasmtime / PR #5268 wiggle: Refactor with fewer raw pointers

Wasmtime GitHub notifications bot (Nov 15 2022 at 02:26):

alexcrichton requested abrown for a review on PR #5268.

Wasmtime GitHub notifications bot (Nov 15 2022 at 02:26):

alexcrichton opened PR #5268 from unsafe-wiggle-internals to main:

This commit refactors the internals of wiggle to have fewer raw pointers and more liberally use &[UnsafeCell<_>]. The purpose of this refactoring is to more strictly thread through lifetime information throughout the crate to avoid getting it wrong. Additionally storing UnsafeCell<T> at rest pushes the unsafety of access to the leaves of modifications where Rust safety guarantees are upheld. Finally this provides what I believe is a safer internal representation of WasmtimeGuestMemory since it technically holds onto &mut [u8] un-soundly as other &mut T pointers are handed out.

<!--

Please ensure that the following steps are all taken care of before submitting
the PR.

• [ ] This has been discussed in issue #..., or if not, please tell us why
  here.

• [ ] A short description of what this does, why it is needed; if the
  description becomes long, the matter should probably be discussed in an issue
  first.

• [ ] This PR contains test cases, if meaningful.

• [ ] A reviewer from the core maintainer team has been assigned for this PR.
  If you don't know who could review this, please indicate so. The list of
  suggested reviewers on the right can help you.

Please ensure all communication adheres to the code of conduct.
-->

Wasmtime GitHub notifications bot (Nov 15 2022 at 15:05):

alexcrichton updated PR #5268 from unsafe-wiggle-internals to main.

Wasmtime GitHub notifications bot (Nov 15 2022 at 16:55):

abrown submitted PR review.

Wasmtime GitHub notifications bot (Nov 15 2022 at 17:11):

alexcrichton edited PR #5268 from unsafe-wiggle-internals to main:

This commit refactors the internals of wiggle to have fewer raw pointers and more liberally use &[UnsafeCell<_>]. The purpose of this refactoring is to more strictly thread through lifetime information throughout the crate to avoid getting it wrong. Additionally storing UnsafeCell<T> at rest pushes the unsafety of access to the leaves of modifications where Rust safety guarantees are upheld. Finally this provides what I believe is a safer internal representation of WasmtimeGuestMemory since it technically holds onto &mut [u8] un-soundly as other &mut T pointers are handed out.

Additionally generated GuestTypeTransparent impls in the wiggle macro were removed because they are not safe for shared memories as-is and otherwise aren't needed for WASI today. The trait has been updated to indicate that all bit patterns must be valid in addition to having the same representation on the host as in the guest to accomodate this.

Wasmtime GitHub notifications bot (Nov 15 2022 at 17:11):

alexcrichton merged PR #5268.

Last updated: Nov 22 2024 at 17:03 UTC