Stream: git-wasmtime

Topic: wasmtime / PR #6332 Run some tests in MIRI on CI


view this post on Zulip Wasmtime GitHub notifications bot (May 02 2023 at 22:01):

alexcrichton requested fitzgen for a review on PR #6332.

view this post on Zulip Wasmtime GitHub notifications bot (May 02 2023 at 22:01):

alexcrichton requested wasmtime-compiler-reviewers for a review on PR #6332.

view this post on Zulip Wasmtime GitHub notifications bot (May 02 2023 at 22:01):

alexcrichton opened PR #6332 from alexcrichton:miri to bytecodealliance:main:

This commit is an implementation of getting at least chunks of Wasmtime to run in MIRI on CI. The full test suite is not possible to run in MIRI because MIRI cannot run Cranelift-produced code at runtime (aka it doesn't support JITs). Running MIRI, however, is still quite valuable if we can manage it because it would have trivially detected GHSA-ch89-5g45-qwc7, our most recent security advisory. The goal of this PR is to select a subset of the test suite to execute in CI under MIRI and boost our confidence in the copious amount of unsafe code in Wasmtime's runtime.

Under MIRI's default settings, which is to use the [Stacked Borrows][stacked] model, much of the code in Instance and VMContext is considered invalid. Under the optional [Tree Borrows][tree] model, however, this same code is accepted. After some [extremely helpful discussion][discuss] on the Rust Zulip my current conclusion is that what we're doing is not fundamentally un-sound but we need to model it in a different way. This PR, however, uses the Tree Borrows model for MIRI to get something onto CI sooner rather than later, and I hope to follow this up with something that passed Stacked Borrows. Additionally that'll hopefully make this diff smaller and easier to digest.

Given all that, the end result of this PR is to get 131 separate unit tests executing on CI. These unit tests largely exercise the embedding API where wasm function compilation is not involved. Some tests compile wasm functions but don't run them, but compiling wasm through Cranelift in MIRI is so slow that it doesn't seem worth it at this time. This does mean that there's a pretty big hole in MIRI's test coverage, but that's to be expected as we're a JIT compiler after all.

To get tests working in MIRI this PR uses a number of strategies:

This PR is not intended to be a one-and-done-we-never-look-at-it-again kind of thing. Instead this is intended to lay the groundwork to continuously run MIRI in CI to catch any soundness issues. This feels, to me, overdue given the amount of unsafe code inside of Wasmtime. My hope is that over time we can figure out how to run Wasm in MIRI but that may take quite some time. Regardless this will be adding nontrivial maintenance work to contributors to Wasmtime. MIRI will be run on CI for merges, MIRI will have test failures when everything else passes, MIRI's errors will need to be deciphered by those who have probably never run MIRI before, things like that. Despite all this to me it seems worth the cost at this time. Just getting this running caught two possible soundness bugs in the component implementation that could have had a real-world impact in the future!

[stacked]: https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md
[tree]: https://perso.crans.org/vanille/treebor/
[discuss]: https://rust-lang.zulipchat.com/#narrow/stream/269128-miri/topic/Tree.20vs.20Stacked.20Borrows.20.26.20a.20debugging.20question

<!--
Please make sure you include the following information:

Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.html

Please ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->

view this post on Zulip Wasmtime GitHub notifications bot (May 02 2023 at 22:01):

alexcrichton requested wasmtime-core-reviewers for a review on PR #6332.

view this post on Zulip Wasmtime GitHub notifications bot (May 02 2023 at 22:01):

alexcrichton requested wasmtime-default-reviewers for a review on PR #6332.

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:14):

fitzgen submitted PR review:

Ship it! :rocket:

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:14):

fitzgen submitted PR review:

Ship it! :rocket:

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:14):

fitzgen created PR review comment:

lol nice

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:14):

fitzgen created PR review comment:

Why this change? Does the comment just above need updating to explain it?

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:51):

alexcrichton created PR review comment:

It turns out that without this the VMContext wasn't properly aligned so MIRI was indicating that under-aligned writes were happening (oh dear!). The comments and annotations here predate all that but yeah I should update things here.

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:52):

alexcrichton updated PR #6332.

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 16:52):

alexcrichton has enabled auto merge for PR #6332.

view this post on Zulip Wasmtime GitHub notifications bot (May 03 2023 at 21:45):

alexcrichton merged PR #6332.


Last updated: Dec 23 2024 at 13:07 UTC