alexcrichton requested fitzgen for a review on PR #9022.
alexcrichton opened PR #9022 from alexcrichton:deinit-traps
to bytecodealliance:main
:
This commit adds a new unsafe API
Engine::unload_process_handlers
which can be used to de-initialize trap-handling state in a process. In general this is an unsafe operation that we have no means of making safe, hence theunsafe
. There are particular situations where this can be done safely though and this is provided for such situations. The safety conditions rely on invariants that Wasmtime itself cannot maintain so the burden is on callers to ensure that this is invoked in a safe manner.This is inspired by discussion [on Zulip][zulip] where Wasmtime's trap handling infrastructure prevented unloading a DLL with Wasmtime in it. There's possibly other reasons that unloading DLLs are unsafe in Rust but it feels appropriate to at least provide this knob to embedders to be able to turn if they like.
<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
alexcrichton requested wasmtime-core-reviewers for a review on PR #9022.
lann submitted PR review:
Given how specialized this you can consider all the functional comments just questions.
lann created PR review comment:
I'm not sure exactly what "for this Wasmtime DLL" means; maybe just drop it?
lann submitted PR review:
Given how specialized this you can consider all the functional comments just questions.
lann created PR review comment:
/// * There must be no other instances of `Engine` anywhere for this Wasmtime
lann created PR review comment:
/// the process will be aborted if the current signal handlers are not
lann created PR review comment:
"no other" or just "conflicting"? I guess you don't want to commit to specific handlers being installed but this is already pretty unstable... :shrug:
lann created PR review comment:
Would it make sense to explicitly poison this copy of wasmtime with a global or is that already effectively happening?
lann submitted PR review:
Given how specialized this is, consider all the functional comments just questions.
alexcrichton updated PR #9022.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
I'm hesitant to go out of our way to do that as it might slow down other parts for this niche unsafe part, so I'd lean towards making this part of the unsafe contract rather than trying to add more guard rails.
alexcrichton commented on PR #9022:
Good suggestions/questions! I've tried to wordsmith and update a bit.
fitzgen submitted PR review.
fitzgen created PR review comment:
//! It's not safe for this binary to contain any other tests.
alexcrichton updated PR #9022.
alexcrichton has enabled auto merge for PR #9022.
alexcrichton updated PR #9022.
alexcrichton has enabled auto merge for PR #9022.
alexcrichton merged PR #9022.
Last updated: Dec 23 2024 at 12:05 UTC