Stream: git-wasmtime

Topic: wasmtime / PR #9230 Make host trap handlers optional


view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:08):

alexcrichton requested wasmtime-fuzz-reviewers for a review on PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:08):

alexcrichton opened PR #9230 from alexcrichton:no-signals to bytecodealliance:main:

This commit introduces a new configuration option
Config::host_trap_handlers which enables disabling the reliance on host trap handlers (e.g. signal handlers on Unix) at runtime. This is intended to help increase portability in cases where signal handlers are otherwise difficult. This is achieved by plumbing the translation environment to more locations which now conditionally lowers to calls to a function to raise a trap instead of a trap instruction.

The caveats of this support are:

These points are all possible to address but it might be best to see how this feature evolves over time. I'll also note that this is not an optimized implementation and likely has a fair bit of overhead. For example the solution in #6926 of a more optimized stub to jump-and-trap is not implemented yet.

Closes #6926

<!--
Please make sure you include the following information:

Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.html

Please ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:08):

alexcrichton requested elliottt for a review on PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:08):

alexcrichton requested wasmtime-compiler-reviewers for a review on PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:08):

alexcrichton requested wasmtime-core-reviewers for a review on PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:09):

alexcrichton requested fitzgen for a review on PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 04:12):

alexcrichton updated PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 06:46):

github-actions[bot] commented on PR #9230:

Subscribe to Label Action

cc @fitzgen

<details>
This issue or pull request has been labeled: "cranelift", "cranelift:wasm", "fuzzing", "wasmtime:api", "wasmtime:config"

Thus the following users have been cc'd because of the following labels:

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 07:44):

github-actions[bot] commented on PR #9230:

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

[fuzzing-config]: https://github.com/bytecodealliance/wasmtime/blob/ca0e8d0a1d8cefc0496dba2f77a670571d8fdcab/crates/fuzzing/src/generators.rs#L182-L194
[fuzzing-docs]: https://docs.wasmtime.dev/contributing-fuzzing.html


<details>

To modify this label's message, edit the <code>.github/label-messager/wasmtime-config.md</code> file.

To add new label messages or remove existing label messages, edit the
<code>.github/label-messager.json</code> configuration file.

Learn more.

</details>

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 15:16):

alexcrichton updated PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen submitted PR review:

Very nice, thanks!

Did we also want to run the full spec test suite under this configuration, or do you think the differential fuzzing and spec test fuzzer are good enough?

r=me with a bunch of nitpicks and such below

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Can we debug assert or something that env.can_use_virtual_memory_traps() when spectre mitigations are enabled?

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Great!

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

    /// is here with an explicit check instead. Note that the explicit check is
    /// always present even if this is a "leaf" function, as we have to call into
    /// the host to trap when signal handlers are disabled.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Maybe a little more context here? And/or a follow up issue to reference?

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

I could interpret "host trap handlers" in two different and opposite ways:

  1. The host is allowed to rely on the virtual memory subsystem for traps, and should install signal handlers as it sees fit.
  2. Trapping should be implemented and handled "in the host" rather than in Wasm code and/or via the OS (i.e. emitting ud2, simply accessing memory and relying on a virtual memory fault if it is OoB, etc...)

What do you think about renaming this, and the actual wasmtime::Config knob to virtual_memory_traps? I personally think that is much clearer, probably will be for external users too, I'd guess.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

This is to assert that we never return from the trap libcall, right? Care to add a quick comment noting that?

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Double checking, as I am not an ieee754 guru: always promoting f32 to f64 here cannot affect rounding later on when converting to a 32-bit integer, right? Thinking specifically about very large (positive or negative) numbers where ieee754 has is non-contiguous and has holes between representable integers, but those holes will be different for f32 vs f64. But I guess those would always be out of bounds of the 32-bit integer and cause a trap?

cc @sunfishcode, who has delved into these depths more than I have...

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Can this take a code: u8 instead of a code: u32 if it is just going to code.try_into().unwrap() it? Is there a reason for the weird mismatch of bit widths?

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Yeah, expanding on my previous naming bikeshed, I think phrasing/renaming this stuff as virtual_memory_traps or maybe signals_based_traps will clarify things for users a lot here.

The latter is slightly more precise in that a ud2 isn't actually related to virtual memory, but opens the can of worms that is "windows has something else that is similar to signals but not actually called signals" I think.

The other thing that might be good to flush out a tiny bit more here is the portability hazard bit and say something about which environments might want to disable these handlers. Even just adding something like "for example, embedded operating systems that do not support virtual memory" in parens after "can be a portability hazard in some environments" is probably good enough.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

Thanks for writing this test! Could you also add a comment at the top of the file detailing

?

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

It would be mildly nice/tidy/future-proof to scope down the allows to just the relevant statements.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

And maybe just a quick one-line comment about why this is unix-only and (I presume) how we don't have a way of checking whether we installed exception handlers on windows or not.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

This seems to be identical to the component trapping libcall -- is there a reason we need two copies and can't just use this one everywhere?

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 16:23):

fitzgen created PR review comment:

This reminds me that we should definitely be doing differential fuzzing between virtual-memory-traps={yes,no} configs. I assume you probably added that, but I haven't finished reading the PR yet. Just noting this down just in case.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 12 2024 at 18:46):

github-actions[bot] commented on PR #9230:

Subscribe to Label Action

cc @fitzgen

<details>
This issue or pull request has been labeled: "wasmtime:ref-types"

Thus the following users have been cc'd because of the following labels:

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:20):

alexcrichton submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:20):

alexcrichton created PR review comment:

Very good points yeah, and I like the signals_based_traps name you suggested below, so I've gone with that.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:20):

alexcrichton submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:20):

alexcrichton created PR review comment:

Whoops I forgot to fill this out

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:33):

alexcrichton submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:33):

alexcrichton created PR review comment:

Nah just more effort to plumb u8 to more locations, but I've now done that.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:37):

alexcrichton submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:37):

alexcrichton created PR review comment:

There's some subtle differences in the ABI like the exact return value and the first parameter between the component/core wasm side of things. The component side of things is a bit unfortunate because it's only needed for a degenerate case of always-trapping adapters, but I'll probably leave the minor duplication for now in the hopes this can be refactored away in the future

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:40):

alexcrichton submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:40):

alexcrichton created PR review comment:

I believe that f64 can losslessly represent a f32, yes, it's just the other way around that's bad. Additionally I think it's always valid to promote, perform an op, then demote. The bad thing is to promote, perform a few ops, then demote. Here though there's no "demotion" and it's just promote-and-convert which I believe in theory should.

The wasm spec tests are actually somewhat comprehensive in the boundary cases here and differential fuzzing is also enabled, so I believe that this is correct. (famous last words)

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:41):

alexcrichton updated PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:41):

alexcrichton has enabled auto merge for PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:42):

fitzgen submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 15:42):

fitzgen created PR review comment:

Ah gotcha. SGTM

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 16:41):

alexcrichton updated PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 16:42):

alexcrichton updated PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 16:43):

alexcrichton has enabled auto merge for PR #9230.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 13 2024 at 17:09):

alexcrichton merged PR #9230.


Last updated: Dec 23 2024 at 12:05 UTC