wasmtime / issue #5104 Update `wasmi` used in differentia... · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / issue #5104 Update `wasmi` used in differentia...

Wasmtime GitHub notifications bot (Oct 24 2022 at 02:06):

github-actions[bot] commented on issue #5104:

Subscribe to Label Action

cc @fitzgen

<details>
This issue or pull request has been labeled: "fuzzing"

Thus the following users have been cc'd because of the following labels:

fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

Wasmtime GitHub notifications bot (Oct 24 2022 at 06:46):

Robbepop commented on issue #5104:

We have not yet integrated full fuzz testing for the newest wasmi engine (just very basic fuzzing so far) so I am a bit worried that it might be a big noisy at start. If that's the case we will definitely fix found wasmi bugs asap.

Concerning cargo-vet the following crates must be registered to your database:

wasmi: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM).

wasmi_core: This is just a small utility crate and should be pretty boring. Also it has no unsafe code.

wasmi_arena: Similar to wasmi_core. Just defines some arena data structures for use in wasmi.

memory-units: Can be safely ignored since wasmi already removed it.

indexmap-nostd: This again is interesting. It is a reimlpementation of the API of the well-known indexmap crate. It uses no unsafe Rust code and is implemented as simple as it gets. We use it in the wasmparser-nostd fork of wasmparser and it passes all wasm-tools tests as well as all of wasmi tests but has no tests on its own.

wasmparser-nostd: More or less trivial fork of wasmparser. The most interesting difference is the use of the aforementioned indexmap-nostd.

Wasmtime GitHub notifications bot (Oct 24 2022 at 06:47):

Robbepop edited a comment on issue #5104:

Very cool to see wasmi update in the Wasmtime fuzzing.

We have not yet integrated full fuzz testing for the newest wasmi engine (just very basic fuzzing so far) so I am a bit worried that it might be a big noisy at start. If that's the case we will definitely fix found wasmi bugs asap.

Concerning cargo-vet the following crates must be registered to your database:

wasmi: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM).

wasmi_core: This is just a small utility crate and should be pretty boring. Also it has no unsafe code.

wasmi_arena: Similar to wasmi_core. Just defines some arena data structures for use in wasmi.

memory-units: Can be safely ignored since wasmi already removed it.

indexmap-nostd: This again is interesting. It is a reimlpementation of the API of the well-known indexmap crate. It uses no unsafe Rust code and is implemented as simple as it gets. We use it in the wasmparser-nostd fork of wasmparser and it passes all wasm-tools tests as well as all of wasmi tests but has no tests on its own.

wasmparser-nostd: More or less trivial fork of wasmparser. The most interesting difference is the use of the aforementioned indexmap-nostd.

Wasmtime GitHub notifications bot (Oct 24 2022 at 06:48):

Robbepop edited a comment on issue #5104:

Very cool to see wasmi update in the Wasmtime fuzzing.

We have not yet integrated full fuzz testing for the newest wasmi engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix found wasmi bugs asap.

Concerning cargo-vet the following crates must be registered to your database:

wasmi: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM).

wasmi_core: This is just a small utility crate and should be pretty boring. Also it has no unsafe code.

wasmi_arena: Similar to wasmi_core. Just defines some arena data structures for use in wasmi.

memory-units: Can be safely ignored since wasmi already removed it.

indexmap-nostd: This again is interesting. It is a reimlpementation of the API of the well-known indexmap crate. It uses no unsafe Rust code and is implemented as simple as it gets. We use it in the wasmparser-nostd fork of wasmparser and it passes all wasm-tools tests as well as all of wasmi tests but has no tests on its own.

wasmparser-nostd: More or less trivial fork of wasmparser. The most interesting difference is the use of the aforementioned indexmap-nostd.

Wasmtime GitHub notifications bot (Oct 24 2022 at 06:48):

Robbepop edited a comment on issue #5104:

Very cool to see wasmi update in the Wasmtime fuzzing.

We have not yet integrated full fuzz testing for the newest wasmi engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix found wasmi bugs asap.

Concerning cargo-vet the following crates must be registered to your database:

wasmi: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM). I am the author of that crate.

wasmi_core: This is just a small utility crate and should be pretty boring. Also it has no unsafe code. I am the author of that crate.

wasmi_arena: Similar to wasmi_core. Just defines some arena data structures for use in wasmi. I am the author of that crate.

memory-units: Can be safely ignored since wasmi already removed it.

indexmap-nostd: This again is interesting. It is a reimlpementation of the API of the well-known indexmap crate. It uses no unsafe Rust code and is implemented as simple as it gets. We use it in the wasmparser-nostd fork of wasmparser and it passes all wasm-tools tests as well as all of wasmi tests but has no tests on its own. I am the author of that crate.

wasmparser-nostd: More or less trivial fork of wasmparser. The most interesting difference is the use of the aforementioned indexmap-nostd.

Wasmtime GitHub notifications bot (Oct 24 2022 at 06:54):

Robbepop edited a comment on issue #5104:

Very cool to see wasmi update in the Wasmtime fuzzing.

We have not yet integrated full fuzz testing for the newest wasmi engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix found wasmi bugs asap.

Concerning cargo-vet the following crates must be registered to your database:

wasmi: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM). I am the author of that crate.

wasmi_core: This is just a small utility crate and should be pretty boring. Also it has no unsafe code. I am the author of that crate.

wasmi_arena: Similar to wasmi_core. Just defines some arena data structures for use in wasmi. I am the author of that crate.

memory-units: Can be safely ignored since wasmi already removed it.

indexmap-nostd: This again is interesting. It is a reimlpementation of the API of the well-known indexmap crate. It uses no unsafe Rust code and is implemented as simple as it gets. We use it in the wasmparser-nostd fork of wasmparser and it passes all wasm-tools tests as well as all of wasmi tests but has no tests on its own. I am the author of that crate.

wasmparser-nostd: More or less trivial fork of wasmparser. The most interesting difference is the use of the aforementioned indexmap-nostd. I am the author of that fork.

Wasmtime GitHub notifications bot (Oct 24 2022 at 15:22):

alexcrichton commented on issue #5104:

I've added cargo vet entries for all new dependencies added here, except for the wasmi crate itself. I've updated the exemption from 0.11.0 to 0.19.0 so we're not necessarily in much worse of a position, but othewise I'm not in a position to provide a "vet" of that crate in the official sense but I believe it's safe to run for fuzzing for us.

Otherwise thanks for the info @Robbepop, I've run the fuzzer for a number of hours locally and nothing has shown up, so if something pops up on oss-fuzz I'll forward along the issue.

Wasmtime GitHub notifications bot (Oct 24 2022 at 21:15):

Robbepop commented on issue #5104:

Otherwise thanks for the info @Robbepop, I've run the fuzzer for a number of hours locally and nothing has shown up, so if something pops up on oss-fuzz I'll forward along the issue.

Oh wow, that's incredible news. Also looking forward to any forwarded bugs. :)

Last updated: Dec 13 2025 at 19:03 UTC