1 use crate::error::OutOfMemory; 2 use crate::prelude::*; 3 use crate::runtime::vm::{ 4 self, InterpreterRef, SendSyncPtr, StoreBox, VMArrayCallHostFuncContext, 5 VMCommonStackInformation, VMContext, VMFuncRef, VMFunctionImport, VMOpaqueContext, 6 VMStoreContext, 7 }; 8 use crate::store::{Asyncness, AutoAssertNoGc, InstanceId, StoreId, StoreOpaque}; 9 use crate::type_registry::RegisteredType; 10 use crate::{ 11 AsContext, AsContextMut, CallHook, Engine, Extern, FuncType, Instance, ModuleExport, Ref, 12 StoreContext, StoreContextMut, Val, ValRaw, ValType, 13 }; 14 use alloc::sync::Arc; 15 use core::convert::Infallible; 16 use core::ffi::c_void; 17 #[cfg(feature = "async")] 18 use core::future::Future; 19 use core::mem::{self, MaybeUninit}; 20 use core::ptr::NonNull; 21 use wasmtime_environ::{PanicOnOom as _, VMSharedTypeIndex}; 22 23 /// A reference to the abstract `nofunc` heap value. 24 /// 25 /// The are no instances of `(ref nofunc)`: it is an uninhabited type. 26 /// 27 /// There is precisely one instance of `(ref null nofunc)`, aka `nullfuncref`: 28 /// the null reference. 29 /// 30 /// This `NoFunc` Rust type's sole purpose is for use with [`Func::wrap`]- and 31 /// [`Func::typed`]-style APIs for statically typing a function as taking or 32 /// returning a `(ref null nofunc)` (aka `Option<NoFunc>`) which is always 33 /// `None`. 34 /// 35 /// # Example 36 /// 37 /// ``` 38 /// # use wasmtime::*; 39 /// # fn _foo() -> Result<()> { 40 /// let mut config = Config::new(); 41 /// config.wasm_function_references(true); 42 /// let engine = Engine::new(&config)?; 43 /// 44 /// let module = Module::new( 45 /// &engine, 46 /// r#" 47 /// (module 48 /// (func (export "f") (param (ref null nofunc)) 49 /// ;; If the reference is null, return. 50 /// local.get 0 51 /// ref.is_null nofunc 52 /// br_if 0 53 /// 54 /// ;; If the reference was not null (which is impossible) 55 /// ;; then raise a trap. 56 /// unreachable 57 /// ) 58 /// ) 59 /// "#, 60 /// )?; 61 /// 62 /// let mut store = Store::new(&engine, ()); 63 /// let instance = Instance::new(&mut store, &module, &[])?; 64 /// let f = instance.get_func(&mut store, "f").unwrap(); 65 /// 66 /// // We can cast a `(ref null nofunc)`-taking function into a typed function that 67 /// // takes an `Option<NoFunc>` via the `Func::typed` method. 68 /// let f = f.typed::<Option<NoFunc>, ()>(&store)?; 69 /// 70 /// // We can call the typed function, passing the null `nofunc` reference. 71 /// let result = f.call(&mut store, NoFunc::null()); 72 /// 73 /// // The function should not have trapped, because the reference we gave it was 74 /// // null (as it had to be, since `NoFunc` is uninhabited). 75 /// assert!(result.is_ok()); 76 /// # Ok(()) 77 /// # } 78 /// ``` 79 #[derive(Copy, Clone, Debug, PartialEq, Eq)] 80 pub struct NoFunc { 81 _inner: Infallible, 82 } 83 84 impl NoFunc { 85 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference. 86 #[inline] 87 pub fn null() -> Option<NoFunc> { 88 None 89 } 90 91 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a 92 /// [`Ref`]. 93 #[inline] 94 pub fn null_ref() -> Ref { 95 Ref::Func(None) 96 } 97 98 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a 99 /// [`Val`]. 100 #[inline] 101 pub fn null_val() -> Val { 102 Val::FuncRef(None) 103 } 104 } 105 106 /// A WebAssembly function which can be called. 107 /// 108 /// This type typically represents an exported function from a WebAssembly 109 /// module instance. In this case a [`Func`] belongs to an [`Instance`] and is 110 /// loaded from there. A [`Func`] may also represent a host function as well in 111 /// some cases, too. 112 /// 113 /// Functions can be called in a few different ways, either synchronous or async 114 /// and either typed or untyped (more on this below). Note that host functions 115 /// are normally inserted directly into a [`Linker`](crate::Linker) rather than 116 /// using this directly, but both options are available. 117 /// 118 /// # `Func` and `async` 119 /// 120 /// Functions from the perspective of WebAssembly are always synchronous. You 121 /// might have an `async` function in Rust, however, which you'd like to make 122 /// available from WebAssembly. Wasmtime supports asynchronously calling 123 /// WebAssembly through native stack switching. You can get some more 124 /// information about [asynchronous configs](crate#async), but 125 /// from the perspective of `Func` it's important to know that whether or not 126 /// your [`Store`](crate::Store) is asynchronous will dictate whether you call 127 /// functions through [`Func::call`] or [`Func::call_async`] (or the typed 128 /// wrappers such as [`TypedFunc::call`] vs [`TypedFunc::call_async`]). 129 /// 130 /// # To `Func::call` or to `Func::typed().call()` 131 /// 132 /// There's a 2x2 matrix of methods to call [`Func`]. Invocations can either be 133 /// asynchronous or synchronous. They can also be statically typed or not. 134 /// Whether or not an invocation is asynchronous is indicated via the method 135 /// being `async` and [`call_async`](Func::call_async) being the entry point. 136 /// Otherwise for statically typed or not your options are: 137 /// 138 /// * Dynamically typed - if you don't statically know the signature of the 139 /// function that you're calling you'll be using [`Func::call`] or 140 /// [`Func::call_async`]. These functions take a variable-length slice of 141 /// "boxed" arguments in their [`Val`] representation. Additionally the 142 /// results are returned as an owned slice of [`Val`]. These methods are not 143 /// optimized due to the dynamic type checks that must occur, in addition to 144 /// some dynamic allocations for where to put all the arguments. While this 145 /// allows you to call all possible wasm function signatures, if you're 146 /// looking for a speedier alternative you can also use... 147 /// 148 /// * Statically typed - if you statically know the type signature of the wasm 149 /// function you're calling, then you'll want to use the [`Func::typed`] 150 /// method to acquire an instance of [`TypedFunc`]. This structure is static proof 151 /// that the underlying wasm function has the ascripted type, and type 152 /// validation is only done once up-front. The [`TypedFunc::call`] and 153 /// [`TypedFunc::call_async`] methods are much more efficient than [`Func::call`] 154 /// and [`Func::call_async`] because the type signature is statically known. 155 /// This eschews runtime checks as much as possible to get into wasm as fast 156 /// as possible. 157 /// 158 /// # Examples 159 /// 160 /// One way to get a `Func` is from an [`Instance`] after you've instantiated 161 /// it: 162 /// 163 /// ``` 164 /// # use wasmtime::*; 165 /// # fn main() -> Result<()> { 166 /// let engine = Engine::default(); 167 /// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?; 168 /// let mut store = Store::new(&engine, ()); 169 /// let instance = Instance::new(&mut store, &module, &[])?; 170 /// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function"); 171 /// 172 /// // Work with `foo` as a `Func` at this point, such as calling it 173 /// // dynamically... 174 /// match foo.call(&mut store, &[], &mut []) { 175 /// Ok(()) => { /* ... */ } 176 /// Err(trap) => { 177 /// panic!("execution of `foo` resulted in a wasm trap: {}", trap); 178 /// } 179 /// } 180 /// foo.call(&mut store, &[], &mut [])?; 181 /// 182 /// // ... or we can make a static assertion about its signature and call it. 183 /// // Our first call here can fail if the signatures don't match, and then the 184 /// // second call can fail if the function traps (like the `match` above). 185 /// let foo = foo.typed::<(), ()>(&store)?; 186 /// foo.call(&mut store, ())?; 187 /// # Ok(()) 188 /// # } 189 /// ``` 190 /// 191 /// You can also use the [`wrap` function](Func::wrap) to create a 192 /// `Func` 193 /// 194 /// ``` 195 /// # use wasmtime::*; 196 /// # fn main() -> Result<()> { 197 /// let mut store = Store::<()>::default(); 198 /// 199 /// // Create a custom `Func` which can execute arbitrary code inside of the 200 /// // closure. 201 /// let add = Func::wrap(&mut store, |a: i32, b: i32| -> i32 { a + b }); 202 /// 203 /// // Next we can hook that up to a wasm module which uses it. 204 /// let module = Module::new( 205 /// store.engine(), 206 /// r#" 207 /// (module 208 /// (import "" "" (func $add (param i32 i32) (result i32))) 209 /// (func (export "call_add_twice") (result i32) 210 /// i32.const 1 211 /// i32.const 2 212 /// call $add 213 /// i32.const 3 214 /// i32.const 4 215 /// call $add 216 /// i32.add)) 217 /// "#, 218 /// )?; 219 /// let instance = Instance::new(&mut store, &module, &[add.into()])?; 220 /// let call_add_twice = instance.get_typed_func::<(), i32>(&mut store, "call_add_twice")?; 221 /// 222 /// assert_eq!(call_add_twice.call(&mut store, ())?, 10); 223 /// # Ok(()) 224 /// # } 225 /// ``` 226 /// 227 /// Or you could also create an entirely dynamic `Func`! 228 /// 229 /// ``` 230 /// # use wasmtime::*; 231 /// # fn main() -> Result<()> { 232 /// let mut store = Store::<()>::default(); 233 /// 234 /// // Here we need to define the type signature of our `Double` function and 235 /// // then wrap it up in a `Func` 236 /// let double_type = wasmtime::FuncType::new( 237 /// store.engine(), 238 /// [wasmtime::ValType::I32].iter().cloned(), 239 /// [wasmtime::ValType::I32].iter().cloned(), 240 /// ); 241 /// let double = Func::new(&mut store, double_type, |_, params, results| { 242 /// let mut value = params[0].unwrap_i32(); 243 /// value *= 2; 244 /// results[0] = value.into(); 245 /// Ok(()) 246 /// }); 247 /// 248 /// let module = Module::new( 249 /// store.engine(), 250 /// r#" 251 /// (module 252 /// (import "" "" (func $double (param i32) (result i32))) 253 /// (func $start 254 /// i32.const 1 255 /// call $double 256 /// drop) 257 /// (start $start)) 258 /// "#, 259 /// )?; 260 /// let instance = Instance::new(&mut store, &module, &[double.into()])?; 261 /// // .. work with `instance` if necessary 262 /// # Ok(()) 263 /// # } 264 /// ``` 265 #[derive(Copy, Clone, Debug)] 266 #[repr(C)] // here for the C API 267 pub struct Func { 268 /// The store that the below pointer belongs to. 269 /// 270 /// It's only safe to look at the contents of the pointer below when the 271 /// `StoreOpaque` matching this id is in-scope. 272 store: StoreId, 273 274 /// The raw `VMFuncRef`, whose lifetime is bound to the store this func 275 /// belongs to. 276 /// 277 /// Note that this field has an `unsafe_*` prefix to discourage use of it. 278 /// This is only safe to read/use if `self.store` is validated to belong to 279 /// an ambiently provided `StoreOpaque` or similar. Use the 280 /// `self.func_ref()` method instead of this field to perform this check. 281 unsafe_func_ref: SendSyncPtr<VMFuncRef>, 282 } 283 284 // Double-check that the C representation in `extern.h` matches our in-Rust 285 // representation here in terms of size/alignment/etc. 286 const _: () = { 287 #[repr(C)] 288 struct C(u64, *mut u8); 289 assert!(core::mem::size_of::<C>() == core::mem::size_of::<Func>()); 290 assert!(core::mem::align_of::<C>() == core::mem::align_of::<Func>()); 291 assert!(core::mem::offset_of!(Func, store) == 0); 292 }; 293 294 macro_rules! for_each_function_signature { 295 ($mac:ident) => { 296 $mac!(0); 297 $mac!(1 A1); 298 $mac!(2 A1 A2); 299 $mac!(3 A1 A2 A3); 300 $mac!(4 A1 A2 A3 A4); 301 $mac!(5 A1 A2 A3 A4 A5); 302 $mac!(6 A1 A2 A3 A4 A5 A6); 303 $mac!(7 A1 A2 A3 A4 A5 A6 A7); 304 $mac!(8 A1 A2 A3 A4 A5 A6 A7 A8); 305 $mac!(9 A1 A2 A3 A4 A5 A6 A7 A8 A9); 306 $mac!(10 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10); 307 $mac!(11 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11); 308 $mac!(12 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12); 309 $mac!(13 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13); 310 $mac!(14 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14); 311 $mac!(15 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15); 312 $mac!(16 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16); 313 $mac!(17 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16 A17); 314 }; 315 } 316 317 mod typed; 318 use crate::runtime::vm::VMStackChain; 319 pub use typed::*; 320 321 impl Func { 322 /// Creates a new `Func` with the given arguments, typically to create a 323 /// host-defined function to pass as an import to a module. 324 /// 325 /// * `store` - the store in which to create this [`Func`], which will own 326 /// the return value. 327 /// 328 /// * `ty` - the signature of this function, used to indicate what the 329 /// inputs and outputs are. 330 /// 331 /// * `func` - the native code invoked whenever this `Func` will be called. 332 /// This closure is provided a [`Caller`] as its first argument to learn 333 /// information about the caller, and then it's passed a list of 334 /// parameters as a slice along with a mutable slice of where to write 335 /// results. 336 /// 337 /// Note that the implementation of `func` must adhere to the `ty` signature 338 /// given, error or traps may occur if it does not respect the `ty` 339 /// signature. For example if the function type declares that it returns one 340 /// i32 but the `func` closures does not write anything into the results 341 /// slice then a trap may be generated. 342 /// 343 /// Additionally note that this is quite a dynamic function since signatures 344 /// are not statically known. For a more performant and ergonomic `Func` 345 /// it's recommended to use [`Func::wrap`] if you can because with 346 /// statically known signatures Wasmtime can optimize the implementation 347 /// much more. 348 /// 349 /// For more information about `Send + Sync + 'static` requirements on the 350 /// `func`, see [`Func::wrap`](#why-send--sync--static). 351 /// 352 /// # Errors 353 /// 354 /// The host-provided function here returns a 355 /// [`Result<()>`](crate::Result). If the function returns `Ok(())` then 356 /// that indicates that the host function completed successfully and wrote 357 /// the result into the `&mut [Val]` argument. 358 /// 359 /// If the function returns `Err(e)`, however, then this is equivalent to 360 /// the host function triggering a trap for wasm. WebAssembly execution is 361 /// immediately halted and the original caller of [`Func::call`], for 362 /// example, will receive the error returned here (possibly with 363 /// [`WasmBacktrace`](crate::WasmBacktrace) context information attached). 364 /// 365 /// For more information about errors in Wasmtime see the [`Trap`] 366 /// documentation. 367 /// 368 /// [`Trap`]: crate::Trap 369 /// 370 /// # Panics 371 /// 372 /// Panics if the given function type is not associated with this store's 373 /// engine. 374 pub fn new<T: 'static>( 375 mut store: impl AsContextMut<Data = T>, 376 ty: FuncType, 377 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static, 378 ) -> Self { 379 let store = store.as_context_mut().0; 380 let host = HostFunc::new(store.engine(), ty, func).panic_on_oom(); 381 382 // SAFETY: the `T` used by `func` matches the `T` of the store we're 383 // inserting into via this function's type signature. 384 unsafe { host.into_func(store) } 385 } 386 387 /// Creates a new [`Func`] with the given arguments, although has fewer 388 /// runtime checks than [`Func::new`]. 389 /// 390 /// This function takes a callback of a different signature than 391 /// [`Func::new`], instead receiving a raw pointer with a list of [`ValRaw`] 392 /// structures. These values have no type information associated with them 393 /// so it's up to the caller to provide a function that will correctly 394 /// interpret the list of values as those coming from the `ty` specified. 395 /// 396 /// If you're calling this from Rust it's recommended to either instead use 397 /// [`Func::new`] or [`Func::wrap`]. The [`Func::wrap`] API, in particular, 398 /// is both safer and faster than this API. 399 /// 400 /// # Errors 401 /// 402 /// See [`Func::new`] for the behavior of returning an error from the host 403 /// function provided here. 404 /// 405 /// # Unsafety 406 /// 407 /// This function is not safe because it's not known at compile time that 408 /// the `func` provided correctly interprets the argument types provided to 409 /// it, or that the results it produces will be of the correct type. 410 /// 411 /// # Panics 412 /// 413 /// Panics if the given function type is not associated with this store's 414 /// engine. 415 pub unsafe fn new_unchecked<T: 'static>( 416 mut store: impl AsContextMut<Data = T>, 417 ty: FuncType, 418 func: impl Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + Send + Sync + 'static, 419 ) -> Self { 420 let store = store.as_context_mut().0; 421 422 // SAFETY: the contract required by `new_unchecked` is the same as the 423 // contract required by this function itself. 424 let host = unsafe { HostFunc::new_unchecked(store.engine(), ty, func).panic_on_oom() }; 425 426 // SAFETY: the `T` used by `func` matches the `T` of the store we're 427 // inserting into via this function's type signature. 428 unsafe { host.into_func(store) } 429 } 430 431 /// Creates a new host-defined WebAssembly function which, when called, 432 /// will run the asynchronous computation defined by `func` to completion 433 /// and then return the result to WebAssembly. 434 /// 435 /// This function is the asynchronous analogue of [`Func::new`] and much of 436 /// that documentation applies to this as well. The key difference is that 437 /// `func` returns a future instead of simply a `Result`. Note that the 438 /// returned future can close over any of the arguments, but it cannot close 439 /// over the state of the closure itself. It's recommended to store any 440 /// necessary async state in the `T` of the [`Store<T>`](crate::Store) which 441 /// can be accessed through [`Caller::data`] or [`Caller::data_mut`]. 442 /// 443 /// For more information on `Send + Sync + 'static`, see 444 /// [`Func::wrap`](#why-send--sync--static). 445 /// 446 /// # Panics 447 /// 448 /// Panics if the given function type is not associated with this store's 449 /// engine. 450 /// 451 /// # Errors 452 /// 453 /// See [`Func::new`] for the behavior of returning an error from the host 454 /// function provided here. 455 /// 456 /// # Examples 457 /// 458 /// ``` 459 /// # use wasmtime::*; 460 /// # fn main() -> Result<()> { 461 /// // Simulate some application-specific state as well as asynchronous 462 /// // functions to query that state. 463 /// struct MyDatabase { 464 /// // ... 465 /// } 466 /// 467 /// impl MyDatabase { 468 /// async fn get_row_count(&self) -> u32 { 469 /// // ... 470 /// # 100 471 /// } 472 /// } 473 /// 474 /// let my_database = MyDatabase { 475 /// // ... 476 /// }; 477 /// 478 /// // Using `new_async` we can hook up into calling our async 479 /// // `get_row_count` function. 480 /// let engine = Engine::default(); 481 /// let mut store = Store::new(&engine, MyDatabase { 482 /// // ... 483 /// }); 484 /// let get_row_count_type = wasmtime::FuncType::new( 485 /// &engine, 486 /// None, 487 /// Some(wasmtime::ValType::I32), 488 /// ); 489 /// let get = Func::new_async(&mut store, get_row_count_type, |caller, _params, results| { 490 /// Box::new(async move { 491 /// let count = caller.data().get_row_count().await; 492 /// results[0] = Val::I32(count as i32); 493 /// Ok(()) 494 /// }) 495 /// }); 496 /// // ... 497 /// # Ok(()) 498 /// # } 499 /// ``` 500 #[cfg(feature = "async")] 501 pub fn new_async<T, F>(mut store: impl AsContextMut<Data = T>, ty: FuncType, func: F) -> Func 502 where 503 F: for<'a> Fn( 504 Caller<'a, T>, 505 &'a [Val], 506 &'a mut [Val], 507 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a> 508 + Send 509 + Sync 510 + 'static, 511 T: Send + 'static, 512 { 513 let store = store.as_context_mut().0; 514 515 let host = HostFunc::new_async(store.engine(), ty, func).panic_on_oom(); 516 517 // SAFETY: the `T` used by `func` matches the `T` of the store we're 518 // inserting into via this function's type signature. 519 unsafe { host.into_func(store) } 520 } 521 522 /// Creates a new `Func` from a store and a funcref within that store. 523 /// 524 /// # Safety 525 /// 526 /// The safety of this function requires that `func_ref` is a valid function 527 /// pointer owned by `store`. 528 pub(crate) unsafe fn from_vm_func_ref(store: StoreId, func_ref: NonNull<VMFuncRef>) -> Func { 529 // SAFETY: given the contract of this function it's safe to read the 530 // `type_index` field. 531 unsafe { 532 debug_assert!(func_ref.as_ref().type_index != VMSharedTypeIndex::default()); 533 } 534 Func { 535 store, 536 unsafe_func_ref: func_ref.into(), 537 } 538 } 539 540 /// Creates a new `Func` from the given Rust closure. 541 /// 542 /// This function will create a new `Func` which, when called, will 543 /// execute the given Rust closure. Unlike [`Func::new`] the target 544 /// function being called is known statically so the type signature can 545 /// be inferred. Rust types will map to WebAssembly types as follows: 546 /// 547 /// | Rust Argument Type | WebAssembly Type | 548 /// |-----------------------------------|-------------------------------------------| 549 /// | `i32` | `i32` | 550 /// | `u32` | `i32` | 551 /// | `i64` | `i64` | 552 /// | `u64` | `i64` | 553 /// | `f32` | `f32` | 554 /// | `f64` | `f64` | 555 /// | `V128` on x86-64 and aarch64 only | `v128` | 556 /// | `Option<Func>` | `funcref` aka `(ref null func)` | 557 /// | `Func` | `(ref func)` | 558 /// | `Option<Nofunc>` | `nullfuncref` aka `(ref null nofunc)` | 559 /// | `NoFunc` | `(ref nofunc)` | 560 /// | `Option<Rooted<ExternRef>>` | `externref` aka `(ref null extern)` | 561 /// | `Rooted<ExternRef>` | `(ref extern)` | 562 /// | `Option<NoExtern>` | `nullexternref` aka `(ref null noextern)` | 563 /// | `NoExtern` | `(ref noextern)` | 564 /// | `Option<Rooted<AnyRef>>` | `anyref` aka `(ref null any)` | 565 /// | `Rooted<AnyRef>` | `(ref any)` | 566 /// | `Option<Rooted<EqRef>>` | `eqref` aka `(ref null eq)` | 567 /// | `Rooted<EqRef>` | `(ref eq)` | 568 /// | `Option<I31>` | `i31ref` aka `(ref null i31)` | 569 /// | `I31` | `(ref i31)` | 570 /// | `Option<Rooted<StructRef>>` | `(ref null struct)` | 571 /// | `Rooted<StructRef>` | `(ref struct)` | 572 /// | `Option<Rooted<ArrayRef>>` | `(ref null array)` | 573 /// | `Rooted<ArrayRef>` | `(ref array)` | 574 /// | `Option<NoneRef>` | `nullref` aka `(ref null none)` | 575 /// | `NoneRef` | `(ref none)` | 576 /// 577 /// Note that anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also 578 /// be used. 579 /// 580 /// Any of the Rust types can be returned from the closure as well, in 581 /// addition to some extra types 582 /// 583 /// | Rust Return Type | WebAssembly Return Type | Meaning | 584 /// |-------------------|-------------------------|-----------------------| 585 /// | `()` | nothing | no return value | 586 /// | `T` | `T` | a single return value | 587 /// | `(T1, T2, ...)` | `T1 T2 ...` | multiple returns | 588 /// 589 /// Note that all return types can also be wrapped in `Result<_>` to 590 /// indicate that the host function can generate a trap as well as possibly 591 /// returning a value. 592 /// 593 /// Finally you can also optionally take [`Caller`] as the first argument of 594 /// your closure. If inserted then you're able to inspect the caller's 595 /// state, for example the [`Memory`](crate::Memory) it has exported so you 596 /// can read what pointers point to. 597 /// 598 /// Note that when using this API, the intention is to create as thin of a 599 /// layer as possible for when WebAssembly calls the function provided. With 600 /// sufficient inlining and optimization the WebAssembly will call straight 601 /// into `func` provided, with no extra fluff entailed. 602 /// 603 /// # Why `Send + Sync + 'static`? 604 /// 605 /// All host functions defined in a [`Store`](crate::Store) (including 606 /// those from [`Func::new`] and other constructors) require that the 607 /// `func` provided is `Send + Sync + 'static`. Additionally host functions 608 /// always are `Fn` as opposed to `FnMut` or `FnOnce`. This can at-a-glance 609 /// feel restrictive since the closure cannot close over as many types as 610 /// before. The reason for this, though, is to ensure that 611 /// [`Store<T>`](crate::Store) can implement both the `Send` and `Sync` 612 /// traits. 613 /// 614 /// Fear not, however, because this isn't as restrictive as it seems! Host 615 /// functions are provided a [`Caller<'_, T>`](crate::Caller) argument which 616 /// allows access to the host-defined data within the 617 /// [`Store`](crate::Store). The `T` type is not required to be any of 618 /// `Send`, `Sync`, or `'static`! This means that you can store whatever 619 /// you'd like in `T` and have it accessible by all host functions. 620 /// Additionally mutable access to `T` is allowed through 621 /// [`Caller::data_mut`]. 622 /// 623 /// Most host-defined [`Func`] values provide closures that end up not 624 /// actually closing over any values. These zero-sized types will use the 625 /// context from [`Caller`] for host-defined information. 626 /// 627 /// # Errors 628 /// 629 /// The closure provided here to `wrap` can optionally return a 630 /// [`Result<T>`](crate::Result). Returning `Ok(t)` represents the host 631 /// function successfully completing with the `t` result. Returning 632 /// `Err(e)`, however, is equivalent to raising a custom wasm trap. 633 /// Execution of WebAssembly does not resume and the stack is unwound to the 634 /// original caller of the function where the error is returned. 635 /// 636 /// For more information about errors in Wasmtime see the [`Trap`] 637 /// documentation. 638 /// 639 /// [`Trap`]: crate::Trap 640 /// 641 /// # Examples 642 /// 643 /// First up we can see how simple wasm imports can be implemented, such 644 /// as a function that adds its two arguments and returns the result. 645 /// 646 /// ``` 647 /// # use wasmtime::*; 648 /// # fn main() -> Result<()> { 649 /// # let mut store = Store::<()>::default(); 650 /// let add = Func::wrap(&mut store, |a: i32, b: i32| a + b); 651 /// let module = Module::new( 652 /// store.engine(), 653 /// r#" 654 /// (module 655 /// (import "" "" (func $add (param i32 i32) (result i32))) 656 /// (func (export "foo") (param i32 i32) (result i32) 657 /// local.get 0 658 /// local.get 1 659 /// call $add)) 660 /// "#, 661 /// )?; 662 /// let instance = Instance::new(&mut store, &module, &[add.into()])?; 663 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?; 664 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3); 665 /// # Ok(()) 666 /// # } 667 /// ``` 668 /// 669 /// We can also do the same thing, but generate a trap if the addition 670 /// overflows: 671 /// 672 /// ``` 673 /// # use wasmtime::*; 674 /// # fn main() -> Result<()> { 675 /// # let mut store = Store::<()>::default(); 676 /// let add = Func::wrap(&mut store, |a: i32, b: i32| { 677 /// match a.checked_add(b) { 678 /// Some(i) => Ok(i), 679 /// None => bail!("overflow"), 680 /// } 681 /// }); 682 /// let module = Module::new( 683 /// store.engine(), 684 /// r#" 685 /// (module 686 /// (import "" "" (func $add (param i32 i32) (result i32))) 687 /// (func (export "foo") (param i32 i32) (result i32) 688 /// local.get 0 689 /// local.get 1 690 /// call $add)) 691 /// "#, 692 /// )?; 693 /// let instance = Instance::new(&mut store, &module, &[add.into()])?; 694 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?; 695 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3); 696 /// assert!(foo.call(&mut store, (i32::max_value(), 1)).is_err()); 697 /// # Ok(()) 698 /// # } 699 /// ``` 700 /// 701 /// And don't forget all the wasm types are supported! 702 /// 703 /// ``` 704 /// # use wasmtime::*; 705 /// # fn main() -> Result<()> { 706 /// # let mut store = Store::<()>::default(); 707 /// let debug = Func::wrap(&mut store, |a: i32, b: u32, c: f32, d: i64, e: u64, f: f64| { 708 /// 709 /// println!("a={}", a); 710 /// println!("b={}", b); 711 /// println!("c={}", c); 712 /// println!("d={}", d); 713 /// println!("e={}", e); 714 /// println!("f={}", f); 715 /// }); 716 /// let module = Module::new( 717 /// store.engine(), 718 /// r#" 719 /// (module 720 /// (import "" "" (func $debug (param i32 i32 f32 i64 i64 f64))) 721 /// (func (export "foo") 722 /// i32.const -1 723 /// i32.const 1 724 /// f32.const 2 725 /// i64.const -3 726 /// i64.const 3 727 /// f64.const 4 728 /// call $debug)) 729 /// "#, 730 /// )?; 731 /// let instance = Instance::new(&mut store, &module, &[debug.into()])?; 732 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?; 733 /// foo.call(&mut store, ())?; 734 /// # Ok(()) 735 /// # } 736 /// ``` 737 /// 738 /// Finally if you want to get really fancy you can also implement 739 /// imports that read/write wasm module's memory 740 /// 741 /// ``` 742 /// use std::str; 743 /// 744 /// # use wasmtime::*; 745 /// # fn main() -> Result<()> { 746 /// # let mut store = Store::default(); 747 /// let log_str = Func::wrap(&mut store, |mut caller: Caller<'_, ()>, ptr: i32, len: i32| { 748 /// let mem = match caller.get_export("memory") { 749 /// Some(Extern::Memory(mem)) => mem, 750 /// _ => bail!("failed to find host memory"), 751 /// }; 752 /// let data = mem.data(&caller) 753 /// .get(ptr as u32 as usize..) 754 /// .and_then(|arr| arr.get(..len as u32 as usize)); 755 /// let string = match data { 756 /// Some(data) => match str::from_utf8(data) { 757 /// Ok(s) => s, 758 /// Err(_) => bail!("invalid utf-8"), 759 /// }, 760 /// None => bail!("pointer/length out of bounds"), 761 /// }; 762 /// assert_eq!(string, "Hello, world!"); 763 /// println!("{}", string); 764 /// Ok(()) 765 /// }); 766 /// let module = Module::new( 767 /// store.engine(), 768 /// r#" 769 /// (module 770 /// (import "" "" (func $log_str (param i32 i32))) 771 /// (func (export "foo") 772 /// i32.const 4 ;; ptr 773 /// i32.const 13 ;; len 774 /// call $log_str) 775 /// (memory (export "memory") 1) 776 /// (data (i32.const 4) "Hello, world!")) 777 /// "#, 778 /// )?; 779 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?; 780 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?; 781 /// foo.call(&mut store, ())?; 782 /// # Ok(()) 783 /// # } 784 /// ``` 785 pub fn wrap<T, Params, Results>( 786 mut store: impl AsContextMut<Data = T>, 787 func: impl IntoFunc<T, Params, Results>, 788 ) -> Func 789 where 790 T: 'static, 791 { 792 let store = store.as_context_mut().0; 793 let engine = store.engine(); 794 let host = func.into_func(engine).panic_on_oom(); 795 796 // SAFETY: The `T` the closure takes is the same as the `T` of the store 797 // we're inserting into via the type signature above. 798 unsafe { host.into_func(store) } 799 } 800 801 /// Same as [`Func::wrap`], except the closure asynchronously produces the 802 /// result and the arguments are passed within a tuple. For more information 803 /// see the [`Func`] documentation. 804 #[cfg(feature = "async")] 805 pub fn wrap_async<T, F, P, R>(mut store: impl AsContextMut<Data = T>, func: F) -> Func 806 where 807 F: for<'a> Fn(Caller<'a, T>, P) -> Box<dyn Future<Output = R> + Send + 'a> 808 + Send 809 + Sync 810 + 'static, 811 P: WasmTyList, 812 R: WasmRet, 813 T: Send + 'static, 814 { 815 let store = store.as_context_mut().0; 816 let host = HostFunc::wrap_async(store.engine(), func).panic_on_oom(); 817 818 // SAFETY: The `T` the closure takes is the same as the `T` of the store 819 // we're inserting into via the type signature above. 820 unsafe { host.into_func(store) } 821 } 822 823 /// Returns the underlying wasm type that this `Func` has. 824 /// 825 /// # Panics 826 /// 827 /// Panics if `store` does not own this function. 828 pub fn ty(&self, store: impl AsContext) -> FuncType { 829 self.load_ty(&store.as_context().0) 830 } 831 832 /// Forcibly loads the type of this function from the `Engine`. 833 /// 834 /// Note that this is a somewhat expensive method since it requires taking a 835 /// lock as well as cloning a type. 836 pub(crate) fn load_ty(&self, store: &StoreOpaque) -> FuncType { 837 FuncType::from_shared_type_index(store.engine(), self.type_index(store)) 838 } 839 840 /// Does this function match the given type? 841 /// 842 /// That is, is this function's type a subtype of the given type? 843 /// 844 /// # Panics 845 /// 846 /// Panics if this function is not associated with the given store or if the 847 /// function type is not associated with the store's engine. 848 pub fn matches_ty(&self, store: impl AsContext, func_ty: &FuncType) -> bool { 849 self._matches_ty(store.as_context().0, func_ty) 850 } 851 852 pub(crate) fn _matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> bool { 853 let actual_ty = self.load_ty(store); 854 actual_ty.matches(func_ty) 855 } 856 857 pub(crate) fn ensure_matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> Result<()> { 858 if !self.comes_from_same_store(store) { 859 bail!("function used with wrong store"); 860 } 861 if self._matches_ty(store, func_ty) { 862 Ok(()) 863 } else { 864 let actual_ty = self.load_ty(store); 865 bail!("type mismatch: expected {func_ty}, found {actual_ty}") 866 } 867 } 868 869 pub(crate) fn type_index(&self, data: &StoreOpaque) -> VMSharedTypeIndex { 870 unsafe { self.vm_func_ref(data).as_ref().type_index } 871 } 872 873 /// Invokes this function with the `params` given and writes returned values 874 /// to `results`. 875 /// 876 /// The `params` here must match the type signature of this `Func`, or an 877 /// error will occur. Additionally `results` must have the same 878 /// length as the number of results for this function. Calling this function 879 /// will synchronously execute the WebAssembly function referenced to get 880 /// the results. 881 /// 882 /// This function will return `Ok(())` if execution completed without a trap 883 /// or error of any kind. In this situation the results will be written to 884 /// the provided `results` array. 885 /// 886 /// # Errors 887 /// 888 /// Any error which occurs throughout the execution of the function will be 889 /// returned as `Err(e)`. The [`Error`](crate::Error) type can be inspected 890 /// for the precise error cause such as: 891 /// 892 /// * [`Trap`] - indicates that a wasm trap happened and execution was 893 /// halted. 894 /// * [`WasmBacktrace`] - optionally included on errors for backtrace 895 /// information of the trap/error. 896 /// * Other string-based errors to indicate issues such as type errors with 897 /// `params`. 898 /// * Any host-originating error originally returned from a function defined 899 /// via [`Func::new`], for example. 900 /// * The `store` provided is configured to require `call_async` to be used 901 /// instead, such as with epochs or fuel. 902 /// 903 /// Errors typically indicate that execution of WebAssembly was halted 904 /// mid-way and did not complete after the error condition happened. 905 /// 906 /// [`Trap`]: crate::Trap 907 /// 908 /// # Panics 909 /// 910 /// Panics if `store` does not own this function. 911 /// 912 /// [`WasmBacktrace`]: crate::WasmBacktrace 913 pub fn call( 914 &self, 915 mut store: impl AsContextMut, 916 params: &[Val], 917 results: &mut [Val], 918 ) -> Result<()> { 919 let mut store = store.as_context_mut(); 920 store.0.validate_sync_call()?; 921 922 self.call_impl_check_args(&mut store, params, results)?; 923 924 unsafe { self.call_impl_do_call(&mut store, params, results) } 925 } 926 927 /// Invokes this function in an "unchecked" fashion, reading parameters and 928 /// writing results to `params_and_returns`. 929 /// 930 /// This function is the same as [`Func::call`] except that the arguments 931 /// and results both use a different representation. If possible it's 932 /// recommended to use [`Func::call`] if safety isn't necessary or to use 933 /// [`Func::typed`] in conjunction with [`TypedFunc::call`] since that's 934 /// both safer and faster than this method of invoking a function. 935 /// 936 /// Note that if this function takes `externref` arguments then it will 937 /// **not** automatically GC unlike the [`Func::call`] and 938 /// [`TypedFunc::call`] functions. This means that if this function is 939 /// invoked many times with new `ExternRef` values and no other GC happens 940 /// via any other means then no values will get collected. 941 /// 942 /// # Errors 943 /// 944 /// For more information about errors see the [`Func::call`] documentation. 945 /// 946 /// # Unsafety 947 /// 948 /// This function is unsafe because the `params_and_returns` argument is not 949 /// validated at all. It must uphold invariants such as: 950 /// 951 /// * It's a valid pointer to an array 952 /// * It has enough space to store all parameters 953 /// * It has enough space to store all results (not at the same time as 954 /// parameters) 955 /// * Parameters are initially written to the array and have the correct 956 /// types and such. 957 /// * Reference types like `externref` and `funcref` are valid at the 958 /// time of this call and for the `store` specified. 959 /// 960 /// These invariants are all upheld for you with [`Func::call`] and 961 /// [`TypedFunc::call`]. 962 pub unsafe fn call_unchecked( 963 &self, 964 mut store: impl AsContextMut, 965 params_and_returns: *mut [ValRaw], 966 ) -> Result<()> { 967 let mut store = store.as_context_mut(); 968 let func_ref = self.vm_func_ref(store.0); 969 let params_and_returns = NonNull::new(params_and_returns).unwrap_or(NonNull::from(&mut [])); 970 971 // SAFETY: the safety of this function call is the same as the contract 972 // of this function. 973 unsafe { Self::call_unchecked_raw(&mut store, func_ref, params_and_returns) } 974 } 975 976 pub(crate) unsafe fn call_unchecked_raw<T>( 977 store: &mut StoreContextMut<'_, T>, 978 func_ref: NonNull<VMFuncRef>, 979 params_and_returns: NonNull<[ValRaw]>, 980 ) -> Result<()> { 981 // SAFETY: the safety of this function call is the same as the contract 982 // of this function. 983 invoke_wasm_and_catch_traps(store, |caller, vm| unsafe { 984 VMFuncRef::array_call(func_ref, vm, caller, params_and_returns) 985 }) 986 } 987 988 /// Converts the raw representation of a `funcref` into an `Option<Func>` 989 /// 990 /// This is intended to be used in conjunction with [`Func::new_unchecked`], 991 /// [`Func::call_unchecked`], and [`ValRaw`] with its `funcref` field. This 992 /// is the dual of [`Func::to_raw`]. 993 /// 994 /// # Unsafety 995 /// 996 /// This function is not safe because `raw` is not validated at all. The 997 /// caller must guarantee that `raw` is owned by the `store` provided and is 998 /// valid within the `store`. 999 pub unsafe fn from_raw(mut store: impl AsContextMut, raw: *mut c_void) -> Option<Func> { 1000 // SAFETY: this function's own contract is that `raw` is owned by store 1001 // to make this safe. 1002 unsafe { Self::_from_raw(store.as_context_mut().0, raw) } 1003 } 1004 1005 /// Same as `from_raw`, but with the internal `StoreOpaque` type. 1006 pub(crate) unsafe fn _from_raw(store: &mut StoreOpaque, raw: *mut c_void) -> Option<Func> { 1007 // SAFETY: this function's own contract is that `raw` is owned by store 1008 // to make this safe. 1009 unsafe { 1010 Some(Func::from_vm_func_ref( 1011 store.id(), 1012 NonNull::new(raw.cast())?, 1013 )) 1014 } 1015 } 1016 1017 /// Extracts the raw value of this `Func`, which is owned by `store`. 1018 /// 1019 /// This function returns a value that's suitable for writing into the 1020 /// `funcref` field of the [`ValRaw`] structure. 1021 /// 1022 /// # Safety 1023 /// 1024 /// The returned value is only valid for as long as the store is alive. 1025 /// This value is safe to pass to [`Func::from_raw`] so long as the same 1026 /// `store` is provided. 1027 pub fn to_raw(&self, mut store: impl AsContextMut) -> *mut c_void { 1028 self.vm_func_ref(store.as_context_mut().0).as_ptr().cast() 1029 } 1030 1031 /// Invokes this function with the `params` given, returning the results 1032 /// asynchronously. 1033 /// 1034 /// This function is the same as [`Func::call`] except that it is 1035 /// asynchronous. 1036 /// 1037 /// It's important to note that the execution of WebAssembly will happen 1038 /// synchronously in the `poll` method of the future returned from this 1039 /// function. Wasmtime does not manage its own thread pool or similar to 1040 /// execute WebAssembly in. Future `poll` methods are generally expected to 1041 /// resolve quickly, so it's recommended that you run or poll this future 1042 /// in a "blocking context". 1043 /// 1044 /// For more information see the documentation on [asynchronous 1045 /// configs](crate#async). 1046 /// 1047 /// # Errors 1048 /// 1049 /// For more information on errors see the [`Func::call`] documentation. 1050 /// 1051 /// # Panics 1052 /// 1053 /// Panics if this is called on a function in a synchronous store. This 1054 /// only works with functions defined within an asynchronous store. Also 1055 /// panics if `store` does not own this function. 1056 #[cfg(feature = "async")] 1057 pub async fn call_async( 1058 &self, 1059 mut store: impl AsContextMut<Data: Send>, 1060 params: &[Val], 1061 results: &mut [Val], 1062 ) -> Result<()> { 1063 let mut store = store.as_context_mut(); 1064 1065 self.call_impl_check_args(&mut store, params, results)?; 1066 1067 let result = store 1068 .on_fiber(|store| unsafe { self.call_impl_do_call(store, params, results) }) 1069 .await??; 1070 Ok(result) 1071 } 1072 1073 /// Perform dynamic checks that the arguments given to us match 1074 /// the signature of this function and are appropriate to pass to this 1075 /// function. 1076 /// 1077 /// This involves checking to make sure we have the right number and types 1078 /// of arguments as well as making sure everything is from the same `Store`. 1079 /// 1080 /// This must be called just before `call_impl_do_call`. 1081 fn call_impl_check_args<T>( 1082 &self, 1083 store: &mut StoreContextMut<'_, T>, 1084 params: &[Val], 1085 results: &mut [Val], 1086 ) -> Result<()> { 1087 let ty = self.load_ty(store.0); 1088 if ty.params().len() != params.len() { 1089 bail!( 1090 "expected {} arguments, got {}", 1091 ty.params().len(), 1092 params.len() 1093 ); 1094 } 1095 if ty.results().len() != results.len() { 1096 bail!( 1097 "expected {} results, got {}", 1098 ty.results().len(), 1099 results.len() 1100 ); 1101 } 1102 1103 for (ty, arg) in ty.params().zip(params) { 1104 arg.ensure_matches_ty(store.0, &ty) 1105 .context("argument type mismatch")?; 1106 if !arg.comes_from_same_store(store.0) { 1107 bail!("cross-`Store` values are not currently supported"); 1108 } 1109 } 1110 1111 Ok(()) 1112 } 1113 1114 /// Do the actual call into Wasm. 1115 /// 1116 /// # Safety 1117 /// 1118 /// You must have type checked the arguments by calling 1119 /// `call_impl_check_args` immediately before calling this function. It is 1120 /// only safe to call this function if that one did not return an error. 1121 unsafe fn call_impl_do_call<T>( 1122 &self, 1123 store: &mut StoreContextMut<'_, T>, 1124 params: &[Val], 1125 results: &mut [Val], 1126 ) -> Result<()> { 1127 // Store the argument values into `values_vec`. 1128 let ty = self.load_ty(store.0); 1129 let values_vec_size = params.len().max(ty.results().len()); 1130 let mut values_vec = store.0.take_wasm_val_raw_storage(); 1131 debug_assert!(values_vec.is_empty()); 1132 values_vec.resize_with(values_vec_size, || ValRaw::v128(0)); 1133 for (arg, slot) in params.iter().cloned().zip(&mut values_vec) { 1134 *slot = arg.to_raw(&mut *store)?; 1135 } 1136 1137 unsafe { 1138 self.call_unchecked( 1139 &mut *store, 1140 core::ptr::slice_from_raw_parts_mut(values_vec.as_mut_ptr(), values_vec_size), 1141 )?; 1142 } 1143 1144 for ((i, slot), val) in results.iter_mut().enumerate().zip(&values_vec) { 1145 let ty = ty.results().nth(i).unwrap(); 1146 *slot = unsafe { Val::from_raw(&mut *store, *val, ty) }; 1147 } 1148 values_vec.truncate(0); 1149 store.0.save_wasm_val_raw_storage(values_vec); 1150 Ok(()) 1151 } 1152 1153 #[inline] 1154 pub(crate) fn vm_func_ref(&self, store: &StoreOpaque) -> NonNull<VMFuncRef> { 1155 self.store.assert_belongs_to(store.id()); 1156 self.unsafe_func_ref.as_non_null() 1157 } 1158 1159 pub(crate) fn vmimport(&self, store: &StoreOpaque) -> VMFunctionImport { 1160 unsafe { 1161 let f = self.vm_func_ref(store); 1162 VMFunctionImport { 1163 // Note that this is a load-bearing `unwrap` here, but is 1164 // never expected to trip at runtime. The general problem is 1165 // that host functions do not have a `wasm_call` function so 1166 // the `VMFuncRef` type has an optional pointer there. This is 1167 // only able to be filled out when a function is "paired" with 1168 // a module where trampolines are present to fill out 1169 // `wasm_call` pointers. 1170 // 1171 // This pairing of modules doesn't happen explicitly but is 1172 // instead managed lazily throughout Wasmtime. Specifically the 1173 // way this works is one of: 1174 // 1175 // * When a host function is created the store's list of 1176 // modules are searched for a wasm trampoline. If not found 1177 // the `wasm_call` field is left blank. 1178 // 1179 // * When a module instantiation happens, which uses this 1180 // function, the module will be used to fill any outstanding 1181 // holes that it has trampolines for. 1182 // 1183 // This means that by the time we get to this point any 1184 // relevant holes should be filled out. Thus if this panic 1185 // actually triggers then it's indicative of a missing `fill` 1186 // call somewhere else. 1187 wasm_call: f.as_ref().wasm_call.unwrap(), 1188 array_call: f.as_ref().array_call, 1189 vmctx: f.as_ref().vmctx, 1190 } 1191 } 1192 } 1193 1194 pub(crate) fn comes_from_same_store(&self, store: &StoreOpaque) -> bool { 1195 self.store == store.id() 1196 } 1197 1198 /// Attempts to extract a typed object from this `Func` through which the 1199 /// function can be called. 1200 /// 1201 /// This function serves as an alternative to [`Func::call`] and 1202 /// [`Func::call_async`]. This method performs a static type check (using 1203 /// the `Params` and `Results` type parameters on the underlying wasm 1204 /// function. If the type check passes then a `TypedFunc` object is returned, 1205 /// otherwise an error is returned describing the typecheck failure. 1206 /// 1207 /// The purpose of this relative to [`Func::call`] is that it's much more 1208 /// efficient when used to invoke WebAssembly functions. With the types 1209 /// statically known far less setup/teardown is required when invoking 1210 /// WebAssembly. If speed is desired then this function is recommended to be 1211 /// used instead of [`Func::call`] (which is more general, hence its 1212 /// slowdown). 1213 /// 1214 /// The `Params` type parameter is used to describe the parameters of the 1215 /// WebAssembly function. This can either be a single type (like `i32`), or 1216 /// a tuple of types representing the list of parameters (like `(i32, f32, 1217 /// f64)`). Additionally you can use `()` to represent that the function has 1218 /// no parameters. 1219 /// 1220 /// The `Results` type parameter is used to describe the results of the 1221 /// function. This behaves the same way as `Params`, but just for the 1222 /// results of the function. 1223 /// 1224 /// # Translating Between WebAssembly and Rust Types 1225 /// 1226 /// Translation between Rust types and WebAssembly types looks like: 1227 /// 1228 /// | WebAssembly | Rust | 1229 /// |-------------------------------------------|---------------------------------------| 1230 /// | `i32` | `i32` or `u32` | 1231 /// | `i64` | `i64` or `u64` | 1232 /// | `f32` | `f32` | 1233 /// | `f64` | `f64` | 1234 /// | `externref` aka `(ref null extern)` | `Option<Rooted<ExternRef>>` | 1235 /// | `(ref extern)` | `Rooted<ExternRef>` | 1236 /// | `nullexternref` aka `(ref null noextern)` | `Option<NoExtern>` | 1237 /// | `(ref noextern)` | `NoExtern` | 1238 /// | `anyref` aka `(ref null any)` | `Option<Rooted<AnyRef>>` | 1239 /// | `(ref any)` | `Rooted<AnyRef>` | 1240 /// | `eqref` aka `(ref null eq)` | `Option<Rooted<EqRef>>` | 1241 /// | `(ref eq)` | `Rooted<EqRef>` | 1242 /// | `i31ref` aka `(ref null i31)` | `Option<I31>` | 1243 /// | `(ref i31)` | `I31` | 1244 /// | `structref` aka `(ref null struct)` | `Option<Rooted<StructRef>>` | 1245 /// | `(ref struct)` | `Rooted<StructRef>` | 1246 /// | `arrayref` aka `(ref null array)` | `Option<Rooted<ArrayRef>>` | 1247 /// | `(ref array)` | `Rooted<ArrayRef>` | 1248 /// | `nullref` aka `(ref null none)` | `Option<NoneRef>` | 1249 /// | `(ref none)` | `NoneRef` | 1250 /// | `funcref` aka `(ref null func)` | `Option<Func>` | 1251 /// | `(ref func)` | `Func` | 1252 /// | `(ref null <func type index>)` | `Option<Func>` | 1253 /// | `(ref <func type index>)` | `Func` | 1254 /// | `nullfuncref` aka `(ref null nofunc)` | `Option<NoFunc>` | 1255 /// | `(ref nofunc)` | `NoFunc` | 1256 /// | `v128` | `V128` on `x86-64` and `aarch64` only | 1257 /// 1258 /// (Note that this mapping is the same as that of [`Func::wrap`], and that 1259 /// anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also appear). 1260 /// 1261 /// Note that once the [`TypedFunc`] return value is acquired you'll use either 1262 /// [`TypedFunc::call`] or [`TypedFunc::call_async`] as necessary to actually invoke 1263 /// the function. This method does not invoke any WebAssembly code, it 1264 /// simply performs a typecheck before returning the [`TypedFunc`] value. 1265 /// 1266 /// This method also has a convenience wrapper as 1267 /// [`Instance::get_typed_func`](crate::Instance::get_typed_func) to 1268 /// directly get a typed function value from an 1269 /// [`Instance`](crate::Instance). 1270 /// 1271 /// ## Subtyping 1272 /// 1273 /// For result types, you can always use a supertype of the WebAssembly 1274 /// function's actual declared result type. For example, if the WebAssembly 1275 /// function was declared with type `(func (result nullfuncref))` you could 1276 /// successfully call `f.typed::<(), Option<Func>>()` because `Option<Func>` 1277 /// corresponds to `funcref`, which is a supertype of `nullfuncref`. 1278 /// 1279 /// For parameter types, you can always use a subtype of the WebAssembly 1280 /// function's actual declared parameter type. For example, if the 1281 /// WebAssembly function was declared with type `(func (param (ref null 1282 /// func)))` you could successfully call `f.typed::<Func, ()>()` because 1283 /// `Func` corresponds to `(ref func)`, which is a subtype of `(ref null 1284 /// func)`. 1285 /// 1286 /// Additionally, for functions which take a reference to a concrete type as 1287 /// a parameter, you can also use the concrete type's supertype. Consider a 1288 /// WebAssembly function that takes a reference to a function with a 1289 /// concrete type: `(ref null <func type index>)`. In this scenario, there 1290 /// is no static `wasmtime::Foo` Rust type that corresponds to that 1291 /// particular Wasm-defined concrete reference type because Wasm modules are 1292 /// loaded dynamically at runtime. You *could* do `f.typed::<Option<NoFunc>, 1293 /// ()>()`, and while that is correctly typed and valid, it is often overly 1294 /// restrictive. The only value you could call the resulting typed function 1295 /// with is the null function reference, but we'd like to call it with 1296 /// non-null function references that happen to be of the correct 1297 /// type. Therefore, `f.typed<Option<Func>, ()>()` is also allowed in this 1298 /// case, even though `Option<Func>` represents `(ref null func)` which is 1299 /// the supertype, not subtype, of `(ref null <func type index>)`. This does 1300 /// imply some minimal dynamic type checks in this case, but it is supported 1301 /// for better ergonomics, to enable passing non-null references into the 1302 /// function. 1303 /// 1304 /// # Errors 1305 /// 1306 /// This function will return an error if `Params` or `Results` does not 1307 /// match the native type of this WebAssembly function. 1308 /// 1309 /// # Panics 1310 /// 1311 /// This method will panic if `store` does not own this function. 1312 /// 1313 /// # Examples 1314 /// 1315 /// An end-to-end example of calling a function which takes no parameters 1316 /// and has no results: 1317 /// 1318 /// ``` 1319 /// # use wasmtime::*; 1320 /// # fn main() -> Result<()> { 1321 /// let engine = Engine::default(); 1322 /// let mut store = Store::new(&engine, ()); 1323 /// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?; 1324 /// let instance = Instance::new(&mut store, &module, &[])?; 1325 /// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function"); 1326 /// 1327 /// // Note that this call can fail due to the typecheck not passing, but 1328 /// // in our case we statically know the module so we know this should 1329 /// // pass. 1330 /// let typed = foo.typed::<(), ()>(&store)?; 1331 /// 1332 /// // Note that this can fail if the wasm traps at runtime. 1333 /// typed.call(&mut store, ())?; 1334 /// # Ok(()) 1335 /// # } 1336 /// ``` 1337 /// 1338 /// You can also pass in multiple parameters and get a result back 1339 /// 1340 /// ``` 1341 /// # use wasmtime::*; 1342 /// # fn foo(add: &Func, mut store: Store<()>) -> Result<()> { 1343 /// let typed = add.typed::<(i32, i64), f32>(&store)?; 1344 /// assert_eq!(typed.call(&mut store, (1, 2))?, 3.0); 1345 /// # Ok(()) 1346 /// # } 1347 /// ``` 1348 /// 1349 /// and similarly if a function has multiple results you can bind that too 1350 /// 1351 /// ``` 1352 /// # use wasmtime::*; 1353 /// # fn foo(add_with_overflow: &Func, mut store: Store<()>) -> Result<()> { 1354 /// let typed = add_with_overflow.typed::<(u32, u32), (u32, i32)>(&store)?; 1355 /// let (result, overflow) = typed.call(&mut store, (u32::max_value(), 2))?; 1356 /// assert_eq!(result, 1); 1357 /// assert_eq!(overflow, 1); 1358 /// # Ok(()) 1359 /// # } 1360 /// ``` 1361 pub fn typed<Params, Results>( 1362 &self, 1363 store: impl AsContext, 1364 ) -> Result<TypedFunc<Params, Results>> 1365 where 1366 Params: WasmParams, 1367 Results: WasmResults, 1368 { 1369 // Type-check that the params/results are all valid 1370 let store = store.as_context().0; 1371 let ty = self.load_ty(store); 1372 Params::typecheck(store.engine(), ty.params(), TypeCheckPosition::Param) 1373 .context("type mismatch with parameters")?; 1374 Results::typecheck(store.engine(), ty.results(), TypeCheckPosition::Result) 1375 .context("type mismatch with results")?; 1376 1377 // and then we can construct the typed version of this function 1378 // (unsafely), which should be safe since we just did the type check above. 1379 unsafe { Ok(TypedFunc::_new_unchecked(store, *self)) } 1380 } 1381 1382 /// Get a stable hash key for this function. 1383 /// 1384 /// Even if the same underlying function is added to the `StoreData` 1385 /// multiple times and becomes multiple `wasmtime::Func`s, this hash key 1386 /// will be consistent across all of these functions. 1387 #[cfg_attr( 1388 not(test), 1389 expect(dead_code, reason = "Not used yet, but added for consistency") 1390 )] 1391 pub(crate) fn hash_key(&self, store: &mut StoreOpaque) -> impl core::hash::Hash + Eq + use<> { 1392 self.vm_func_ref(store).as_ptr().addr() 1393 } 1394 } 1395 1396 /// Prepares for entrance into WebAssembly. 1397 /// 1398 /// This function will set up context such that `closure` is allowed to call a 1399 /// raw trampoline or a raw WebAssembly function. This *must* be called to do 1400 /// things like catch traps and set up GC properly. 1401 /// 1402 /// The `closure` provided receives a default "caller" `VMContext` parameter it 1403 /// can pass to the called wasm function, if desired. 1404 pub(crate) fn invoke_wasm_and_catch_traps<T>( 1405 store: &mut StoreContextMut<'_, T>, 1406 closure: impl FnMut(NonNull<VMContext>, Option<InterpreterRef<'_>>) -> bool, 1407 ) -> Result<()> { 1408 // The `enter_wasm` call below will reset the store context's 1409 // `stack_chain` to a new `InitialStack`, pointing to the 1410 // stack-allocated `initial_stack_csi`. 1411 let mut initial_stack_csi = VMCommonStackInformation::running_default(); 1412 // Stores some state of the runtime just before entering Wasm. Will be 1413 // restored upon exiting Wasm. Note that the `CallThreadState` that is 1414 // created by the `catch_traps` call below will store a pointer to this 1415 // stack-allocated `previous_runtime_state`. 1416 let mut previous_runtime_state = EntryStoreContext::enter_wasm(store, &mut initial_stack_csi); 1417 1418 if let Err(trap) = store.0.call_hook(CallHook::CallingWasm) { 1419 // `previous_runtime_state` implicitly dropped here 1420 return Err(trap); 1421 } 1422 let result = crate::runtime::vm::catch_traps(store, &mut previous_runtime_state, closure); 1423 #[cfg(feature = "component-model")] 1424 if result.is_err() { 1425 store.0.set_trapped(); 1426 } 1427 core::mem::drop(previous_runtime_state); 1428 store.0.call_hook(CallHook::ReturningFromWasm)?; 1429 result 1430 } 1431 1432 /// This type helps managing the state of the runtime when entering and exiting 1433 /// Wasm. To this end, it contains a subset of the data in `VMStoreContext`. 1434 /// Upon entering Wasm, it updates various runtime fields and their 1435 /// original values saved in this struct. Upon exiting Wasm, the previous values 1436 /// are restored. 1437 pub(crate) struct EntryStoreContext { 1438 /// If set, contains value of `stack_limit` field to restore in 1439 /// `VMStoreContext` when exiting Wasm. 1440 pub stack_limit: Option<usize>, 1441 pub last_wasm_exit_pc: usize, 1442 pub last_wasm_exit_trampoline_fp: usize, 1443 pub last_wasm_entry_fp: usize, 1444 pub last_wasm_entry_sp: usize, 1445 pub last_wasm_entry_trap_handler: usize, 1446 pub stack_chain: VMStackChain, 1447 1448 /// We need a pointer to the runtime limits, so we can update them from 1449 /// `drop`/`exit_wasm`. 1450 vm_store_context: *const VMStoreContext, 1451 } 1452 1453 impl EntryStoreContext { 1454 /// This function is called to update and save state when 1455 /// WebAssembly is entered within the `Store`. 1456 /// 1457 /// This updates various fields such as: 1458 /// 1459 /// * The stack limit. This is what ensures that we limit the stack space 1460 /// allocated by WebAssembly code and it's relative to the initial stack 1461 /// pointer that called into wasm. 1462 /// 1463 /// It also saves the different last_wasm_* values in the `VMStoreContext`. 1464 pub fn enter_wasm<T>( 1465 store: &mut StoreContextMut<'_, T>, 1466 initial_stack_information: *mut VMCommonStackInformation, 1467 ) -> Self { 1468 let stack_limit; 1469 1470 // If this is a recursive call, e.g. our stack limit is already set, then 1471 // we may be able to skip this function. 1472 // 1473 // For synchronous stores there's nothing else to do because all wasm calls 1474 // happen synchronously and on the same stack. This means that the previous 1475 // stack limit will suffice for the next recursive call. 1476 // 1477 // For asynchronous stores then each call happens on a separate native 1478 // stack. This means that the previous stack limit is no longer relevant 1479 // because we're on a separate stack. 1480 if unsafe { *store.0.vm_store_context().stack_limit.get() } != usize::MAX 1481 && !store.0.can_block() 1482 { 1483 stack_limit = None; 1484 } 1485 // Ignore this stack pointer business on miri since we can't execute wasm 1486 // anyway and the concept of a stack pointer on miri is a bit nebulous 1487 // regardless. 1488 else if cfg!(miri) { 1489 stack_limit = None; 1490 } else { 1491 // When Cranelift has support for the host then we might be running native 1492 // compiled code meaning we need to read the actual stack pointer. If 1493 // Cranelift can't be used though then we're guaranteed to be running pulley 1494 // in which case this stack pointer isn't actually used as Pulley has custom 1495 // mechanisms for stack overflow. 1496 #[cfg(has_host_compiler_backend)] 1497 let stack_pointer = crate::runtime::vm::get_stack_pointer(); 1498 #[cfg(not(has_host_compiler_backend))] 1499 let stack_pointer = { 1500 use wasmtime_environ::TripleExt; 1501 debug_assert!(store.engine().target().is_pulley()); 1502 usize::MAX 1503 }; 1504 1505 // Determine the stack pointer where, after which, any wasm code will 1506 // immediately trap. This is checked on the entry to all wasm functions. 1507 // 1508 // Note that this isn't 100% precise. We are requested to give wasm 1509 // `max_wasm_stack` bytes, but what we're actually doing is giving wasm 1510 // probably a little less than `max_wasm_stack` because we're 1511 // calculating the limit relative to this function's approximate stack 1512 // pointer. Wasm will be executed on a frame beneath this one (or next 1513 // to it). In any case it's expected to be at most a few hundred bytes 1514 // of slop one way or another. When wasm is typically given a MB or so 1515 // (a million bytes) the slop shouldn't matter too much. 1516 // 1517 // After we've got the stack limit then we store it into the `stack_limit` 1518 // variable. 1519 let wasm_stack_limit = stack_pointer 1520 .checked_sub(store.engine().config().max_wasm_stack) 1521 .unwrap(); 1522 let prev_stack = unsafe { 1523 mem::replace( 1524 &mut *store.0.vm_store_context().stack_limit.get(), 1525 wasm_stack_limit, 1526 ) 1527 }; 1528 stack_limit = Some(prev_stack); 1529 } 1530 1531 unsafe { 1532 let vm_store_context = store.0.vm_store_context(); 1533 let new_stack_chain = VMStackChain::InitialStack(initial_stack_information); 1534 *vm_store_context.stack_chain.get() = new_stack_chain; 1535 1536 Self { 1537 stack_limit, 1538 last_wasm_exit_pc: *(*vm_store_context).last_wasm_exit_pc.get(), 1539 last_wasm_exit_trampoline_fp: *(*vm_store_context) 1540 .last_wasm_exit_trampoline_fp 1541 .get(), 1542 last_wasm_entry_fp: *(*vm_store_context).last_wasm_entry_fp.get(), 1543 last_wasm_entry_sp: *(*vm_store_context).last_wasm_entry_sp.get(), 1544 last_wasm_entry_trap_handler: *(*vm_store_context) 1545 .last_wasm_entry_trap_handler 1546 .get(), 1547 stack_chain: (*(*vm_store_context).stack_chain.get()).clone(), 1548 vm_store_context, 1549 } 1550 } 1551 } 1552 1553 /// This function restores the values stored in this struct. We invoke this 1554 /// function through this type's `Drop` implementation. This ensures that we 1555 /// even restore the values if we unwind the stack (e.g., because we are 1556 /// panicking out of a Wasm execution). 1557 #[inline] 1558 fn exit_wasm(&mut self) { 1559 unsafe { 1560 if let Some(limit) = self.stack_limit { 1561 *(&*self.vm_store_context).stack_limit.get() = limit; 1562 } 1563 1564 *(*self.vm_store_context).last_wasm_exit_trampoline_fp.get() = 1565 self.last_wasm_exit_trampoline_fp; 1566 *(*self.vm_store_context).last_wasm_exit_pc.get() = self.last_wasm_exit_pc; 1567 *(*self.vm_store_context).last_wasm_entry_fp.get() = self.last_wasm_entry_fp; 1568 *(*self.vm_store_context).last_wasm_entry_sp.get() = self.last_wasm_entry_sp; 1569 *(*self.vm_store_context).last_wasm_entry_trap_handler.get() = 1570 self.last_wasm_entry_trap_handler; 1571 *(*self.vm_store_context).stack_chain.get() = self.stack_chain.clone(); 1572 } 1573 } 1574 } 1575 1576 impl Drop for EntryStoreContext { 1577 #[inline] 1578 fn drop(&mut self) { 1579 self.exit_wasm(); 1580 } 1581 } 1582 1583 /// A trait implemented for types which can be returned from closures passed to 1584 /// [`Func::wrap`] and friends. 1585 /// 1586 /// This trait should not be implemented by user types. This trait may change at 1587 /// any time internally. The types which implement this trait, however, are 1588 /// stable over time. 1589 /// 1590 /// For more information see [`Func::wrap`] 1591 pub unsafe trait WasmRet { 1592 // Same as `WasmTy::compatible_with_store`. 1593 #[doc(hidden)] 1594 fn compatible_with_store(&self, store: &StoreOpaque) -> bool; 1595 1596 /// Stores this return value into the `ptr` specified using the rooted 1597 /// `store`. 1598 /// 1599 /// Traps are communicated through the `Result<_>` return value. 1600 /// 1601 /// # Unsafety 1602 /// 1603 /// This method is unsafe as `ptr` must have the correct length to store 1604 /// this result. This property is only checked in debug mode, not in release 1605 /// mode. 1606 #[doc(hidden)] 1607 unsafe fn store( 1608 self, 1609 store: &mut AutoAssertNoGc<'_>, 1610 ptr: &mut [MaybeUninit<ValRaw>], 1611 ) -> Result<()>; 1612 1613 #[doc(hidden)] 1614 fn func_type( 1615 engine: &Engine, 1616 params: impl Iterator<Item = ValType>, 1617 ) -> Result<FuncType, OutOfMemory>; 1618 #[doc(hidden)] 1619 fn may_gc() -> bool; 1620 1621 // Utilities used to convert an instance of this type to a `Result` 1622 // explicitly, used when wrapping async functions which always bottom-out 1623 // in a function that returns a trap because futures can be cancelled. 1624 #[doc(hidden)] 1625 type Fallible: WasmRet; 1626 #[doc(hidden)] 1627 fn into_fallible(self) -> Self::Fallible; 1628 #[doc(hidden)] 1629 fn fallible_from_error(error: Error) -> Self::Fallible; 1630 } 1631 1632 unsafe impl<T> WasmRet for T 1633 where 1634 T: WasmTy, 1635 { 1636 type Fallible = Result<T>; 1637 1638 fn compatible_with_store(&self, store: &StoreOpaque) -> bool { 1639 <Self as WasmTy>::compatible_with_store(self, store) 1640 } 1641 1642 unsafe fn store( 1643 self, 1644 store: &mut AutoAssertNoGc<'_>, 1645 ptr: &mut [MaybeUninit<ValRaw>], 1646 ) -> Result<()> { 1647 debug_assert!(ptr.len() > 0); 1648 // SAFETY: the contract of this function/trait combo is such that `ptr` 1649 // is valid to store this type's value, thus this lookup should be safe. 1650 unsafe { <Self as WasmTy>::store(self, store, ptr.get_unchecked_mut(0)) } 1651 } 1652 1653 fn may_gc() -> bool { 1654 T::may_gc() 1655 } 1656 1657 fn func_type( 1658 engine: &Engine, 1659 params: impl Iterator<Item = ValType>, 1660 ) -> Result<FuncType, OutOfMemory> { 1661 FuncType::try_new(engine, params, Some(<Self as WasmTy>::valtype())) 1662 } 1663 1664 fn into_fallible(self) -> Result<T> { 1665 Ok(self) 1666 } 1667 1668 fn fallible_from_error(error: Error) -> Result<T> { 1669 Err(error) 1670 } 1671 } 1672 1673 unsafe impl<T> WasmRet for Result<T> 1674 where 1675 T: WasmRet, 1676 { 1677 type Fallible = Self; 1678 1679 fn compatible_with_store(&self, store: &StoreOpaque) -> bool { 1680 match self { 1681 Ok(x) => <T as WasmRet>::compatible_with_store(x, store), 1682 Err(_) => true, 1683 } 1684 } 1685 1686 unsafe fn store( 1687 self, 1688 store: &mut AutoAssertNoGc<'_>, 1689 ptr: &mut [MaybeUninit<ValRaw>], 1690 ) -> Result<()> { 1691 // SAFETY: the safety of calling this function is the same as calling 1692 // the inner `store`. 1693 unsafe { self.and_then(|val| val.store(store, ptr)) } 1694 } 1695 1696 fn may_gc() -> bool { 1697 T::may_gc() 1698 } 1699 1700 fn func_type( 1701 engine: &Engine, 1702 params: impl Iterator<Item = ValType>, 1703 ) -> Result<FuncType, OutOfMemory> { 1704 T::func_type(engine, params) 1705 } 1706 1707 fn into_fallible(self) -> Result<T> { 1708 self 1709 } 1710 1711 fn fallible_from_error(error: Error) -> Result<T> { 1712 Err(error) 1713 } 1714 } 1715 1716 macro_rules! impl_wasm_host_results { 1717 ($n:tt $($t:ident)*) => ( 1718 #[allow(non_snake_case, reason = "macro-generated code")] 1719 unsafe impl<$($t),*> WasmRet for ($($t,)*) 1720 where 1721 $($t: WasmTy,)* 1722 { 1723 type Fallible = Result<Self>; 1724 1725 #[inline] 1726 fn compatible_with_store(&self, _store: &StoreOpaque) -> bool { 1727 let ($($t,)*) = self; 1728 $( $t.compatible_with_store(_store) && )* true 1729 } 1730 1731 #[inline] 1732 unsafe fn store( 1733 self, 1734 _store: &mut AutoAssertNoGc<'_>, 1735 _ptr: &mut [MaybeUninit<ValRaw>], 1736 ) -> Result<()> { 1737 let ($($t,)*) = self; 1738 let mut _cur = 0; 1739 $( 1740 debug_assert!(_cur < _ptr.len()); 1741 // SAFETY: `store`'s unsafe contract is that `_ptr` is 1742 // appropriately sized and additionally safe to call `store` 1743 // for sub-types. 1744 unsafe { 1745 let val = _ptr.get_unchecked_mut(_cur); 1746 _cur += 1; 1747 WasmTy::store($t, _store, val)?; 1748 } 1749 )* 1750 Ok(()) 1751 } 1752 1753 #[doc(hidden)] 1754 fn may_gc() -> bool { 1755 $( $t::may_gc() || )* false 1756 } 1757 1758 fn func_type( 1759 engine: &Engine, 1760 params: impl Iterator<Item = ValType>, 1761 ) -> Result<FuncType, OutOfMemory> { 1762 FuncType::try_new( 1763 engine, 1764 params, 1765 IntoIterator::into_iter([$($t::valtype(),)*]), 1766 ) 1767 } 1768 1769 #[inline] 1770 fn into_fallible(self) -> Result<Self> { 1771 Ok(self) 1772 } 1773 1774 #[inline] 1775 fn fallible_from_error(error: Error) -> Result<Self> { 1776 Err(error) 1777 } 1778 } 1779 ) 1780 } 1781 1782 for_each_function_signature!(impl_wasm_host_results); 1783 1784 /// Internal trait implemented for all arguments that can be passed to 1785 /// [`Func::wrap`] and [`Linker::func_wrap`](crate::Linker::func_wrap). 1786 /// 1787 /// This trait should not be implemented by external users, it's only intended 1788 /// as an implementation detail of this crate. 1789 pub trait IntoFunc<T, Params, Results>: Send + Sync + 'static { 1790 /// Convert this function into a `VM{Array,Native}CallHostFuncContext` and 1791 /// internal `VMFuncRef`. 1792 #[doc(hidden)] 1793 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory>; 1794 } 1795 1796 macro_rules! impl_into_func { 1797 ($num:tt $arg:ident) => { 1798 // Implement for functions without a leading `Caller` parameter, 1799 // delegating to the implementation below which does have the leading 1800 // `Caller` parameter. 1801 #[expect(non_snake_case, reason = "macro-generated code")] 1802 impl<T, F, $arg, R> IntoFunc<T, $arg, R> for F 1803 where 1804 F: Fn($arg) -> R + Send + Sync + 'static, 1805 $arg: WasmTy, 1806 R: WasmRet, 1807 T: 'static, 1808 { 1809 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> { 1810 let f = move |_: Caller<'_, T>, $arg: $arg| { 1811 self($arg) 1812 }; 1813 1814 f.into_func(engine) 1815 } 1816 } 1817 1818 #[expect(non_snake_case, reason = "macro-generated code")] 1819 impl<T, F, $arg, R> IntoFunc<T, (Caller<'_, T>, $arg), R> for F 1820 where 1821 F: Fn(Caller<'_, T>, $arg) -> R + Send + Sync + 'static, 1822 $arg: WasmTy, 1823 R: WasmRet, 1824 T: 'static, 1825 { 1826 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> { 1827 HostFunc::wrap(engine, move |caller: Caller<'_, T>, ($arg,)| { 1828 self(caller, $arg) 1829 }) 1830 } 1831 } 1832 }; 1833 ($num:tt $($args:ident)*) => { 1834 // Implement for functions without a leading `Caller` parameter, 1835 // delegating to the implementation below which does have the leading 1836 // `Caller` parameter. 1837 #[allow(non_snake_case, reason = "macro-generated code")] 1838 impl<T, F, $($args,)* R> IntoFunc<T, ($($args,)*), R> for F 1839 where 1840 F: Fn($($args),*) -> R + Send + Sync + 'static, 1841 $($args: WasmTy,)* 1842 R: WasmRet, 1843 T: 'static, 1844 { 1845 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> { 1846 let f = move |_: Caller<'_, T>, $($args:$args),*| { 1847 self($($args),*) 1848 }; 1849 1850 f.into_func(engine) 1851 } 1852 } 1853 1854 #[allow(non_snake_case, reason = "macro-generated code")] 1855 impl<T, F, $($args,)* R> IntoFunc<T, (Caller<'_, T>, $($args,)*), R> for F 1856 where 1857 F: Fn(Caller<'_, T>, $($args),*) -> R + Send + Sync + 'static, 1858 $($args: WasmTy,)* 1859 R: WasmRet, 1860 T: 'static, 1861 { 1862 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> { 1863 HostFunc::wrap(engine, move |caller: Caller<'_, T>, ( $( $args ),* )| { 1864 self(caller, $( $args ),* ) 1865 }) 1866 } 1867 } 1868 } 1869 } 1870 1871 for_each_function_signature!(impl_into_func); 1872 1873 /// Trait implemented for various tuples made up of types which implement 1874 /// [`WasmTy`] that can be passed to [`Func::wrap_async`]. 1875 pub unsafe trait WasmTyList { 1876 /// Get the value type that each Type in the list represents. 1877 fn valtypes() -> impl Iterator<Item = ValType>; 1878 1879 // Load a version of `Self` from the `values` provided. 1880 // 1881 // # Safety 1882 // 1883 // This function is unsafe as it's up to the caller to ensure that `values` are 1884 // valid for this given type. 1885 #[doc(hidden)] 1886 unsafe fn load(store: &mut AutoAssertNoGc<'_>, values: &mut [MaybeUninit<ValRaw>]) -> Self; 1887 1888 #[doc(hidden)] 1889 fn may_gc() -> bool; 1890 } 1891 1892 macro_rules! impl_wasm_ty_list { 1893 ($num:tt $($args:ident)*) => ( 1894 #[allow(non_snake_case, reason = "macro-generated code")] 1895 unsafe impl<$($args),*> WasmTyList for ($($args,)*) 1896 where 1897 $($args: WasmTy,)* 1898 { 1899 fn valtypes() -> impl Iterator<Item = ValType> { 1900 IntoIterator::into_iter([$($args::valtype(),)*]) 1901 } 1902 1903 unsafe fn load(_store: &mut AutoAssertNoGc<'_>, _values: &mut [MaybeUninit<ValRaw>]) -> Self { 1904 let mut _cur = 0; 1905 ($({ 1906 debug_assert!(_cur < _values.len()); 1907 // SAFETY: this function's own contract means that `_values` 1908 // is appropriately sized/typed for the internal loads. 1909 unsafe { 1910 let ptr = _values.get_unchecked(_cur).assume_init_ref(); 1911 _cur += 1; 1912 $args::load(_store, ptr) 1913 } 1914 },)*) 1915 } 1916 1917 fn may_gc() -> bool { 1918 $( $args::may_gc() || )* false 1919 } 1920 } 1921 ); 1922 } 1923 1924 for_each_function_signature!(impl_wasm_ty_list); 1925 1926 /// A structure representing the caller's context when creating a function 1927 /// via [`Func::wrap`]. 1928 /// 1929 /// This structure can be taken as the first parameter of a closure passed to 1930 /// [`Func::wrap`] or other constructors, and serves two purposes: 1931 /// 1932 /// * First consumers can use [`Caller<'_, T>`](crate::Caller) to get access to 1933 /// [`StoreContextMut<'_, T>`](crate::StoreContextMut) and/or get access to 1934 /// `T` itself. This means that the [`Caller`] type can serve as a proxy to 1935 /// the original [`Store`](crate::Store) itself and is used to satisfy 1936 /// [`AsContext`] and [`AsContextMut`] bounds. 1937 /// 1938 /// * Second a [`Caller`] can be used as the name implies, learning about the 1939 /// caller's context, namely it's exported memory and exported functions. This 1940 /// allows functions which take pointers as arguments to easily read the 1941 /// memory the pointers point into, or if a function is expected to call 1942 /// malloc in the wasm module to reserve space for the output you can do that. 1943 /// 1944 /// Host functions which want access to [`Store`](crate::Store)-level state are 1945 /// recommended to use this type. 1946 pub struct Caller<'a, T: 'static> { 1947 pub(crate) store: StoreContextMut<'a, T>, 1948 caller: Instance, 1949 } 1950 1951 impl<T> Caller<'_, T> { 1952 fn sub_caller(&mut self) -> Caller<'_, T> { 1953 Caller { 1954 store: self.store.as_context_mut(), 1955 caller: self.caller, 1956 } 1957 } 1958 1959 /// Looks up an export from the caller's module by the `name` given. 1960 /// 1961 /// This is a low-level function that's typically used to implement passing 1962 /// of pointers or indices between core Wasm instances, where the callee 1963 /// needs to consult the caller's exports to perform memory management and 1964 /// resolve the references. 1965 /// 1966 /// For comparison, in components, the component model handles translating 1967 /// arguments from one component instance to another and managing memory, so 1968 /// that callees don't need to be aware of their callers, which promotes 1969 /// virtualizability of APIs. 1970 /// 1971 /// # Return 1972 /// 1973 /// If an export with the `name` provided was found, then it is returned as an 1974 /// `Extern`. There are a number of situations, however, where the export may not 1975 /// be available: 1976 /// 1977 /// * The caller instance may not have an export named `name` 1978 /// * There may not be a caller available, for example if `Func` was called 1979 /// directly from host code. 1980 /// 1981 /// It's recommended to take care when calling this API and gracefully 1982 /// handling a `None` return value. 1983 pub fn get_export(&mut self, name: &str) -> Option<Extern> { 1984 // All instances created have a `host_state` with a pointer pointing 1985 // back to themselves. If this caller doesn't have that `host_state` 1986 // then it probably means it was a host-created object like `Func::new` 1987 // which doesn't have any exports we want to return anyway. 1988 self.caller.get_export(&mut self.store, name) 1989 } 1990 1991 /// Looks up an exported [`Extern`] value by a [`ModuleExport`] value. 1992 /// 1993 /// This is similar to [`Self::get_export`] but uses a [`ModuleExport`] 1994 /// value to avoid string lookups where possible. [`ModuleExport`]s can be 1995 /// obtained by calling [`Module::get_export_index`] on the [`Module`] that 1996 /// an instance was instantiated with. 1997 /// 1998 /// This method will search the module for an export with a matching entity index and return 1999 /// the value, if found. 2000 /// 2001 /// Returns `None` if there was no export with a matching entity index. 2002 /// 2003 /// [`Module::get_export_index`]: crate::Module::get_export_index 2004 /// [`Module`]: crate::Module 2005 /// 2006 /// # Panics 2007 /// 2008 /// Panics if `store` does not own this instance. 2009 /// 2010 /// # Usage 2011 /// ``` 2012 /// use std::str; 2013 /// 2014 /// # use wasmtime::*; 2015 /// # fn main() -> Result<()> { 2016 /// # let mut store = Store::default(); 2017 /// 2018 /// let module = Module::new( 2019 /// store.engine(), 2020 /// r#" 2021 /// (module 2022 /// (import "" "" (func $log_str (param i32 i32))) 2023 /// (func (export "foo") 2024 /// i32.const 4 ;; ptr 2025 /// i32.const 13 ;; len 2026 /// call $log_str) 2027 /// (memory (export "memory") 1) 2028 /// (data (i32.const 4) "Hello, world!")) 2029 /// "#, 2030 /// )?; 2031 /// 2032 /// let Some(module_export) = module.get_export_index("memory") else { 2033 /// bail!("failed to find `memory` export in module"); 2034 /// }; 2035 /// 2036 /// let log_str = Func::wrap(&mut store, move |mut caller: Caller<'_, ()>, ptr: i32, len: i32| { 2037 /// let mem = match caller.get_module_export(&module_export) { 2038 /// Some(Extern::Memory(mem)) => mem, 2039 /// _ => bail!("failed to find host memory"), 2040 /// }; 2041 /// let data = mem.data(&caller) 2042 /// .get(ptr as u32 as usize..) 2043 /// .and_then(|arr| arr.get(..len as u32 as usize)); 2044 /// let string = match data { 2045 /// Some(data) => match str::from_utf8(data) { 2046 /// Ok(s) => s, 2047 /// Err(_) => bail!("invalid utf-8"), 2048 /// }, 2049 /// None => bail!("pointer/length out of bounds"), 2050 /// }; 2051 /// assert_eq!(string, "Hello, world!"); 2052 /// println!("{}", string); 2053 /// Ok(()) 2054 /// }); 2055 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?; 2056 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?; 2057 /// foo.call(&mut store, ())?; 2058 /// # Ok(()) 2059 /// # } 2060 /// ``` 2061 pub fn get_module_export(&mut self, export: &ModuleExport) -> Option<Extern> { 2062 self.caller.get_module_export(&mut self.store, export) 2063 } 2064 2065 /// Access the underlying data owned by this `Store`. 2066 /// 2067 /// Same as [`Store::data`](crate::Store::data) 2068 pub fn data(&self) -> &T { 2069 self.store.data() 2070 } 2071 2072 /// Access the underlying data owned by this `Store`. 2073 /// 2074 /// Same as [`Store::data_mut`](crate::Store::data_mut) 2075 pub fn data_mut(&mut self) -> &mut T { 2076 self.store.data_mut() 2077 } 2078 2079 /// Returns the underlying [`Engine`] this store is connected to. 2080 pub fn engine(&self) -> &Engine { 2081 self.store.engine() 2082 } 2083 2084 /// Perform garbage collection. 2085 /// 2086 /// Same as [`Store::gc`](crate::Store::gc). 2087 #[cfg(feature = "gc")] 2088 pub fn gc(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>) -> Result<()> { 2089 self.store.gc(why) 2090 } 2091 2092 /// Perform garbage collection asynchronously. 2093 /// 2094 /// Same as [`Store::gc_async`](crate::Store::gc_async). 2095 #[cfg(all(feature = "async", feature = "gc"))] 2096 pub async fn gc_async(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>) 2097 where 2098 T: Send + 'static, 2099 { 2100 self.store.gc_async(why).await; 2101 } 2102 2103 /// Returns the remaining fuel in the store. 2104 /// 2105 /// For more information see [`Store::get_fuel`](crate::Store::get_fuel) 2106 pub fn get_fuel(&self) -> Result<u64> { 2107 self.store.get_fuel() 2108 } 2109 2110 /// Set the amount of fuel in this store to be consumed when executing wasm code. 2111 /// 2112 /// For more information see [`Store::set_fuel`](crate::Store::set_fuel) 2113 pub fn set_fuel(&mut self, fuel: u64) -> Result<()> { 2114 self.store.set_fuel(fuel) 2115 } 2116 2117 /// Configures this `Store` to yield while executing futures every N units of fuel. 2118 /// 2119 /// For more information see 2120 /// [`Store::fuel_async_yield_interval`](crate::Store::fuel_async_yield_interval) 2121 #[cfg(feature = "async")] 2122 pub fn fuel_async_yield_interval(&mut self, interval: Option<u64>) -> Result<()> { 2123 self.store.fuel_async_yield_interval(interval) 2124 } 2125 } 2126 2127 impl<T: 'static> AsContext for Caller<'_, T> { 2128 type Data = T; 2129 fn as_context(&self) -> StoreContext<'_, T> { 2130 self.store.as_context() 2131 } 2132 } 2133 2134 impl<T: 'static> AsContextMut for Caller<'_, T> { 2135 fn as_context_mut(&mut self) -> StoreContextMut<'_, T> { 2136 self.store.as_context_mut() 2137 } 2138 } 2139 2140 impl<'a, T: 'static> From<Caller<'a, T>> for StoreContextMut<'a, T> { 2141 fn from(caller: Caller<'a, T>) -> Self { 2142 caller.store 2143 } 2144 } 2145 2146 /// Representation of a host-defined function. 2147 /// 2148 /// This is used for `Func::new` but also for `Linker`-defined functions. For 2149 /// `Func::new` this is stored within a `Store`, and for `Linker`-defined 2150 /// functions they wrap this up in `Arc` to enable shared ownership of this 2151 /// across many stores. 2152 /// 2153 /// Technically this structure needs a `<T>` type parameter to connect to the 2154 /// `Store<T>` itself, but that's an unsafe contract of using this for now 2155 /// rather than part of the struct type (to avoid `Func<T>` in the API). 2156 #[doc(hidden)] 2157 pub struct HostFunc { 2158 ctx: StoreBox<VMArrayCallHostFuncContext>, 2159 2160 /// Whether or not this function was defined with an `async` host function, 2161 /// meaning that it is only invokable when wasm is itself on a fiber to 2162 /// support suspension on `Poll::Pending`. 2163 /// 2164 /// This is used to propagate to an `InstancePre` and then eventually into a 2165 /// `Store` as to whether the store requires async entrypoints. 2166 asyncness: Asyncness, 2167 2168 // Stored to unregister this function's signature with the engine when this 2169 // is dropped. 2170 engine: Engine, 2171 } 2172 2173 // State stored inside a `VMArrayCallHostFuncContext`. 2174 struct HostFuncState<F> { 2175 // The actual host function. 2176 func: F, 2177 2178 // NB: We have to keep our `VMSharedTypeIndex` registered in the engine for 2179 // as long as this function exists. 2180 _ty: RegisteredType, 2181 } 2182 2183 impl core::fmt::Debug for HostFunc { 2184 fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { 2185 f.debug_struct("HostFunc").finish_non_exhaustive() 2186 } 2187 } 2188 2189 impl HostFunc { 2190 /// Requires that the signature in `ctx` is already registered 2191 /// within `Engine`, which is done by [`Self::vmctx_sync`] and 2192 /// [`Self::vmctx_async`]. 2193 /// 2194 /// This is an internal private constructor for this type intended to only 2195 /// be used by other constructors of this type below. 2196 fn new_raw( 2197 engine: &Engine, 2198 ctx: StoreBox<VMArrayCallHostFuncContext>, 2199 asyncness: Asyncness, 2200 ) -> Self { 2201 HostFunc { 2202 ctx, 2203 engine: engine.clone(), 2204 asyncness, 2205 } 2206 } 2207 2208 /// Constructor of a host function's `VMContext` for synchronous functions. 2209 /// 2210 /// This creates a `VMArrayCallHostFuncContext` which under the hood will 2211 /// be viewed as `VMContext` in the eventually created `VMFuncRef`. 2212 fn vmctx_sync<F, T>( 2213 engine: &Engine, 2214 ty: FuncType, 2215 func: F, 2216 ) -> Result<StoreBox<VMArrayCallHostFuncContext>, OutOfMemory> 2217 where 2218 F: Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + Send + Sync + 'static, 2219 T: 'static, 2220 { 2221 assert!(ty.comes_from_same_engine(engine)); 2222 2223 unsafe { 2224 VMArrayCallHostFuncContext::new( 2225 Self::array_call_trampoline::<T, F>, 2226 ty.type_index(), 2227 try_new::<Box<_>>(HostFuncState { 2228 func, 2229 _ty: ty.into_registered_type(), 2230 })?, 2231 ) 2232 } 2233 } 2234 2235 /// Constructor of a host function's `VMContext` for asynchronous functions. 2236 /// 2237 /// This creates a `VMArrayCallHostFuncContext` which under the hood will 2238 /// be viewed as `VMContext` in the eventually created `VMFuncRef`. 2239 /// 2240 /// Note that `ctx: U` is forwarded directly to `func`. This is subtly 2241 /// different than closing over data in `F` because the future returned by 2242 /// `F` can't refer to any data it closes over. The purpose of `U` is to 2243 /// enable the returned future to be able to close over data generally 2244 /// captured in the closures generated here. 2245 #[cfg(feature = "async")] 2246 fn vmctx_async<F, T, U>( 2247 engine: &Engine, 2248 ty: FuncType, 2249 ctx: U, 2250 func: F, 2251 ) -> Result<StoreBox<VMArrayCallHostFuncContext>, OutOfMemory> 2252 where 2253 F: for<'a> Fn( 2254 Caller<'a, T>, 2255 &'a mut [MaybeUninit<ValRaw>], 2256 &'a U, 2257 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a> 2258 + Send 2259 + Sync 2260 + 'static, 2261 T: 'static, 2262 U: Send + Sync + 'static, 2263 { 2264 // Eventually we want to remove `with_blocking` + `block_on` from 2265 // Wasmtime. For now this is the attempt to keep it as low-level as 2266 // possible. 2267 // 2268 // Generally it's a lie to run async things on top of sync things and 2269 // it's caused many headaches. For now it's the best that can be done. 2270 Self::vmctx_sync(engine, ty, move |Caller { store, caller }, args| { 2271 store.with_blocking(|store, cx| { 2272 cx.block_on(core::pin::Pin::from(func( 2273 Caller { store, caller }, 2274 args, 2275 &ctx, 2276 ))) 2277 })? 2278 }) 2279 } 2280 2281 /// Entrypoint of WebAssembly back into the host. 2282 /// 2283 /// This is the standard wasmtime "array call signature" which then 2284 /// delegates internally to the host. This assumes that `callee_vmctx` is a 2285 /// `VMArrayCallHostFuncContext` which was built above with 2286 /// `HostFuncState<F>` internally. This internal function is then used to 2287 /// dispatch based on the arguments. 2288 /// 2289 /// Details handled by this wrapper are: 2290 /// 2291 /// * Host panics are handled (`enter_host_from_wasm`) 2292 /// * `F` is loaded from `callee_vmctx` 2293 /// * `Caller` is constructed to pass to `F` 2294 /// * A GC LIFO scope is maintained around the execution of `F`. 2295 /// * Call hooks for entering/leaving the host are maintained. 2296 unsafe extern "C" fn array_call_trampoline<T, F>( 2297 callee_vmctx: NonNull<VMOpaqueContext>, 2298 caller_vmctx: NonNull<VMContext>, 2299 args: NonNull<ValRaw>, 2300 args_len: usize, 2301 ) -> bool 2302 where 2303 F: Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + 'static, 2304 T: 'static, 2305 { 2306 let run = |store: &mut dyn crate::vm::VMStore, instance: InstanceId| { 2307 // SAFETY: correct usage of this trampoline requires correct 2308 // ascription of `T`, so it's the caller's responsibility to line 2309 // this up. 2310 let mut store = unsafe { store.unchecked_context_mut() }; 2311 2312 // Handle the entry call hook, with a corresponding exit call hook 2313 // below. 2314 store.0.call_hook(CallHook::CallingHost)?; 2315 2316 // SAFETY: this function itself requires that the `vmctx` is 2317 // valid to use here. 2318 let state = unsafe { 2319 let vmctx = VMArrayCallHostFuncContext::from_opaque(callee_vmctx); 2320 vmctx.as_ref().host_state() 2321 }; 2322 2323 // Double-check ourselves in debug mode, but we control the 2324 // `Any` here so an unsafe downcast should also work. 2325 // 2326 // SAFETY: this function is only usable with `F`. 2327 let state = unsafe { 2328 debug_assert!(state.is::<HostFuncState<F>>()); 2329 &*(state as *const _ as *const HostFuncState<F>) 2330 }; 2331 2332 let (gc_lifo_scope, ret) = { 2333 let gc_lifo_scope = store.0.gc_roots().enter_lifo_scope(); 2334 2335 let mut args = NonNull::slice_from_raw_parts(args.cast(), args_len); 2336 // SAFETY: it's a contract of this function itself that the values 2337 // provided are valid to view as a slice. 2338 let args = unsafe { args.as_mut() }; 2339 2340 let ret = (state.func)( 2341 Caller { 2342 caller: Instance::from_wasmtime(instance, store.0), 2343 store: store.as_context_mut(), 2344 }, 2345 args, 2346 ); 2347 2348 (gc_lifo_scope, ret) 2349 }; 2350 2351 store.0.exit_gc_lifo_scope(gc_lifo_scope); 2352 2353 // Note that if this returns a trap then `ret` is discarded 2354 // entirely. 2355 store.0.call_hook(CallHook::ReturningFromHost)?; 2356 2357 ret 2358 }; 2359 2360 // SAFETY: this is an entrypoint of wasm which requires correct type 2361 // ascription of `T` itself, meaning that this should be safe to call 2362 // both `enter_host_from_wasm` as well as `unchecked_context_mut`. 2363 unsafe { vm::Instance::enter_host_from_wasm(caller_vmctx, run) } 2364 } 2365 /// Analog of [`Func::new_unchecked`] 2366 /// 2367 /// # Panics 2368 /// 2369 /// Panics if the given function type is not associated with the given 2370 /// engine. 2371 /// 2372 /// # Safety 2373 /// 2374 /// The `func` provided must operate according to the `ty` provided to 2375 /// ensure it's reading the correctly-typed parameters and writing the 2376 /// correctly-typed results. 2377 pub unsafe fn new_unchecked<T>( 2378 engine: &Engine, 2379 ty: FuncType, 2380 func: impl Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + Send + Sync + 'static, 2381 ) -> Result<Self, OutOfMemory> 2382 where 2383 T: 'static, 2384 { 2385 Ok(HostFunc::new_raw( 2386 engine, 2387 Self::vmctx_sync(engine, ty, func)?, 2388 Asyncness::No, 2389 )) 2390 } 2391 2392 /// Analog of [`Func::new`] 2393 /// 2394 /// # Panics 2395 /// 2396 /// Panics if the given function type is not associated with the given 2397 /// engine. 2398 pub fn new<T>( 2399 engine: &Engine, 2400 ty: FuncType, 2401 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static, 2402 ) -> Result<Self, OutOfMemory> 2403 where 2404 T: 'static, 2405 { 2406 // NB: this is "duplicated" below in `new_async`, so try to keep the 2407 // two in sync. 2408 Ok(HostFunc::new_raw( 2409 engine, 2410 Self::vmctx_sync(engine, ty.clone(), move |mut caller, values| { 2411 // SAFETY: Wasmtime in general provides the guarantee that 2412 // `values` matches `ty`, so this should be safe. 2413 let mut vec = unsafe { Self::load_untyped_params(caller.store.0, &ty, values) }; 2414 let (params, results) = vec.split_at_mut(ty.params().len()); 2415 func(caller.sub_caller(), params, results)?; 2416 Self::store_untyped_results(caller.store, &ty, vec, values) 2417 })?, 2418 Asyncness::No, 2419 )) 2420 } 2421 2422 /// Analog of [`Func::new_async`] 2423 /// 2424 /// # Panics 2425 /// 2426 /// Panics if the given function type is not associated with the given 2427 /// engine. 2428 #[cfg(feature = "async")] 2429 pub fn new_async<T, F>(engine: &Engine, ty: FuncType, func: F) -> Result<Self, OutOfMemory> 2430 where 2431 F: for<'a> Fn( 2432 Caller<'a, T>, 2433 &'a [Val], 2434 &'a mut [Val], 2435 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a> 2436 + Send 2437 + Sync 2438 + 'static, 2439 T: Send + 'static, 2440 { 2441 // NB: this is "duplicated" above in `new`, so try to keep the two in 2442 // sync. 2443 Ok(HostFunc::new_raw( 2444 engine, 2445 Self::vmctx_async( 2446 engine, 2447 ty.clone(), 2448 (ty, func), 2449 move |mut caller, values, (ty, func)| { 2450 Box::new(async move { 2451 // SAFETY: Wasmtime in general provides the guarantee that 2452 // `values` matches `ty`, so this should be safe. 2453 let mut vec = 2454 unsafe { Self::load_untyped_params(caller.store.0, &ty, values) }; 2455 let (params, results) = vec.split_at_mut(ty.params().len()); 2456 core::pin::Pin::from(func(caller.sub_caller(), params, results)).await?; 2457 Self::store_untyped_results(caller.store, &ty, vec, values) 2458 }) 2459 }, 2460 )?, 2461 Asyncness::Yes, 2462 )) 2463 } 2464 2465 /// Loads the the parameters of `ty` from `params` into a vector. 2466 /// 2467 /// This additionally pushes space onto the vector for all results to split 2468 /// the vector into params/results halves. 2469 /// 2470 /// # Safety 2471 /// 2472 /// Requires that `params` matches the parameters loaded by `P`. 2473 unsafe fn load_untyped_params( 2474 store: &mut StoreOpaque, 2475 ty: &FuncType, 2476 params: &mut [MaybeUninit<ValRaw>], 2477 ) -> Vec<Val> { 2478 let mut val_vec = store.take_hostcall_val_storage(); 2479 debug_assert!(val_vec.is_empty()); 2480 let nparams = ty.params().len(); 2481 val_vec.reserve(nparams + ty.results().len()); 2482 let mut store = AutoAssertNoGc::new(store); 2483 for (i, ty) in ty.params().enumerate() { 2484 val_vec.push(unsafe { Val::_from_raw(&mut store, params[i].assume_init(), &ty) }) 2485 } 2486 2487 val_vec.extend((0..ty.results().len()).map(|_| Val::null_func_ref())); 2488 val_vec 2489 } 2490 2491 /// Stores the results, at the end of `args_then_results` according to `ty`, 2492 /// into `storage`. 2493 fn store_untyped_results<T>( 2494 mut store: StoreContextMut<'_, T>, 2495 ty: &FuncType, 2496 mut args_then_results: Vec<Val>, 2497 storage: &mut [MaybeUninit<ValRaw>], 2498 ) -> Result<()> { 2499 // Unlike our arguments we need to dynamically check that the return 2500 // values produced are correct. There could be a bug in `func` that 2501 // produces the wrong number, wrong types, or wrong stores of 2502 // values, and we need to catch that here. 2503 let results = &args_then_results[ty.params().len()..]; 2504 for (i, (ret, ty)) in results.iter().zip(ty.results()).enumerate() { 2505 ret.ensure_matches_ty(store.0, &ty) 2506 .context("function attempted to return an incompatible value")?; 2507 storage[i].write(ret.to_raw(store.as_context_mut())?); 2508 } 2509 2510 // Restore our `val_vec` back into the store so it's usable for the next 2511 // hostcall to reuse our own storage. 2512 args_then_results.truncate(0); 2513 store.0.save_hostcall_val_storage(args_then_results); 2514 Ok(()) 2515 } 2516 2517 /// Analog of [`Func::wrap`] 2518 pub fn wrap<T, F, P, R>(engine: &Engine, func: F) -> Result<Self, OutOfMemory> 2519 where 2520 F: Fn(Caller<'_, T>, P) -> R + Send + Sync + 'static, 2521 P: WasmTyList, 2522 R: WasmRet, 2523 T: 'static, 2524 { 2525 // NB: this entire function is "duplicated" below in `wrap_async`, so 2526 // try to keep the two in sync. 2527 let ty = R::func_type(engine, None::<ValType>.into_iter().chain(P::valtypes()))?; 2528 2529 let ctx = Self::vmctx_sync(engine, ty, move |mut caller, args| { 2530 // SAFETY: `args` matching `ty` is provided by `HostFunc` and 2531 // wasmtime's ambient correctness. 2532 let params = unsafe { Self::load_typed_params(caller.store.0, args) }; 2533 let ret = func(caller.sub_caller(), params).into_fallible(); 2534 // SAFETY: `args` matching `ty` is provided by `HostFunc` and 2535 // wasmtime's ambient correctness. 2536 unsafe { Self::store_typed_results(caller.store.0, ret, args) } 2537 })?; 2538 Ok(HostFunc::new_raw(engine, ctx, Asyncness::No)) 2539 } 2540 2541 /// Analog of [`Func::wrap_async`] 2542 #[cfg(feature = "async")] 2543 pub fn wrap_async<T, F, P, R>(engine: &Engine, func: F) -> Result<Self, OutOfMemory> 2544 where 2545 F: for<'a> Fn(Caller<'a, T>, P) -> Box<dyn Future<Output = R> + Send + 'a> 2546 + Send 2547 + Sync 2548 + 'static, 2549 P: WasmTyList, 2550 R: WasmRet, 2551 T: Send + 'static, 2552 { 2553 // NB: this entire function is "duplicated" above in `wrap`, so try to 2554 // keep the two in sync. 2555 let ty = R::func_type(engine, None::<ValType>.into_iter().chain(P::valtypes()))?; 2556 2557 let ctx = Self::vmctx_async(engine, ty, func, move |mut caller, args, func| { 2558 Box::new(async move { 2559 // SAFETY: `args` matching `ty` is provided by `HostFunc` and 2560 // wasmtime's ambient correctness. 2561 let params = unsafe { Self::load_typed_params(caller.store.0, args) }; 2562 let ret = core::pin::Pin::from(func(caller.sub_caller(), params)).await; 2563 // SAFETY: `args` matching `ty` is provided by `HostFunc` and 2564 // wasmtime's ambient correctness. 2565 unsafe { Self::store_typed_results(caller.store.0, ret.into_fallible(), args) } 2566 }) 2567 })?; 2568 Ok(HostFunc::new_raw(engine, ctx, Asyncness::Yes)) 2569 } 2570 2571 /// Loads the typed parameters from `params` 2572 /// 2573 /// # Safety 2574 /// 2575 /// Requires that `params` matches the parameters loaded by `P`. 2576 unsafe fn load_typed_params<P>(store: &mut StoreOpaque, params: &mut [MaybeUninit<ValRaw>]) -> P 2577 where 2578 P: WasmTyList, 2579 { 2580 let mut store = if P::may_gc() { 2581 AutoAssertNoGc::new(store) 2582 } else { 2583 unsafe { AutoAssertNoGc::disabled(store) } 2584 }; 2585 // SAFETY: this function's own safety contract is the same as `P::load`. 2586 unsafe { P::load(&mut store, params) } 2587 } 2588 2589 /// Stores the results of `R` into the array provided. 2590 /// 2591 /// # Safety 2592 /// 2593 /// Requires that `ret` matches the result `storage` space. See `WasmRet` 2594 /// for more safety info. 2595 unsafe fn store_typed_results<R>( 2596 store: &mut StoreOpaque, 2597 ret: R, 2598 storage: &mut [MaybeUninit<ValRaw>], 2599 ) -> Result<()> 2600 where 2601 R: WasmRet, 2602 { 2603 ensure!( 2604 ret.compatible_with_store(store), 2605 "host function attempted to return cross-`Store` value to Wasm", 2606 ); 2607 2608 let mut store = if R::may_gc() { 2609 AutoAssertNoGc::new(store) 2610 } else { 2611 unsafe { AutoAssertNoGc::disabled(store) } 2612 }; 2613 // SAFETY: this safety contract is the same as this own function's 2614 // safety contract. 2615 unsafe { 2616 ret.store(&mut store, storage)?; 2617 } 2618 Ok(()) 2619 } 2620 2621 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to 2622 /// it. 2623 /// 2624 /// # Unsafety 2625 /// 2626 /// Can only be inserted into stores with a matching `T` relative to when 2627 /// this `HostFunc` was first created. 2628 pub unsafe fn to_func(self: &Arc<Self>, store: &mut StoreOpaque) -> Func { 2629 self.validate_store(store); 2630 let (funcrefs, modules) = store.func_refs_and_modules(); 2631 let funcref = funcrefs.push_arc_host(self.clone(), modules); 2632 // SAFETY: this funcref was just pushed within the store, so it's safe 2633 // to say this store owns it. 2634 unsafe { Func::from_vm_func_ref(store.id(), funcref) } 2635 } 2636 2637 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to 2638 /// it. 2639 /// 2640 /// This function is similar to, but not equivalent, to `HostFunc::to_func`. 2641 /// Notably this function requires that the `Arc<Self>` pointer is otherwise 2642 /// rooted within the `StoreOpaque` via another means. When in doubt use 2643 /// `to_func` above as it's safer. 2644 /// 2645 /// # Unsafety 2646 /// 2647 /// Can only be inserted into stores with a matching `T` relative to when 2648 /// this `HostFunc` was first created. 2649 /// 2650 /// Additionally the `&Arc<Self>` is not cloned in this function. Instead a 2651 /// raw pointer to `Self` is stored within the `Store` for this function. 2652 /// The caller must arrange for the `Arc<Self>` to be "rooted" in the store 2653 /// provided via another means, probably by pushing to 2654 /// `StoreOpaque::rooted_host_funcs`. 2655 /// 2656 /// Similarly, the caller must arrange for `rooted_func_ref` to be rooted in 2657 /// the same store and additionally be a valid pointer. 2658 pub unsafe fn to_func_store_rooted( 2659 self: &Arc<Self>, 2660 store: &mut StoreOpaque, 2661 rooted_func_ref: Option<NonNull<VMFuncRef>>, 2662 ) -> Func { 2663 self.validate_store(store); 2664 2665 match rooted_func_ref { 2666 Some(funcref) => { 2667 // SAFETY: it's a contract of this function itself that 2668 // `funcref` is safe to read. 2669 unsafe { 2670 debug_assert!(funcref.as_ref().wasm_call.is_some()); 2671 } 2672 // SAFETY: it's a contract of this function that `funcref` is 2673 // owned by `store`. 2674 unsafe { Func::from_vm_func_ref(store.id(), funcref) } 2675 } 2676 None => { 2677 debug_assert!(self.func_ref().wasm_call.is_some()); 2678 2679 // SAFETY: it's an unsafe contract of this function that we are 2680 // rooted within the store to say that the store owns a copy of 2681 // this funcref. 2682 unsafe { Func::from_vm_func_ref(store.id(), self.func_ref().into()) } 2683 } 2684 } 2685 } 2686 2687 /// Same as [`HostFunc::to_func`], different ownership. 2688 unsafe fn into_func(self, store: &mut StoreOpaque) -> Func { 2689 self.validate_store(store); 2690 2691 // This function could be called by a guest at any time, and it requires 2692 // fibers, so the store now required async entrypoints. 2693 store.set_async_required(self.asyncness); 2694 2695 let (funcrefs, modules) = store.func_refs_and_modules(); 2696 let funcref = funcrefs.push_box_host(Box::new(self), modules); 2697 // SAFETY: this funcref was just pushed within `store`, so it's safe to 2698 // say it's owned by the store's id. 2699 unsafe { Func::from_vm_func_ref(store.id(), funcref) } 2700 } 2701 2702 fn validate_store(&self, store: &mut StoreOpaque) { 2703 // This assert is required to ensure that we can indeed safely insert 2704 // `self` into the `store` provided, otherwise the type information we 2705 // have listed won't be correct. This is possible to hit with the public 2706 // API of Wasmtime, and should be documented in relevant functions. 2707 assert!( 2708 Engine::same(&self.engine, store.engine()), 2709 "cannot use a store with a different engine than a linker was created with", 2710 ); 2711 } 2712 2713 pub(crate) fn sig_index(&self) -> VMSharedTypeIndex { 2714 self.func_ref().type_index 2715 } 2716 2717 pub(crate) fn func_ref(&self) -> &VMFuncRef { 2718 unsafe { self.ctx.get().as_ref().func_ref() } 2719 } 2720 2721 pub(crate) fn asyncness(&self) -> Asyncness { 2722 self.asyncness 2723 } 2724 } 2725 2726 #[cfg(test)] 2727 mod tests { 2728 use super::*; 2729 use crate::{Module, Store}; 2730 2731 #[test] 2732 #[cfg_attr(miri, ignore)] 2733 fn hash_key_is_stable_across_duplicate_store_data_entries() -> Result<()> { 2734 let mut store = Store::<()>::default(); 2735 let module = Module::new( 2736 store.engine(), 2737 r#" 2738 (module 2739 (func (export "f") 2740 nop 2741 ) 2742 ) 2743 "#, 2744 )?; 2745 let instance = Instance::new(&mut store, &module, &[])?; 2746 2747 // Each time we `get_func`, we call `Func::from_wasmtime` which adds a 2748 // new entry to `StoreData`, so `f1` and `f2` will have different 2749 // indices into `StoreData`. 2750 let f1 = instance.get_func(&mut store, "f").unwrap(); 2751 let f2 = instance.get_func(&mut store, "f").unwrap(); 2752 2753 // But their hash keys are the same. 2754 assert!( 2755 f1.hash_key(&mut store.as_context_mut().0) 2756 == f2.hash_key(&mut store.as_context_mut().0) 2757 ); 2758 2759 // But the hash keys are different from different funcs. 2760 let instance2 = Instance::new(&mut store, &module, &[])?; 2761 let f3 = instance2.get_func(&mut store, "f").unwrap(); 2762 assert!( 2763 f1.hash_key(&mut store.as_context_mut().0) 2764 != f3.hash_key(&mut store.as_context_mut().0) 2765 ); 2766 2767 Ok(()) 2768 } 2769 } 2770