1 use crate::prelude::*; 2 use crate::runtime::vm::{ 3 self, InterpreterRef, SendSyncPtr, StoreBox, VMArrayCallHostFuncContext, 4 VMCommonStackInformation, VMContext, VMFuncRef, VMFunctionImport, VMOpaqueContext, 5 VMStoreContext, 6 }; 7 use crate::store::{AutoAssertNoGc, InstanceId, StoreId, StoreOpaque}; 8 use crate::type_registry::RegisteredType; 9 use crate::{ 10 AsContext, AsContextMut, CallHook, Engine, Extern, FuncType, Instance, ModuleExport, Ref, 11 StoreContext, StoreContextMut, Val, ValRaw, ValType, 12 }; 13 use alloc::sync::Arc; 14 use core::convert::Infallible; 15 use core::ffi::c_void; 16 #[cfg(feature = "async")] 17 use core::future::Future; 18 use core::mem::{self, MaybeUninit}; 19 use core::ptr::NonNull; 20 use wasmtime_environ::VMSharedTypeIndex; 21 22 /// A reference to the abstract `nofunc` heap value. 23 /// 24 /// The are no instances of `(ref nofunc)`: it is an uninhabited type. 25 /// 26 /// There is precisely one instance of `(ref null nofunc)`, aka `nullfuncref`: 27 /// the null reference. 28 /// 29 /// This `NoFunc` Rust type's sole purpose is for use with [`Func::wrap`]- and 30 /// [`Func::typed`]-style APIs for statically typing a function as taking or 31 /// returning a `(ref null nofunc)` (aka `Option<NoFunc>`) which is always 32 /// `None`. 33 /// 34 /// # Example 35 /// 36 /// ``` 37 /// # use wasmtime::*; 38 /// # fn _foo() -> Result<()> { 39 /// let mut config = Config::new(); 40 /// config.wasm_function_references(true); 41 /// let engine = Engine::new(&config)?; 42 /// 43 /// let module = Module::new( 44 /// &engine, 45 /// r#" 46 /// (module 47 /// (func (export "f") (param (ref null nofunc)) 48 /// ;; If the reference is null, return. 49 /// local.get 0 50 /// ref.is_null nofunc 51 /// br_if 0 52 /// 53 /// ;; If the reference was not null (which is impossible) 54 /// ;; then raise a trap. 55 /// unreachable 56 /// ) 57 /// ) 58 /// "#, 59 /// )?; 60 /// 61 /// let mut store = Store::new(&engine, ()); 62 /// let instance = Instance::new(&mut store, &module, &[])?; 63 /// let f = instance.get_func(&mut store, "f").unwrap(); 64 /// 65 /// // We can cast a `(ref null nofunc)`-taking function into a typed function that 66 /// // takes an `Option<NoFunc>` via the `Func::typed` method. 67 /// let f = f.typed::<Option<NoFunc>, ()>(&store)?; 68 /// 69 /// // We can call the typed function, passing the null `nofunc` reference. 70 /// let result = f.call(&mut store, NoFunc::null()); 71 /// 72 /// // The function should not have trapped, because the reference we gave it was 73 /// // null (as it had to be, since `NoFunc` is uninhabited). 74 /// assert!(result.is_ok()); 75 /// # Ok(()) 76 /// # } 77 /// ``` 78 #[derive(Copy, Clone, Debug, PartialEq, Eq)] 79 pub struct NoFunc { 80 _inner: Infallible, 81 } 82 83 impl NoFunc { 84 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference. 85 #[inline] 86 pub fn null() -> Option<NoFunc> { 87 None 88 } 89 90 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a 91 /// [`Ref`]. 92 #[inline] 93 pub fn null_ref() -> Ref { 94 Ref::Func(None) 95 } 96 97 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a 98 /// [`Val`]. 99 #[inline] 100 pub fn null_val() -> Val { 101 Val::FuncRef(None) 102 } 103 } 104 105 /// A WebAssembly function which can be called. 106 /// 107 /// This type typically represents an exported function from a WebAssembly 108 /// module instance. In this case a [`Func`] belongs to an [`Instance`] and is 109 /// loaded from there. A [`Func`] may also represent a host function as well in 110 /// some cases, too. 111 /// 112 /// Functions can be called in a few different ways, either synchronous or async 113 /// and either typed or untyped (more on this below). Note that host functions 114 /// are normally inserted directly into a [`Linker`](crate::Linker) rather than 115 /// using this directly, but both options are available. 116 /// 117 /// # `Func` and `async` 118 /// 119 /// Functions from the perspective of WebAssembly are always synchronous. You 120 /// might have an `async` function in Rust, however, which you'd like to make 121 /// available from WebAssembly. Wasmtime supports asynchronously calling 122 /// WebAssembly through native stack switching. You can get some more 123 /// information about [asynchronous configs](crate::Config::async_support), but 124 /// from the perspective of `Func` it's important to know that whether or not 125 /// your [`Store`](crate::Store) is asynchronous will dictate whether you call 126 /// functions through [`Func::call`] or [`Func::call_async`] (or the typed 127 /// wrappers such as [`TypedFunc::call`] vs [`TypedFunc::call_async`]). 128 /// 129 /// # To `Func::call` or to `Func::typed().call()` 130 /// 131 /// There's a 2x2 matrix of methods to call [`Func`]. Invocations can either be 132 /// asynchronous or synchronous. They can also be statically typed or not. 133 /// Whether or not an invocation is asynchronous is indicated via the method 134 /// being `async` and [`call_async`](Func::call_async) being the entry point. 135 /// Otherwise for statically typed or not your options are: 136 /// 137 /// * Dynamically typed - if you don't statically know the signature of the 138 /// function that you're calling you'll be using [`Func::call`] or 139 /// [`Func::call_async`]. These functions take a variable-length slice of 140 /// "boxed" arguments in their [`Val`] representation. Additionally the 141 /// results are returned as an owned slice of [`Val`]. These methods are not 142 /// optimized due to the dynamic type checks that must occur, in addition to 143 /// some dynamic allocations for where to put all the arguments. While this 144 /// allows you to call all possible wasm function signatures, if you're 145 /// looking for a speedier alternative you can also use... 146 /// 147 /// * Statically typed - if you statically know the type signature of the wasm 148 /// function you're calling, then you'll want to use the [`Func::typed`] 149 /// method to acquire an instance of [`TypedFunc`]. This structure is static proof 150 /// that the underlying wasm function has the ascripted type, and type 151 /// validation is only done once up-front. The [`TypedFunc::call`] and 152 /// [`TypedFunc::call_async`] methods are much more efficient than [`Func::call`] 153 /// and [`Func::call_async`] because the type signature is statically known. 154 /// This eschews runtime checks as much as possible to get into wasm as fast 155 /// as possible. 156 /// 157 /// # Examples 158 /// 159 /// One way to get a `Func` is from an [`Instance`] after you've instantiated 160 /// it: 161 /// 162 /// ``` 163 /// # use wasmtime::*; 164 /// # fn main() -> anyhow::Result<()> { 165 /// let engine = Engine::default(); 166 /// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?; 167 /// let mut store = Store::new(&engine, ()); 168 /// let instance = Instance::new(&mut store, &module, &[])?; 169 /// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function"); 170 /// 171 /// // Work with `foo` as a `Func` at this point, such as calling it 172 /// // dynamically... 173 /// match foo.call(&mut store, &[], &mut []) { 174 /// Ok(()) => { /* ... */ } 175 /// Err(trap) => { 176 /// panic!("execution of `foo` resulted in a wasm trap: {}", trap); 177 /// } 178 /// } 179 /// foo.call(&mut store, &[], &mut [])?; 180 /// 181 /// // ... or we can make a static assertion about its signature and call it. 182 /// // Our first call here can fail if the signatures don't match, and then the 183 /// // second call can fail if the function traps (like the `match` above). 184 /// let foo = foo.typed::<(), ()>(&store)?; 185 /// foo.call(&mut store, ())?; 186 /// # Ok(()) 187 /// # } 188 /// ``` 189 /// 190 /// You can also use the [`wrap` function](Func::wrap) to create a 191 /// `Func` 192 /// 193 /// ``` 194 /// # use wasmtime::*; 195 /// # fn main() -> anyhow::Result<()> { 196 /// let mut store = Store::<()>::default(); 197 /// 198 /// // Create a custom `Func` which can execute arbitrary code inside of the 199 /// // closure. 200 /// let add = Func::wrap(&mut store, |a: i32, b: i32| -> i32 { a + b }); 201 /// 202 /// // Next we can hook that up to a wasm module which uses it. 203 /// let module = Module::new( 204 /// store.engine(), 205 /// r#" 206 /// (module 207 /// (import "" "" (func $add (param i32 i32) (result i32))) 208 /// (func (export "call_add_twice") (result i32) 209 /// i32.const 1 210 /// i32.const 2 211 /// call $add 212 /// i32.const 3 213 /// i32.const 4 214 /// call $add 215 /// i32.add)) 216 /// "#, 217 /// )?; 218 /// let instance = Instance::new(&mut store, &module, &[add.into()])?; 219 /// let call_add_twice = instance.get_typed_func::<(), i32>(&mut store, "call_add_twice")?; 220 /// 221 /// assert_eq!(call_add_twice.call(&mut store, ())?, 10); 222 /// # Ok(()) 223 /// # } 224 /// ``` 225 /// 226 /// Or you could also create an entirely dynamic `Func`! 227 /// 228 /// ``` 229 /// # use wasmtime::*; 230 /// # fn main() -> anyhow::Result<()> { 231 /// let mut store = Store::<()>::default(); 232 /// 233 /// // Here we need to define the type signature of our `Double` function and 234 /// // then wrap it up in a `Func` 235 /// let double_type = wasmtime::FuncType::new( 236 /// store.engine(), 237 /// [wasmtime::ValType::I32].iter().cloned(), 238 /// [wasmtime::ValType::I32].iter().cloned(), 239 /// ); 240 /// let double = Func::new(&mut store, double_type, |_, params, results| { 241 /// let mut value = params[0].unwrap_i32(); 242 /// value *= 2; 243 /// results[0] = value.into(); 244 /// Ok(()) 245 /// }); 246 /// 247 /// let module = Module::new( 248 /// store.engine(), 249 /// r#" 250 /// (module 251 /// (import "" "" (func $double (param i32) (result i32))) 252 /// (func $start 253 /// i32.const 1 254 /// call $double 255 /// drop) 256 /// (start $start)) 257 /// "#, 258 /// )?; 259 /// let instance = Instance::new(&mut store, &module, &[double.into()])?; 260 /// // .. work with `instance` if necessary 261 /// # Ok(()) 262 /// # } 263 /// ``` 264 #[derive(Copy, Clone, Debug)] 265 #[repr(C)] // here for the C API 266 pub struct Func { 267 /// The store that the below pointer belongs to. 268 /// 269 /// It's only safe to look at the contents of the pointer below when the 270 /// `StoreOpaque` matching this id is in-scope. 271 store: StoreId, 272 273 /// The raw `VMFuncRef`, whose lifetime is bound to the store this func 274 /// belongs to. 275 /// 276 /// Note that this field has an `unsafe_*` prefix to discourage use of it. 277 /// This is only safe to read/use if `self.store` is validated to belong to 278 /// an ambiently provided `StoreOpaque` or similar. Use the 279 /// `self.func_ref()` method instead of this field to perform this check. 280 unsafe_func_ref: SendSyncPtr<VMFuncRef>, 281 } 282 283 // Double-check that the C representation in `extern.h` matches our in-Rust 284 // representation here in terms of size/alignment/etc. 285 const _: () = { 286 #[repr(C)] 287 struct C(u64, *mut u8); 288 assert!(core::mem::size_of::<C>() == core::mem::size_of::<Func>()); 289 assert!(core::mem::align_of::<C>() == core::mem::align_of::<Func>()); 290 assert!(core::mem::offset_of!(Func, store) == 0); 291 }; 292 293 macro_rules! for_each_function_signature { 294 ($mac:ident) => { 295 $mac!(0); 296 $mac!(1 A1); 297 $mac!(2 A1 A2); 298 $mac!(3 A1 A2 A3); 299 $mac!(4 A1 A2 A3 A4); 300 $mac!(5 A1 A2 A3 A4 A5); 301 $mac!(6 A1 A2 A3 A4 A5 A6); 302 $mac!(7 A1 A2 A3 A4 A5 A6 A7); 303 $mac!(8 A1 A2 A3 A4 A5 A6 A7 A8); 304 $mac!(9 A1 A2 A3 A4 A5 A6 A7 A8 A9); 305 $mac!(10 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10); 306 $mac!(11 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11); 307 $mac!(12 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12); 308 $mac!(13 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13); 309 $mac!(14 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14); 310 $mac!(15 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15); 311 $mac!(16 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16); 312 $mac!(17 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16 A17); 313 }; 314 } 315 316 mod typed; 317 use crate::runtime::vm::VMStackChain; 318 pub use typed::*; 319 320 impl Func { 321 /// Creates a new `Func` with the given arguments, typically to create a 322 /// host-defined function to pass as an import to a module. 323 /// 324 /// * `store` - the store in which to create this [`Func`], which will own 325 /// the return value. 326 /// 327 /// * `ty` - the signature of this function, used to indicate what the 328 /// inputs and outputs are. 329 /// 330 /// * `func` - the native code invoked whenever this `Func` will be called. 331 /// This closure is provided a [`Caller`] as its first argument to learn 332 /// information about the caller, and then it's passed a list of 333 /// parameters as a slice along with a mutable slice of where to write 334 /// results. 335 /// 336 /// Note that the implementation of `func` must adhere to the `ty` signature 337 /// given, error or traps may occur if it does not respect the `ty` 338 /// signature. For example if the function type declares that it returns one 339 /// i32 but the `func` closures does not write anything into the results 340 /// slice then a trap may be generated. 341 /// 342 /// Additionally note that this is quite a dynamic function since signatures 343 /// are not statically known. For a more performant and ergonomic `Func` 344 /// it's recommended to use [`Func::wrap`] if you can because with 345 /// statically known signatures Wasmtime can optimize the implementation 346 /// much more. 347 /// 348 /// For more information about `Send + Sync + 'static` requirements on the 349 /// `func`, see [`Func::wrap`](#why-send--sync--static). 350 /// 351 /// # Errors 352 /// 353 /// The host-provided function here returns a 354 /// [`Result<()>`](anyhow::Result). If the function returns `Ok(())` then 355 /// that indicates that the host function completed successfully and wrote 356 /// the result into the `&mut [Val]` argument. 357 /// 358 /// If the function returns `Err(e)`, however, then this is equivalent to 359 /// the host function triggering a trap for wasm. WebAssembly execution is 360 /// immediately halted and the original caller of [`Func::call`], for 361 /// example, will receive the error returned here (possibly with 362 /// [`WasmBacktrace`](crate::WasmBacktrace) context information attached). 363 /// 364 /// For more information about errors in Wasmtime see the [`Trap`] 365 /// documentation. 366 /// 367 /// [`Trap`]: crate::Trap 368 /// 369 /// # Panics 370 /// 371 /// Panics if the given function type is not associated with this store's 372 /// engine. 373 pub fn new<T: 'static>( 374 store: impl AsContextMut<Data = T>, 375 ty: FuncType, 376 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static, 377 ) -> Self { 378 assert!(ty.comes_from_same_engine(store.as_context().engine())); 379 let ty_clone = ty.clone(); 380 unsafe { 381 Func::new_unchecked(store, ty, move |caller, values| { 382 Func::invoke_host_func_for_wasm(caller, &ty_clone, values, &func) 383 }) 384 } 385 } 386 387 /// Creates a new [`Func`] with the given arguments, although has fewer 388 /// runtime checks than [`Func::new`]. 389 /// 390 /// This function takes a callback of a different signature than 391 /// [`Func::new`], instead receiving a raw pointer with a list of [`ValRaw`] 392 /// structures. These values have no type information associated with them 393 /// so it's up to the caller to provide a function that will correctly 394 /// interpret the list of values as those coming from the `ty` specified. 395 /// 396 /// If you're calling this from Rust it's recommended to either instead use 397 /// [`Func::new`] or [`Func::wrap`]. The [`Func::wrap`] API, in particular, 398 /// is both safer and faster than this API. 399 /// 400 /// # Errors 401 /// 402 /// See [`Func::new`] for the behavior of returning an error from the host 403 /// function provided here. 404 /// 405 /// # Unsafety 406 /// 407 /// This function is not safe because it's not known at compile time that 408 /// the `func` provided correctly interprets the argument types provided to 409 /// it, or that the results it produces will be of the correct type. 410 /// 411 /// # Panics 412 /// 413 /// Panics if the given function type is not associated with this store's 414 /// engine. 415 pub unsafe fn new_unchecked<T: 'static>( 416 mut store: impl AsContextMut<Data = T>, 417 ty: FuncType, 418 func: impl Fn(Caller<'_, T>, &mut [ValRaw]) -> Result<()> + Send + Sync + 'static, 419 ) -> Self { 420 assert!(ty.comes_from_same_engine(store.as_context().engine())); 421 let store = store.as_context_mut().0; 422 423 // SAFETY: the contract required by `new_unchecked` is the same as the 424 // contract required by this function itself. 425 let host = unsafe { HostFunc::new_unchecked(store.engine(), ty, func) }; 426 427 // SAFETY: the `T` used by `func` matches the `T` of the store we're 428 // inserting into via this function's type signature. 429 unsafe { host.into_func(store) } 430 } 431 432 /// Creates a new host-defined WebAssembly function which, when called, 433 /// will run the asynchronous computation defined by `func` to completion 434 /// and then return the result to WebAssembly. 435 /// 436 /// This function is the asynchronous analogue of [`Func::new`] and much of 437 /// that documentation applies to this as well. The key difference is that 438 /// `func` returns a future instead of simply a `Result`. Note that the 439 /// returned future can close over any of the arguments, but it cannot close 440 /// over the state of the closure itself. It's recommended to store any 441 /// necessary async state in the `T` of the [`Store<T>`](crate::Store) which 442 /// can be accessed through [`Caller::data`] or [`Caller::data_mut`]. 443 /// 444 /// For more information on `Send + Sync + 'static`, see 445 /// [`Func::wrap`](#why-send--sync--static). 446 /// 447 /// # Panics 448 /// 449 /// This function will panic if `store` is not associated with an [async 450 /// config](crate::Config::async_support). 451 /// 452 /// Panics if the given function type is not associated with this store's 453 /// engine. 454 /// 455 /// # Errors 456 /// 457 /// See [`Func::new`] for the behavior of returning an error from the host 458 /// function provided here. 459 /// 460 /// # Examples 461 /// 462 /// ``` 463 /// # use wasmtime::*; 464 /// # fn main() -> anyhow::Result<()> { 465 /// // Simulate some application-specific state as well as asynchronous 466 /// // functions to query that state. 467 /// struct MyDatabase { 468 /// // ... 469 /// } 470 /// 471 /// impl MyDatabase { 472 /// async fn get_row_count(&self) -> u32 { 473 /// // ... 474 /// # 100 475 /// } 476 /// } 477 /// 478 /// let my_database = MyDatabase { 479 /// // ... 480 /// }; 481 /// 482 /// // Using `new_async` we can hook up into calling our async 483 /// // `get_row_count` function. 484 /// let engine = Engine::new(Config::new().async_support(true))?; 485 /// let mut store = Store::new(&engine, MyDatabase { 486 /// // ... 487 /// }); 488 /// let get_row_count_type = wasmtime::FuncType::new( 489 /// &engine, 490 /// None, 491 /// Some(wasmtime::ValType::I32), 492 /// ); 493 /// let get = Func::new_async(&mut store, get_row_count_type, |caller, _params, results| { 494 /// Box::new(async move { 495 /// let count = caller.data().get_row_count().await; 496 /// results[0] = Val::I32(count as i32); 497 /// Ok(()) 498 /// }) 499 /// }); 500 /// // ... 501 /// # Ok(()) 502 /// # } 503 /// ``` 504 #[cfg(all(feature = "async", feature = "cranelift"))] 505 pub fn new_async<T, F>(store: impl AsContextMut<Data = T>, ty: FuncType, func: F) -> Func 506 where 507 F: for<'a> Fn( 508 Caller<'a, T>, 509 &'a [Val], 510 &'a mut [Val], 511 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a> 512 + Send 513 + Sync 514 + 'static, 515 T: 'static, 516 { 517 assert!( 518 store.as_context().async_support(), 519 "cannot use `new_async` without enabling async support in the config" 520 ); 521 assert!(ty.comes_from_same_engine(store.as_context().engine())); 522 return Func::new( 523 store, 524 ty, 525 move |Caller { store, caller }, params, results| { 526 store.with_blocking(|store, cx| { 527 cx.block_on(core::pin::Pin::from(func( 528 Caller { store, caller }, 529 params, 530 results, 531 ))) 532 })? 533 }, 534 ); 535 } 536 537 /// Creates a new `Func` from a store and a funcref within that store. 538 /// 539 /// # Safety 540 /// 541 /// The safety of this function requires that `func_ref` is a valid function 542 /// pointer owned by `store`. 543 pub(crate) unsafe fn from_vm_func_ref(store: StoreId, func_ref: NonNull<VMFuncRef>) -> Func { 544 // SAFETY: given the contract of this function it's safe to read the 545 // `type_index` field. 546 unsafe { 547 debug_assert!(func_ref.as_ref().type_index != VMSharedTypeIndex::default()); 548 } 549 Func { 550 store, 551 unsafe_func_ref: func_ref.into(), 552 } 553 } 554 555 /// Creates a new `Func` from the given Rust closure. 556 /// 557 /// This function will create a new `Func` which, when called, will 558 /// execute the given Rust closure. Unlike [`Func::new`] the target 559 /// function being called is known statically so the type signature can 560 /// be inferred. Rust types will map to WebAssembly types as follows: 561 /// 562 /// | Rust Argument Type | WebAssembly Type | 563 /// |-----------------------------------|-------------------------------------------| 564 /// | `i32` | `i32` | 565 /// | `u32` | `i32` | 566 /// | `i64` | `i64` | 567 /// | `u64` | `i64` | 568 /// | `f32` | `f32` | 569 /// | `f64` | `f64` | 570 /// | `V128` on x86-64 and aarch64 only | `v128` | 571 /// | `Option<Func>` | `funcref` aka `(ref null func)` | 572 /// | `Func` | `(ref func)` | 573 /// | `Option<Nofunc>` | `nullfuncref` aka `(ref null nofunc)` | 574 /// | `NoFunc` | `(ref nofunc)` | 575 /// | `Option<Rooted<ExternRef>>` | `externref` aka `(ref null extern)` | 576 /// | `Rooted<ExternRef>` | `(ref extern)` | 577 /// | `Option<NoExtern>` | `nullexternref` aka `(ref null noextern)` | 578 /// | `NoExtern` | `(ref noextern)` | 579 /// | `Option<Rooted<AnyRef>>` | `anyref` aka `(ref null any)` | 580 /// | `Rooted<AnyRef>` | `(ref any)` | 581 /// | `Option<Rooted<EqRef>>` | `eqref` aka `(ref null eq)` | 582 /// | `Rooted<EqRef>` | `(ref eq)` | 583 /// | `Option<I31>` | `i31ref` aka `(ref null i31)` | 584 /// | `I31` | `(ref i31)` | 585 /// | `Option<Rooted<StructRef>>` | `(ref null struct)` | 586 /// | `Rooted<StructRef>` | `(ref struct)` | 587 /// | `Option<Rooted<ArrayRef>>` | `(ref null array)` | 588 /// | `Rooted<ArrayRef>` | `(ref array)` | 589 /// | `Option<NoneRef>` | `nullref` aka `(ref null none)` | 590 /// | `NoneRef` | `(ref none)` | 591 /// 592 /// Note that anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also 593 /// be used. 594 /// 595 /// Any of the Rust types can be returned from the closure as well, in 596 /// addition to some extra types 597 /// 598 /// | Rust Return Type | WebAssembly Return Type | Meaning | 599 /// |-------------------|-------------------------|-----------------------| 600 /// | `()` | nothing | no return value | 601 /// | `T` | `T` | a single return value | 602 /// | `(T1, T2, ...)` | `T1 T2 ...` | multiple returns | 603 /// 604 /// Note that all return types can also be wrapped in `Result<_>` to 605 /// indicate that the host function can generate a trap as well as possibly 606 /// returning a value. 607 /// 608 /// Finally you can also optionally take [`Caller`] as the first argument of 609 /// your closure. If inserted then you're able to inspect the caller's 610 /// state, for example the [`Memory`](crate::Memory) it has exported so you 611 /// can read what pointers point to. 612 /// 613 /// Note that when using this API, the intention is to create as thin of a 614 /// layer as possible for when WebAssembly calls the function provided. With 615 /// sufficient inlining and optimization the WebAssembly will call straight 616 /// into `func` provided, with no extra fluff entailed. 617 /// 618 /// # Why `Send + Sync + 'static`? 619 /// 620 /// All host functions defined in a [`Store`](crate::Store) (including 621 /// those from [`Func::new`] and other constructors) require that the 622 /// `func` provided is `Send + Sync + 'static`. Additionally host functions 623 /// always are `Fn` as opposed to `FnMut` or `FnOnce`. This can at-a-glance 624 /// feel restrictive since the closure cannot close over as many types as 625 /// before. The reason for this, though, is to ensure that 626 /// [`Store<T>`](crate::Store) can implement both the `Send` and `Sync` 627 /// traits. 628 /// 629 /// Fear not, however, because this isn't as restrictive as it seems! Host 630 /// functions are provided a [`Caller<'_, T>`](crate::Caller) argument which 631 /// allows access to the host-defined data within the 632 /// [`Store`](crate::Store). The `T` type is not required to be any of 633 /// `Send`, `Sync`, or `'static`! This means that you can store whatever 634 /// you'd like in `T` and have it accessible by all host functions. 635 /// Additionally mutable access to `T` is allowed through 636 /// [`Caller::data_mut`]. 637 /// 638 /// Most host-defined [`Func`] values provide closures that end up not 639 /// actually closing over any values. These zero-sized types will use the 640 /// context from [`Caller`] for host-defined information. 641 /// 642 /// # Errors 643 /// 644 /// The closure provided here to `wrap` can optionally return a 645 /// [`Result<T>`](anyhow::Result). Returning `Ok(t)` represents the host 646 /// function successfully completing with the `t` result. Returning 647 /// `Err(e)`, however, is equivalent to raising a custom wasm trap. 648 /// Execution of WebAssembly does not resume and the stack is unwound to the 649 /// original caller of the function where the error is returned. 650 /// 651 /// For more information about errors in Wasmtime see the [`Trap`] 652 /// documentation. 653 /// 654 /// [`Trap`]: crate::Trap 655 /// 656 /// # Examples 657 /// 658 /// First up we can see how simple wasm imports can be implemented, such 659 /// as a function that adds its two arguments and returns the result. 660 /// 661 /// ``` 662 /// # use wasmtime::*; 663 /// # fn main() -> anyhow::Result<()> { 664 /// # let mut store = Store::<()>::default(); 665 /// let add = Func::wrap(&mut store, |a: i32, b: i32| a + b); 666 /// let module = Module::new( 667 /// store.engine(), 668 /// r#" 669 /// (module 670 /// (import "" "" (func $add (param i32 i32) (result i32))) 671 /// (func (export "foo") (param i32 i32) (result i32) 672 /// local.get 0 673 /// local.get 1 674 /// call $add)) 675 /// "#, 676 /// )?; 677 /// let instance = Instance::new(&mut store, &module, &[add.into()])?; 678 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?; 679 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3); 680 /// # Ok(()) 681 /// # } 682 /// ``` 683 /// 684 /// We can also do the same thing, but generate a trap if the addition 685 /// overflows: 686 /// 687 /// ``` 688 /// # use wasmtime::*; 689 /// # fn main() -> anyhow::Result<()> { 690 /// # let mut store = Store::<()>::default(); 691 /// let add = Func::wrap(&mut store, |a: i32, b: i32| { 692 /// match a.checked_add(b) { 693 /// Some(i) => Ok(i), 694 /// None => anyhow::bail!("overflow"), 695 /// } 696 /// }); 697 /// let module = Module::new( 698 /// store.engine(), 699 /// r#" 700 /// (module 701 /// (import "" "" (func $add (param i32 i32) (result i32))) 702 /// (func (export "foo") (param i32 i32) (result i32) 703 /// local.get 0 704 /// local.get 1 705 /// call $add)) 706 /// "#, 707 /// )?; 708 /// let instance = Instance::new(&mut store, &module, &[add.into()])?; 709 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?; 710 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3); 711 /// assert!(foo.call(&mut store, (i32::max_value(), 1)).is_err()); 712 /// # Ok(()) 713 /// # } 714 /// ``` 715 /// 716 /// And don't forget all the wasm types are supported! 717 /// 718 /// ``` 719 /// # use wasmtime::*; 720 /// # fn main() -> anyhow::Result<()> { 721 /// # let mut store = Store::<()>::default(); 722 /// let debug = Func::wrap(&mut store, |a: i32, b: u32, c: f32, d: i64, e: u64, f: f64| { 723 /// 724 /// println!("a={}", a); 725 /// println!("b={}", b); 726 /// println!("c={}", c); 727 /// println!("d={}", d); 728 /// println!("e={}", e); 729 /// println!("f={}", f); 730 /// }); 731 /// let module = Module::new( 732 /// store.engine(), 733 /// r#" 734 /// (module 735 /// (import "" "" (func $debug (param i32 i32 f32 i64 i64 f64))) 736 /// (func (export "foo") 737 /// i32.const -1 738 /// i32.const 1 739 /// f32.const 2 740 /// i64.const -3 741 /// i64.const 3 742 /// f64.const 4 743 /// call $debug)) 744 /// "#, 745 /// )?; 746 /// let instance = Instance::new(&mut store, &module, &[debug.into()])?; 747 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?; 748 /// foo.call(&mut store, ())?; 749 /// # Ok(()) 750 /// # } 751 /// ``` 752 /// 753 /// Finally if you want to get really fancy you can also implement 754 /// imports that read/write wasm module's memory 755 /// 756 /// ``` 757 /// use std::str; 758 /// 759 /// # use wasmtime::*; 760 /// # fn main() -> anyhow::Result<()> { 761 /// # let mut store = Store::default(); 762 /// let log_str = Func::wrap(&mut store, |mut caller: Caller<'_, ()>, ptr: i32, len: i32| { 763 /// let mem = match caller.get_export("memory") { 764 /// Some(Extern::Memory(mem)) => mem, 765 /// _ => anyhow::bail!("failed to find host memory"), 766 /// }; 767 /// let data = mem.data(&caller) 768 /// .get(ptr as u32 as usize..) 769 /// .and_then(|arr| arr.get(..len as u32 as usize)); 770 /// let string = match data { 771 /// Some(data) => match str::from_utf8(data) { 772 /// Ok(s) => s, 773 /// Err(_) => anyhow::bail!("invalid utf-8"), 774 /// }, 775 /// None => anyhow::bail!("pointer/length out of bounds"), 776 /// }; 777 /// assert_eq!(string, "Hello, world!"); 778 /// println!("{}", string); 779 /// Ok(()) 780 /// }); 781 /// let module = Module::new( 782 /// store.engine(), 783 /// r#" 784 /// (module 785 /// (import "" "" (func $log_str (param i32 i32))) 786 /// (func (export "foo") 787 /// i32.const 4 ;; ptr 788 /// i32.const 13 ;; len 789 /// call $log_str) 790 /// (memory (export "memory") 1) 791 /// (data (i32.const 4) "Hello, world!")) 792 /// "#, 793 /// )?; 794 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?; 795 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?; 796 /// foo.call(&mut store, ())?; 797 /// # Ok(()) 798 /// # } 799 /// ``` 800 pub fn wrap<T, Params, Results>( 801 mut store: impl AsContextMut<Data = T>, 802 func: impl IntoFunc<T, Params, Results>, 803 ) -> Func 804 where 805 T: 'static, 806 { 807 let store = store.as_context_mut().0; 808 let host = HostFunc::wrap(store.engine(), func); 809 810 // SAFETY: The `T` the closure takes is the same as the `T` of the store 811 // we're inserting into via the type signature above. 812 unsafe { host.into_func(store) } 813 } 814 815 #[cfg(feature = "async")] 816 fn wrap_inner<F, T, Params, Results>(mut store: impl AsContextMut<Data = T>, func: F) -> Func 817 where 818 F: Fn(Caller<'_, T>, Params) -> Results + Send + Sync + 'static, 819 Params: WasmTyList, 820 Results: WasmRet, 821 T: 'static, 822 { 823 let store = store.as_context_mut().0; 824 let host = HostFunc::wrap_inner(store.engine(), func); 825 826 // SAFETY: The `T` the closure takes is the same as the `T` of the store 827 // we're inserting into via the type signature above. 828 unsafe { host.into_func(store) } 829 } 830 831 /// Same as [`Func::wrap`], except the closure asynchronously produces the 832 /// result and the arguments are passed within a tuple. For more information 833 /// see the [`Func`] documentation. 834 /// 835 /// # Panics 836 /// 837 /// This function will panic if called with a non-asynchronous store. 838 #[cfg(feature = "async")] 839 pub fn wrap_async<T, F, P, R>(store: impl AsContextMut<Data = T>, func: F) -> Func 840 where 841 F: for<'a> Fn(Caller<'a, T>, P) -> Box<dyn Future<Output = R> + Send + 'a> 842 + Send 843 + Sync 844 + 'static, 845 P: WasmTyList, 846 R: WasmRet, 847 T: 'static, 848 { 849 assert!( 850 store.as_context().async_support(), 851 concat!("cannot use `wrap_async` without enabling async support on the config") 852 ); 853 Func::wrap_inner(store, move |Caller { store, caller }, args| { 854 match store.block_on(|store| func(Caller { store, caller }, args).into()) { 855 Ok(ret) => ret.into_fallible(), 856 Err(e) => R::fallible_from_error(e), 857 } 858 }) 859 } 860 861 /// Returns the underlying wasm type that this `Func` has. 862 /// 863 /// # Panics 864 /// 865 /// Panics if `store` does not own this function. 866 pub fn ty(&self, store: impl AsContext) -> FuncType { 867 self.load_ty(&store.as_context().0) 868 } 869 870 /// Forcibly loads the type of this function from the `Engine`. 871 /// 872 /// Note that this is a somewhat expensive method since it requires taking a 873 /// lock as well as cloning a type. 874 pub(crate) fn load_ty(&self, store: &StoreOpaque) -> FuncType { 875 FuncType::from_shared_type_index(store.engine(), self.type_index(store)) 876 } 877 878 /// Does this function match the given type? 879 /// 880 /// That is, is this function's type a subtype of the given type? 881 /// 882 /// # Panics 883 /// 884 /// Panics if this function is not associated with the given store or if the 885 /// function type is not associated with the store's engine. 886 pub fn matches_ty(&self, store: impl AsContext, func_ty: &FuncType) -> bool { 887 self._matches_ty(store.as_context().0, func_ty) 888 } 889 890 pub(crate) fn _matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> bool { 891 let actual_ty = self.load_ty(store); 892 actual_ty.matches(func_ty) 893 } 894 895 pub(crate) fn ensure_matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> Result<()> { 896 if !self.comes_from_same_store(store) { 897 bail!("function used with wrong store"); 898 } 899 if self._matches_ty(store, func_ty) { 900 Ok(()) 901 } else { 902 let actual_ty = self.load_ty(store); 903 bail!("type mismatch: expected {func_ty}, found {actual_ty}") 904 } 905 } 906 907 pub(crate) fn type_index(&self, data: &StoreOpaque) -> VMSharedTypeIndex { 908 unsafe { self.vm_func_ref(data).as_ref().type_index } 909 } 910 911 /// Invokes this function with the `params` given and writes returned values 912 /// to `results`. 913 /// 914 /// The `params` here must match the type signature of this `Func`, or an 915 /// error will occur. Additionally `results` must have the same 916 /// length as the number of results for this function. Calling this function 917 /// will synchronously execute the WebAssembly function referenced to get 918 /// the results. 919 /// 920 /// This function will return `Ok(())` if execution completed without a trap 921 /// or error of any kind. In this situation the results will be written to 922 /// the provided `results` array. 923 /// 924 /// # Errors 925 /// 926 /// Any error which occurs throughout the execution of the function will be 927 /// returned as `Err(e)`. The [`Error`](anyhow::Error) type can be inspected 928 /// for the precise error cause such as: 929 /// 930 /// * [`Trap`] - indicates that a wasm trap happened and execution was 931 /// halted. 932 /// * [`WasmBacktrace`] - optionally included on errors for backtrace 933 /// information of the trap/error. 934 /// * Other string-based errors to indicate issues such as type errors with 935 /// `params`. 936 /// * Any host-originating error originally returned from a function defined 937 /// via [`Func::new`], for example. 938 /// 939 /// Errors typically indicate that execution of WebAssembly was halted 940 /// mid-way and did not complete after the error condition happened. 941 /// 942 /// [`Trap`]: crate::Trap 943 /// 944 /// # Panics 945 /// 946 /// This function will panic if called on a function belonging to an async 947 /// store. Asynchronous stores must always use `call_async`. Also panics if 948 /// `store` does not own this function. 949 /// 950 /// [`WasmBacktrace`]: crate::WasmBacktrace 951 pub fn call( 952 &self, 953 mut store: impl AsContextMut, 954 params: &[Val], 955 results: &mut [Val], 956 ) -> Result<()> { 957 assert!( 958 !store.as_context().async_support(), 959 "must use `call_async` when async support is enabled on the config", 960 ); 961 let mut store = store.as_context_mut(); 962 963 self.call_impl_check_args(&mut store, params, results)?; 964 965 unsafe { self.call_impl_do_call(&mut store, params, results) } 966 } 967 968 /// Invokes this function in an "unchecked" fashion, reading parameters and 969 /// writing results to `params_and_returns`. 970 /// 971 /// This function is the same as [`Func::call`] except that the arguments 972 /// and results both use a different representation. If possible it's 973 /// recommended to use [`Func::call`] if safety isn't necessary or to use 974 /// [`Func::typed`] in conjunction with [`TypedFunc::call`] since that's 975 /// both safer and faster than this method of invoking a function. 976 /// 977 /// Note that if this function takes `externref` arguments then it will 978 /// **not** automatically GC unlike the [`Func::call`] and 979 /// [`TypedFunc::call`] functions. This means that if this function is 980 /// invoked many times with new `ExternRef` values and no other GC happens 981 /// via any other means then no values will get collected. 982 /// 983 /// # Errors 984 /// 985 /// For more information about errors see the [`Func::call`] documentation. 986 /// 987 /// # Unsafety 988 /// 989 /// This function is unsafe because the `params_and_returns` argument is not 990 /// validated at all. It must uphold invariants such as: 991 /// 992 /// * It's a valid pointer to an array 993 /// * It has enough space to store all parameters 994 /// * It has enough space to store all results (not at the same time as 995 /// parameters) 996 /// * Parameters are initially written to the array and have the correct 997 /// types and such. 998 /// * Reference types like `externref` and `funcref` are valid at the 999 /// time of this call and for the `store` specified. 1000 /// 1001 /// These invariants are all upheld for you with [`Func::call`] and 1002 /// [`TypedFunc::call`]. 1003 pub unsafe fn call_unchecked( 1004 &self, 1005 mut store: impl AsContextMut, 1006 params_and_returns: *mut [ValRaw], 1007 ) -> Result<()> { 1008 let mut store = store.as_context_mut(); 1009 let func_ref = self.vm_func_ref(store.0); 1010 let params_and_returns = NonNull::new(params_and_returns).unwrap_or(NonNull::from(&mut [])); 1011 1012 // SAFETY: the safety of this function call is the same as the contract 1013 // of this function. 1014 unsafe { Self::call_unchecked_raw(&mut store, func_ref, params_and_returns) } 1015 } 1016 1017 pub(crate) unsafe fn call_unchecked_raw<T>( 1018 store: &mut StoreContextMut<'_, T>, 1019 func_ref: NonNull<VMFuncRef>, 1020 params_and_returns: NonNull<[ValRaw]>, 1021 ) -> Result<()> { 1022 // SAFETY: the safety of this function call is the same as the contract 1023 // of this function. 1024 invoke_wasm_and_catch_traps(store, |caller, vm| unsafe { 1025 VMFuncRef::array_call(func_ref, vm, caller, params_and_returns) 1026 }) 1027 } 1028 1029 /// Converts the raw representation of a `funcref` into an `Option<Func>` 1030 /// 1031 /// This is intended to be used in conjunction with [`Func::new_unchecked`], 1032 /// [`Func::call_unchecked`], and [`ValRaw`] with its `funcref` field. This 1033 /// is the dual of [`Func::to_raw`]. 1034 /// 1035 /// # Unsafety 1036 /// 1037 /// This function is not safe because `raw` is not validated at all. The 1038 /// caller must guarantee that `raw` is owned by the `store` provided and is 1039 /// valid within the `store`. 1040 pub unsafe fn from_raw(mut store: impl AsContextMut, raw: *mut c_void) -> Option<Func> { 1041 // SAFETY: this function's own contract is that `raw` is owned by store 1042 // to make this safe. 1043 unsafe { Self::_from_raw(store.as_context_mut().0, raw) } 1044 } 1045 1046 /// Same as `from_raw`, but with the internal `StoreOpaque` type. 1047 pub(crate) unsafe fn _from_raw(store: &mut StoreOpaque, raw: *mut c_void) -> Option<Func> { 1048 // SAFETY: this function's own contract is that `raw` is owned by store 1049 // to make this safe. 1050 unsafe { 1051 Some(Func::from_vm_func_ref( 1052 store.id(), 1053 NonNull::new(raw.cast())?, 1054 )) 1055 } 1056 } 1057 1058 /// Extracts the raw value of this `Func`, which is owned by `store`. 1059 /// 1060 /// This function returns a value that's suitable for writing into the 1061 /// `funcref` field of the [`ValRaw`] structure. 1062 /// 1063 /// # Safety 1064 /// 1065 /// The returned value is only valid for as long as the store is alive. 1066 /// This value is safe to pass to [`Func::from_raw`] so long as the same 1067 /// `store` is provided. 1068 pub fn to_raw(&self, mut store: impl AsContextMut) -> *mut c_void { 1069 self.vm_func_ref(store.as_context_mut().0).as_ptr().cast() 1070 } 1071 1072 /// Invokes this function with the `params` given, returning the results 1073 /// asynchronously. 1074 /// 1075 /// This function is the same as [`Func::call`] except that it is 1076 /// asynchronous. This is only compatible with stores associated with an 1077 /// [asynchronous config](crate::Config::async_support). 1078 /// 1079 /// It's important to note that the execution of WebAssembly will happen 1080 /// synchronously in the `poll` method of the future returned from this 1081 /// function. Wasmtime does not manage its own thread pool or similar to 1082 /// execute WebAssembly in. Future `poll` methods are generally expected to 1083 /// resolve quickly, so it's recommended that you run or poll this future 1084 /// in a "blocking context". 1085 /// 1086 /// For more information see the documentation on [asynchronous 1087 /// configs](crate::Config::async_support). 1088 /// 1089 /// # Errors 1090 /// 1091 /// For more information on errors see the [`Func::call`] documentation. 1092 /// 1093 /// # Panics 1094 /// 1095 /// Panics if this is called on a function in a synchronous store. This 1096 /// only works with functions defined within an asynchronous store. Also 1097 /// panics if `store` does not own this function. 1098 #[cfg(feature = "async")] 1099 pub async fn call_async( 1100 &self, 1101 mut store: impl AsContextMut<Data: Send>, 1102 params: &[Val], 1103 results: &mut [Val], 1104 ) -> Result<()> { 1105 let mut store = store.as_context_mut(); 1106 assert!( 1107 store.0.async_support(), 1108 "cannot use `call_async` without enabling async support in the config", 1109 ); 1110 1111 self.call_impl_check_args(&mut store, params, results)?; 1112 1113 let result = store 1114 .on_fiber(|store| unsafe { self.call_impl_do_call(store, params, results) }) 1115 .await??; 1116 Ok(result) 1117 } 1118 1119 /// Perform dynamic checks that the arguments given to us match 1120 /// the signature of this function and are appropriate to pass to this 1121 /// function. 1122 /// 1123 /// This involves checking to make sure we have the right number and types 1124 /// of arguments as well as making sure everything is from the same `Store`. 1125 /// 1126 /// This must be called just before `call_impl_do_call`. 1127 fn call_impl_check_args<T>( 1128 &self, 1129 store: &mut StoreContextMut<'_, T>, 1130 params: &[Val], 1131 results: &mut [Val], 1132 ) -> Result<()> { 1133 let ty = self.load_ty(store.0); 1134 if ty.params().len() != params.len() { 1135 bail!( 1136 "expected {} arguments, got {}", 1137 ty.params().len(), 1138 params.len() 1139 ); 1140 } 1141 if ty.results().len() != results.len() { 1142 bail!( 1143 "expected {} results, got {}", 1144 ty.results().len(), 1145 results.len() 1146 ); 1147 } 1148 1149 for (ty, arg) in ty.params().zip(params) { 1150 arg.ensure_matches_ty(store.0, &ty) 1151 .context("argument type mismatch")?; 1152 if !arg.comes_from_same_store(store.0) { 1153 bail!("cross-`Store` values are not currently supported"); 1154 } 1155 } 1156 1157 Ok(()) 1158 } 1159 1160 /// Do the actual call into Wasm. 1161 /// 1162 /// # Safety 1163 /// 1164 /// You must have type checked the arguments by calling 1165 /// `call_impl_check_args` immediately before calling this function. It is 1166 /// only safe to call this function if that one did not return an error. 1167 unsafe fn call_impl_do_call<T>( 1168 &self, 1169 store: &mut StoreContextMut<'_, T>, 1170 params: &[Val], 1171 results: &mut [Val], 1172 ) -> Result<()> { 1173 // Store the argument values into `values_vec`. 1174 let ty = self.load_ty(store.0); 1175 let values_vec_size = params.len().max(ty.results().len()); 1176 let mut values_vec = store.0.take_wasm_val_raw_storage(); 1177 debug_assert!(values_vec.is_empty()); 1178 values_vec.resize_with(values_vec_size, || ValRaw::v128(0)); 1179 for (arg, slot) in params.iter().cloned().zip(&mut values_vec) { 1180 *slot = arg.to_raw(&mut *store)?; 1181 } 1182 1183 unsafe { 1184 self.call_unchecked( 1185 &mut *store, 1186 core::ptr::slice_from_raw_parts_mut(values_vec.as_mut_ptr(), values_vec_size), 1187 )?; 1188 } 1189 1190 for ((i, slot), val) in results.iter_mut().enumerate().zip(&values_vec) { 1191 let ty = ty.results().nth(i).unwrap(); 1192 *slot = unsafe { Val::from_raw(&mut *store, *val, ty) }; 1193 } 1194 values_vec.truncate(0); 1195 store.0.save_wasm_val_raw_storage(values_vec); 1196 Ok(()) 1197 } 1198 1199 #[inline] 1200 pub(crate) fn vm_func_ref(&self, store: &StoreOpaque) -> NonNull<VMFuncRef> { 1201 self.store.assert_belongs_to(store.id()); 1202 self.unsafe_func_ref.as_non_null() 1203 } 1204 1205 pub(crate) fn vmimport(&self, store: &StoreOpaque) -> VMFunctionImport { 1206 unsafe { 1207 let f = self.vm_func_ref(store); 1208 VMFunctionImport { 1209 // Note that this is a load-bearing `unwrap` here, but is 1210 // never expected to trip at runtime. The general problem is 1211 // that host functions do not have a `wasm_call` function so 1212 // the `VMFuncRef` type has an optional pointer there. This is 1213 // only able to be filled out when a function is "paired" with 1214 // a module where trampolines are present to fill out 1215 // `wasm_call` pointers. 1216 // 1217 // This pairing of modules doesn't happen explicitly but is 1218 // instead managed lazily throughout Wasmtime. Specifically the 1219 // way this works is one of: 1220 // 1221 // * When a host function is created the store's list of 1222 // modules are searched for a wasm trampoline. If not found 1223 // the `wasm_call` field is left blank. 1224 // 1225 // * When a module instantiation happens, which uses this 1226 // function, the module will be used to fill any outstanding 1227 // holes that it has trampolines for. 1228 // 1229 // This means that by the time we get to this point any 1230 // relevant holes should be filled out. Thus if this panic 1231 // actually triggers then it's indicative of a missing `fill` 1232 // call somewhere else. 1233 wasm_call: f.as_ref().wasm_call.unwrap(), 1234 array_call: f.as_ref().array_call, 1235 vmctx: f.as_ref().vmctx, 1236 } 1237 } 1238 } 1239 1240 pub(crate) fn comes_from_same_store(&self, store: &StoreOpaque) -> bool { 1241 self.store == store.id() 1242 } 1243 1244 fn invoke_host_func_for_wasm<T>( 1245 mut caller: Caller<'_, T>, 1246 ty: &FuncType, 1247 values_vec: &mut [ValRaw], 1248 func: &dyn Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()>, 1249 ) -> Result<()> { 1250 // Translate the raw JIT arguments in `values_vec` into a `Val` which 1251 // we'll be passing as a slice. The storage for our slice-of-`Val` we'll 1252 // be taking from the `Store`. We preserve our slice back into the 1253 // `Store` after the hostcall, ideally amortizing the cost of allocating 1254 // the storage across wasm->host calls. 1255 // 1256 // Note that we have a dynamic guarantee that `values_vec` is the 1257 // appropriate length to both read all arguments from as well as store 1258 // all results into. 1259 let mut val_vec = caller.store.0.take_hostcall_val_storage(); 1260 debug_assert!(val_vec.is_empty()); 1261 let nparams = ty.params().len(); 1262 val_vec.reserve(nparams + ty.results().len()); 1263 for (i, ty) in ty.params().enumerate() { 1264 val_vec.push(unsafe { Val::from_raw(&mut caller.store, values_vec[i], ty) }) 1265 } 1266 1267 val_vec.extend((0..ty.results().len()).map(|_| Val::null_func_ref())); 1268 let (params, results) = val_vec.split_at_mut(nparams); 1269 func(caller.sub_caller(), params, results)?; 1270 1271 // Unlike our arguments we need to dynamically check that the return 1272 // values produced are correct. There could be a bug in `func` that 1273 // produces the wrong number, wrong types, or wrong stores of 1274 // values, and we need to catch that here. 1275 for (i, (ret, ty)) in results.iter().zip(ty.results()).enumerate() { 1276 ret.ensure_matches_ty(caller.store.0, &ty) 1277 .context("function attempted to return an incompatible value")?; 1278 values_vec[i] = ret.to_raw(&mut caller.store)?; 1279 } 1280 1281 // Restore our `val_vec` back into the store so it's usable for the next 1282 // hostcall to reuse our own storage. 1283 val_vec.truncate(0); 1284 caller.store.0.save_hostcall_val_storage(val_vec); 1285 Ok(()) 1286 } 1287 1288 /// Attempts to extract a typed object from this `Func` through which the 1289 /// function can be called. 1290 /// 1291 /// This function serves as an alternative to [`Func::call`] and 1292 /// [`Func::call_async`]. This method performs a static type check (using 1293 /// the `Params` and `Results` type parameters on the underlying wasm 1294 /// function. If the type check passes then a `TypedFunc` object is returned, 1295 /// otherwise an error is returned describing the typecheck failure. 1296 /// 1297 /// The purpose of this relative to [`Func::call`] is that it's much more 1298 /// efficient when used to invoke WebAssembly functions. With the types 1299 /// statically known far less setup/teardown is required when invoking 1300 /// WebAssembly. If speed is desired then this function is recommended to be 1301 /// used instead of [`Func::call`] (which is more general, hence its 1302 /// slowdown). 1303 /// 1304 /// The `Params` type parameter is used to describe the parameters of the 1305 /// WebAssembly function. This can either be a single type (like `i32`), or 1306 /// a tuple of types representing the list of parameters (like `(i32, f32, 1307 /// f64)`). Additionally you can use `()` to represent that the function has 1308 /// no parameters. 1309 /// 1310 /// The `Results` type parameter is used to describe the results of the 1311 /// function. This behaves the same way as `Params`, but just for the 1312 /// results of the function. 1313 /// 1314 /// # Translating Between WebAssembly and Rust Types 1315 /// 1316 /// Translation between Rust types and WebAssembly types looks like: 1317 /// 1318 /// | WebAssembly | Rust | 1319 /// |-------------------------------------------|---------------------------------------| 1320 /// | `i32` | `i32` or `u32` | 1321 /// | `i64` | `i64` or `u64` | 1322 /// | `f32` | `f32` | 1323 /// | `f64` | `f64` | 1324 /// | `externref` aka `(ref null extern)` | `Option<Rooted<ExternRef>>` | 1325 /// | `(ref extern)` | `Rooted<ExternRef>` | 1326 /// | `nullexternref` aka `(ref null noextern)` | `Option<NoExtern>` | 1327 /// | `(ref noextern)` | `NoExtern` | 1328 /// | `anyref` aka `(ref null any)` | `Option<Rooted<AnyRef>>` | 1329 /// | `(ref any)` | `Rooted<AnyRef>` | 1330 /// | `eqref` aka `(ref null eq)` | `Option<Rooted<EqRef>>` | 1331 /// | `(ref eq)` | `Rooted<EqRef>` | 1332 /// | `i31ref` aka `(ref null i31)` | `Option<I31>` | 1333 /// | `(ref i31)` | `I31` | 1334 /// | `structref` aka `(ref null struct)` | `Option<Rooted<StructRef>>` | 1335 /// | `(ref struct)` | `Rooted<StructRef>` | 1336 /// | `arrayref` aka `(ref null array)` | `Option<Rooted<ArrayRef>>` | 1337 /// | `(ref array)` | `Rooted<ArrayRef>` | 1338 /// | `nullref` aka `(ref null none)` | `Option<NoneRef>` | 1339 /// | `(ref none)` | `NoneRef` | 1340 /// | `funcref` aka `(ref null func)` | `Option<Func>` | 1341 /// | `(ref func)` | `Func` | 1342 /// | `(ref null <func type index>)` | `Option<Func>` | 1343 /// | `(ref <func type index>)` | `Func` | 1344 /// | `nullfuncref` aka `(ref null nofunc)` | `Option<NoFunc>` | 1345 /// | `(ref nofunc)` | `NoFunc` | 1346 /// | `v128` | `V128` on `x86-64` and `aarch64` only | 1347 /// 1348 /// (Note that this mapping is the same as that of [`Func::wrap`], and that 1349 /// anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also appear). 1350 /// 1351 /// Note that once the [`TypedFunc`] return value is acquired you'll use either 1352 /// [`TypedFunc::call`] or [`TypedFunc::call_async`] as necessary to actually invoke 1353 /// the function. This method does not invoke any WebAssembly code, it 1354 /// simply performs a typecheck before returning the [`TypedFunc`] value. 1355 /// 1356 /// This method also has a convenience wrapper as 1357 /// [`Instance::get_typed_func`](crate::Instance::get_typed_func) to 1358 /// directly get a typed function value from an 1359 /// [`Instance`](crate::Instance). 1360 /// 1361 /// ## Subtyping 1362 /// 1363 /// For result types, you can always use a supertype of the WebAssembly 1364 /// function's actual declared result type. For example, if the WebAssembly 1365 /// function was declared with type `(func (result nullfuncref))` you could 1366 /// successfully call `f.typed::<(), Option<Func>>()` because `Option<Func>` 1367 /// corresponds to `funcref`, which is a supertype of `nullfuncref`. 1368 /// 1369 /// For parameter types, you can always use a subtype of the WebAssembly 1370 /// function's actual declared parameter type. For example, if the 1371 /// WebAssembly function was declared with type `(func (param (ref null 1372 /// func)))` you could successfully call `f.typed::<Func, ()>()` because 1373 /// `Func` corresponds to `(ref func)`, which is a subtype of `(ref null 1374 /// func)`. 1375 /// 1376 /// Additionally, for functions which take a reference to a concrete type as 1377 /// a parameter, you can also use the concrete type's supertype. Consider a 1378 /// WebAssembly function that takes a reference to a function with a 1379 /// concrete type: `(ref null <func type index>)`. In this scenario, there 1380 /// is no static `wasmtime::Foo` Rust type that corresponds to that 1381 /// particular Wasm-defined concrete reference type because Wasm modules are 1382 /// loaded dynamically at runtime. You *could* do `f.typed::<Option<NoFunc>, 1383 /// ()>()`, and while that is correctly typed and valid, it is often overly 1384 /// restrictive. The only value you could call the resulting typed function 1385 /// with is the null function reference, but we'd like to call it with 1386 /// non-null function references that happen to be of the correct 1387 /// type. Therefore, `f.typed<Option<Func>, ()>()` is also allowed in this 1388 /// case, even though `Option<Func>` represents `(ref null func)` which is 1389 /// the supertype, not subtype, of `(ref null <func type index>)`. This does 1390 /// imply some minimal dynamic type checks in this case, but it is supported 1391 /// for better ergonomics, to enable passing non-null references into the 1392 /// function. 1393 /// 1394 /// # Errors 1395 /// 1396 /// This function will return an error if `Params` or `Results` does not 1397 /// match the native type of this WebAssembly function. 1398 /// 1399 /// # Panics 1400 /// 1401 /// This method will panic if `store` does not own this function. 1402 /// 1403 /// # Examples 1404 /// 1405 /// An end-to-end example of calling a function which takes no parameters 1406 /// and has no results: 1407 /// 1408 /// ``` 1409 /// # use wasmtime::*; 1410 /// # fn main() -> anyhow::Result<()> { 1411 /// let engine = Engine::default(); 1412 /// let mut store = Store::new(&engine, ()); 1413 /// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?; 1414 /// let instance = Instance::new(&mut store, &module, &[])?; 1415 /// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function"); 1416 /// 1417 /// // Note that this call can fail due to the typecheck not passing, but 1418 /// // in our case we statically know the module so we know this should 1419 /// // pass. 1420 /// let typed = foo.typed::<(), ()>(&store)?; 1421 /// 1422 /// // Note that this can fail if the wasm traps at runtime. 1423 /// typed.call(&mut store, ())?; 1424 /// # Ok(()) 1425 /// # } 1426 /// ``` 1427 /// 1428 /// You can also pass in multiple parameters and get a result back 1429 /// 1430 /// ``` 1431 /// # use wasmtime::*; 1432 /// # fn foo(add: &Func, mut store: Store<()>) -> anyhow::Result<()> { 1433 /// let typed = add.typed::<(i32, i64), f32>(&store)?; 1434 /// assert_eq!(typed.call(&mut store, (1, 2))?, 3.0); 1435 /// # Ok(()) 1436 /// # } 1437 /// ``` 1438 /// 1439 /// and similarly if a function has multiple results you can bind that too 1440 /// 1441 /// ``` 1442 /// # use wasmtime::*; 1443 /// # fn foo(add_with_overflow: &Func, mut store: Store<()>) -> anyhow::Result<()> { 1444 /// let typed = add_with_overflow.typed::<(u32, u32), (u32, i32)>(&store)?; 1445 /// let (result, overflow) = typed.call(&mut store, (u32::max_value(), 2))?; 1446 /// assert_eq!(result, 1); 1447 /// assert_eq!(overflow, 1); 1448 /// # Ok(()) 1449 /// # } 1450 /// ``` 1451 pub fn typed<Params, Results>( 1452 &self, 1453 store: impl AsContext, 1454 ) -> Result<TypedFunc<Params, Results>> 1455 where 1456 Params: WasmParams, 1457 Results: WasmResults, 1458 { 1459 // Type-check that the params/results are all valid 1460 let store = store.as_context().0; 1461 let ty = self.load_ty(store); 1462 Params::typecheck(store.engine(), ty.params(), TypeCheckPosition::Param) 1463 .context("type mismatch with parameters")?; 1464 Results::typecheck(store.engine(), ty.results(), TypeCheckPosition::Result) 1465 .context("type mismatch with results")?; 1466 1467 // and then we can construct the typed version of this function 1468 // (unsafely), which should be safe since we just did the type check above. 1469 unsafe { Ok(TypedFunc::_new_unchecked(store, *self)) } 1470 } 1471 1472 /// Get a stable hash key for this function. 1473 /// 1474 /// Even if the same underlying function is added to the `StoreData` 1475 /// multiple times and becomes multiple `wasmtime::Func`s, this hash key 1476 /// will be consistent across all of these functions. 1477 #[cfg_attr( 1478 not(test), 1479 expect(dead_code, reason = "Not used yet, but added for consistency") 1480 )] 1481 pub(crate) fn hash_key(&self, store: &mut StoreOpaque) -> impl core::hash::Hash + Eq + use<> { 1482 self.vm_func_ref(store).as_ptr().addr() 1483 } 1484 } 1485 1486 /// Prepares for entrance into WebAssembly. 1487 /// 1488 /// This function will set up context such that `closure` is allowed to call a 1489 /// raw trampoline or a raw WebAssembly function. This *must* be called to do 1490 /// things like catch traps and set up GC properly. 1491 /// 1492 /// The `closure` provided receives a default "caller" `VMContext` parameter it 1493 /// can pass to the called wasm function, if desired. 1494 pub(crate) fn invoke_wasm_and_catch_traps<T>( 1495 store: &mut StoreContextMut<'_, T>, 1496 closure: impl FnMut(NonNull<VMContext>, Option<InterpreterRef<'_>>) -> bool, 1497 ) -> Result<()> { 1498 // The `enter_wasm` call below will reset the store context's 1499 // `stack_chain` to a new `InitialStack`, pointing to the 1500 // stack-allocated `initial_stack_csi`. 1501 let mut initial_stack_csi = VMCommonStackInformation::running_default(); 1502 // Stores some state of the runtime just before entering Wasm. Will be 1503 // restored upon exiting Wasm. Note that the `CallThreadState` that is 1504 // created by the `catch_traps` call below will store a pointer to this 1505 // stack-allocated `previous_runtime_state`. 1506 let mut previous_runtime_state = EntryStoreContext::enter_wasm(store, &mut initial_stack_csi); 1507 1508 if let Err(trap) = store.0.call_hook(CallHook::CallingWasm) { 1509 // `previous_runtime_state` implicitly dropped here 1510 return Err(trap); 1511 } 1512 let result = crate::runtime::vm::catch_traps(store, &mut previous_runtime_state, closure); 1513 core::mem::drop(previous_runtime_state); 1514 store.0.call_hook(CallHook::ReturningFromWasm)?; 1515 result 1516 } 1517 1518 /// This type helps managing the state of the runtime when entering and exiting 1519 /// Wasm. To this end, it contains a subset of the data in `VMStoreContext`. 1520 /// Upon entering Wasm, it updates various runtime fields and their 1521 /// original values saved in this struct. Upon exiting Wasm, the previous values 1522 /// are restored. 1523 pub(crate) struct EntryStoreContext { 1524 /// If set, contains value of `stack_limit` field to restore in 1525 /// `VMStoreContext` when exiting Wasm. 1526 pub stack_limit: Option<usize>, 1527 pub last_wasm_exit_pc: usize, 1528 pub last_wasm_exit_trampoline_fp: usize, 1529 pub last_wasm_entry_fp: usize, 1530 pub last_wasm_entry_sp: usize, 1531 pub last_wasm_entry_trap_handler: usize, 1532 pub stack_chain: VMStackChain, 1533 1534 /// We need a pointer to the runtime limits, so we can update them from 1535 /// `drop`/`exit_wasm`. 1536 vm_store_context: *const VMStoreContext, 1537 } 1538 1539 impl EntryStoreContext { 1540 /// This function is called to update and save state when 1541 /// WebAssembly is entered within the `Store`. 1542 /// 1543 /// This updates various fields such as: 1544 /// 1545 /// * The stack limit. This is what ensures that we limit the stack space 1546 /// allocated by WebAssembly code and it's relative to the initial stack 1547 /// pointer that called into wasm. 1548 /// 1549 /// It also saves the different last_wasm_* values in the `VMStoreContext`. 1550 pub fn enter_wasm<T>( 1551 store: &mut StoreContextMut<'_, T>, 1552 initial_stack_information: *mut VMCommonStackInformation, 1553 ) -> Self { 1554 let stack_limit; 1555 1556 // If this is a recursive call, e.g. our stack limit is already set, then 1557 // we may be able to skip this function. 1558 // 1559 // For synchronous stores there's nothing else to do because all wasm calls 1560 // happen synchronously and on the same stack. This means that the previous 1561 // stack limit will suffice for the next recursive call. 1562 // 1563 // For asynchronous stores then each call happens on a separate native 1564 // stack. This means that the previous stack limit is no longer relevant 1565 // because we're on a separate stack. 1566 if unsafe { *store.0.vm_store_context().stack_limit.get() } != usize::MAX 1567 && !store.0.async_support() 1568 { 1569 stack_limit = None; 1570 } 1571 // Ignore this stack pointer business on miri since we can't execute wasm 1572 // anyway and the concept of a stack pointer on miri is a bit nebulous 1573 // regardless. 1574 else if cfg!(miri) { 1575 stack_limit = None; 1576 } else { 1577 // When Cranelift has support for the host then we might be running native 1578 // compiled code meaning we need to read the actual stack pointer. If 1579 // Cranelift can't be used though then we're guaranteed to be running pulley 1580 // in which case this stack pointer isn't actually used as Pulley has custom 1581 // mechanisms for stack overflow. 1582 #[cfg(has_host_compiler_backend)] 1583 let stack_pointer = crate::runtime::vm::get_stack_pointer(); 1584 #[cfg(not(has_host_compiler_backend))] 1585 let stack_pointer = { 1586 use wasmtime_environ::TripleExt; 1587 debug_assert!(store.engine().target().is_pulley()); 1588 usize::MAX 1589 }; 1590 1591 // Determine the stack pointer where, after which, any wasm code will 1592 // immediately trap. This is checked on the entry to all wasm functions. 1593 // 1594 // Note that this isn't 100% precise. We are requested to give wasm 1595 // `max_wasm_stack` bytes, but what we're actually doing is giving wasm 1596 // probably a little less than `max_wasm_stack` because we're 1597 // calculating the limit relative to this function's approximate stack 1598 // pointer. Wasm will be executed on a frame beneath this one (or next 1599 // to it). In any case it's expected to be at most a few hundred bytes 1600 // of slop one way or another. When wasm is typically given a MB or so 1601 // (a million bytes) the slop shouldn't matter too much. 1602 // 1603 // After we've got the stack limit then we store it into the `stack_limit` 1604 // variable. 1605 let wasm_stack_limit = stack_pointer 1606 .checked_sub(store.engine().config().max_wasm_stack) 1607 .unwrap(); 1608 let prev_stack = unsafe { 1609 mem::replace( 1610 &mut *store.0.vm_store_context().stack_limit.get(), 1611 wasm_stack_limit, 1612 ) 1613 }; 1614 stack_limit = Some(prev_stack); 1615 } 1616 1617 unsafe { 1618 let vm_store_context = store.0.vm_store_context(); 1619 let new_stack_chain = VMStackChain::InitialStack(initial_stack_information); 1620 *vm_store_context.stack_chain.get() = new_stack_chain; 1621 1622 Self { 1623 stack_limit, 1624 last_wasm_exit_pc: *(*vm_store_context).last_wasm_exit_pc.get(), 1625 last_wasm_exit_trampoline_fp: *(*vm_store_context) 1626 .last_wasm_exit_trampoline_fp 1627 .get(), 1628 last_wasm_entry_fp: *(*vm_store_context).last_wasm_entry_fp.get(), 1629 last_wasm_entry_sp: *(*vm_store_context).last_wasm_entry_sp.get(), 1630 last_wasm_entry_trap_handler: *(*vm_store_context) 1631 .last_wasm_entry_trap_handler 1632 .get(), 1633 stack_chain: (*(*vm_store_context).stack_chain.get()).clone(), 1634 vm_store_context, 1635 } 1636 } 1637 } 1638 1639 /// This function restores the values stored in this struct. We invoke this 1640 /// function through this type's `Drop` implementation. This ensures that we 1641 /// even restore the values if we unwind the stack (e.g., because we are 1642 /// panicking out of a Wasm execution). 1643 #[inline] 1644 fn exit_wasm(&mut self) { 1645 unsafe { 1646 if let Some(limit) = self.stack_limit { 1647 *(&*self.vm_store_context).stack_limit.get() = limit; 1648 } 1649 1650 *(*self.vm_store_context).last_wasm_exit_trampoline_fp.get() = 1651 self.last_wasm_exit_trampoline_fp; 1652 *(*self.vm_store_context).last_wasm_exit_pc.get() = self.last_wasm_exit_pc; 1653 *(*self.vm_store_context).last_wasm_entry_fp.get() = self.last_wasm_entry_fp; 1654 *(*self.vm_store_context).last_wasm_entry_sp.get() = self.last_wasm_entry_sp; 1655 *(*self.vm_store_context).last_wasm_entry_trap_handler.get() = 1656 self.last_wasm_entry_trap_handler; 1657 *(*self.vm_store_context).stack_chain.get() = self.stack_chain.clone(); 1658 } 1659 } 1660 } 1661 1662 impl Drop for EntryStoreContext { 1663 #[inline] 1664 fn drop(&mut self) { 1665 self.exit_wasm(); 1666 } 1667 } 1668 1669 /// A trait implemented for types which can be returned from closures passed to 1670 /// [`Func::wrap`] and friends. 1671 /// 1672 /// This trait should not be implemented by user types. This trait may change at 1673 /// any time internally. The types which implement this trait, however, are 1674 /// stable over time. 1675 /// 1676 /// For more information see [`Func::wrap`] 1677 pub unsafe trait WasmRet { 1678 // Same as `WasmTy::compatible_with_store`. 1679 #[doc(hidden)] 1680 fn compatible_with_store(&self, store: &StoreOpaque) -> bool; 1681 1682 /// Stores this return value into the `ptr` specified using the rooted 1683 /// `store`. 1684 /// 1685 /// Traps are communicated through the `Result<_>` return value. 1686 /// 1687 /// # Unsafety 1688 /// 1689 /// This method is unsafe as `ptr` must have the correct length to store 1690 /// this result. This property is only checked in debug mode, not in release 1691 /// mode. 1692 #[doc(hidden)] 1693 unsafe fn store( 1694 self, 1695 store: &mut AutoAssertNoGc<'_>, 1696 ptr: &mut [MaybeUninit<ValRaw>], 1697 ) -> Result<()>; 1698 1699 #[doc(hidden)] 1700 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType; 1701 #[doc(hidden)] 1702 fn may_gc() -> bool; 1703 1704 // Utilities used to convert an instance of this type to a `Result` 1705 // explicitly, used when wrapping async functions which always bottom-out 1706 // in a function that returns a trap because futures can be cancelled. 1707 #[doc(hidden)] 1708 type Fallible: WasmRet; 1709 #[doc(hidden)] 1710 fn into_fallible(self) -> Self::Fallible; 1711 #[doc(hidden)] 1712 fn fallible_from_error(error: Error) -> Self::Fallible; 1713 } 1714 1715 unsafe impl<T> WasmRet for T 1716 where 1717 T: WasmTy, 1718 { 1719 type Fallible = Result<T>; 1720 1721 fn compatible_with_store(&self, store: &StoreOpaque) -> bool { 1722 <Self as WasmTy>::compatible_with_store(self, store) 1723 } 1724 1725 unsafe fn store( 1726 self, 1727 store: &mut AutoAssertNoGc<'_>, 1728 ptr: &mut [MaybeUninit<ValRaw>], 1729 ) -> Result<()> { 1730 debug_assert!(ptr.len() > 0); 1731 // SAFETY: the contract of this function/trait combo is such that `ptr` 1732 // is valid to store this type's value, thus this lookup should be safe. 1733 unsafe { <Self as WasmTy>::store(self, store, ptr.get_unchecked_mut(0)) } 1734 } 1735 1736 fn may_gc() -> bool { 1737 T::may_gc() 1738 } 1739 1740 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType { 1741 FuncType::new(engine, params, Some(<Self as WasmTy>::valtype())) 1742 } 1743 1744 fn into_fallible(self) -> Result<T> { 1745 Ok(self) 1746 } 1747 1748 fn fallible_from_error(error: Error) -> Result<T> { 1749 Err(error) 1750 } 1751 } 1752 1753 unsafe impl<T> WasmRet for Result<T> 1754 where 1755 T: WasmRet, 1756 { 1757 type Fallible = Self; 1758 1759 fn compatible_with_store(&self, store: &StoreOpaque) -> bool { 1760 match self { 1761 Ok(x) => <T as WasmRet>::compatible_with_store(x, store), 1762 Err(_) => true, 1763 } 1764 } 1765 1766 unsafe fn store( 1767 self, 1768 store: &mut AutoAssertNoGc<'_>, 1769 ptr: &mut [MaybeUninit<ValRaw>], 1770 ) -> Result<()> { 1771 // SAFETY: the safety of calling this function is the same as calling 1772 // the inner `store`. 1773 unsafe { self.and_then(|val| val.store(store, ptr)) } 1774 } 1775 1776 fn may_gc() -> bool { 1777 T::may_gc() 1778 } 1779 1780 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType { 1781 T::func_type(engine, params) 1782 } 1783 1784 fn into_fallible(self) -> Result<T> { 1785 self 1786 } 1787 1788 fn fallible_from_error(error: Error) -> Result<T> { 1789 Err(error) 1790 } 1791 } 1792 1793 macro_rules! impl_wasm_host_results { 1794 ($n:tt $($t:ident)*) => ( 1795 #[allow(non_snake_case, reason = "macro-generated code")] 1796 unsafe impl<$($t),*> WasmRet for ($($t,)*) 1797 where 1798 $($t: WasmTy,)* 1799 { 1800 type Fallible = Result<Self>; 1801 1802 #[inline] 1803 fn compatible_with_store(&self, _store: &StoreOpaque) -> bool { 1804 let ($($t,)*) = self; 1805 $( $t.compatible_with_store(_store) && )* true 1806 } 1807 1808 #[inline] 1809 unsafe fn store( 1810 self, 1811 _store: &mut AutoAssertNoGc<'_>, 1812 _ptr: &mut [MaybeUninit<ValRaw>], 1813 ) -> Result<()> { 1814 let ($($t,)*) = self; 1815 let mut _cur = 0; 1816 $( 1817 debug_assert!(_cur < _ptr.len()); 1818 // SAFETY: `store`'s unsafe contract is that `_ptr` is 1819 // appropriately sized and additionally safe to call `store` 1820 // for sub-types. 1821 unsafe { 1822 let val = _ptr.get_unchecked_mut(_cur); 1823 _cur += 1; 1824 WasmTy::store($t, _store, val)?; 1825 } 1826 )* 1827 Ok(()) 1828 } 1829 1830 #[doc(hidden)] 1831 fn may_gc() -> bool { 1832 $( $t::may_gc() || )* false 1833 } 1834 1835 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType { 1836 FuncType::new( 1837 engine, 1838 params, 1839 IntoIterator::into_iter([$($t::valtype(),)*]), 1840 ) 1841 } 1842 1843 #[inline] 1844 fn into_fallible(self) -> Result<Self> { 1845 Ok(self) 1846 } 1847 1848 #[inline] 1849 fn fallible_from_error(error: Error) -> Result<Self> { 1850 Err(error) 1851 } 1852 } 1853 ) 1854 } 1855 1856 for_each_function_signature!(impl_wasm_host_results); 1857 1858 /// Internal trait implemented for all arguments that can be passed to 1859 /// [`Func::wrap`] and [`Linker::func_wrap`](crate::Linker::func_wrap). 1860 /// 1861 /// This trait should not be implemented by external users, it's only intended 1862 /// as an implementation detail of this crate. 1863 pub trait IntoFunc<T, Params, Results>: Send + Sync + 'static { 1864 /// Convert this function into a `VM{Array,Native}CallHostFuncContext` and 1865 /// internal `VMFuncRef`. 1866 #[doc(hidden)] 1867 fn into_func(self, engine: &Engine) -> HostContext; 1868 } 1869 1870 macro_rules! impl_into_func { 1871 ($num:tt $arg:ident) => { 1872 // Implement for functions without a leading `&Caller` parameter, 1873 // delegating to the implementation below which does have the leading 1874 // `Caller` parameter. 1875 #[expect(non_snake_case, reason = "macro-generated code")] 1876 impl<T, F, $arg, R> IntoFunc<T, $arg, R> for F 1877 where 1878 F: Fn($arg) -> R + Send + Sync + 'static, 1879 $arg: WasmTy, 1880 R: WasmRet, 1881 T: 'static, 1882 { 1883 fn into_func(self, engine: &Engine) -> HostContext { 1884 let f = move |_: Caller<'_, T>, $arg: $arg| { 1885 self($arg) 1886 }; 1887 1888 f.into_func(engine) 1889 } 1890 } 1891 1892 #[expect(non_snake_case, reason = "macro-generated code")] 1893 impl<T, F, $arg, R> IntoFunc<T, (Caller<'_, T>, $arg), R> for F 1894 where 1895 F: Fn(Caller<'_, T>, $arg) -> R + Send + Sync + 'static, 1896 $arg: WasmTy, 1897 R: WasmRet, 1898 T: 'static, 1899 { 1900 fn into_func(self, engine: &Engine) -> HostContext { 1901 HostContext::from_closure(engine, move |caller: Caller<'_, T>, ($arg,)| { 1902 self(caller, $arg) 1903 }) 1904 } 1905 } 1906 }; 1907 ($num:tt $($args:ident)*) => { 1908 // Implement for functions without a leading `&Caller` parameter, 1909 // delegating to the implementation below which does have the leading 1910 // `Caller` parameter. 1911 #[allow(non_snake_case, reason = "macro-generated code")] 1912 impl<T, F, $($args,)* R> IntoFunc<T, ($($args,)*), R> for F 1913 where 1914 F: Fn($($args),*) -> R + Send + Sync + 'static, 1915 $($args: WasmTy,)* 1916 R: WasmRet, 1917 T: 'static, 1918 { 1919 fn into_func(self, engine: &Engine) -> HostContext { 1920 let f = move |_: Caller<'_, T>, $($args:$args),*| { 1921 self($($args),*) 1922 }; 1923 1924 f.into_func(engine) 1925 } 1926 } 1927 1928 #[allow(non_snake_case, reason = "macro-generated code")] 1929 impl<T, F, $($args,)* R> IntoFunc<T, (Caller<'_, T>, $($args,)*), R> for F 1930 where 1931 F: Fn(Caller<'_, T>, $($args),*) -> R + Send + Sync + 'static, 1932 $($args: WasmTy,)* 1933 R: WasmRet, 1934 T: 'static, 1935 { 1936 fn into_func(self, engine: &Engine) -> HostContext { 1937 HostContext::from_closure(engine, move |caller: Caller<'_, T>, ( $( $args ),* )| { 1938 self(caller, $( $args ),* ) 1939 }) 1940 } 1941 } 1942 } 1943 } 1944 1945 for_each_function_signature!(impl_into_func); 1946 1947 /// Trait implemented for various tuples made up of types which implement 1948 /// [`WasmTy`] that can be passed to [`Func::wrap_inner`] and 1949 /// [`HostContext::from_closure`]. 1950 pub unsafe trait WasmTyList { 1951 /// Get the value type that each Type in the list represents. 1952 fn valtypes() -> impl Iterator<Item = ValType>; 1953 1954 // Load a version of `Self` from the `values` provided. 1955 // 1956 // # Safety 1957 // 1958 // This function is unsafe as it's up to the caller to ensure that `values` are 1959 // valid for this given type. 1960 #[doc(hidden)] 1961 unsafe fn load(store: &mut AutoAssertNoGc<'_>, values: &mut [MaybeUninit<ValRaw>]) -> Self; 1962 1963 #[doc(hidden)] 1964 fn may_gc() -> bool; 1965 } 1966 1967 macro_rules! impl_wasm_ty_list { 1968 ($num:tt $($args:ident)*) => ( 1969 #[allow(non_snake_case, reason = "macro-generated code")] 1970 unsafe impl<$($args),*> WasmTyList for ($($args,)*) 1971 where 1972 $($args: WasmTy,)* 1973 { 1974 fn valtypes() -> impl Iterator<Item = ValType> { 1975 IntoIterator::into_iter([$($args::valtype(),)*]) 1976 } 1977 1978 unsafe fn load(_store: &mut AutoAssertNoGc<'_>, _values: &mut [MaybeUninit<ValRaw>]) -> Self { 1979 let mut _cur = 0; 1980 ($({ 1981 debug_assert!(_cur < _values.len()); 1982 // SAFETY: this function's own contract means that `_values` 1983 // is appropriately sized/typed for the internal loads. 1984 unsafe { 1985 let ptr = _values.get_unchecked(_cur).assume_init_ref(); 1986 _cur += 1; 1987 $args::load(_store, ptr) 1988 } 1989 },)*) 1990 } 1991 1992 fn may_gc() -> bool { 1993 $( $args::may_gc() || )* false 1994 } 1995 } 1996 ); 1997 } 1998 1999 for_each_function_signature!(impl_wasm_ty_list); 2000 2001 /// A structure representing the caller's context when creating a function 2002 /// via [`Func::wrap`]. 2003 /// 2004 /// This structure can be taken as the first parameter of a closure passed to 2005 /// [`Func::wrap`] or other constructors, and serves two purposes: 2006 /// 2007 /// * First consumers can use [`Caller<'_, T>`](crate::Caller) to get access to 2008 /// [`StoreContextMut<'_, T>`](crate::StoreContextMut) and/or get access to 2009 /// `T` itself. This means that the [`Caller`] type can serve as a proxy to 2010 /// the original [`Store`](crate::Store) itself and is used to satisfy 2011 /// [`AsContext`] and [`AsContextMut`] bounds. 2012 /// 2013 /// * Second a [`Caller`] can be used as the name implies, learning about the 2014 /// caller's context, namely it's exported memory and exported functions. This 2015 /// allows functions which take pointers as arguments to easily read the 2016 /// memory the pointers point into, or if a function is expected to call 2017 /// malloc in the wasm module to reserve space for the output you can do that. 2018 /// 2019 /// Host functions which want access to [`Store`](crate::Store)-level state are 2020 /// recommended to use this type. 2021 pub struct Caller<'a, T: 'static> { 2022 pub(crate) store: StoreContextMut<'a, T>, 2023 caller: Instance, 2024 } 2025 2026 impl<T> Caller<'_, T> { 2027 #[cfg(feature = "async")] 2028 pub(crate) fn new(store: StoreContextMut<'_, T>, caller: Instance) -> Caller<'_, T> { 2029 Caller { store, caller } 2030 } 2031 2032 #[cfg(feature = "async")] 2033 pub(crate) fn caller(&self) -> Instance { 2034 self.caller 2035 } 2036 2037 /// Executes `f` with an appropriate `Caller`. 2038 /// 2039 /// This is the entrypoint for host functions in core wasm. The `store` and 2040 /// `instance` are created from `Instance::enter_host_from_wasm` and this 2041 /// will further invoke the host function that `f` refers to. 2042 fn with<F, R>(mut store: StoreContextMut<T>, caller: InstanceId, f: F) -> R 2043 where 2044 F: FnOnce(Caller<'_, T>) -> R, 2045 { 2046 let caller = Instance::from_wasmtime(caller, store.0); 2047 2048 let (gc_lifo_scope, ret) = { 2049 let gc_lifo_scope = store.0.gc_roots().enter_lifo_scope(); 2050 2051 let ret = f(Caller { 2052 store: store.as_context_mut(), 2053 caller, 2054 }); 2055 2056 (gc_lifo_scope, ret) 2057 }; 2058 2059 store.0.exit_gc_lifo_scope(gc_lifo_scope); 2060 2061 ret 2062 } 2063 2064 fn sub_caller(&mut self) -> Caller<'_, T> { 2065 Caller { 2066 store: self.store.as_context_mut(), 2067 caller: self.caller, 2068 } 2069 } 2070 2071 /// Looks up an export from the caller's module by the `name` given. 2072 /// 2073 /// This is a low-level function that's typically used to implement passing 2074 /// of pointers or indices between core Wasm instances, where the callee 2075 /// needs to consult the caller's exports to perform memory management and 2076 /// resolve the references. 2077 /// 2078 /// For comparison, in components, the component model handles translating 2079 /// arguments from one component instance to another and managing memory, so 2080 /// that callees don't need to be aware of their callers, which promotes 2081 /// virtualizability of APIs. 2082 /// 2083 /// # Return 2084 /// 2085 /// If an export with the `name` provided was found, then it is returned as an 2086 /// `Extern`. There are a number of situations, however, where the export may not 2087 /// be available: 2088 /// 2089 /// * The caller instance may not have an export named `name` 2090 /// * There may not be a caller available, for example if `Func` was called 2091 /// directly from host code. 2092 /// 2093 /// It's recommended to take care when calling this API and gracefully 2094 /// handling a `None` return value. 2095 pub fn get_export(&mut self, name: &str) -> Option<Extern> { 2096 // All instances created have a `host_state` with a pointer pointing 2097 // back to themselves. If this caller doesn't have that `host_state` 2098 // then it probably means it was a host-created object like `Func::new` 2099 // which doesn't have any exports we want to return anyway. 2100 self.caller.get_export(&mut self.store, name) 2101 } 2102 2103 /// Looks up an exported [`Extern`] value by a [`ModuleExport`] value. 2104 /// 2105 /// This is similar to [`Self::get_export`] but uses a [`ModuleExport`] value to avoid 2106 /// string lookups where possible. [`ModuleExport`]s can be obtained by calling 2107 /// [`Module::get_export_index`] on the [`Module`] that an instance was instantiated with. 2108 /// 2109 /// This method will search the module for an export with a matching entity index and return 2110 /// the value, if found. 2111 /// 2112 /// Returns `None` if there was no export with a matching entity index. 2113 /// # Panics 2114 /// 2115 /// Panics if `store` does not own this instance. 2116 /// 2117 /// # Usage 2118 /// ``` 2119 /// use std::str; 2120 /// 2121 /// # use wasmtime::*; 2122 /// # fn main() -> anyhow::Result<()> { 2123 /// # let mut store = Store::default(); 2124 /// 2125 /// let module = Module::new( 2126 /// store.engine(), 2127 /// r#" 2128 /// (module 2129 /// (import "" "" (func $log_str (param i32 i32))) 2130 /// (func (export "foo") 2131 /// i32.const 4 ;; ptr 2132 /// i32.const 13 ;; len 2133 /// call $log_str) 2134 /// (memory (export "memory") 1) 2135 /// (data (i32.const 4) "Hello, world!")) 2136 /// "#, 2137 /// )?; 2138 /// 2139 /// let Some(module_export) = module.get_export_index("memory") else { 2140 /// anyhow::bail!("failed to find `memory` export in module"); 2141 /// }; 2142 /// 2143 /// let log_str = Func::wrap(&mut store, move |mut caller: Caller<'_, ()>, ptr: i32, len: i32| { 2144 /// let mem = match caller.get_module_export(&module_export) { 2145 /// Some(Extern::Memory(mem)) => mem, 2146 /// _ => anyhow::bail!("failed to find host memory"), 2147 /// }; 2148 /// let data = mem.data(&caller) 2149 /// .get(ptr as u32 as usize..) 2150 /// .and_then(|arr| arr.get(..len as u32 as usize)); 2151 /// let string = match data { 2152 /// Some(data) => match str::from_utf8(data) { 2153 /// Ok(s) => s, 2154 /// Err(_) => anyhow::bail!("invalid utf-8"), 2155 /// }, 2156 /// None => anyhow::bail!("pointer/length out of bounds"), 2157 /// }; 2158 /// assert_eq!(string, "Hello, world!"); 2159 /// println!("{}", string); 2160 /// Ok(()) 2161 /// }); 2162 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?; 2163 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?; 2164 /// foo.call(&mut store, ())?; 2165 /// # Ok(()) 2166 /// # } 2167 /// ``` 2168 pub fn get_module_export(&mut self, export: &ModuleExport) -> Option<Extern> { 2169 self.caller.get_module_export(&mut self.store, export) 2170 } 2171 2172 /// Access the underlying data owned by this `Store`. 2173 /// 2174 /// Same as [`Store::data`](crate::Store::data) 2175 pub fn data(&self) -> &T { 2176 self.store.data() 2177 } 2178 2179 /// Access the underlying data owned by this `Store`. 2180 /// 2181 /// Same as [`Store::data_mut`](crate::Store::data_mut) 2182 pub fn data_mut(&mut self) -> &mut T { 2183 self.store.data_mut() 2184 } 2185 2186 /// Returns the underlying [`Engine`] this store is connected to. 2187 pub fn engine(&self) -> &Engine { 2188 self.store.engine() 2189 } 2190 2191 /// Perform garbage collection. 2192 /// 2193 /// Same as [`Store::gc`](crate::Store::gc). 2194 #[cfg(feature = "gc")] 2195 pub fn gc(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>) { 2196 self.store.gc(why); 2197 } 2198 2199 /// Perform garbage collection asynchronously. 2200 /// 2201 /// Same as [`Store::gc_async`](crate::Store::gc_async). 2202 #[cfg(all(feature = "async", feature = "gc"))] 2203 pub async fn gc_async(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>) 2204 where 2205 T: Send + 'static, 2206 { 2207 self.store.gc_async(why).await; 2208 } 2209 2210 /// Returns the remaining fuel in the store. 2211 /// 2212 /// For more information see [`Store::get_fuel`](crate::Store::get_fuel) 2213 pub fn get_fuel(&self) -> Result<u64> { 2214 self.store.get_fuel() 2215 } 2216 2217 /// Set the amount of fuel in this store to be consumed when executing wasm code. 2218 /// 2219 /// For more information see [`Store::set_fuel`](crate::Store::set_fuel) 2220 pub fn set_fuel(&mut self, fuel: u64) -> Result<()> { 2221 self.store.set_fuel(fuel) 2222 } 2223 2224 /// Configures this `Store` to yield while executing futures every N units of fuel. 2225 /// 2226 /// For more information see 2227 /// [`Store::fuel_async_yield_interval`](crate::Store::fuel_async_yield_interval) 2228 pub fn fuel_async_yield_interval(&mut self, interval: Option<u64>) -> Result<()> { 2229 self.store.fuel_async_yield_interval(interval) 2230 } 2231 2232 /// Provide an object that views Wasm stack state, including Wasm 2233 /// VM-level values (locals and operand stack), when debugging is 2234 /// enabled. 2235 /// 2236 /// See ['Store::debug_frames`] for more details. 2237 #[cfg(feature = "debug")] 2238 pub fn debug_frames(&mut self) -> Option<crate::DebugFrameCursor<'_, T>> { 2239 self.store.as_context_mut().debug_frames() 2240 } 2241 } 2242 2243 impl<T: 'static> AsContext for Caller<'_, T> { 2244 type Data = T; 2245 fn as_context(&self) -> StoreContext<'_, T> { 2246 self.store.as_context() 2247 } 2248 } 2249 2250 impl<T: 'static> AsContextMut for Caller<'_, T> { 2251 fn as_context_mut(&mut self) -> StoreContextMut<'_, T> { 2252 self.store.as_context_mut() 2253 } 2254 } 2255 2256 // State stored inside a `VMArrayCallHostFuncContext`. 2257 struct HostFuncState<F> { 2258 // The actual host function. 2259 func: F, 2260 2261 // NB: We have to keep our `VMSharedTypeIndex` registered in the engine for 2262 // as long as this function exists. 2263 _ty: RegisteredType, 2264 } 2265 2266 #[doc(hidden)] 2267 pub enum HostContext { 2268 Array(StoreBox<VMArrayCallHostFuncContext>), 2269 } 2270 2271 impl From<StoreBox<VMArrayCallHostFuncContext>> for HostContext { 2272 fn from(ctx: StoreBox<VMArrayCallHostFuncContext>) -> Self { 2273 HostContext::Array(ctx) 2274 } 2275 } 2276 2277 impl HostContext { 2278 fn from_closure<F, T, P, R>(engine: &Engine, func: F) -> Self 2279 where 2280 F: Fn(Caller<'_, T>, P) -> R + Send + Sync + 'static, 2281 P: WasmTyList, 2282 R: WasmRet, 2283 T: 'static, 2284 { 2285 let ty = R::func_type(engine, None::<ValType>.into_iter().chain(P::valtypes())); 2286 let type_index = ty.type_index(); 2287 2288 let array_call = Self::array_call_trampoline::<T, F, P, R>; 2289 2290 let ctx = unsafe { 2291 VMArrayCallHostFuncContext::new( 2292 array_call, 2293 type_index, 2294 Box::new(HostFuncState { 2295 func, 2296 _ty: ty.into_registered_type(), 2297 }), 2298 ) 2299 }; 2300 2301 ctx.into() 2302 } 2303 2304 /// Raw entry trampoline for wasm for typed functions. 2305 /// 2306 /// # Safety 2307 /// 2308 /// The `callee_vmctx`, `caller_vmctx`, and `args` values must basically be 2309 /// "all valid" in the sense that they're from the same store, appropriately 2310 /// sized, appropriate to dereference, etc. This requires that `T` matches 2311 /// the type of the store that the vmctx values point to. The `F` parameter 2312 /// must match the state in `callee_vmctx`. The `P` and `R` type parameters 2313 /// must accurately describe the params/results store in `args`. 2314 unsafe extern "C" fn array_call_trampoline<T, F, P, R>( 2315 callee_vmctx: NonNull<VMOpaqueContext>, 2316 caller_vmctx: NonNull<VMContext>, 2317 args: NonNull<ValRaw>, 2318 args_len: usize, 2319 ) -> bool 2320 where 2321 F: Fn(Caller<'_, T>, P) -> R + 'static, 2322 P: WasmTyList, 2323 R: WasmRet, 2324 T: 'static, 2325 { 2326 // Note that this function is intentionally scoped into a 2327 // separate closure to fit everything inside `enter_host_from_wasm` 2328 // below. 2329 let run = move |mut caller: Caller<'_, T>| { 2330 let mut args = 2331 NonNull::slice_from_raw_parts(args.cast::<MaybeUninit<ValRaw>>(), args_len); 2332 // SAFETY: it's a safety contract of this function itself that 2333 // `callee_vmctx` is safe to read. 2334 let state = unsafe { 2335 let vmctx = VMArrayCallHostFuncContext::from_opaque(callee_vmctx); 2336 vmctx.as_ref().host_state() 2337 }; 2338 2339 // Double-check ourselves in debug mode, but we control 2340 // the `Any` here so an unsafe downcast should also 2341 // work. 2342 // 2343 // SAFETY: all typed host functions use `HostFuncState<F>` as their 2344 // state so this should be safe to effectively do an unchecked 2345 // downcast. 2346 let state = unsafe { 2347 debug_assert!(state.is::<HostFuncState<F>>()); 2348 &*(state as *const _ as *const HostFuncState<F>) 2349 }; 2350 let func = &state.func; 2351 2352 let ret = 'ret: { 2353 if let Err(trap) = caller.store.0.call_hook(CallHook::CallingHost) { 2354 break 'ret R::fallible_from_error(trap); 2355 } 2356 2357 let mut store = if P::may_gc() { 2358 AutoAssertNoGc::new(caller.store.0) 2359 } else { 2360 unsafe { AutoAssertNoGc::disabled(caller.store.0) } 2361 }; 2362 // SAFETY: this function requires `args` to be valid and the 2363 // `WasmTyList` trait means that everything should be correctly 2364 // ascribed/typed, making this valid to load from. 2365 let params = unsafe { P::load(&mut store, args.as_mut()) }; 2366 let _ = &mut store; 2367 drop(store); 2368 2369 let r = func(caller.sub_caller(), params); 2370 2371 if let Err(trap) = caller.store.0.call_hook(CallHook::ReturningFromHost) { 2372 break 'ret R::fallible_from_error(trap); 2373 } 2374 r.into_fallible() 2375 }; 2376 2377 if !ret.compatible_with_store(caller.store.0) { 2378 bail!("host function attempted to return cross-`Store` value to Wasm") 2379 } else { 2380 let mut store = if R::may_gc() { 2381 AutoAssertNoGc::new(caller.store.0) 2382 } else { 2383 unsafe { AutoAssertNoGc::disabled(caller.store.0) } 2384 }; 2385 // SAFETY: this function requires that `args` is safe for this 2386 // type signature, and the guarantees of `WasmRet` means that 2387 // everything should be typed appropriately. 2388 let ret = unsafe { ret.store(&mut store, args.as_mut())? }; 2389 Ok(ret) 2390 } 2391 }; 2392 2393 // With nothing else on the stack move `run` into this 2394 // closure and then run it as part of `Caller::with`. 2395 // 2396 // SAFETY: this is an entrypoint of wasm which requires correct type 2397 // ascription of `T` itself, meaning that this should be safe to call 2398 // both `enter_host_from_wasm` as well as `unchecked_context_mut`. 2399 unsafe { 2400 vm::Instance::enter_host_from_wasm(caller_vmctx, |store, instance| { 2401 let store = store.unchecked_context_mut(); 2402 Caller::with(store, instance, run) 2403 }) 2404 } 2405 } 2406 } 2407 2408 /// Representation of a host-defined function. 2409 /// 2410 /// This is used for `Func::new` but also for `Linker`-defined functions. For 2411 /// `Func::new` this is stored within a `Store`, and for `Linker`-defined 2412 /// functions they wrap this up in `Arc` to enable shared ownership of this 2413 /// across many stores. 2414 /// 2415 /// Technically this structure needs a `<T>` type parameter to connect to the 2416 /// `Store<T>` itself, but that's an unsafe contract of using this for now 2417 /// rather than part of the struct type (to avoid `Func<T>` in the API). 2418 pub(crate) struct HostFunc { 2419 ctx: HostContext, 2420 2421 // Stored to unregister this function's signature with the engine when this 2422 // is dropped. 2423 engine: Engine, 2424 } 2425 2426 impl core::fmt::Debug for HostFunc { 2427 fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { 2428 f.debug_struct("HostFunc").finish_non_exhaustive() 2429 } 2430 } 2431 2432 impl HostFunc { 2433 /// Analog of [`Func::new`] 2434 /// 2435 /// # Panics 2436 /// 2437 /// Panics if the given function type is not associated with the given 2438 /// engine. 2439 pub fn new<T>( 2440 engine: &Engine, 2441 ty: FuncType, 2442 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static, 2443 ) -> Self 2444 where 2445 T: 'static, 2446 { 2447 assert!(ty.comes_from_same_engine(engine)); 2448 let ty_clone = ty.clone(); 2449 unsafe { 2450 HostFunc::new_unchecked(engine, ty, move |caller, values| { 2451 Func::invoke_host_func_for_wasm(caller, &ty_clone, values, &func) 2452 }) 2453 } 2454 } 2455 2456 /// Analog of [`Func::new_unchecked`] 2457 /// 2458 /// # Panics 2459 /// 2460 /// Panics if the given function type is not associated with the given 2461 /// engine. 2462 /// 2463 /// # Safety 2464 /// 2465 /// The `func` provided must operate according to the `ty` provided to 2466 /// ensure it's reading the correctly-typed parameters and writing the 2467 /// correctly-typed results. 2468 pub unsafe fn new_unchecked<T>( 2469 engine: &Engine, 2470 ty: FuncType, 2471 func: impl Fn(Caller<'_, T>, &mut [ValRaw]) -> Result<()> + Send + Sync + 'static, 2472 ) -> Self 2473 where 2474 T: 'static, 2475 { 2476 assert!(ty.comes_from_same_engine(engine)); 2477 let ctx = crate::trampoline::create_array_call_function( 2478 &ty, 2479 move |store, instance, values: &mut [ValRaw]| { 2480 // SAFETY: the later usage of `{,in}to_func` will connect `T` to 2481 // an actual store's `T` to ensure it's the same. This means 2482 // that the store this is invoked with always has `T` as a type 2483 // parameter which should make this cast safe. 2484 let store = unsafe { store.unchecked_context_mut::<T>() }; 2485 Caller::with(store, instance, |mut caller| { 2486 caller.store.0.call_hook(CallHook::CallingHost)?; 2487 let result = func(caller.sub_caller(), values)?; 2488 caller.store.0.call_hook(CallHook::ReturningFromHost)?; 2489 Ok(result) 2490 }) 2491 }, 2492 ) 2493 .expect("failed to create function"); 2494 HostFunc::_new(engine, ctx.into()) 2495 } 2496 2497 /// Analog of [`Func::wrap_inner`] 2498 #[cfg(any(feature = "component-model", feature = "async"))] 2499 pub fn wrap_inner<F, T, Params, Results>(engine: &Engine, func: F) -> Self 2500 where 2501 F: Fn(Caller<'_, T>, Params) -> Results + Send + Sync + 'static, 2502 Params: WasmTyList, 2503 Results: WasmRet, 2504 T: 'static, 2505 { 2506 let ctx = HostContext::from_closure(engine, func); 2507 HostFunc::_new(engine, ctx) 2508 } 2509 2510 /// Analog of [`Func::wrap`] 2511 pub fn wrap<T, Params, Results>( 2512 engine: &Engine, 2513 func: impl IntoFunc<T, Params, Results>, 2514 ) -> Self 2515 where 2516 T: 'static, 2517 { 2518 let ctx = func.into_func(engine); 2519 HostFunc::_new(engine, ctx) 2520 } 2521 2522 /// Requires that this function's signature is already registered within 2523 /// `Engine`. This happens automatically during the above two constructors. 2524 fn _new(engine: &Engine, ctx: HostContext) -> Self { 2525 HostFunc { 2526 ctx, 2527 engine: engine.clone(), 2528 } 2529 } 2530 2531 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to 2532 /// it. 2533 /// 2534 /// # Unsafety 2535 /// 2536 /// Can only be inserted into stores with a matching `T` relative to when 2537 /// this `HostFunc` was first created. 2538 pub unsafe fn to_func(self: &Arc<Self>, store: &mut StoreOpaque) -> Func { 2539 self.validate_store(store); 2540 let (funcrefs, modules) = store.func_refs_and_modules(); 2541 let funcref = funcrefs.push_arc_host(self.clone(), modules); 2542 // SAFETY: this funcref was just pushed within the store, so it's safe 2543 // to say this store owns it. 2544 unsafe { Func::from_vm_func_ref(store.id(), funcref) } 2545 } 2546 2547 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to 2548 /// it. 2549 /// 2550 /// This function is similar to, but not equivalent, to `HostFunc::to_func`. 2551 /// Notably this function requires that the `Arc<Self>` pointer is otherwise 2552 /// rooted within the `StoreOpaque` via another means. When in doubt use 2553 /// `to_func` above as it's safer. 2554 /// 2555 /// # Unsafety 2556 /// 2557 /// Can only be inserted into stores with a matching `T` relative to when 2558 /// this `HostFunc` was first created. 2559 /// 2560 /// Additionally the `&Arc<Self>` is not cloned in this function. Instead a 2561 /// raw pointer to `Self` is stored within the `Store` for this function. 2562 /// The caller must arrange for the `Arc<Self>` to be "rooted" in the store 2563 /// provided via another means, probably by pushing to 2564 /// `StoreOpaque::rooted_host_funcs`. 2565 /// 2566 /// Similarly, the caller must arrange for `rooted_func_ref` to be rooted in 2567 /// the same store and additionally be a valid pointer. 2568 pub unsafe fn to_func_store_rooted( 2569 self: &Arc<Self>, 2570 store: &mut StoreOpaque, 2571 rooted_func_ref: Option<NonNull<VMFuncRef>>, 2572 ) -> Func { 2573 self.validate_store(store); 2574 2575 match rooted_func_ref { 2576 Some(funcref) => { 2577 // SAFETY: it's a contract of this function itself that 2578 // `funcref` is safe to read. 2579 unsafe { 2580 debug_assert!(funcref.as_ref().wasm_call.is_some()); 2581 } 2582 // SAFETY: it's a contract of this function that `funcref` is 2583 // owned by `store`. 2584 unsafe { Func::from_vm_func_ref(store.id(), funcref) } 2585 } 2586 None => { 2587 debug_assert!(self.func_ref().wasm_call.is_some()); 2588 2589 // SAFETY: it's an unsafe contract of this function that we are 2590 // rooted within the store to say that the store owns a copy of 2591 // this funcref. 2592 unsafe { Func::from_vm_func_ref(store.id(), self.func_ref().into()) } 2593 } 2594 } 2595 } 2596 2597 /// Same as [`HostFunc::to_func`], different ownership. 2598 unsafe fn into_func(self, store: &mut StoreOpaque) -> Func { 2599 self.validate_store(store); 2600 let (funcrefs, modules) = store.func_refs_and_modules(); 2601 let funcref = funcrefs.push_box_host(Box::new(self), modules); 2602 // SAFETY: this funcref was just pushed within `store`, so it's safe to 2603 // say it's owned by the store's id. 2604 unsafe { Func::from_vm_func_ref(store.id(), funcref) } 2605 } 2606 2607 fn validate_store(&self, store: &mut StoreOpaque) { 2608 // This assert is required to ensure that we can indeed safely insert 2609 // `self` into the `store` provided, otherwise the type information we 2610 // have listed won't be correct. This is possible to hit with the public 2611 // API of Wasmtime, and should be documented in relevant functions. 2612 assert!( 2613 Engine::same(&self.engine, store.engine()), 2614 "cannot use a store with a different engine than a linker was created with", 2615 ); 2616 } 2617 2618 pub(crate) fn sig_index(&self) -> VMSharedTypeIndex { 2619 self.func_ref().type_index 2620 } 2621 2622 pub(crate) fn func_ref(&self) -> &VMFuncRef { 2623 match &self.ctx { 2624 HostContext::Array(ctx) => unsafe { ctx.get().as_ref().func_ref() }, 2625 } 2626 } 2627 2628 pub(crate) fn host_ctx(&self) -> &HostContext { 2629 &self.ctx 2630 } 2631 } 2632 2633 #[cfg(test)] 2634 mod tests { 2635 use super::*; 2636 use crate::{Module, Store}; 2637 2638 #[test] 2639 #[cfg_attr(miri, ignore)] 2640 fn hash_key_is_stable_across_duplicate_store_data_entries() -> Result<()> { 2641 let mut store = Store::<()>::default(); 2642 let module = Module::new( 2643 store.engine(), 2644 r#" 2645 (module 2646 (func (export "f") 2647 nop 2648 ) 2649 ) 2650 "#, 2651 )?; 2652 let instance = Instance::new(&mut store, &module, &[])?; 2653 2654 // Each time we `get_func`, we call `Func::from_wasmtime` which adds a 2655 // new entry to `StoreData`, so `f1` and `f2` will have different 2656 // indices into `StoreData`. 2657 let f1 = instance.get_func(&mut store, "f").unwrap(); 2658 let f2 = instance.get_func(&mut store, "f").unwrap(); 2659 2660 // But their hash keys are the same. 2661 assert!( 2662 f1.hash_key(&mut store.as_context_mut().0) 2663 == f2.hash_key(&mut store.as_context_mut().0) 2664 ); 2665 2666 // But the hash keys are different from different funcs. 2667 let instance2 = Instance::new(&mut store, &module, &[])?; 2668 let f3 = instance2.get_func(&mut store, "f").unwrap(); 2669 assert!( 2670 f1.hash_key(&mut store.as_context_mut().0) 2671 != f3.hash_key(&mut store.as_context_mut().0) 2672 ); 2673 2674 Ok(()) 2675 } 2676 } 2677