1 use crate::Trap; 2 use crate::prelude::*; 3 use crate::runtime::vm::{self, ExportMemory}; 4 use crate::store::{StoreInstanceId, StoreOpaque, StoreResourceLimiter}; 5 use crate::trampoline::generate_memory_export; 6 #[cfg(feature = "async")] 7 use crate::vm::VMStore; 8 use crate::{AsContext, AsContextMut, Engine, MemoryType, StoreContext, StoreContextMut}; 9 use core::cell::UnsafeCell; 10 use core::fmt; 11 use core::slice; 12 use core::time::Duration; 13 use wasmtime_environ::DefinedMemoryIndex; 14 15 pub use crate::runtime::vm::WaitResult; 16 17 /// Error for out of bounds [`Memory`] access. 18 #[derive(Debug)] 19 #[non_exhaustive] 20 pub struct MemoryAccessError { 21 // Keep struct internals private for future extensibility. 22 _private: (), 23 } 24 25 impl fmt::Display for MemoryAccessError { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result26 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 27 write!(f, "out of bounds memory access") 28 } 29 } 30 31 impl core::error::Error for MemoryAccessError {} 32 33 /// A WebAssembly linear memory. 34 /// 35 /// WebAssembly memories represent a contiguous array of bytes that have a size 36 /// that is always a multiple of the WebAssembly page size, currently 64 37 /// kilobytes. 38 /// 39 /// WebAssembly memory is used for global data (not to be confused with wasm 40 /// `global` items), statics in C/C++/Rust, shadow stack memory, etc. Accessing 41 /// wasm memory is generally quite fast. 42 /// 43 /// Memories, like other wasm items, are owned by a [`Store`](crate::Store). 44 /// 45 /// # `Memory` and Safety 46 /// 47 /// Linear memory is a lynchpin of safety for WebAssembly. In Wasmtime there are 48 /// safe methods of interacting with a [`Memory`]: 49 /// 50 /// * [`Memory::read`] 51 /// * [`Memory::write`] 52 /// * [`Memory::data`] 53 /// * [`Memory::data_mut`] 54 /// 55 /// Note that all of these consider the entire store context as borrowed for the 56 /// duration of the call or the duration of the returned slice. This largely 57 /// means that while the function is running you'll be unable to borrow anything 58 /// else from the store. This includes getting access to the `T` on 59 /// [`Store<T>`](crate::Store), but it also means that you can't recursively 60 /// call into WebAssembly for instance. 61 /// 62 /// If you'd like to dip your toes into handling [`Memory`] in a more raw 63 /// fashion (e.g. by using raw pointers or raw slices), then there's a few 64 /// important points to consider when doing so: 65 /// 66 /// * Any recursive calls into WebAssembly can possibly modify any byte of the 67 /// entire memory. This means that whenever wasm is called Rust can't have any 68 /// long-lived borrows live across the wasm function call. Slices like `&mut 69 /// [u8]` will be violated because they're not actually exclusive at that 70 /// point, and slices like `&[u8]` are also violated because their contents 71 /// may be mutated. 72 /// 73 /// * WebAssembly memories can grow, and growth may change the base pointer. 74 /// This means that even holding a raw pointer to memory over a wasm function 75 /// call is also incorrect. Anywhere in the function call the base address of 76 /// memory may change. Note that growth can also be requested from the 77 /// embedding API as well. 78 /// 79 /// As a general rule of thumb it's recommended to stick to the safe methods of 80 /// [`Memory`] if you can. It's not advised to use raw pointers or `unsafe` 81 /// operations because of how easy it is to accidentally get things wrong. 82 /// 83 /// Some examples of safely interacting with memory are: 84 /// 85 /// ```rust 86 /// use wasmtime::{Memory, Store, MemoryAccessError}; 87 /// 88 /// // Memory can be read and written safely with the `Memory::read` and 89 /// // `Memory::write` methods. 90 /// // An error is returned if the copy did not succeed. 91 /// fn safe_examples(mem: Memory, store: &mut Store<()>) -> Result<(), MemoryAccessError> { 92 /// let offset = 5; 93 /// mem.write(&mut *store, offset, b"hello")?; 94 /// let mut buffer = [0u8; 5]; 95 /// mem.read(&store, offset, &mut buffer)?; 96 /// assert_eq!(b"hello", &buffer); 97 /// 98 /// // Note that while this is safe care must be taken because the indexing 99 /// // here may panic if the memory isn't large enough. 100 /// assert_eq!(&mem.data(&store)[offset..offset + 5], b"hello"); 101 /// mem.data_mut(&mut *store)[offset..offset + 5].copy_from_slice(b"bye!!"); 102 /// 103 /// Ok(()) 104 /// } 105 /// ``` 106 /// 107 /// It's worth also, however, covering some examples of **incorrect**, 108 /// **unsafe** usages of `Memory`. Do not do these things! 109 /// 110 /// ```rust 111 /// use wasmtime::{Memory, Result, Store}; 112 /// 113 /// // NOTE: All code in this function is not safe to execute and may cause 114 /// // segfaults/undefined behavior at runtime. Do not copy/paste these examples 115 /// // into production code! 116 /// unsafe fn unsafe_examples(mem: Memory, store: &mut Store<()>) -> Result<()> { 117 /// // First and foremost, any borrow can be invalidated at any time via the 118 /// // `Memory::grow` function. This can relocate memory which causes any 119 /// // previous pointer to be possibly invalid now. 120 /// unsafe { 121 /// let pointer: &u8 = &*mem.data_ptr(&store); 122 /// mem.grow(&mut *store, 1)?; // invalidates `pointer`! 123 /// // println!("{}", *pointer); // FATAL: use-after-free 124 /// } 125 /// 126 /// // Note that the use-after-free also applies to slices, whether they're 127 /// // slices of bytes or strings. 128 /// unsafe { 129 /// let mem_slice = std::slice::from_raw_parts( 130 /// mem.data_ptr(&store), 131 /// mem.data_size(&store), 132 /// ); 133 /// let slice: &[u8] = &mem_slice[0x100..0x102]; 134 /// mem.grow(&mut *store, 1)?; // invalidates `slice`! 135 /// // println!("{:?}", slice); // FATAL: use-after-free 136 /// } 137 /// 138 /// // The `Memory` type may be stored in other locations, so if you hand 139 /// // off access to the `Store` then those locations may also call 140 /// // `Memory::grow` or similar, so it's not enough to just audit code for 141 /// // calls to `Memory::grow`. 142 /// unsafe { 143 /// let pointer: &u8 = &*mem.data_ptr(&store); 144 /// some_other_function(store); // may invalidate `pointer` through use of `store` 145 /// // println!("{:?}", pointer); // FATAL: maybe a use-after-free 146 /// } 147 /// 148 /// // An especially subtle aspect of accessing a wasm instance's memory is 149 /// // that you need to be extremely careful about aliasing. Anyone at any 150 /// // time can call `data_unchecked()` or `data_unchecked_mut()`, which 151 /// // means you can easily have aliasing mutable references: 152 /// unsafe { 153 /// let ref1: &u8 = &*mem.data_ptr(&store).add(0x100); 154 /// let ref2: &mut u8 = &mut *mem.data_ptr(&store).add(0x100); 155 /// // *ref2 = *ref1; // FATAL: violates Rust's aliasing rules 156 /// } 157 /// 158 /// Ok(()) 159 /// } 160 /// # fn some_other_function(store: &mut Store<()>) {} 161 /// ``` 162 /// 163 /// Overall there's some general rules of thumb when unsafely working with 164 /// `Memory` and getting raw pointers inside of it: 165 /// 166 /// * If you never have a "long lived" pointer into memory, you're likely in the 167 /// clear. Care still needs to be taken in threaded scenarios or when/where 168 /// data is read, but you'll be shielded from many classes of issues. 169 /// * Long-lived pointers must always respect Rust'a aliasing rules. It's ok for 170 /// shared borrows to overlap with each other, but mutable borrows must 171 /// overlap with nothing. 172 /// * Long-lived pointers are only valid if they're not invalidated for their 173 /// lifetime. This means that [`Store`](crate::Store) isn't used to reenter 174 /// wasm or the memory itself is never grown or otherwise modified/aliased. 175 /// 176 /// At this point it's worth reiterating again that unsafely working with 177 /// `Memory` is pretty tricky and not recommended! It's highly recommended to 178 /// use the safe methods to interact with [`Memory`] whenever possible. 179 /// 180 /// ## `Memory` Safety and Threads 181 /// 182 /// Currently the `wasmtime` crate does not implement the wasm threads proposal, 183 /// but it is planned to do so. It may be interesting to readers to see how this 184 /// affects memory safety and what was previously just discussed as well. 185 /// 186 /// Once threads are added into the mix, all of the above rules still apply. 187 /// There's an additional consideration that all reads and writes can happen 188 /// concurrently, though. This effectively means that any borrow into wasm 189 /// memory are virtually never safe to have. 190 /// 191 /// Mutable pointers are fundamentally unsafe to have in a concurrent scenario 192 /// in the face of arbitrary wasm code. Only if you dynamically know for sure 193 /// that wasm won't access a region would it be safe to construct a mutable 194 /// pointer. Additionally even shared pointers are largely unsafe because their 195 /// underlying contents may change, so unless `UnsafeCell` in one form or 196 /// another is used everywhere there's no safety. 197 /// 198 /// One important point about concurrency is that while [`Memory::grow`] can 199 /// happen concurrently it will never relocate the base pointer. Shared 200 /// memories must always have a maximum size and they will be preallocated such 201 /// that growth will never relocate the base pointer. The current size of the 202 /// memory may still change over time though. 203 /// 204 /// Overall the general rule of thumb for shared memories is that you must 205 /// atomically read and write everything. Nothing can be borrowed and everything 206 /// must be eagerly copied out. This means that [`Memory::data`] and 207 /// [`Memory::data_mut`] won't work in the future (they'll probably return an 208 /// error) for shared memories when they're implemented. When possible it's 209 /// recommended to use [`Memory::read`] and [`Memory::write`] which will still 210 /// be provided. 211 #[derive(Copy, Clone, Debug)] 212 #[repr(C)] // here for the C API 213 pub struct Memory { 214 /// The internal store instance that this memory belongs to. 215 instance: StoreInstanceId, 216 /// The index of the memory, within `instance` above, that this memory 217 /// refers to. 218 index: DefinedMemoryIndex, 219 } 220 221 // Double-check that the C representation in `extern.h` matches our in-Rust 222 // representation here in terms of size/alignment/etc. 223 const _: () = { 224 #[repr(C)] 225 struct Tmp(u64, u32); 226 #[repr(C)] 227 struct C(Tmp, u32); 228 assert!(core::mem::size_of::<C>() == core::mem::size_of::<Memory>()); 229 assert!(core::mem::align_of::<C>() == core::mem::align_of::<Memory>()); 230 assert!(core::mem::offset_of!(Memory, instance) == 0); 231 }; 232 233 impl Memory { 234 /// Creates a new WebAssembly memory given the configuration of `ty`. 235 /// 236 /// The `store` argument will be the owner of the returned [`Memory`]. All 237 /// WebAssembly memory is initialized to zero. 238 /// 239 /// # Panics 240 /// 241 /// This function will panic if the [`Store`](`crate::Store`) has a 242 /// [`ResourceLimiterAsync`](`crate::ResourceLimiterAsync`) (see also: 243 /// [`Store::limiter_async`](`crate::Store::limiter_async`)). When 244 /// using an async resource limiter, use [`Memory::new_async`] instead. 245 /// 246 /// # Examples 247 /// 248 /// ``` 249 /// # use wasmtime::*; 250 /// # fn main() -> Result<()> { 251 /// let engine = Engine::default(); 252 /// let mut store = Store::new(&engine, ()); 253 /// 254 /// let memory_ty = MemoryType::new(1, None); 255 /// let memory = Memory::new(&mut store, memory_ty)?; 256 /// 257 /// let module = Module::new(&engine, "(module (memory (import \"\" \"\") 1))")?; 258 /// let instance = Instance::new(&mut store, &module, &[memory.into()])?; 259 /// // ... 260 /// # Ok(()) 261 /// # } 262 /// ``` new(mut store: impl AsContextMut, ty: MemoryType) -> Result<Memory>263 pub fn new(mut store: impl AsContextMut, ty: MemoryType) -> Result<Memory> { 264 let (mut limiter, store) = store 265 .as_context_mut() 266 .0 267 .validate_sync_resource_limiter_and_store_opaque()?; 268 vm::assert_ready(Self::_new(store, limiter.as_mut(), ty)) 269 } 270 271 /// Async variant of [`Memory::new`]. You must use this variant with 272 /// [`Store`](`crate::Store`)s which have a 273 /// [`ResourceLimiterAsync`](`crate::ResourceLimiterAsync`). 274 /// 275 /// # Panics 276 /// 277 /// This function will panic when used with a non-async 278 /// [`Store`](`crate::Store`). 279 #[cfg(feature = "async")] new_async(mut store: impl AsContextMut, ty: MemoryType) -> Result<Memory>280 pub async fn new_async(mut store: impl AsContextMut, ty: MemoryType) -> Result<Memory> { 281 let (mut limiter, store) = store.as_context_mut().0.resource_limiter_and_store_opaque(); 282 Self::_new(store, limiter.as_mut(), ty).await 283 } 284 285 /// Helper function for attaching the memory to a "frankenstein" instance _new( store: &mut StoreOpaque, limiter: Option<&mut StoreResourceLimiter<'_>>, ty: MemoryType, ) -> Result<Memory>286 async fn _new( 287 store: &mut StoreOpaque, 288 limiter: Option<&mut StoreResourceLimiter<'_>>, 289 ty: MemoryType, 290 ) -> Result<Memory> { 291 if ty.is_shared() { 292 bail!("shared memories must be created through `SharedMemory`") 293 } 294 Ok(generate_memory_export(store, limiter, &ty, None) 295 .await? 296 .unshared() 297 .unwrap()) 298 } 299 300 /// Returns the underlying type of this memory. 301 /// 302 /// # Panics 303 /// 304 /// Panics if this memory doesn't belong to `store`. 305 /// 306 /// # Examples 307 /// 308 /// ``` 309 /// # use wasmtime::*; 310 /// # fn main() -> Result<()> { 311 /// let engine = Engine::default(); 312 /// let mut store = Store::new(&engine, ()); 313 /// let module = Module::new(&engine, "(module (memory (export \"mem\") 1))")?; 314 /// let instance = Instance::new(&mut store, &module, &[])?; 315 /// let memory = instance.get_memory(&mut store, "mem").unwrap(); 316 /// let ty = memory.ty(&store); 317 /// assert_eq!(ty.minimum(), 1); 318 /// # Ok(()) 319 /// # } 320 /// ``` ty(&self, store: impl AsContext) -> MemoryType321 pub fn ty(&self, store: impl AsContext) -> MemoryType { 322 let store = store.as_context(); 323 MemoryType::from_wasmtime_memory(self.wasmtime_ty(store.0)) 324 } 325 326 /// Safely reads memory contents at the given offset into a buffer. 327 /// 328 /// The entire buffer will be filled. 329 /// 330 /// If `offset + buffer.len()` exceed the current memory capacity, then the 331 /// buffer is left untouched and a [`MemoryAccessError`] is returned. 332 /// 333 /// # Panics 334 /// 335 /// Panics if this memory doesn't belong to `store`. read( &self, store: impl AsContext, offset: usize, buffer: &mut [u8], ) -> Result<(), MemoryAccessError>336 pub fn read( 337 &self, 338 store: impl AsContext, 339 offset: usize, 340 buffer: &mut [u8], 341 ) -> Result<(), MemoryAccessError> { 342 let store = store.as_context(); 343 let slice = self 344 .data(&store) 345 .get(offset..) 346 .and_then(|s| s.get(..buffer.len())) 347 .ok_or(MemoryAccessError { _private: () })?; 348 buffer.copy_from_slice(slice); 349 Ok(()) 350 } 351 352 /// Safely writes contents of a buffer to this memory at the given offset. 353 /// 354 /// If the `offset + buffer.len()` exceeds the current memory capacity, then 355 /// none of the buffer is written to memory and a [`MemoryAccessError`] is 356 /// returned. 357 /// 358 /// # Panics 359 /// 360 /// Panics if this memory doesn't belong to `store`. write( &self, mut store: impl AsContextMut, offset: usize, buffer: &[u8], ) -> Result<(), MemoryAccessError>361 pub fn write( 362 &self, 363 mut store: impl AsContextMut, 364 offset: usize, 365 buffer: &[u8], 366 ) -> Result<(), MemoryAccessError> { 367 let mut context = store.as_context_mut(); 368 self.data_mut(&mut context) 369 .get_mut(offset..) 370 .and_then(|s| s.get_mut(..buffer.len())) 371 .ok_or(MemoryAccessError { _private: () })? 372 .copy_from_slice(buffer); 373 Ok(()) 374 } 375 376 /// Returns this memory as a native Rust slice. 377 /// 378 /// Note that this method will consider the entire store context provided as 379 /// borrowed for the duration of the lifetime of the returned slice. 380 /// 381 /// # Panics 382 /// 383 /// Panics if this memory doesn't belong to `store`. data<'a, T: 'static>(&self, store: impl Into<StoreContext<'a, T>>) -> &'a [u8]384 pub fn data<'a, T: 'static>(&self, store: impl Into<StoreContext<'a, T>>) -> &'a [u8] { 385 unsafe { 386 let store = store.into(); 387 let definition = store[self.instance].memory(self.index); 388 debug_assert!(!self.ty(store).is_shared()); 389 slice::from_raw_parts(definition.base.as_ptr(), definition.current_length()) 390 } 391 } 392 393 /// Returns this memory as a native Rust mutable slice. 394 /// 395 /// Note that this method will consider the entire store context provided as 396 /// borrowed for the duration of the lifetime of the returned slice. 397 /// 398 /// # Panics 399 /// 400 /// Panics if this memory doesn't belong to `store`. data_mut<'a, T: 'static>( &self, store: impl Into<StoreContextMut<'a, T>>, ) -> &'a mut [u8]401 pub fn data_mut<'a, T: 'static>( 402 &self, 403 store: impl Into<StoreContextMut<'a, T>>, 404 ) -> &'a mut [u8] { 405 unsafe { 406 let store = store.into(); 407 let definition = store[self.instance].memory(self.index); 408 debug_assert!(!self.ty(store).is_shared()); 409 slice::from_raw_parts_mut(definition.base.as_ptr(), definition.current_length()) 410 } 411 } 412 413 /// Same as [`Memory::data_mut`], but also returns the `T` from the 414 /// [`StoreContextMut`]. 415 /// 416 /// This method can be used when you want to simultaneously work with the 417 /// `T` in the store as well as the memory behind this [`Memory`]. Using 418 /// [`Memory::data_mut`] would consider the entire store borrowed, whereas 419 /// this method allows the Rust compiler to see that the borrow of this 420 /// memory and the borrow of `T` are disjoint. 421 /// 422 /// # Panics 423 /// 424 /// Panics if this memory doesn't belong to `store`. data_and_store_mut<'a, T: 'static>( &self, store: impl Into<StoreContextMut<'a, T>>, ) -> (&'a mut [u8], &'a mut T)425 pub fn data_and_store_mut<'a, T: 'static>( 426 &self, 427 store: impl Into<StoreContextMut<'a, T>>, 428 ) -> (&'a mut [u8], &'a mut T) { 429 // Note the unsafety here. Our goal is to simultaneously borrow the 430 // memory and custom data from `store`, and the store it's connected 431 // to. Rust will not let us do that, however, because we must call two 432 // separate methods (both of which borrow the whole `store`) and one of 433 // our borrows is mutable (the custom data). 434 // 435 // This operation, however, is safe because these borrows do not overlap 436 // and in the process of borrowing them mutability doesn't actually 437 // touch anything. This is akin to mutably borrowing two indices in an 438 // array, which is safe so long as the indices are separate. 439 unsafe { 440 let mut store = store.into(); 441 let data = &mut *(store.data_mut() as *mut T); 442 (self.data_mut(store), data) 443 } 444 } 445 446 /// Returns the base pointer, in the host's address space, that the memory 447 /// is located at. 448 /// 449 /// For more information and examples see the documentation on the 450 /// [`Memory`] type. 451 /// 452 /// # Panics 453 /// 454 /// Panics if this memory doesn't belong to `store`. data_ptr(&self, store: impl AsContext) -> *mut u8455 pub fn data_ptr(&self, store: impl AsContext) -> *mut u8 { 456 store.as_context()[self.instance] 457 .memory(self.index) 458 .base 459 .as_ptr() 460 } 461 462 /// Returns the byte length of this memory. 463 /// 464 /// WebAssembly memories are made up of a whole number of pages, so the byte 465 /// size returned will always be a multiple of this memory's page size. Note 466 /// that different Wasm memories may have different page sizes. You can get 467 /// a memory's page size via the [`Memory::page_size`] method. 468 /// 469 /// By default the page size is 64KiB (aka `0x10000`, `2**16`, `1<<16`, or 470 /// `65536`) but [the custom-page-sizes proposal] allows a memory to opt 471 /// into a page size of `1`. Future extensions might allow any power of two 472 /// as a page size. 473 /// 474 /// [the custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes 475 /// 476 /// For more information and examples see the documentation on the 477 /// [`Memory`] type. 478 /// 479 /// # Panics 480 /// 481 /// Panics if this memory doesn't belong to `store`. data_size(&self, store: impl AsContext) -> usize482 pub fn data_size(&self, store: impl AsContext) -> usize { 483 self.internal_data_size(store.as_context().0) 484 } 485 internal_data_size(&self, store: &StoreOpaque) -> usize486 pub(crate) fn internal_data_size(&self, store: &StoreOpaque) -> usize { 487 store[self.instance].memory(self.index).current_length() 488 } 489 490 /// Returns the size, in units of pages, of this Wasm memory. 491 /// 492 /// WebAssembly memories are made up of a whole number of pages, so the byte 493 /// size returned will always be a multiple of this memory's page size. Note 494 /// that different Wasm memories may have different page sizes. You can get 495 /// a memory's page size via the [`Memory::page_size`] method. 496 /// 497 /// By default the page size is 64KiB (aka `0x10000`, `2**16`, `1<<16`, or 498 /// `65536`) but [the custom-page-sizes proposal] allows a memory to opt 499 /// into a page size of `1`. Future extensions might allow any power of two 500 /// as a page size. 501 /// 502 /// [the custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes 503 /// 504 /// # Panics 505 /// 506 /// Panics if this memory doesn't belong to `store`. size(&self, store: impl AsContext) -> u64507 pub fn size(&self, store: impl AsContext) -> u64 { 508 self.internal_size(store.as_context().0) 509 } 510 internal_size(&self, store: &StoreOpaque) -> u64511 pub(crate) fn internal_size(&self, store: &StoreOpaque) -> u64 { 512 let byte_size = self.internal_data_size(store); 513 let page_size = usize::try_from(self._page_size(store)).unwrap(); 514 u64::try_from(byte_size / page_size).unwrap() 515 } 516 517 /// Returns the size of a page, in bytes, for this memory. 518 /// 519 /// WebAssembly memories are made up of a whole number of pages, so the byte 520 /// size (as returned by [`Memory::data_size`]) will always be a multiple of 521 /// their page size. Different Wasm memories may have different page sizes. 522 /// 523 /// By default this is 64KiB (aka `0x10000`, `2**16`, `1<<16`, or `65536`) 524 /// but [the custom-page-sizes proposal] allows opting into a page size of 525 /// `1`. Future extensions might allow any power of two as a page size. 526 /// 527 /// [the custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes page_size(&self, store: impl AsContext) -> u64528 pub fn page_size(&self, store: impl AsContext) -> u64 { 529 self._page_size(store.as_context().0) 530 } 531 _page_size(&self, store: &StoreOpaque) -> u64532 pub(crate) fn _page_size(&self, store: &StoreOpaque) -> u64 { 533 self.wasmtime_ty(store).page_size() 534 } 535 536 /// Returns the log2 of this memory's page size, in bytes. 537 /// 538 /// WebAssembly memories are made up of a whole number of pages, so the byte 539 /// size (as returned by [`Memory::data_size`]) will always be a multiple of 540 /// their page size. Different Wasm memories may have different page sizes. 541 /// 542 /// By default the page size is 64KiB (aka `0x10000`, `2**16`, `1<<16`, or 543 /// `65536`) but [the custom-page-sizes proposal] allows opting into a page 544 /// size of `1`. Future extensions might allow any power of two as a page 545 /// size. 546 /// 547 /// [the custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes page_size_log2(&self, store: impl AsContext) -> u8548 pub fn page_size_log2(&self, store: impl AsContext) -> u8 { 549 self._page_size_log2(store.as_context().0) 550 } 551 _page_size_log2(&self, store: &StoreOpaque) -> u8552 pub(crate) fn _page_size_log2(&self, store: &StoreOpaque) -> u8 { 553 self.wasmtime_ty(store).page_size_log2 554 } 555 556 /// Grows this WebAssembly memory by `delta` pages. 557 /// 558 /// This will attempt to add `delta` more pages of memory on to the end of 559 /// this `Memory` instance. If successful this may relocate the memory and 560 /// cause [`Memory::data_ptr`] to return a new value. Additionally any 561 /// unsafely constructed slices into this memory may no longer be valid. 562 /// 563 /// On success returns the number of pages this memory previously had 564 /// before the growth succeeded. 565 /// 566 /// Note that, by default, a WebAssembly memory's page size is 64KiB (aka 567 /// 65536 or 2<sup>16</sup>). The [custom-page-sizes proposal] allows Wasm 568 /// memories to opt into a page size of one byte (and this may be further 569 /// relaxed to any power of two in a future extension). 570 /// 571 /// [custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes 572 /// 573 /// # Errors 574 /// 575 /// Returns an error if memory could not be grown, for example if it exceeds 576 /// the maximum limits of this memory. A 577 /// [`ResourceLimiter`](crate::ResourceLimiter) is another example of 578 /// preventing a memory to grow. 579 /// 580 /// This function will return an error if the [`Store`](`crate::Store`) has 581 /// a [`ResourceLimiterAsync`](`crate::ResourceLimiterAsync`) (see also: 582 /// [`Store::limiter_async`](`crate::Store::limiter_async`). When using an 583 /// async resource limiter, use [`Memory::grow_async`] instead. 584 /// 585 /// # Panics 586 /// 587 /// Panics if this memory doesn't belong to `store`. 588 /// 589 /// # Examples 590 /// 591 /// ``` 592 /// # use wasmtime::*; 593 /// # fn main() -> Result<()> { 594 /// let engine = Engine::default(); 595 /// let mut store = Store::new(&engine, ()); 596 /// let module = Module::new(&engine, "(module (memory (export \"mem\") 1 2))")?; 597 /// let instance = Instance::new(&mut store, &module, &[])?; 598 /// let memory = instance.get_memory(&mut store, "mem").unwrap(); 599 /// 600 /// assert_eq!(memory.size(&store), 1); 601 /// assert_eq!(memory.grow(&mut store, 1)?, 1); 602 /// assert_eq!(memory.size(&store), 2); 603 /// assert!(memory.grow(&mut store, 1).is_err()); 604 /// assert_eq!(memory.size(&store), 2); 605 /// assert_eq!(memory.grow(&mut store, 0)?, 2); 606 /// # Ok(()) 607 /// # } 608 /// ``` grow(&self, mut store: impl AsContextMut, delta: u64) -> Result<u64>609 pub fn grow(&self, mut store: impl AsContextMut, delta: u64) -> Result<u64> { 610 let store = store.as_context_mut().0; 611 let (mut limiter, store) = store.validate_sync_resource_limiter_and_store_opaque()?; 612 vm::assert_ready(self._grow(store, limiter.as_mut(), delta)) 613 } 614 615 /// Async variant of [`Memory::grow`]. Required when using a 616 /// [`ResourceLimiterAsync`](`crate::ResourceLimiterAsync`). 617 /// 618 /// # Panics 619 /// 620 /// This function will panic when used with a non-async 621 /// [`Store`](`crate::Store`). 622 #[cfg(feature = "async")] grow_async(&self, mut store: impl AsContextMut, delta: u64) -> Result<u64>623 pub async fn grow_async(&self, mut store: impl AsContextMut, delta: u64) -> Result<u64> { 624 let store = store.as_context_mut(); 625 let (mut limiter, store) = store.0.resource_limiter_and_store_opaque(); 626 self._grow(store, limiter.as_mut(), delta).await 627 } 628 _grow( &self, store: &mut StoreOpaque, limiter: Option<&mut StoreResourceLimiter<'_>>, delta: u64, ) -> Result<u64>629 async fn _grow( 630 &self, 631 store: &mut StoreOpaque, 632 limiter: Option<&mut StoreResourceLimiter<'_>>, 633 delta: u64, 634 ) -> Result<u64> { 635 let result = self 636 .instance 637 .get_mut(store) 638 .memory_grow(limiter, self.index, delta) 639 .await?; 640 match result { 641 Some(size) => { 642 let page_size = self.wasmtime_ty(store).page_size(); 643 Ok(u64::try_from(size).unwrap() / page_size) 644 } 645 None => bail!("failed to grow memory by `{delta}`"), 646 } 647 } 648 649 /// Creates a new memory from its raw component parts. 650 /// 651 /// # Safety 652 /// 653 /// The caller must ensure that the memory pointed to by `instance` and 654 /// `index` is not a shared memory. For that `SharedMemory` must be used 655 /// instead. from_raw(instance: StoreInstanceId, index: DefinedMemoryIndex) -> Memory656 pub(crate) unsafe fn from_raw(instance: StoreInstanceId, index: DefinedMemoryIndex) -> Memory { 657 Memory { instance, index } 658 } 659 wasmtime_ty<'a>(&self, store: &'a StoreOpaque) -> &'a wasmtime_environ::Memory660 pub(crate) fn wasmtime_ty<'a>(&self, store: &'a StoreOpaque) -> &'a wasmtime_environ::Memory { 661 let module = store[self.instance].env_module(); 662 let index = module.memory_index(self.index); 663 &module.memories[index] 664 } 665 vmimport(&self, store: &StoreOpaque) -> crate::runtime::vm::VMMemoryImport666 pub(crate) fn vmimport(&self, store: &StoreOpaque) -> crate::runtime::vm::VMMemoryImport { 667 store[self.instance].get_defined_memory_vmimport(self.index) 668 } 669 comes_from_same_store(&self, store: &StoreOpaque) -> bool670 pub(crate) fn comes_from_same_store(&self, store: &StoreOpaque) -> bool { 671 store.id() == self.instance.store_id() 672 } 673 674 /// Returns a stable identifier for this memory within its store. 675 /// 676 /// This allows distinguishing memories when introspecting them 677 /// e.g. via debug APIs. 678 #[cfg(feature = "debug")] debug_index_in_store(&self) -> u64679 pub fn debug_index_in_store(&self) -> u64 { 680 u64::from(self.instance.instance().as_u32()) << 32 | u64::from(self.index.as_u32()) 681 } 682 683 /// Get a stable hash key for this memory. 684 /// 685 /// Even if the same underlying memory definition is added to the 686 /// `StoreData` multiple times and becomes multiple `wasmtime::Memory`s, 687 /// this hash key will be consistent across all of these memories. 688 #[cfg(feature = "coredump")] hash_key(&self, store: &StoreOpaque) -> impl core::hash::Hash + Eq + use<>689 pub(crate) fn hash_key(&self, store: &StoreOpaque) -> impl core::hash::Hash + Eq + use<> { 690 store[self.instance].memory_ptr(self.index).as_ptr().addr() 691 } 692 } 693 694 /// A linear memory. This trait provides an interface for raw memory buffers 695 /// which are used by wasmtime, e.g. inside ['Memory']. Such buffers are in 696 /// principle not thread safe. By implementing this trait together with 697 /// MemoryCreator, one can supply wasmtime with custom allocated host managed 698 /// memory. 699 /// 700 /// # Safety 701 /// 702 /// The memory should be page aligned and a multiple of page size. 703 /// To prevent possible silent overflows, the memory should be protected by a 704 /// guard page. Additionally the safety concerns explained in ['Memory'], for 705 /// accessing the memory apply here as well. 706 /// 707 /// Note that this is a relatively advanced feature and it is recommended to be 708 /// familiar with wasmtime runtime code to use it. 709 pub unsafe trait LinearMemory: Send + Sync + 'static { 710 /// Returns the number of allocated bytes which are accessible at this time. byte_size(&self) -> usize711 fn byte_size(&self) -> usize; 712 713 /// Returns byte capacity of this linear memory's current allocation. 714 /// 715 /// Growth up to this value should not relocate the linear memory base 716 /// pointer. byte_capacity(&self) -> usize717 fn byte_capacity(&self) -> usize; 718 719 /// Grows this memory to have the `new_size`, in bytes, specified. 720 /// 721 /// Returns `Err` if memory can't be grown by the specified amount 722 /// of bytes. The error may be downcastable to `std::io::Error`. 723 /// Returns `Ok` if memory was grown successfully. grow_to(&mut self, new_size: usize) -> Result<()>724 fn grow_to(&mut self, new_size: usize) -> Result<()>; 725 726 /// Return the allocated memory as a mutable pointer to u8. as_ptr(&self) -> *mut u8727 fn as_ptr(&self) -> *mut u8; 728 } 729 730 /// A memory creator. Can be used to provide a memory creator 731 /// to wasmtime which supplies host managed memory. 732 /// 733 /// # Safety 734 /// 735 /// This trait is unsafe, as the memory safety depends on proper implementation 736 /// of memory management. Memories created by the MemoryCreator should always be 737 /// treated as owned by wasmtime instance, and any modification of them outside 738 /// of wasmtime invoked routines is unsafe and may lead to corruption. 739 /// 740 /// Note that this is a relatively advanced feature and it is recommended to be 741 /// familiar with Wasmtime runtime code to use it. 742 pub unsafe trait MemoryCreator: Send + Sync { 743 /// Create a new `LinearMemory` object from the specified parameters. 744 /// 745 /// The type of memory being created is specified by `ty` which indicates 746 /// both the minimum and maximum size, in wasm pages. The minimum and 747 /// maximum sizes, in bytes, are also specified as parameters to avoid 748 /// integer conversion if desired. 749 /// 750 /// The `reserved_size_in_bytes` value indicates the expected size of the 751 /// reservation that is to be made for this memory. If this value is `None` 752 /// than the implementation is free to allocate memory as it sees fit. If 753 /// the value is `Some`, however, then the implementation is expected to 754 /// reserve that many bytes for the memory's allocation, plus the guard 755 /// size at the end. Note that this reservation need only be a virtual 756 /// memory reservation, physical memory does not need to be allocated 757 /// immediately. In this case `grow` should never move the base pointer and 758 /// the maximum size of `ty` is guaranteed to fit within 759 /// `reserved_size_in_bytes`. 760 /// 761 /// The `guard_size_in_bytes` parameter indicates how many bytes of space, 762 /// after the memory allocation, is expected to be unmapped. JIT code will 763 /// elide bounds checks based on the `guard_size_in_bytes` provided, so for 764 /// JIT code to work correctly the memory returned will need to be properly 765 /// guarded with `guard_size_in_bytes` bytes left unmapped after the base 766 /// allocation. 767 /// 768 /// Note that the `reserved_size_in_bytes` and `guard_size_in_bytes` options 769 /// are tuned from the various [`Config`](crate::Config) methods about 770 /// memory sizes/guards. Additionally these two values are guaranteed to be 771 /// multiples of the system page size. 772 /// 773 /// Memory created from this method should be zero filled. new_memory( &self, ty: MemoryType, minimum: usize, maximum: Option<usize>, reserved_size_in_bytes: Option<usize>, guard_size_in_bytes: usize, ) -> Result<Box<dyn LinearMemory>, String>774 fn new_memory( 775 &self, 776 ty: MemoryType, 777 minimum: usize, 778 maximum: Option<usize>, 779 reserved_size_in_bytes: Option<usize>, 780 guard_size_in_bytes: usize, 781 ) -> Result<Box<dyn LinearMemory>, String>; 782 } 783 784 /// A constructor for externally-created shared memory. 785 /// 786 /// The [threads proposal] adds the concept of "shared memory" to WebAssembly. 787 /// This is much the same as a Wasm linear memory (i.e., [`Memory`]), but can be 788 /// used concurrently by multiple agents. Because these agents may execute in 789 /// different threads, [`SharedMemory`] must be thread-safe. 790 /// 791 /// When the [threads proposal is enabled](crate::Config::wasm_threads) and the 792 /// [the creation of shared memories is enabled](crate::Config::shared_memory), 793 /// there are multiple ways to construct shared memory: 794 /// 1. for imported shared memory, e.g., `(import "env" "memory" (memory 1 1 795 /// shared))`, the user must supply a [`SharedMemory`] with the 796 /// externally-created memory as an import to the instance--e.g., 797 /// `shared_memory.into()`. 798 /// 2. for private or exported shared memory, e.g., `(export "env" "memory" 799 /// (memory 1 1 shared))`, Wasmtime will create the memory internally during 800 /// instantiation--access using `Instance::get_shared_memory()`. 801 /// 802 /// [threads proposal]: 803 /// https://github.com/WebAssembly/threads/blob/master/proposals/threads/Overview.md 804 /// 805 /// # Examples 806 /// 807 /// ``` 808 /// # use wasmtime::*; 809 /// # fn main() -> Result<()> { 810 /// let mut config = Config::new(); 811 /// config.wasm_threads(true); 812 /// config.shared_memory(true); 813 /// # if Engine::new(&config).is_err() { return Ok(()); } 814 /// let engine = Engine::new(&config)?; 815 /// let mut store = Store::new(&engine, ()); 816 /// 817 /// let shared_memory = SharedMemory::new(&engine, MemoryType::shared(1, 2))?; 818 /// let module = Module::new(&engine, r#"(module (memory (import "" "") 1 2 shared))"#)?; 819 /// let instance = Instance::new(&mut store, &module, &[shared_memory.into()])?; 820 /// // ... 821 /// # Ok(()) 822 /// # } 823 /// ``` 824 #[derive(Clone)] 825 pub struct SharedMemory { 826 vm: crate::runtime::vm::SharedMemory, 827 engine: Engine, 828 } 829 830 impl SharedMemory { 831 /// Construct a [`SharedMemory`] by providing both the `minimum` and 832 /// `maximum` number of 64K-sized pages. This call allocates the necessary 833 /// pages on the system. 834 #[cfg(feature = "threads")] new(engine: &Engine, ty: MemoryType) -> Result<Self>835 pub fn new(engine: &Engine, ty: MemoryType) -> Result<Self> { 836 if !ty.is_shared() { 837 bail!("shared memory must have the `shared` flag enabled on its memory type") 838 } 839 debug_assert!(ty.maximum().is_some()); 840 841 let ty = ty.wasmtime_memory(); 842 let memory = crate::runtime::vm::SharedMemory::new(engine, ty)?; 843 844 Ok(Self { 845 vm: memory, 846 engine: engine.clone(), 847 }) 848 } 849 850 /// Return the type of the shared memory. ty(&self) -> MemoryType851 pub fn ty(&self) -> MemoryType { 852 MemoryType::from_wasmtime_memory(&self.vm.ty()) 853 } 854 855 /// Returns the size, in WebAssembly pages, of this wasm memory. size(&self) -> u64856 pub fn size(&self) -> u64 { 857 let byte_size = u64::try_from(self.data_size()).unwrap(); 858 let page_size = self.page_size(); 859 byte_size / page_size 860 } 861 862 /// Returns the size of a page, in bytes, for this memory. 863 /// 864 /// By default this is 64KiB (aka `0x10000`, `2**16`, `1<<16`, or `65536`) 865 /// but [the custom-page-sizes proposal] allows opting into a page size of 866 /// `1`. Future extensions might allow any power of two as a page size. 867 /// 868 /// [the custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes page_size(&self) -> u64869 pub fn page_size(&self) -> u64 { 870 self.ty().page_size() 871 } 872 873 /// Returns the byte length of this memory. 874 /// 875 /// The returned value will be a multiple of the wasm page size, 64k. 876 /// 877 /// For more information and examples see the documentation on the 878 /// [`Memory`] type. data_size(&self) -> usize879 pub fn data_size(&self) -> usize { 880 self.vm.byte_size() 881 } 882 883 /// Return access to the available portion of the shared memory. 884 /// 885 /// The slice returned represents the region of accessible memory at the 886 /// time that this function was called. The contents of the returned slice 887 /// will reflect concurrent modifications happening on other threads. 888 /// 889 /// # Safety 890 /// 891 /// The returned slice is valid for the entire duration of the lifetime of 892 /// this instance of [`SharedMemory`]. The base pointer of a shared memory 893 /// does not change. This [`SharedMemory`] may grow further after this 894 /// function has been called, but the slice returned will not grow. 895 /// 896 /// Concurrent modifications may be happening to the data returned on other 897 /// threads. The `UnsafeCell<u8>` represents that safe access to the 898 /// contents of the slice is not possible through normal loads and stores. 899 /// 900 /// The memory returned must be accessed safely through the `Atomic*` types 901 /// in the [`std::sync::atomic`] module. Casting to those types must 902 /// currently be done unsafely. data(&self) -> &[UnsafeCell<u8>]903 pub fn data(&self) -> &[UnsafeCell<u8>] { 904 unsafe { 905 let definition = self.vm.vmmemory_ptr().as_ref(); 906 slice::from_raw_parts(definition.base.as_ptr().cast(), definition.current_length()) 907 } 908 } 909 910 /// Grows this WebAssembly memory by `delta` pages. 911 /// 912 /// This will attempt to add `delta` more pages of memory on to the end of 913 /// this `Memory` instance. If successful this may relocate the memory and 914 /// cause [`Memory::data_ptr`] to return a new value. Additionally any 915 /// unsafely constructed slices into this memory may no longer be valid. 916 /// 917 /// On success returns the number of pages this memory previously had 918 /// before the growth succeeded. 919 /// 920 /// # Errors 921 /// 922 /// Returns an error if memory could not be grown, for example if it exceeds 923 /// the maximum limits of this memory. A 924 /// [`ResourceLimiter`](crate::ResourceLimiter) is another example of 925 /// preventing a memory to grow. grow(&self, delta: u64) -> Result<u64>926 pub fn grow(&self, delta: u64) -> Result<u64> { 927 match self.vm.grow(delta)? { 928 Some((old_size, _new_size)) => { 929 // For shared memory, the `VMMemoryDefinition` is updated inside 930 // the locked region. 931 Ok(u64::try_from(old_size).unwrap() / self.page_size()) 932 } 933 None => bail!("failed to grow memory by `{delta}`"), 934 } 935 } 936 937 /// Equivalent of the WebAssembly `memory.atomic.notify` instruction for 938 /// this shared memory. 939 /// 940 /// This method allows embedders to notify threads blocked on the specified 941 /// `addr`, an index into wasm linear memory. Threads could include 942 /// wasm threads blocked on a `memory.atomic.wait*` instruction or embedder 943 /// threads blocked on [`SharedMemory::atomic_wait32`], for example. 944 /// 945 /// The `count` argument is the number of threads to wake up. 946 /// 947 /// This function returns the number of threads awoken. 948 /// 949 /// # Errors 950 /// 951 /// This function will return an error if `addr` is not within bounds or 952 /// not aligned to a 4-byte boundary. atomic_notify(&self, addr: u64, count: u32) -> Result<u32, Trap>953 pub fn atomic_notify(&self, addr: u64, count: u32) -> Result<u32, Trap> { 954 self.vm.atomic_notify(addr, count) 955 } 956 957 /// Equivalent of the WebAssembly `memory.atomic.wait32` instruction for 958 /// this shared memory. 959 /// 960 /// This method allows embedders to block the current thread until notified 961 /// via the `memory.atomic.notify` instruction or the 962 /// [`SharedMemory::atomic_notify`] method, enabling synchronization with 963 /// the wasm guest as desired. 964 /// 965 /// The `expected` argument is the expected 32-bit value to be stored at 966 /// the byte address `addr` specified. The `addr` specified is an index 967 /// into this linear memory. 968 /// 969 /// The optional `timeout` argument is the maximum amount of time to block 970 /// the current thread. If not specified the thread may sleep indefinitely. 971 /// 972 /// This function returns one of three possible values: 973 /// 974 /// * `WaitResult::Ok` - this function, loaded the value at `addr`, found 975 /// it was equal to `expected`, and then blocked (all as one atomic 976 /// operation). The thread was then awoken with a `memory.atomic.notify` 977 /// instruction or the [`SharedMemory::atomic_notify`] method. 978 /// * `WaitResult::Mismatch` - the value at `addr` was loaded but was not 979 /// equal to `expected` so the thread did not block and immediately 980 /// returned. 981 /// * `WaitResult::TimedOut` - all the steps of `Ok` happened, except this 982 /// thread was woken up due to a timeout. 983 /// 984 /// This function will not return due to spurious wakeups. 985 /// 986 /// # Errors 987 /// 988 /// This function will return an error if `addr` is not within bounds or 989 /// not aligned to a 4-byte boundary. atomic_wait32( &self, addr: u64, expected: u32, timeout: Option<Duration>, ) -> Result<WaitResult, Trap>990 pub fn atomic_wait32( 991 &self, 992 addr: u64, 993 expected: u32, 994 timeout: Option<Duration>, 995 ) -> Result<WaitResult, Trap> { 996 self.vm.atomic_wait32(addr, expected, timeout) 997 } 998 999 /// Equivalent of the WebAssembly `memory.atomic.wait64` instruction for 1000 /// this shared memory. 1001 /// 1002 /// For more information see [`SharedMemory::atomic_wait32`]. 1003 /// 1004 /// # Errors 1005 /// 1006 /// Returns the same error as [`SharedMemory::atomic_wait32`] except that 1007 /// the specified address must be 8-byte aligned instead of 4-byte aligned. atomic_wait64( &self, addr: u64, expected: u64, timeout: Option<Duration>, ) -> Result<WaitResult, Trap>1008 pub fn atomic_wait64( 1009 &self, 1010 addr: u64, 1011 expected: u64, 1012 timeout: Option<Duration>, 1013 ) -> Result<WaitResult, Trap> { 1014 self.vm.atomic_wait64(addr, expected, timeout) 1015 } 1016 1017 /// Return a reference to the [`Engine`] used to configure the shared 1018 /// memory. engine(&self) -> &Engine1019 pub(crate) fn engine(&self) -> &Engine { 1020 &self.engine 1021 } 1022 1023 /// Construct a single-memory instance to provide a way to import 1024 /// [`SharedMemory`] into other modules. vmimport(&self, store: &mut StoreOpaque) -> crate::runtime::vm::VMMemoryImport1025 pub(crate) fn vmimport(&self, store: &mut StoreOpaque) -> crate::runtime::vm::VMMemoryImport { 1026 // Note `vm::assert_ready` shouldn't panic here because this isn't 1027 // actually allocating any new memory (also no limiter), so resource 1028 // limiting shouldn't kick in. 1029 let memory = vm::assert_ready(generate_memory_export( 1030 store, 1031 None, 1032 &self.ty(), 1033 Some(&self.vm), 1034 )) 1035 .unwrap(); 1036 match memory { 1037 ExportMemory::Unshared(_) => unreachable!(), 1038 ExportMemory::Shared(_shared, vmimport) => vmimport, 1039 } 1040 } 1041 1042 /// Creates a [`SharedMemory`] from its constituent parts. from_raw(vm: crate::runtime::vm::SharedMemory, engine: Engine) -> Self1043 pub(crate) fn from_raw(vm: crate::runtime::vm::SharedMemory, engine: Engine) -> Self { 1044 SharedMemory { vm, engine } 1045 } 1046 } 1047 1048 impl fmt::Debug for SharedMemory { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result1049 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 1050 f.debug_struct("SharedMemory").finish_non_exhaustive() 1051 } 1052 } 1053 1054 #[cfg(test)] 1055 mod tests { 1056 use crate::*; 1057 1058 // Assert that creating a memory via `Memory::new` respects the limits/tunables 1059 // in `Config`. 1060 #[test] respect_tunables()1061 fn respect_tunables() { 1062 let mut cfg = Config::new(); 1063 cfg.memory_reservation(0).memory_guard_size(0); 1064 let mut store = Store::new(&Engine::new(&cfg).unwrap(), ()); 1065 let ty = MemoryType::new(1, None); 1066 let mem = Memory::new(&mut store, ty).unwrap(); 1067 let store = store.as_context(); 1068 let tunables = store.engine().tunables(); 1069 assert_eq!(tunables.memory_guard_size, 0); 1070 assert!( 1071 !mem.wasmtime_ty(store.0) 1072 .can_elide_bounds_check(tunables, 12) 1073 ); 1074 } 1075 1076 #[test] hash_key_is_stable_across_duplicate_store_data_entries() -> Result<()>1077 fn hash_key_is_stable_across_duplicate_store_data_entries() -> Result<()> { 1078 let mut store = Store::<()>::default(); 1079 let module = Module::new( 1080 store.engine(), 1081 r#" 1082 (module 1083 (memory (export "m") 1 1) 1084 ) 1085 "#, 1086 )?; 1087 let instance = Instance::new(&mut store, &module, &[])?; 1088 1089 // Each time we `get_memory`, we call `Memory::from_wasmtime` which adds 1090 // a new entry to `StoreData`, so `g1` and `g2` will have different 1091 // indices into `StoreData`. 1092 let m1 = instance.get_memory(&mut store, "m").unwrap(); 1093 let m2 = instance.get_memory(&mut store, "m").unwrap(); 1094 1095 // That said, they really point to the same memory. 1096 assert_eq!(m1.data(&store)[0], 0); 1097 assert_eq!(m2.data(&store)[0], 0); 1098 m1.data_mut(&mut store)[0] = 42; 1099 assert_eq!(m1.data(&mut store)[0], 42); 1100 assert_eq!(m2.data(&mut store)[0], 42); 1101 1102 // And therefore their hash keys are the same. 1103 assert!(m1.hash_key(&store.as_context().0) == m2.hash_key(&store.as_context().0)); 1104 1105 // But the hash keys are different from different memories. 1106 let instance2 = Instance::new(&mut store, &module, &[])?; 1107 let m3 = instance2.get_memory(&mut store, "m").unwrap(); 1108 assert!(m1.hash_key(&store.as_context().0) != m3.hash_key(&store.as_context().0)); 1109 1110 Ok(()) 1111 } 1112 } 1113