1 use crate::prelude::*; 2 #[cfg(feature = "std")] 3 use crate::runtime::vm::open_file_for_mmap; 4 use crate::runtime::vm::{CompiledModuleId, MmapVec, ModuleMemoryImages, VMWasmCallFunction}; 5 use crate::sync::OnceLock; 6 use crate::{ 7 Engine, 8 code::EngineCode, 9 code_memory::CodeMemory, 10 instantiate::CompiledModule, 11 resources::ResourcesRequired, 12 types::{ExportType, ExternType, ImportType}, 13 }; 14 use alloc::sync::Arc; 15 use core::fmt; 16 use core::ops::Range; 17 use core::ptr::NonNull; 18 #[cfg(feature = "std")] 19 use std::{fs::File, path::Path}; 20 use wasmparser::{Parser, ValidPayload, Validator}; 21 #[cfg(feature = "debug")] 22 use wasmtime_environ::FrameTable; 23 use wasmtime_environ::{ 24 CompiledFunctionsTable, CompiledModuleInfo, EntityIndex, HostPtr, ModuleTypes, ObjectKind, 25 TypeTrace, VMOffsets, VMSharedTypeIndex, 26 }; 27 #[cfg(feature = "gc")] 28 use wasmtime_unwinder::ExceptionTable; 29 mod registry; 30 31 pub use registry::*; 32 33 /// A compiled WebAssembly module, ready to be instantiated. 34 /// 35 /// A `Module` is a compiled in-memory representation of an input WebAssembly 36 /// binary. A `Module` is then used to create an [`Instance`](crate::Instance) 37 /// through an instantiation process. You cannot call functions or fetch 38 /// globals, for example, on a `Module` because it's purely a code 39 /// representation. Instead you'll need to create an 40 /// [`Instance`](crate::Instance) to interact with the wasm module. 41 /// 42 /// A `Module` can be created by compiling WebAssembly code through APIs such as 43 /// [`Module::new`]. This would be a JIT-style use case where code is compiled 44 /// just before it's used. Alternatively a `Module` can be compiled in one 45 /// process and [`Module::serialize`] can be used to save it to storage. A later 46 /// call to [`Module::deserialize`] will quickly load the module to execute and 47 /// does not need to compile any code, representing a more AOT-style use case. 48 /// 49 /// Currently a `Module` does not implement any form of tiering or dynamic 50 /// optimization of compiled code. Creation of a `Module` via [`Module::new`] or 51 /// related APIs will perform the entire compilation step synchronously. When 52 /// finished no further compilation will happen at runtime or later during 53 /// execution of WebAssembly instances for example. 54 /// 55 /// Compilation of WebAssembly by default goes through Cranelift and is 56 /// recommended to be done once-per-module. The same WebAssembly binary need not 57 /// be compiled multiple times and can instead used an embedder-cached result of 58 /// the first call. 59 /// 60 /// `Module` is thread-safe and safe to share across threads. 61 /// 62 /// ## Modules and `Clone` 63 /// 64 /// Using `clone` on a `Module` is a cheap operation. It will not create an 65 /// entirely new module, but rather just a new reference to the existing module. 66 /// In other words it's a shallow copy, not a deep copy. 67 /// 68 /// ## Examples 69 /// 70 /// There are a number of ways you can create a `Module`, for example pulling 71 /// the bytes from a number of locations. One example is loading a module from 72 /// the filesystem: 73 /// 74 /// ```no_run 75 /// # use wasmtime::*; 76 /// # fn main() -> anyhow::Result<()> { 77 /// let engine = Engine::default(); 78 /// let module = Module::from_file(&engine, "path/to/foo.wasm")?; 79 /// # Ok(()) 80 /// # } 81 /// ``` 82 /// 83 /// You can also load the wasm text format if more convenient too: 84 /// 85 /// ```no_run 86 /// # use wasmtime::*; 87 /// # fn main() -> anyhow::Result<()> { 88 /// let engine = Engine::default(); 89 /// // Now we're using the WebAssembly text extension: `.wat`! 90 /// let module = Module::from_file(&engine, "path/to/foo.wat")?; 91 /// # Ok(()) 92 /// # } 93 /// ``` 94 /// 95 /// And if you've already got the bytes in-memory you can use the 96 /// [`Module::new`] constructor: 97 /// 98 /// ```no_run 99 /// # use wasmtime::*; 100 /// # fn main() -> anyhow::Result<()> { 101 /// let engine = Engine::default(); 102 /// # let wasm_bytes: Vec<u8> = Vec::new(); 103 /// let module = Module::new(&engine, &wasm_bytes)?; 104 /// 105 /// // It also works with the text format! 106 /// let module = Module::new(&engine, "(module (func))")?; 107 /// # Ok(()) 108 /// # } 109 /// ``` 110 /// 111 /// Serializing and deserializing a module looks like: 112 /// 113 /// ```no_run 114 /// # use wasmtime::*; 115 /// # fn main() -> anyhow::Result<()> { 116 /// let engine = Engine::default(); 117 /// # let wasm_bytes: Vec<u8> = Vec::new(); 118 /// let module = Module::new(&engine, &wasm_bytes)?; 119 /// let module_bytes = module.serialize()?; 120 /// 121 /// // ... can save `module_bytes` to disk or other storage ... 122 /// 123 /// // recreate the module from the serialized bytes. For the `unsafe` bits 124 /// // see the documentation of `deserialize`. 125 /// let module = unsafe { Module::deserialize(&engine, &module_bytes)? }; 126 /// # Ok(()) 127 /// # } 128 /// ``` 129 /// 130 /// [`Config`]: crate::Config 131 #[derive(Clone)] 132 pub struct Module { 133 inner: Arc<ModuleInner>, 134 } 135 136 struct ModuleInner { 137 engine: Engine, 138 /// The compiled artifacts for this module that will be instantiated and 139 /// executed. 140 module: CompiledModule, 141 142 /// Runtime information such as the underlying mmap, type information, etc. 143 /// 144 /// Note that this `Arc` is used to share information between compiled 145 /// modules within a component. For bare core wasm modules created with 146 /// `Module::new`, for example, this is a uniquely owned `Arc`. 147 code: Arc<EngineCode>, 148 149 /// A set of initialization images for memories, if any. 150 /// 151 /// Note that this is behind a `OnceCell` to lazily create this image. On 152 /// Linux where `memfd_create` may be used to create the backing memory 153 /// image this is a pretty expensive operation, so by deferring it this 154 /// improves memory usage for modules that are created but may not ever be 155 /// instantiated. 156 memory_images: OnceLock<Option<ModuleMemoryImages>>, 157 158 /// Flag indicating whether this module can be serialized or not. 159 #[cfg(any(feature = "cranelift", feature = "winch"))] 160 serializable: bool, 161 162 /// Runtime offset information for `VMContext`. 163 offsets: VMOffsets<HostPtr>, 164 } 165 166 impl fmt::Debug for Module { 167 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 168 f.debug_struct("Module") 169 .field("name", &self.name()) 170 .finish_non_exhaustive() 171 } 172 } 173 174 impl fmt::Debug for ModuleInner { 175 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 176 f.debug_struct("ModuleInner") 177 .field("name", &self.module.module().name.as_ref()) 178 .finish_non_exhaustive() 179 } 180 } 181 182 impl Module { 183 /// Creates a new WebAssembly `Module` from the given in-memory `bytes`. 184 /// 185 /// The `bytes` provided must be in one of the following formats: 186 /// 187 /// * A [binary-encoded][binary] WebAssembly module. This is always supported. 188 /// * A [text-encoded][text] instance of the WebAssembly text format. 189 /// This is only supported when the `wat` feature of this crate is enabled. 190 /// If this is supplied then the text format will be parsed before validation. 191 /// Note that the `wat` feature is enabled by default. 192 /// 193 /// The data for the wasm module must be loaded in-memory if it's present 194 /// elsewhere, for example on disk. This requires that the entire binary is 195 /// loaded into memory all at once, this API does not support streaming 196 /// compilation of a module. 197 /// 198 /// The WebAssembly binary will be decoded and validated. It will also be 199 /// compiled according to the configuration of the provided `engine`. 200 /// 201 /// # Errors 202 /// 203 /// This function may fail and return an error. Errors may include 204 /// situations such as: 205 /// 206 /// * The binary provided could not be decoded because it's not a valid 207 /// WebAssembly binary 208 /// * The WebAssembly binary may not validate (e.g. contains type errors) 209 /// * Implementation-specific limits were exceeded with a valid binary (for 210 /// example too many locals) 211 /// * The wasm binary may use features that are not enabled in the 212 /// configuration of `engine` 213 /// * If the `wat` feature is enabled and the input is text, then it may be 214 /// rejected if it fails to parse. 215 /// 216 /// The error returned should contain full information about why module 217 /// creation failed if one is returned. 218 /// 219 /// [binary]: https://webassembly.github.io/spec/core/binary/index.html 220 /// [text]: https://webassembly.github.io/spec/core/text/index.html 221 /// 222 /// # Examples 223 /// 224 /// The `new` function can be invoked with a in-memory array of bytes: 225 /// 226 /// ```no_run 227 /// # use wasmtime::*; 228 /// # fn main() -> anyhow::Result<()> { 229 /// # let engine = Engine::default(); 230 /// # let wasm_bytes: Vec<u8> = Vec::new(); 231 /// let module = Module::new(&engine, &wasm_bytes)?; 232 /// # Ok(()) 233 /// # } 234 /// ``` 235 /// 236 /// Or you can also pass in a string to be parsed as the wasm text 237 /// format: 238 /// 239 /// ``` 240 /// # use wasmtime::*; 241 /// # fn main() -> anyhow::Result<()> { 242 /// # let engine = Engine::default(); 243 /// let module = Module::new(&engine, "(module (func))")?; 244 /// # Ok(()) 245 /// # } 246 /// ``` 247 #[cfg(any(feature = "cranelift", feature = "winch"))] 248 pub fn new(engine: &Engine, bytes: impl AsRef<[u8]>) -> Result<Module> { 249 crate::CodeBuilder::new(engine) 250 .wasm_binary_or_text(bytes.as_ref(), None)? 251 .compile_module() 252 } 253 254 /// Creates a new WebAssembly `Module` from the contents of the given 255 /// `file` on disk. 256 /// 257 /// This is a convenience function that will read the `file` provided and 258 /// pass the bytes to the [`Module::new`] function. For more information 259 /// see [`Module::new`] 260 /// 261 /// # Examples 262 /// 263 /// ```no_run 264 /// # use wasmtime::*; 265 /// # fn main() -> anyhow::Result<()> { 266 /// let engine = Engine::default(); 267 /// let module = Module::from_file(&engine, "./path/to/foo.wasm")?; 268 /// # Ok(()) 269 /// # } 270 /// ``` 271 /// 272 /// The `.wat` text format is also supported: 273 /// 274 /// ```no_run 275 /// # use wasmtime::*; 276 /// # fn main() -> anyhow::Result<()> { 277 /// # let engine = Engine::default(); 278 /// let module = Module::from_file(&engine, "./path/to/foo.wat")?; 279 /// # Ok(()) 280 /// # } 281 /// ``` 282 #[cfg(all(feature = "std", any(feature = "cranelift", feature = "winch")))] 283 pub fn from_file(engine: &Engine, file: impl AsRef<Path>) -> Result<Module> { 284 crate::CodeBuilder::new(engine) 285 .wasm_binary_or_text_file(file.as_ref())? 286 .compile_module() 287 } 288 289 /// Creates a new WebAssembly `Module` from the given in-memory `binary` 290 /// data. 291 /// 292 /// This is similar to [`Module::new`] except that it requires that the 293 /// `binary` input is a WebAssembly binary, the text format is not supported 294 /// by this function. It's generally recommended to use [`Module::new`], but 295 /// if it's required to not support the text format this function can be 296 /// used instead. 297 /// 298 /// # Examples 299 /// 300 /// ``` 301 /// # use wasmtime::*; 302 /// # fn main() -> anyhow::Result<()> { 303 /// # let engine = Engine::default(); 304 /// let wasm = b"\0asm\x01\0\0\0"; 305 /// let module = Module::from_binary(&engine, wasm)?; 306 /// # Ok(()) 307 /// # } 308 /// ``` 309 /// 310 /// Note that the text format is **not** accepted by this function: 311 /// 312 /// ``` 313 /// # use wasmtime::*; 314 /// # fn main() -> anyhow::Result<()> { 315 /// # let engine = Engine::default(); 316 /// assert!(Module::from_binary(&engine, b"(module)").is_err()); 317 /// # Ok(()) 318 /// # } 319 /// ``` 320 #[cfg(any(feature = "cranelift", feature = "winch"))] 321 pub fn from_binary(engine: &Engine, binary: &[u8]) -> Result<Module> { 322 crate::CodeBuilder::new(engine) 323 .wasm_binary(binary, None)? 324 .compile_module() 325 } 326 327 /// Creates a new WebAssembly `Module` from the contents of the given `file` 328 /// on disk, but with assumptions that the file is from a trusted source. 329 /// The file should be a binary- or text-format WebAssembly module, or a 330 /// precompiled artifact generated by the same version of Wasmtime. 331 /// 332 /// # Unsafety 333 /// 334 /// All of the reasons that [`deserialize`] is `unsafe` apply to this 335 /// function as well. Arbitrary data loaded from a file may trick Wasmtime 336 /// into arbitrary code execution since the contents of the file are not 337 /// validated to be a valid precompiled module. 338 /// 339 /// [`deserialize`]: Module::deserialize 340 /// 341 /// Additionally though this function is also `unsafe` because the file 342 /// referenced must remain unchanged and a valid precompiled module for the 343 /// entire lifetime of the [`Module`] returned. Any changes to the file on 344 /// disk may change future instantiations of the module to be incorrect. 345 /// This is because the file is mapped into memory and lazily loaded pages 346 /// reflect the current state of the file, not necessarily the original 347 /// state of the file. 348 #[cfg(all(feature = "std", any(feature = "cranelift", feature = "winch")))] 349 pub unsafe fn from_trusted_file(engine: &Engine, file: impl AsRef<Path>) -> Result<Module> { 350 let open_file = open_file_for_mmap(file.as_ref())?; 351 let mmap = crate::runtime::vm::MmapVec::from_file(open_file)?; 352 if &mmap[0..4] == b"\x7fELF" { 353 let code = engine.load_code(mmap, ObjectKind::Module)?; 354 return Module::from_parts(engine, code, None); 355 } 356 357 crate::CodeBuilder::new(engine) 358 .wasm_binary_or_text(&mmap[..], Some(file.as_ref()))? 359 .compile_module() 360 } 361 362 /// Deserializes an in-memory compiled module previously created with 363 /// [`Module::serialize`] or [`Engine::precompile_module`]. 364 /// 365 /// This function will deserialize the binary blobs emitted by 366 /// [`Module::serialize`] and [`Engine::precompile_module`] back into an 367 /// in-memory [`Module`] that's ready to be instantiated. 368 /// 369 /// Note that the [`Module::deserialize_file`] method is more optimized than 370 /// this function, so if the serialized module is already present in a file 371 /// it's recommended to use that method instead. 372 /// 373 /// # Unsafety 374 /// 375 /// This function is marked as `unsafe` because if fed invalid input or used 376 /// improperly this could lead to memory safety vulnerabilities. This method 377 /// should not, for example, be exposed to arbitrary user input. 378 /// 379 /// The structure of the binary blob read here is only lightly validated 380 /// internally in `wasmtime`. This is intended to be an efficient 381 /// "rehydration" for a [`Module`] which has very few runtime checks beyond 382 /// deserialization. Arbitrary input could, for example, replace valid 383 /// compiled code with any other valid compiled code, meaning that this can 384 /// trivially be used to execute arbitrary code otherwise. 385 /// 386 /// For these reasons this function is `unsafe`. This function is only 387 /// designed to receive the previous input from [`Module::serialize`] and 388 /// [`Engine::precompile_module`]. If the exact output of those functions 389 /// (unmodified) is passed to this function then calls to this function can 390 /// be considered safe. It is the caller's responsibility to provide the 391 /// guarantee that only previously-serialized bytes are being passed in 392 /// here. 393 /// 394 /// Note that this function is designed to be safe receiving output from 395 /// *any* compiled version of `wasmtime` itself. This means that it is safe 396 /// to feed output from older versions of Wasmtime into this function, in 397 /// addition to newer versions of wasmtime (from the future!). These inputs 398 /// will deterministically and safely produce an `Err`. This function only 399 /// successfully accepts inputs from the same version of `wasmtime`, but the 400 /// safety guarantee only applies to externally-defined blobs of bytes, not 401 /// those defined by any version of wasmtime. (this means that if you cache 402 /// blobs across versions of wasmtime you can be safely guaranteed that 403 /// future versions of wasmtime will reject old cache entries). 404 pub unsafe fn deserialize(engine: &Engine, bytes: impl AsRef<[u8]>) -> Result<Module> { 405 let code = engine.load_code_bytes(bytes.as_ref(), ObjectKind::Module)?; 406 Module::from_parts(engine, code, None) 407 } 408 409 /// In-place deserialization of an in-memory compiled module previously 410 /// created with [`Module::serialize`] or [`Engine::precompile_module`]. 411 /// 412 /// See [`Self::deserialize`] for additional information; this method 413 /// works identically except that it will not create a copy of the provided 414 /// memory but will use it directly. 415 /// 416 /// # Unsafety 417 /// 418 /// All of the safety notes from [`Self::deserialize`] apply here as well 419 /// with the additional constraint that the code memory provide by `memory` 420 /// lives for as long as the module and is nevery externally modified for 421 /// the lifetime of the deserialized module. 422 pub unsafe fn deserialize_raw(engine: &Engine, memory: NonNull<[u8]>) -> Result<Module> { 423 // SAFETY: the contract required by `load_code_raw` is the same as this 424 // function. 425 let code = unsafe { engine.load_code_raw(memory, ObjectKind::Module)? }; 426 Module::from_parts(engine, code, None) 427 } 428 429 /// Same as [`deserialize`], except that the contents of `path` are read to 430 /// deserialize into a [`Module`]. 431 /// 432 /// This method is provided because it can be faster than [`deserialize`] 433 /// since the data doesn't need to be copied around, but rather the module 434 /// can be used directly from an mmap'd view of the file provided. 435 /// 436 /// [`deserialize`]: Module::deserialize 437 /// 438 /// # Unsafety 439 /// 440 /// All of the reasons that [`deserialize`] is `unsafe` applies to this 441 /// function as well. Arbitrary data loaded from a file may trick Wasmtime 442 /// into arbitrary code execution since the contents of the file are not 443 /// validated to be a valid precompiled module. 444 /// 445 /// Additionally though this function is also `unsafe` because the file 446 /// referenced must remain unchanged and a valid precompiled module for the 447 /// entire lifetime of the [`Module`] returned. Any changes to the file on 448 /// disk may change future instantiations of the module to be incorrect. 449 /// This is because the file is mapped into memory and lazily loaded pages 450 /// reflect the current state of the file, not necessarily the original 451 /// state of the file. 452 #[cfg(feature = "std")] 453 pub unsafe fn deserialize_file(engine: &Engine, path: impl AsRef<Path>) -> Result<Module> { 454 let file = open_file_for_mmap(path.as_ref())?; 455 // SAFETY: the contract of `deserialize_open_file` is the samea s this 456 // function. 457 unsafe { 458 Self::deserialize_open_file(engine, file) 459 .with_context(|| format!("failed deserialization for: {}", path.as_ref().display())) 460 } 461 } 462 463 /// Same as [`deserialize_file`], except that it takes an open `File` 464 /// instead of a path. 465 /// 466 /// This method is provided because it can be used instead of 467 /// [`deserialize_file`] in situations where `wasmtime` is running with 468 /// limited file system permissions. In that case a process 469 /// with file system access can pass already opened files to `wasmtime`. 470 /// 471 /// [`deserialize_file`]: Module::deserialize_file 472 /// 473 /// Note that the corresponding will be mapped as private writeable 474 /// (copy-on-write) and executable. For `windows` this means the file needs 475 /// to be opened with at least `FILE_GENERIC_READ | FILE_GENERIC_EXECUTE` 476 /// [`access_mode`]. 477 /// 478 /// [`access_mode`]: https://doc.rust-lang.org/std/os/windows/fs/trait.OpenOptionsExt.html#tymethod.access_mode 479 /// 480 /// # Unsafety 481 /// 482 /// All of the reasons that [`deserialize_file`] is `unsafe` applies to this 483 /// function as well. 484 #[cfg(feature = "std")] 485 pub unsafe fn deserialize_open_file(engine: &Engine, file: File) -> Result<Module> { 486 let code = engine.load_code_file(file, ObjectKind::Module)?; 487 Module::from_parts(engine, code, None) 488 } 489 490 /// Entrypoint for creating a `Module` for all above functions, both 491 /// of the AOT and jit-compiled categories. 492 /// 493 /// In all cases the compilation artifact, `code_memory`, is provided here. 494 /// The `info_and_types` argument is `None` when a module is being 495 /// deserialized from a precompiled artifact or it's `Some` if it was just 496 /// compiled and the values are already available. 497 pub(crate) fn from_parts( 498 engine: &Engine, 499 code_memory: Arc<CodeMemory>, 500 info_and_types: Option<(CompiledModuleInfo, CompiledFunctionsTable, ModuleTypes)>, 501 ) -> Result<Self> { 502 // Acquire this module's metadata and type information, deserializing 503 // it from the provided artifact if it wasn't otherwise provided 504 // already. 505 let (mut info, index, mut types) = match info_and_types { 506 Some((info, index, types)) => (info, index, types), 507 None => postcard::from_bytes(code_memory.wasmtime_info())?, 508 }; 509 510 // Register function type signatures into the engine for the lifetime 511 // of the `Module` that will be returned. This notably also builds up 512 // maps for trampolines to be used for this module when inserted into 513 // stores. 514 // 515 // Note that the unsafety here should be ok since the `trampolines` 516 // field should only point to valid trampoline function pointers 517 // within the text section. 518 let signatures = 519 engine.register_and_canonicalize_types(&mut types, core::iter::once(&mut info.module)); 520 521 // Package up all our data into an `EngineCode` and delegate to the final 522 // step of module compilation. 523 let code = Arc::new(EngineCode::new(code_memory, signatures, types.into())); 524 let index = Arc::new(index); 525 Module::from_parts_raw(engine, code, info, index, true) 526 } 527 528 pub(crate) fn from_parts_raw( 529 engine: &Engine, 530 code: Arc<EngineCode>, 531 info: CompiledModuleInfo, 532 index: Arc<CompiledFunctionsTable>, 533 serializable: bool, 534 ) -> Result<Self> { 535 let module = CompiledModule::from_artifacts(code.clone(), info, index, engine.profiler())?; 536 537 // Validate the module can be used with the current instance allocator. 538 let offsets = VMOffsets::new(HostPtr, module.module()); 539 engine 540 .allocator() 541 .validate_module(module.module(), &offsets)?; 542 543 let _ = serializable; 544 545 Ok(Self { 546 inner: Arc::new(ModuleInner { 547 engine: engine.clone(), 548 code, 549 memory_images: OnceLock::new(), 550 module, 551 #[cfg(any(feature = "cranelift", feature = "winch"))] 552 serializable, 553 offsets, 554 }), 555 }) 556 } 557 558 /// Validates `binary` input data as a WebAssembly binary given the 559 /// configuration in `engine`. 560 /// 561 /// This function will perform a speedy validation of the `binary` input 562 /// WebAssembly module (which is in [binary form][binary], the text format 563 /// is not accepted by this function) and return either `Ok` or `Err` 564 /// depending on the results of validation. The `engine` argument indicates 565 /// configuration for WebAssembly features, for example, which are used to 566 /// indicate what should be valid and what shouldn't be. 567 /// 568 /// Validation automatically happens as part of [`Module::new`]. 569 /// 570 /// # Errors 571 /// 572 /// If validation fails for any reason (type check error, usage of a feature 573 /// that wasn't enabled, etc) then an error with a description of the 574 /// validation issue will be returned. 575 /// 576 /// [binary]: https://webassembly.github.io/spec/core/binary/index.html 577 pub fn validate(engine: &Engine, binary: &[u8]) -> Result<()> { 578 let mut validator = Validator::new_with_features(engine.features()); 579 580 let mut functions = Vec::new(); 581 for payload in Parser::new(0).parse_all(binary) { 582 let payload = payload?; 583 if let ValidPayload::Func(a, b) = validator.payload(&payload)? { 584 functions.push((a, b)); 585 } 586 if let wasmparser::Payload::Version { encoding, .. } = &payload { 587 if let wasmparser::Encoding::Component = encoding { 588 bail!("component passed to module validation"); 589 } 590 } 591 } 592 593 engine.run_maybe_parallel(functions, |(validator, body)| { 594 // FIXME: it would be best here to use a rayon-specific parallel 595 // iterator that maintains state-per-thread to share the function 596 // validator allocations (`Default::default` here) across multiple 597 // functions. 598 validator.into_validator(Default::default()).validate(&body) 599 })?; 600 Ok(()) 601 } 602 603 /// Serializes this module to a vector of bytes. 604 /// 605 /// This function is similar to the [`Engine::precompile_module`] method 606 /// where it produces an artifact of Wasmtime which is suitable to later 607 /// pass into [`Module::deserialize`]. If a module is never instantiated 608 /// then it's recommended to use [`Engine::precompile_module`] instead of 609 /// this method, but if a module is both instantiated and serialized then 610 /// this method can be useful to get the serialized version without 611 /// compiling twice. 612 #[cfg(any(feature = "cranelift", feature = "winch"))] 613 pub fn serialize(&self) -> Result<Vec<u8>> { 614 // The current representation of compiled modules within a compiled 615 // component means that it cannot be serialized. The mmap returned here 616 // is the mmap for the entire component and while it contains all 617 // necessary data to deserialize this particular module it's all 618 // embedded within component-specific information. 619 // 620 // It's not the hardest thing in the world to support this but it's 621 // expected that there's not much of a use case at this time. In theory 622 // all that needs to be done is to edit the `.wasmtime.info` section 623 // to contains this module's metadata instead of the metadata for the 624 // whole component. The metadata itself is fairly trivially 625 // recreateable here it's more that there's no easy one-off API for 626 // editing the sections of an ELF object to use here. 627 // 628 // Overall for now this simply always returns an error in this 629 // situation. If you're reading this and feel that the situation should 630 // be different please feel free to open an issue. 631 if !self.inner.serializable { 632 bail!("cannot serialize a module exported from a component"); 633 } 634 Ok(self.engine_code().image().to_vec()) 635 } 636 637 pub(crate) fn compiled_module(&self) -> &CompiledModule { 638 &self.inner.module 639 } 640 641 pub(crate) fn engine_code(&self) -> &Arc<EngineCode> { 642 &self.inner.code 643 } 644 645 pub(crate) fn env_module(&self) -> &Arc<wasmtime_environ::Module> { 646 self.compiled_module().module() 647 } 648 649 pub(crate) fn types(&self) -> &ModuleTypes { 650 self.inner.code.module_types() 651 } 652 653 #[cfg(any(feature = "component-model", feature = "gc-drc"))] 654 pub(crate) fn signatures(&self) -> &crate::type_registry::TypeCollection { 655 self.inner.code.signatures() 656 } 657 658 /// Returns identifier/name that this [`Module`] has. This name 659 /// is used in traps/backtrace details. 660 /// 661 /// Note that most LLVM/clang/Rust-produced modules do not have a name 662 /// associated with them, but other wasm tooling can be used to inject or 663 /// add a name. 664 /// 665 /// # Examples 666 /// 667 /// ``` 668 /// # use wasmtime::*; 669 /// # fn main() -> anyhow::Result<()> { 670 /// # let engine = Engine::default(); 671 /// let module = Module::new(&engine, "(module $foo)")?; 672 /// assert_eq!(module.name(), Some("foo")); 673 /// 674 /// let module = Module::new(&engine, "(module)")?; 675 /// assert_eq!(module.name(), None); 676 /// 677 /// # Ok(()) 678 /// # } 679 /// ``` 680 pub fn name(&self) -> Option<&str> { 681 self.compiled_module().module().name.as_deref() 682 } 683 684 /// Returns the list of imports that this [`Module`] has and must be 685 /// satisfied. 686 /// 687 /// This function returns the list of imports that the wasm module has, but 688 /// only the types of each import. The type of each import is used to 689 /// typecheck the [`Instance::new`](crate::Instance::new) method's `imports` 690 /// argument. The arguments to that function must match up 1-to-1 with the 691 /// entries in the array returned here. 692 /// 693 /// The imports returned reflect the order of the imports in the wasm module 694 /// itself, and note that no form of deduplication happens. 695 /// 696 /// # Examples 697 /// 698 /// Modules with no imports return an empty list here: 699 /// 700 /// ``` 701 /// # use wasmtime::*; 702 /// # fn main() -> anyhow::Result<()> { 703 /// # let engine = Engine::default(); 704 /// let module = Module::new(&engine, "(module)")?; 705 /// assert_eq!(module.imports().len(), 0); 706 /// # Ok(()) 707 /// # } 708 /// ``` 709 /// 710 /// and modules with imports will have a non-empty list: 711 /// 712 /// ``` 713 /// # use wasmtime::*; 714 /// # fn main() -> anyhow::Result<()> { 715 /// # let engine = Engine::default(); 716 /// let wat = r#" 717 /// (module 718 /// (import "host" "foo" (func)) 719 /// ) 720 /// "#; 721 /// let module = Module::new(&engine, wat)?; 722 /// assert_eq!(module.imports().len(), 1); 723 /// let import = module.imports().next().unwrap(); 724 /// assert_eq!(import.module(), "host"); 725 /// assert_eq!(import.name(), "foo"); 726 /// match import.ty() { 727 /// ExternType::Func(_) => { /* ... */ } 728 /// _ => panic!("unexpected import type!"), 729 /// } 730 /// # Ok(()) 731 /// # } 732 /// ``` 733 pub fn imports<'module>( 734 &'module self, 735 ) -> impl ExactSizeIterator<Item = ImportType<'module>> + 'module { 736 let module = self.compiled_module().module(); 737 let types = self.types(); 738 let engine = self.engine(); 739 module 740 .imports() 741 .map(move |(imp_mod, imp_field, ty)| { 742 debug_assert!(ty.is_canonicalized_for_runtime_usage()); 743 ImportType::new(imp_mod, imp_field, ty, types, engine) 744 }) 745 .collect::<Vec<_>>() 746 .into_iter() 747 } 748 749 /// Returns the list of exports that this [`Module`] has and will be 750 /// available after instantiation. 751 /// 752 /// This function will return the type of each item that will be returned 753 /// from [`Instance::exports`](crate::Instance::exports). Each entry in this 754 /// list corresponds 1-to-1 with that list, and the entries here will 755 /// indicate the name of the export along with the type of the export. 756 /// 757 /// # Examples 758 /// 759 /// Modules might not have any exports: 760 /// 761 /// ``` 762 /// # use wasmtime::*; 763 /// # fn main() -> anyhow::Result<()> { 764 /// # let engine = Engine::default(); 765 /// let module = Module::new(&engine, "(module)")?; 766 /// assert!(module.exports().next().is_none()); 767 /// # Ok(()) 768 /// # } 769 /// ``` 770 /// 771 /// When the exports are not empty, you can inspect each export: 772 /// 773 /// ``` 774 /// # use wasmtime::*; 775 /// # fn main() -> anyhow::Result<()> { 776 /// # let engine = Engine::default(); 777 /// let wat = r#" 778 /// (module 779 /// (func (export "foo")) 780 /// (memory (export "memory") 1) 781 /// ) 782 /// "#; 783 /// let module = Module::new(&engine, wat)?; 784 /// assert_eq!(module.exports().len(), 2); 785 /// 786 /// let mut exports = module.exports(); 787 /// let foo = exports.next().unwrap(); 788 /// assert_eq!(foo.name(), "foo"); 789 /// match foo.ty() { 790 /// ExternType::Func(_) => { /* ... */ } 791 /// _ => panic!("unexpected export type!"), 792 /// } 793 /// 794 /// let memory = exports.next().unwrap(); 795 /// assert_eq!(memory.name(), "memory"); 796 /// match memory.ty() { 797 /// ExternType::Memory(_) => { /* ... */ } 798 /// _ => panic!("unexpected export type!"), 799 /// } 800 /// # Ok(()) 801 /// # } 802 /// ``` 803 pub fn exports<'module>( 804 &'module self, 805 ) -> impl ExactSizeIterator<Item = ExportType<'module>> + 'module { 806 let module = self.compiled_module().module(); 807 let types = self.types(); 808 let engine = self.engine(); 809 module.exports.iter().map(move |(name, entity_index)| { 810 ExportType::new(name, module.type_of(*entity_index), types, engine) 811 }) 812 } 813 814 /// Looks up an export in this [`Module`] by name. 815 /// 816 /// This function will return the type of an export with the given name. 817 /// 818 /// # Examples 819 /// 820 /// There may be no export with that name: 821 /// 822 /// ``` 823 /// # use wasmtime::*; 824 /// # fn main() -> anyhow::Result<()> { 825 /// # let engine = Engine::default(); 826 /// let module = Module::new(&engine, "(module)")?; 827 /// assert!(module.get_export("foo").is_none()); 828 /// # Ok(()) 829 /// # } 830 /// ``` 831 /// 832 /// When there is an export with that name, it is returned: 833 /// 834 /// ``` 835 /// # use wasmtime::*; 836 /// # fn main() -> anyhow::Result<()> { 837 /// # let engine = Engine::default(); 838 /// let wat = r#" 839 /// (module 840 /// (func (export "foo")) 841 /// (memory (export "memory") 1) 842 /// ) 843 /// "#; 844 /// let module = Module::new(&engine, wat)?; 845 /// let foo = module.get_export("foo"); 846 /// assert!(foo.is_some()); 847 /// 848 /// let foo = foo.unwrap(); 849 /// match foo { 850 /// ExternType::Func(_) => { /* ... */ } 851 /// _ => panic!("unexpected export type!"), 852 /// } 853 /// 854 /// # Ok(()) 855 /// # } 856 /// ``` 857 pub fn get_export(&self, name: &str) -> Option<ExternType> { 858 let module = self.compiled_module().module(); 859 let entity_index = module.exports.get(name)?; 860 Some(ExternType::from_wasmtime( 861 self.engine(), 862 self.types(), 863 &module.type_of(*entity_index), 864 )) 865 } 866 867 /// Looks up an export in this [`Module`] by name to get its index. 868 /// 869 /// This function will return the index of an export with the given name. This can be useful 870 /// to avoid the cost of looking up the export by name multiple times. Instead the 871 /// [`ModuleExport`] can be stored and used to look up the export on the 872 /// [`Instance`](crate::Instance) later. 873 pub fn get_export_index(&self, name: &str) -> Option<ModuleExport> { 874 let compiled_module = self.compiled_module(); 875 let module = compiled_module.module(); 876 let entity = *module.exports.get(name)?; 877 Some(ModuleExport { 878 module: self.id(), 879 entity, 880 }) 881 } 882 883 /// Returns the [`Engine`] that this [`Module`] was compiled by. 884 pub fn engine(&self) -> &Engine { 885 &self.inner.engine 886 } 887 888 /// Returns a summary of the resources required to instantiate this 889 /// [`Module`]. 890 /// 891 /// Potential uses of the returned information: 892 /// 893 /// * Determining whether your pooling allocator configuration supports 894 /// instantiating this module. 895 /// 896 /// * Deciding how many of which `Module` you want to instantiate within a 897 /// fixed amount of resources, e.g. determining whether to create 5 898 /// instances of module X or 10 instances of module Y. 899 /// 900 /// # Example 901 /// 902 /// ``` 903 /// # fn main() -> wasmtime::Result<()> { 904 /// use wasmtime::{Config, Engine, Module}; 905 /// 906 /// let mut config = Config::new(); 907 /// config.wasm_multi_memory(true); 908 /// let engine = Engine::new(&config)?; 909 /// 910 /// let module = Module::new(&engine, r#" 911 /// (module 912 /// ;; Import a memory. Doesn't count towards required resources. 913 /// (import "a" "b" (memory 10)) 914 /// ;; Define two local memories. These count towards the required 915 /// ;; resources. 916 /// (memory 1) 917 /// (memory 6) 918 /// ) 919 /// "#)?; 920 /// 921 /// let resources = module.resources_required(); 922 /// 923 /// // Instantiating the module will require allocating two memories, and 924 /// // the maximum initial memory size is six Wasm pages. 925 /// assert_eq!(resources.num_memories, 2); 926 /// assert_eq!(resources.max_initial_memory_size, Some(6)); 927 /// 928 /// // The module doesn't need any tables. 929 /// assert_eq!(resources.num_tables, 0); 930 /// assert_eq!(resources.max_initial_table_size, None); 931 /// # Ok(()) } 932 /// ``` 933 pub fn resources_required(&self) -> ResourcesRequired { 934 let em = self.env_module(); 935 let num_memories = u32::try_from(em.num_defined_memories()).unwrap(); 936 let max_initial_memory_size = em 937 .memories 938 .values() 939 .skip(em.num_imported_memories) 940 .map(|memory| memory.limits.min) 941 .max(); 942 let num_tables = u32::try_from(em.num_defined_tables()).unwrap(); 943 let max_initial_table_size = em 944 .tables 945 .values() 946 .skip(em.num_imported_tables) 947 .map(|table| table.limits.min) 948 .max(); 949 ResourcesRequired { 950 num_memories, 951 max_initial_memory_size, 952 num_tables, 953 max_initial_table_size, 954 } 955 } 956 957 /// Returns the range of bytes in memory where this module's compilation 958 /// image resides. 959 /// 960 /// The compilation image for a module contains executable code, data, debug 961 /// information, etc. This is roughly the same as the `Module::serialize` 962 /// but not the exact same. 963 /// 964 /// The range of memory reported here is exposed to allow low-level 965 /// manipulation of the memory in platform-specific manners such as using 966 /// `mlock` to force the contents to be paged in immediately or keep them 967 /// paged in after they're loaded. 968 /// 969 /// It is not safe to modify the memory in this range, nor is it safe to 970 /// modify the protections of memory in this range. 971 /// 972 /// Note that depending on the engine configuration, this image 973 /// range may not actually be the code that is directly executed. 974 pub fn image_range(&self) -> Range<*const u8> { 975 let range = self.engine_code().text_range(); 976 let start = range.start.raw() as *const u8; 977 let end = range.end.raw() as *const u8; 978 start..end 979 } 980 981 /// Force initialization of copy-on-write images to happen here-and-now 982 /// instead of when they're requested during first instantiation. 983 /// 984 /// When [copy-on-write memory 985 /// initialization](crate::Config::memory_init_cow) is enabled then Wasmtime 986 /// will lazily create the initialization image for a module. This method 987 /// can be used to explicitly dictate when this initialization happens. 988 /// 989 /// Note that this largely only matters on Linux when memfd is used. 990 /// Otherwise the copy-on-write image typically comes from disk and in that 991 /// situation the creation of the image is trivial as the image is always 992 /// sourced from disk. On Linux, though, when memfd is used a memfd is 993 /// created and the initialization image is written to it. 994 /// 995 /// Also note that this method is not required to be called, it's available 996 /// as a performance optimization if required but is otherwise handled 997 /// automatically. 998 pub fn initialize_copy_on_write_image(&self) -> Result<()> { 999 self.memory_images()?; 1000 Ok(()) 1001 } 1002 1003 /// Get the map from `.text` section offsets to Wasm binary offsets for this 1004 /// module. 1005 /// 1006 /// Each entry is a (`.text` section offset, Wasm binary offset) pair. 1007 /// 1008 /// Entries are yielded in order of `.text` section offset. 1009 /// 1010 /// Some entries are missing a Wasm binary offset. This is for code that is 1011 /// not associated with any single location in the Wasm binary, or for when 1012 /// source information was optimized away. 1013 /// 1014 /// Not every module has an address map, since address map generation can be 1015 /// turned off on `Config`. 1016 /// 1017 /// There is not an entry for every `.text` section offset. Every offset 1018 /// after an entry's offset, but before the next entry's offset, is 1019 /// considered to map to the same Wasm binary offset as the original 1020 /// entry. For example, the address map will not contain the following 1021 /// sequence of entries: 1022 /// 1023 /// ```ignore 1024 /// [ 1025 /// // ... 1026 /// (10, Some(42)), 1027 /// (11, Some(42)), 1028 /// (12, Some(42)), 1029 /// (13, Some(43)), 1030 /// // ... 1031 /// ] 1032 /// ``` 1033 /// 1034 /// Instead, it will drop the entries for offsets `11` and `12` since they 1035 /// are the same as the entry for offset `10`: 1036 /// 1037 /// ```ignore 1038 /// [ 1039 /// // ... 1040 /// (10, Some(42)), 1041 /// (13, Some(43)), 1042 /// // ... 1043 /// ] 1044 /// ``` 1045 pub fn address_map<'a>(&'a self) -> Option<impl Iterator<Item = (usize, Option<u32>)> + 'a> { 1046 Some( 1047 wasmtime_environ::iterate_address_map(self.engine_code().address_map_data())? 1048 .map(|(offset, file_pos)| (offset as usize, file_pos.file_offset())), 1049 ) 1050 } 1051 1052 /// Get this module's code object's `.text` section, containing its compiled 1053 /// executable code. 1054 pub fn text(&self) -> &[u8] { 1055 self.engine_code().text() 1056 } 1057 1058 /// Get information about functions in this module's `.text` section: their 1059 /// index, name, and offset+length. 1060 /// 1061 /// Results are yielded in a ModuleFunction struct. 1062 pub fn functions<'a>(&'a self) -> impl ExactSizeIterator<Item = ModuleFunction> + 'a { 1063 let module = self.compiled_module(); 1064 self.env_module().defined_func_indices().map(|idx| { 1065 let loc = module.func_loc(idx); 1066 let idx = module.module().func_index(idx); 1067 ModuleFunction { 1068 index: idx, 1069 name: module.func_name(idx).map(|n| n.to_string()), 1070 offset: loc.start as usize, 1071 len: loc.length as usize, 1072 } 1073 }) 1074 } 1075 1076 pub(crate) fn id(&self) -> CompiledModuleId { 1077 self.inner.module.unique_id() 1078 } 1079 1080 pub(crate) fn offsets(&self) -> &VMOffsets<HostPtr> { 1081 &self.inner.offsets 1082 } 1083 1084 /// Return the address, in memory, of the trampoline that allows Wasm to 1085 /// call a array function of the given signature. 1086 /// 1087 /// Note that unlike all other code-pointer-returning functions, 1088 /// this *can* be present on `Module` (without a `StoreCode`) 1089 /// because we can execute the `EngineCode` for trampolines that 1090 /// leave the store to call the host. 1091 pub(crate) fn wasm_to_array_trampoline( 1092 &self, 1093 signature: VMSharedTypeIndex, 1094 ) -> Option<NonNull<VMWasmCallFunction>> { 1095 log::trace!("Looking up trampoline for {signature:?}"); 1096 let trampoline_shared_ty = self.inner.engine.signatures().trampoline_type(signature); 1097 let trampoline_module_ty = self 1098 .inner 1099 .code 1100 .signatures() 1101 .trampoline_type(trampoline_shared_ty)?; 1102 debug_assert!( 1103 self.inner 1104 .engine 1105 .signatures() 1106 .borrow( 1107 self.inner 1108 .code 1109 .signatures() 1110 .shared_type(trampoline_module_ty) 1111 .unwrap() 1112 ) 1113 .unwrap() 1114 .unwrap_func() 1115 .is_trampoline_type() 1116 ); 1117 1118 let ptr = self 1119 .compiled_module() 1120 .wasm_to_array_trampoline(trampoline_module_ty) 1121 .expect("always have a trampoline for the trampoline type") 1122 .as_ptr() 1123 .cast::<VMWasmCallFunction>() 1124 .cast_mut(); 1125 Some(NonNull::new(ptr).unwrap()) 1126 } 1127 1128 pub(crate) fn memory_images(&self) -> Result<Option<&ModuleMemoryImages>> { 1129 let images = self 1130 .inner 1131 .memory_images 1132 .get_or_try_init(|| memory_images(&self.inner))? 1133 .as_ref(); 1134 Ok(images) 1135 } 1136 1137 /// Obtain an exception-table parser on this module's exception metadata. 1138 #[cfg(feature = "gc")] 1139 pub(crate) fn exception_table<'a>(&'a self) -> ExceptionTable<'a> { 1140 ExceptionTable::parse(self.inner.code.exception_tables()) 1141 .expect("Exception tables were validated on module load") 1142 } 1143 1144 /// Obtain a frame-table parser on this module's frame state slot 1145 /// (debug instrumentation) metadata. 1146 #[cfg(feature = "debug")] 1147 pub(crate) fn frame_table<'a>(&'a self) -> Option<FrameTable<'a>> { 1148 let data = self.inner.code.frame_tables(); 1149 if data.is_empty() { 1150 None 1151 } else { 1152 let orig_text = self.inner.code.text(); 1153 Some( 1154 FrameTable::parse(data, orig_text) 1155 .expect("Frame tables were validated on module load"), 1156 ) 1157 } 1158 } 1159 1160 /// Is this `Module` the same as another? 1161 /// 1162 /// Ordinarily, module identity does not matter: a Wasmtime user 1163 /// will create or obtain a module from some source and 1164 /// instantiate it, and any two `Module` objects created from the 1165 /// same source module are interchangeable. However, introspecting 1166 /// module identity may be useful when examining Wasm VM state, 1167 /// e.g. via debug APIs. It is guaranteed that `Module::same` 1168 /// returns true for `Module` objects that reference the same 1169 /// underlying module (e.g., one created via a `clone` of the 1170 /// other). 1171 #[inline] 1172 pub fn same(a: &Module, b: &Module) -> bool { 1173 Arc::ptr_eq(&a.inner, &b.inner) 1174 } 1175 } 1176 1177 /// Describes a function for a given module. 1178 pub struct ModuleFunction { 1179 pub index: wasmtime_environ::FuncIndex, 1180 pub name: Option<String>, 1181 pub offset: usize, 1182 pub len: usize, 1183 } 1184 1185 impl Drop for ModuleInner { 1186 fn drop(&mut self) { 1187 // When a `Module` is being dropped that means that it's no longer 1188 // present in any `Store` and it's additionally not longer held by any 1189 // embedder. Take this opportunity to purge any lingering instantiations 1190 // within a pooling instance allocator, if applicable. 1191 self.engine 1192 .allocator() 1193 .purge_module(self.module.unique_id()); 1194 } 1195 } 1196 1197 /// Describes the location of an export in a module. 1198 #[derive(Copy, Clone)] 1199 pub struct ModuleExport { 1200 /// The module that this export is defined in. 1201 pub(crate) module: CompiledModuleId, 1202 /// A raw index into the wasm module. 1203 pub(crate) entity: EntityIndex, 1204 } 1205 1206 fn _assert_send_sync() { 1207 fn _assert<T: Send + Sync>() {} 1208 _assert::<Module>(); 1209 } 1210 1211 /// Helper method to construct a `ModuleMemoryImages` for an associated 1212 /// `CompiledModule`. 1213 fn memory_images(inner: &Arc<ModuleInner>) -> Result<Option<ModuleMemoryImages>> { 1214 // If initialization via copy-on-write is explicitly disabled in 1215 // configuration then this path is skipped entirely. 1216 if !inner.engine.tunables().memory_init_cow { 1217 return Ok(None); 1218 } 1219 1220 // ... otherwise logic is delegated to the `ModuleMemoryImages::new` 1221 // constructor. 1222 ModuleMemoryImages::new( 1223 &inner.engine, 1224 inner.module.module(), 1225 inner.code.module_memory_image_source(), 1226 ) 1227 } 1228 1229 impl crate::vm::ModuleMemoryImageSource for CodeMemory { 1230 fn wasm_data(&self) -> &[u8] { 1231 <Self>::wasm_data(self) 1232 } 1233 1234 fn mmap(&self) -> Option<&MmapVec> { 1235 Some(<Self>::mmap(self)) 1236 } 1237 } 1238 1239 #[cfg(test)] 1240 mod tests { 1241 use crate::{Engine, Module}; 1242 use wasmtime_environ::MemoryInitialization; 1243 1244 #[test] 1245 fn cow_on_by_default() { 1246 let engine = Engine::default(); 1247 let module = Module::new( 1248 &engine, 1249 r#" 1250 (module 1251 (memory 1) 1252 (data (i32.const 100) "abcd") 1253 ) 1254 "#, 1255 ) 1256 .unwrap(); 1257 1258 let init = &module.env_module().memory_initialization; 1259 assert!(matches!(init, MemoryInitialization::Static { .. })); 1260 } 1261 } 1262