1 use crate::prelude::*; 2 #[cfg(feature = "std")] 3 use crate::runtime::vm::open_file_for_mmap; 4 use crate::runtime::vm::{CompiledModuleId, MmapVec, ModuleMemoryImages, VMWasmCallFunction}; 5 use crate::sync::OnceLock; 6 use crate::{ 7 Engine, 8 code::EngineCode, 9 code_memory::CodeMemory, 10 instantiate::CompiledModule, 11 resources::ResourcesRequired, 12 types::{ExportType, ExternType, ImportType}, 13 }; 14 use alloc::sync::Arc; 15 use core::fmt; 16 use core::ops::Range; 17 use core::ptr::NonNull; 18 #[cfg(feature = "std")] 19 use std::{fs::File, path::Path}; 20 use wasmparser::{Parser, ValidPayload, Validator}; 21 #[cfg(feature = "debug")] 22 use wasmtime_environ::FrameTable; 23 use wasmtime_environ::{ 24 CompiledFunctionsTable, CompiledModuleInfo, EntityIndex, HostPtr, ModuleTypes, ObjectKind, 25 TypeTrace, VMOffsets, VMSharedTypeIndex, 26 }; 27 #[cfg(feature = "gc")] 28 use wasmtime_unwinder::ExceptionTable; 29 mod registry; 30 31 pub use registry::*; 32 33 /// A compiled WebAssembly module, ready to be instantiated. 34 /// 35 /// A `Module` is a compiled in-memory representation of an input WebAssembly 36 /// binary. A `Module` is then used to create an [`Instance`](crate::Instance) 37 /// through an instantiation process. You cannot call functions or fetch 38 /// globals, for example, on a `Module` because it's purely a code 39 /// representation. Instead you'll need to create an 40 /// [`Instance`](crate::Instance) to interact with the wasm module. 41 /// 42 /// A `Module` can be created by compiling WebAssembly code through APIs such as 43 /// [`Module::new`]. This would be a JIT-style use case where code is compiled 44 /// just before it's used. Alternatively a `Module` can be compiled in one 45 /// process and [`Module::serialize`] can be used to save it to storage. A later 46 /// call to [`Module::deserialize`] will quickly load the module to execute and 47 /// does not need to compile any code, representing a more AOT-style use case. 48 /// 49 /// Currently a `Module` does not implement any form of tiering or dynamic 50 /// optimization of compiled code. Creation of a `Module` via [`Module::new`] or 51 /// related APIs will perform the entire compilation step synchronously. When 52 /// finished no further compilation will happen at runtime or later during 53 /// execution of WebAssembly instances for example. 54 /// 55 /// Compilation of WebAssembly by default goes through Cranelift and is 56 /// recommended to be done once-per-module. The same WebAssembly binary need not 57 /// be compiled multiple times and can instead used an embedder-cached result of 58 /// the first call. 59 /// 60 /// `Module` is thread-safe and safe to share across threads. 61 /// 62 /// ## Modules and `Clone` 63 /// 64 /// Using `clone` on a `Module` is a cheap operation. It will not create an 65 /// entirely new module, but rather just a new reference to the existing module. 66 /// In other words it's a shallow copy, not a deep copy. 67 /// 68 /// ## Examples 69 /// 70 /// There are a number of ways you can create a `Module`, for example pulling 71 /// the bytes from a number of locations. One example is loading a module from 72 /// the filesystem: 73 /// 74 /// ```no_run 75 /// # use wasmtime::*; 76 /// # fn main() -> Result<()> { 77 /// let engine = Engine::default(); 78 /// let module = Module::from_file(&engine, "path/to/foo.wasm")?; 79 /// # Ok(()) 80 /// # } 81 /// ``` 82 /// 83 /// You can also load the wasm text format if more convenient too: 84 /// 85 /// ```no_run 86 /// # use wasmtime::*; 87 /// # fn main() -> Result<()> { 88 /// let engine = Engine::default(); 89 /// // Now we're using the WebAssembly text extension: `.wat`! 90 /// let module = Module::from_file(&engine, "path/to/foo.wat")?; 91 /// # Ok(()) 92 /// # } 93 /// ``` 94 /// 95 /// And if you've already got the bytes in-memory you can use the 96 /// [`Module::new`] constructor: 97 /// 98 /// ```no_run 99 /// # use wasmtime::*; 100 /// # fn main() -> Result<()> { 101 /// let engine = Engine::default(); 102 /// # let wasm_bytes: Vec<u8> = Vec::new(); 103 /// let module = Module::new(&engine, &wasm_bytes)?; 104 /// 105 /// // It also works with the text format! 106 /// let module = Module::new(&engine, "(module (func))")?; 107 /// # Ok(()) 108 /// # } 109 /// ``` 110 /// 111 /// Serializing and deserializing a module looks like: 112 /// 113 /// ```no_run 114 /// # use wasmtime::*; 115 /// # fn main() -> Result<()> { 116 /// let engine = Engine::default(); 117 /// # let wasm_bytes: Vec<u8> = Vec::new(); 118 /// let module = Module::new(&engine, &wasm_bytes)?; 119 /// let module_bytes = module.serialize()?; 120 /// 121 /// // ... can save `module_bytes` to disk or other storage ... 122 /// 123 /// // recreate the module from the serialized bytes. For the `unsafe` bits 124 /// // see the documentation of `deserialize`. 125 /// let module = unsafe { Module::deserialize(&engine, &module_bytes)? }; 126 /// # Ok(()) 127 /// # } 128 /// ``` 129 /// 130 /// [`Config`]: crate::Config 131 #[derive(Clone)] 132 pub struct Module { 133 inner: Arc<ModuleInner>, 134 } 135 136 struct ModuleInner { 137 engine: Engine, 138 /// The compiled artifacts for this module that will be instantiated and 139 /// executed. 140 module: CompiledModule, 141 142 /// Runtime information such as the underlying mmap, type information, etc. 143 /// 144 /// Note that this `Arc` is used to share information between compiled 145 /// modules within a component. For bare core wasm modules created with 146 /// `Module::new`, for example, this is a uniquely owned `Arc`. 147 code: Arc<EngineCode>, 148 149 /// A set of initialization images for memories, if any. 150 /// 151 /// Note that this is behind a `OnceCell` to lazily create this image. On 152 /// Linux where `memfd_create` may be used to create the backing memory 153 /// image this is a pretty expensive operation, so by deferring it this 154 /// improves memory usage for modules that are created but may not ever be 155 /// instantiated. 156 memory_images: OnceLock<Option<ModuleMemoryImages>>, 157 158 /// Flag indicating whether this module can be serialized or not. 159 #[cfg(any(feature = "cranelift", feature = "winch"))] 160 serializable: bool, 161 162 /// Runtime offset information for `VMContext`. 163 offsets: VMOffsets<HostPtr>, 164 } 165 166 impl fmt::Debug for Module { 167 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 168 f.debug_struct("Module") 169 .field("name", &self.name()) 170 .finish_non_exhaustive() 171 } 172 } 173 174 impl fmt::Debug for ModuleInner { 175 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 176 f.debug_struct("ModuleInner") 177 .field("name", &self.module.module().name.as_ref()) 178 .finish_non_exhaustive() 179 } 180 } 181 182 impl Module { 183 /// Creates a new WebAssembly `Module` from the given in-memory `bytes`. 184 /// 185 /// The `bytes` provided must be in one of the following formats: 186 /// 187 /// * A [binary-encoded][binary] WebAssembly module. This is always supported. 188 /// * A [text-encoded][text] instance of the WebAssembly text format. 189 /// This is only supported when the `wat` feature of this crate is enabled. 190 /// If this is supplied then the text format will be parsed before validation. 191 /// Note that the `wat` feature is enabled by default. 192 /// 193 /// The data for the wasm module must be loaded in-memory if it's present 194 /// elsewhere, for example on disk. This requires that the entire binary is 195 /// loaded into memory all at once, this API does not support streaming 196 /// compilation of a module. 197 /// 198 /// The WebAssembly binary will be decoded and validated. It will also be 199 /// compiled according to the configuration of the provided `engine`. 200 /// 201 /// # Errors 202 /// 203 /// This function may fail and return an error. Errors may include 204 /// situations such as: 205 /// 206 /// * The binary provided could not be decoded because it's not a valid 207 /// WebAssembly binary 208 /// * The WebAssembly binary may not validate (e.g. contains type errors) 209 /// * Implementation-specific limits were exceeded with a valid binary (for 210 /// example too many locals) 211 /// * The wasm binary may use features that are not enabled in the 212 /// configuration of `engine` 213 /// * If the `wat` feature is enabled and the input is text, then it may be 214 /// rejected if it fails to parse. 215 /// 216 /// The error returned should contain full information about why module 217 /// creation failed if one is returned. 218 /// 219 /// [binary]: https://webassembly.github.io/spec/core/binary/index.html 220 /// [text]: https://webassembly.github.io/spec/core/text/index.html 221 /// 222 /// # Examples 223 /// 224 /// The `new` function can be invoked with a in-memory array of bytes: 225 /// 226 /// ```no_run 227 /// # use wasmtime::*; 228 /// # fn main() -> Result<()> { 229 /// # let engine = Engine::default(); 230 /// # let wasm_bytes: Vec<u8> = Vec::new(); 231 /// let module = Module::new(&engine, &wasm_bytes)?; 232 /// # Ok(()) 233 /// # } 234 /// ``` 235 /// 236 /// Or you can also pass in a string to be parsed as the wasm text 237 /// format: 238 /// 239 /// ``` 240 /// # use wasmtime::*; 241 /// # fn main() -> Result<()> { 242 /// # let engine = Engine::default(); 243 /// let module = Module::new(&engine, "(module (func))")?; 244 /// # Ok(()) 245 /// # } 246 /// ``` 247 #[cfg(any(feature = "cranelift", feature = "winch"))] 248 pub fn new(engine: &Engine, bytes: impl AsRef<[u8]>) -> Result<Module> { 249 crate::CodeBuilder::new(engine) 250 .wasm_binary_or_text(bytes.as_ref(), None)? 251 .compile_module() 252 } 253 254 /// Creates a new WebAssembly `Module` from the contents of the given 255 /// `file` on disk. 256 /// 257 /// This is a convenience function that will read the `file` provided and 258 /// pass the bytes to the [`Module::new`] function. For more information 259 /// see [`Module::new`] 260 /// 261 /// # Examples 262 /// 263 /// ```no_run 264 /// # use wasmtime::*; 265 /// # fn main() -> Result<()> { 266 /// let engine = Engine::default(); 267 /// let module = Module::from_file(&engine, "./path/to/foo.wasm")?; 268 /// # Ok(()) 269 /// # } 270 /// ``` 271 /// 272 /// The `.wat` text format is also supported: 273 /// 274 /// ```no_run 275 /// # use wasmtime::*; 276 /// # fn main() -> Result<()> { 277 /// # let engine = Engine::default(); 278 /// let module = Module::from_file(&engine, "./path/to/foo.wat")?; 279 /// # Ok(()) 280 /// # } 281 /// ``` 282 #[cfg(all(feature = "std", any(feature = "cranelift", feature = "winch")))] 283 pub fn from_file(engine: &Engine, file: impl AsRef<Path>) -> Result<Module> { 284 crate::CodeBuilder::new(engine) 285 .wasm_binary_or_text_file(file.as_ref())? 286 .compile_module() 287 } 288 289 /// Creates a new WebAssembly `Module` from the given in-memory `binary` 290 /// data. 291 /// 292 /// This is similar to [`Module::new`] except that it requires that the 293 /// `binary` input is a WebAssembly binary, the text format is not supported 294 /// by this function. It's generally recommended to use [`Module::new`], but 295 /// if it's required to not support the text format this function can be 296 /// used instead. 297 /// 298 /// # Examples 299 /// 300 /// ``` 301 /// # use wasmtime::*; 302 /// # fn main() -> Result<()> { 303 /// # let engine = Engine::default(); 304 /// let wasm = b"\0asm\x01\0\0\0"; 305 /// let module = Module::from_binary(&engine, wasm)?; 306 /// # Ok(()) 307 /// # } 308 /// ``` 309 /// 310 /// Note that the text format is **not** accepted by this function: 311 /// 312 /// ``` 313 /// # use wasmtime::*; 314 /// # fn main() -> Result<()> { 315 /// # let engine = Engine::default(); 316 /// assert!(Module::from_binary(&engine, b"(module)").is_err()); 317 /// # Ok(()) 318 /// # } 319 /// ``` 320 #[cfg(any(feature = "cranelift", feature = "winch"))] 321 pub fn from_binary(engine: &Engine, binary: &[u8]) -> Result<Module> { 322 crate::CodeBuilder::new(engine) 323 .wasm_binary(binary, None)? 324 .compile_module() 325 } 326 327 /// Creates a new WebAssembly `Module` from the contents of the given `file` 328 /// on disk, but with assumptions that the file is from a trusted source. 329 /// The file should be a binary- or text-format WebAssembly module, or a 330 /// precompiled artifact generated by the same version of Wasmtime. 331 /// 332 /// # Unsafety 333 /// 334 /// All of the reasons that [`deserialize`] is `unsafe` apply to this 335 /// function as well. Arbitrary data loaded from a file may trick Wasmtime 336 /// into arbitrary code execution since the contents of the file are not 337 /// validated to be a valid precompiled module. 338 /// 339 /// [`deserialize`]: Module::deserialize 340 /// 341 /// Additionally though this function is also `unsafe` because the file 342 /// referenced must remain unchanged and a valid precompiled module for the 343 /// entire lifetime of the [`Module`] returned. Any changes to the file on 344 /// disk may change future instantiations of the module to be incorrect. 345 /// This is because the file is mapped into memory and lazily loaded pages 346 /// reflect the current state of the file, not necessarily the original 347 /// state of the file. 348 #[cfg(all(feature = "std", any(feature = "cranelift", feature = "winch")))] 349 pub unsafe fn from_trusted_file(engine: &Engine, file: impl AsRef<Path>) -> Result<Module> { 350 let open_file = open_file_for_mmap(file.as_ref())?; 351 let mmap = crate::runtime::vm::MmapVec::from_file(open_file)?; 352 if &mmap[0..4] == b"\x7fELF" { 353 let code = engine.load_code(mmap, ObjectKind::Module)?; 354 return Module::from_parts(engine, code, None); 355 } 356 357 crate::CodeBuilder::new(engine) 358 .wasm_binary_or_text(&mmap[..], Some(file.as_ref()))? 359 .compile_module() 360 } 361 362 /// Deserializes an in-memory compiled module previously created with 363 /// [`Module::serialize`] or [`Engine::precompile_module`]. 364 /// 365 /// This function will deserialize the binary blobs emitted by 366 /// [`Module::serialize`] and [`Engine::precompile_module`] back into an 367 /// in-memory [`Module`] that's ready to be instantiated. 368 /// 369 /// Note that the [`Module::deserialize_file`] method is more optimized than 370 /// this function, so if the serialized module is already present in a file 371 /// it's recommended to use that method instead. 372 /// 373 /// # Unsafety 374 /// 375 /// This function is marked as `unsafe` because if fed invalid input or used 376 /// improperly this could lead to memory safety vulnerabilities. This method 377 /// should not, for example, be exposed to arbitrary user input. 378 /// 379 /// The structure of the binary blob read here is only lightly validated 380 /// internally in `wasmtime`. This is intended to be an efficient 381 /// "rehydration" for a [`Module`] which has very few runtime checks beyond 382 /// deserialization. Arbitrary input could, for example, replace valid 383 /// compiled code with any other valid compiled code, meaning that this can 384 /// trivially be used to execute arbitrary code otherwise. 385 /// 386 /// For these reasons this function is `unsafe`. This function is only 387 /// designed to receive the previous input from [`Module::serialize`] and 388 /// [`Engine::precompile_module`]. If the exact output of those functions 389 /// (unmodified) is passed to this function then calls to this function can 390 /// be considered safe. It is the caller's responsibility to provide the 391 /// guarantee that only previously-serialized bytes are being passed in 392 /// here. 393 /// 394 /// Note that this function is designed to be safe receiving output from 395 /// *any* compiled version of `wasmtime` itself. This means that it is safe 396 /// to feed output from older versions of Wasmtime into this function, in 397 /// addition to newer versions of wasmtime (from the future!). These inputs 398 /// will deterministically and safely produce an `Err`. This function only 399 /// successfully accepts inputs from the same version of `wasmtime`, but the 400 /// safety guarantee only applies to externally-defined blobs of bytes, not 401 /// those defined by any version of wasmtime. (this means that if you cache 402 /// blobs across versions of wasmtime you can be safely guaranteed that 403 /// future versions of wasmtime will reject old cache entries). 404 pub unsafe fn deserialize(engine: &Engine, bytes: impl AsRef<[u8]>) -> Result<Module> { 405 let code = engine.load_code_bytes(bytes.as_ref(), ObjectKind::Module)?; 406 Module::from_parts(engine, code, None) 407 } 408 409 /// In-place deserialization of an in-memory compiled module previously 410 /// created with [`Module::serialize`] or [`Engine::precompile_module`]. 411 /// 412 /// See [`Self::deserialize`] for additional information; this method 413 /// works identically except that it will not create a copy of the provided 414 /// memory but will use it directly. 415 /// 416 /// # Unsafety 417 /// 418 /// All of the safety notes from [`Self::deserialize`] apply here as well 419 /// with the additional constraint that the code memory provide by `memory` 420 /// lives for as long as the module and is nevery externally modified for 421 /// the lifetime of the deserialized module. 422 pub unsafe fn deserialize_raw(engine: &Engine, memory: NonNull<[u8]>) -> Result<Module> { 423 // SAFETY: the contract required by `load_code_raw` is the same as this 424 // function. 425 let code = unsafe { engine.load_code_raw(memory, ObjectKind::Module)? }; 426 Module::from_parts(engine, code, None) 427 } 428 429 /// Same as [`deserialize`], except that the contents of `path` are read to 430 /// deserialize into a [`Module`]. 431 /// 432 /// This method is provided because it can be faster than [`deserialize`] 433 /// since the data doesn't need to be copied around, but rather the module 434 /// can be used directly from an mmap'd view of the file provided. 435 /// 436 /// [`deserialize`]: Module::deserialize 437 /// 438 /// # Unsafety 439 /// 440 /// All of the reasons that [`deserialize`] is `unsafe` applies to this 441 /// function as well. Arbitrary data loaded from a file may trick Wasmtime 442 /// into arbitrary code execution since the contents of the file are not 443 /// validated to be a valid precompiled module. 444 /// 445 /// Additionally though this function is also `unsafe` because the file 446 /// referenced must remain unchanged and a valid precompiled module for the 447 /// entire lifetime of the [`Module`] returned. Any changes to the file on 448 /// disk may change future instantiations of the module to be incorrect. 449 /// This is because the file is mapped into memory and lazily loaded pages 450 /// reflect the current state of the file, not necessarily the original 451 /// state of the file. 452 #[cfg(feature = "std")] 453 pub unsafe fn deserialize_file(engine: &Engine, path: impl AsRef<Path>) -> Result<Module> { 454 let file = open_file_for_mmap(path.as_ref())?; 455 // SAFETY: the contract of `deserialize_open_file` is the samea s this 456 // function. 457 unsafe { 458 Self::deserialize_open_file(engine, file) 459 .with_context(|| format!("failed deserialization for: {}", path.as_ref().display())) 460 } 461 } 462 463 /// Same as [`deserialize_file`], except that it takes an open `File` 464 /// instead of a path. 465 /// 466 /// This method is provided because it can be used instead of 467 /// [`deserialize_file`] in situations where `wasmtime` is running with 468 /// limited file system permissions. In that case a process 469 /// with file system access can pass already opened files to `wasmtime`. 470 /// 471 /// [`deserialize_file`]: Module::deserialize_file 472 /// 473 /// Note that the corresponding will be mapped as private writeable 474 /// (copy-on-write) and executable. For `windows` this means the file needs 475 /// to be opened with at least `FILE_GENERIC_READ | FILE_GENERIC_EXECUTE` 476 /// [`access_mode`]. 477 /// 478 /// [`access_mode`]: https://doc.rust-lang.org/std/os/windows/fs/trait.OpenOptionsExt.html#tymethod.access_mode 479 /// 480 /// # Unsafety 481 /// 482 /// All of the reasons that [`deserialize_file`] is `unsafe` applies to this 483 /// function as well. 484 #[cfg(feature = "std")] 485 pub unsafe fn deserialize_open_file(engine: &Engine, file: File) -> Result<Module> { 486 let code = engine.load_code_file(file, ObjectKind::Module)?; 487 Module::from_parts(engine, code, None) 488 } 489 490 /// Entrypoint for creating a `Module` for all above functions, both 491 /// of the AOT and jit-compiled categories. 492 /// 493 /// In all cases the compilation artifact, `code_memory`, is provided here. 494 /// The `info_and_types` argument is `None` when a module is being 495 /// deserialized from a precompiled artifact or it's `Some` if it was just 496 /// compiled and the values are already available. 497 pub(crate) fn from_parts( 498 engine: &Engine, 499 code_memory: Arc<CodeMemory>, 500 info_and_types: Option<(CompiledModuleInfo, CompiledFunctionsTable, ModuleTypes)>, 501 ) -> Result<Self> { 502 // Acquire this module's metadata and type information, deserializing 503 // it from the provided artifact if it wasn't otherwise provided 504 // already. 505 let (mut info, index, mut types) = match info_and_types { 506 Some((info, index, types)) => (info, index, types), 507 None => postcard::from_bytes(code_memory.wasmtime_info())?, 508 }; 509 510 // Register function type signatures into the engine for the lifetime 511 // of the `Module` that will be returned. This notably also builds up 512 // maps for trampolines to be used for this module when inserted into 513 // stores. 514 // 515 // Note that the unsafety here should be ok since the `trampolines` 516 // field should only point to valid trampoline function pointers 517 // within the text section. 518 let signatures = 519 engine.register_and_canonicalize_types(&mut types, core::iter::once(&mut info.module)); 520 521 // Package up all our data into an `EngineCode` and delegate to the final 522 // step of module compilation. 523 let code = Arc::new(EngineCode::new(code_memory, signatures, types.into())); 524 let index = Arc::new(index); 525 Module::from_parts_raw(engine, code, info, index, true) 526 } 527 528 pub(crate) fn from_parts_raw( 529 engine: &Engine, 530 code: Arc<EngineCode>, 531 info: CompiledModuleInfo, 532 index: Arc<CompiledFunctionsTable>, 533 serializable: bool, 534 ) -> Result<Self> { 535 let module = CompiledModule::from_artifacts(code.clone(), info, index, engine.profiler())?; 536 537 // Validate the module can be used with the current instance allocator. 538 let offsets = VMOffsets::new(HostPtr, module.module()); 539 engine 540 .allocator() 541 .validate_module(module.module(), &offsets)?; 542 543 let _ = serializable; 544 545 Ok(Self { 546 inner: Arc::new(ModuleInner { 547 engine: engine.clone(), 548 code, 549 memory_images: OnceLock::new(), 550 module, 551 #[cfg(any(feature = "cranelift", feature = "winch"))] 552 serializable, 553 offsets, 554 }), 555 }) 556 } 557 558 /// Validates `binary` input data as a WebAssembly binary given the 559 /// configuration in `engine`. 560 /// 561 /// This function will perform a speedy validation of the `binary` input 562 /// WebAssembly module (which is in [binary form][binary], the text format 563 /// is not accepted by this function) and return either `Ok` or `Err` 564 /// depending on the results of validation. The `engine` argument indicates 565 /// configuration for WebAssembly features, for example, which are used to 566 /// indicate what should be valid and what shouldn't be. 567 /// 568 /// Validation automatically happens as part of [`Module::new`]. 569 /// 570 /// # Errors 571 /// 572 /// If validation fails for any reason (type check error, usage of a feature 573 /// that wasn't enabled, etc) then an error with a description of the 574 /// validation issue will be returned. 575 /// 576 /// [binary]: https://webassembly.github.io/spec/core/binary/index.html 577 pub fn validate(engine: &Engine, binary: &[u8]) -> Result<()> { 578 let mut validator = Validator::new_with_features(engine.features()); 579 580 let mut functions = Vec::new(); 581 for payload in Parser::new(0).parse_all(binary) { 582 let payload = payload?; 583 if let ValidPayload::Func(a, b) = validator.payload(&payload)? { 584 functions.push((a, b)); 585 } 586 if let wasmparser::Payload::Version { encoding, .. } = &payload { 587 if let wasmparser::Encoding::Component = encoding { 588 bail!("component passed to module validation"); 589 } 590 } 591 } 592 593 engine.run_maybe_parallel(functions, |(validator, body)| { 594 // FIXME: it would be best here to use a rayon-specific parallel 595 // iterator that maintains state-per-thread to share the function 596 // validator allocations (`Default::default` here) across multiple 597 // functions. 598 validator.into_validator(Default::default()).validate(&body) 599 })?; 600 Ok(()) 601 } 602 603 /// Serializes this module to a vector of bytes. 604 /// 605 /// This function is similar to the [`Engine::precompile_module`] method 606 /// where it produces an artifact of Wasmtime which is suitable to later 607 /// pass into [`Module::deserialize`]. If a module is never instantiated 608 /// then it's recommended to use [`Engine::precompile_module`] instead of 609 /// this method, but if a module is both instantiated and serialized then 610 /// this method can be useful to get the serialized version without 611 /// compiling twice. 612 #[cfg(any(feature = "cranelift", feature = "winch"))] 613 pub fn serialize(&self) -> Result<Vec<u8>> { 614 // The current representation of compiled modules within a compiled 615 // component means that it cannot be serialized. The mmap returned here 616 // is the mmap for the entire component and while it contains all 617 // necessary data to deserialize this particular module it's all 618 // embedded within component-specific information. 619 // 620 // It's not the hardest thing in the world to support this but it's 621 // expected that there's not much of a use case at this time. In theory 622 // all that needs to be done is to edit the `.wasmtime.info` section 623 // to contains this module's metadata instead of the metadata for the 624 // whole component. The metadata itself is fairly trivially 625 // recreateable here it's more that there's no easy one-off API for 626 // editing the sections of an ELF object to use here. 627 // 628 // Overall for now this simply always returns an error in this 629 // situation. If you're reading this and feel that the situation should 630 // be different please feel free to open an issue. 631 if !self.inner.serializable { 632 bail!("cannot serialize a module exported from a component"); 633 } 634 Ok(self.engine_code().image().to_vec()) 635 } 636 637 pub(crate) fn compiled_module(&self) -> &CompiledModule { 638 &self.inner.module 639 } 640 641 pub(crate) fn engine_code(&self) -> &Arc<EngineCode> { 642 &self.inner.code 643 } 644 645 pub(crate) fn env_module(&self) -> &Arc<wasmtime_environ::Module> { 646 self.compiled_module().module() 647 } 648 649 pub(crate) fn types(&self) -> &ModuleTypes { 650 self.inner.code.module_types() 651 } 652 653 #[cfg(any(feature = "component-model", feature = "gc-drc"))] 654 pub(crate) fn signatures(&self) -> &crate::type_registry::TypeCollection { 655 self.inner.code.signatures() 656 } 657 658 /// Returns identifier/name that this [`Module`] has. This name 659 /// is used in traps/backtrace details. 660 /// 661 /// Note that most LLVM/clang/Rust-produced modules do not have a name 662 /// associated with them, but other wasm tooling can be used to inject or 663 /// add a name. 664 /// 665 /// # Examples 666 /// 667 /// ``` 668 /// # use wasmtime::*; 669 /// # fn main() -> Result<()> { 670 /// # let engine = Engine::default(); 671 /// let module = Module::new(&engine, "(module $foo)")?; 672 /// assert_eq!(module.name(), Some("foo")); 673 /// 674 /// let module = Module::new(&engine, "(module)")?; 675 /// assert_eq!(module.name(), None); 676 /// 677 /// # Ok(()) 678 /// # } 679 /// ``` 680 pub fn name(&self) -> Option<&str> { 681 self.compiled_module().module().name.as_deref() 682 } 683 684 /// Returns the list of imports that this [`Module`] has and must be 685 /// satisfied. 686 /// 687 /// This function returns the list of imports that the wasm module has, but 688 /// only the types of each import. The type of each import is used to 689 /// typecheck the [`Instance::new`](crate::Instance::new) method's `imports` 690 /// argument. The arguments to that function must match up 1-to-1 with the 691 /// entries in the array returned here. 692 /// 693 /// The imports returned reflect the order of the imports in the wasm module 694 /// itself, and note that no form of deduplication happens. 695 /// 696 /// # Examples 697 /// 698 /// Modules with no imports return an empty list here: 699 /// 700 /// ``` 701 /// # use wasmtime::*; 702 /// # fn main() -> Result<()> { 703 /// # let engine = Engine::default(); 704 /// let module = Module::new(&engine, "(module)")?; 705 /// assert_eq!(module.imports().len(), 0); 706 /// # Ok(()) 707 /// # } 708 /// ``` 709 /// 710 /// and modules with imports will have a non-empty list: 711 /// 712 /// ``` 713 /// # use wasmtime::*; 714 /// # fn main() -> Result<()> { 715 /// # let engine = Engine::default(); 716 /// let wat = r#" 717 /// (module 718 /// (import "host" "foo" (func)) 719 /// ) 720 /// "#; 721 /// let module = Module::new(&engine, wat)?; 722 /// assert_eq!(module.imports().len(), 1); 723 /// let import = module.imports().next().unwrap(); 724 /// assert_eq!(import.module(), "host"); 725 /// assert_eq!(import.name(), "foo"); 726 /// match import.ty() { 727 /// ExternType::Func(_) => { /* ... */ } 728 /// _ => panic!("unexpected import type!"), 729 /// } 730 /// # Ok(()) 731 /// # } 732 /// ``` 733 pub fn imports<'module>( 734 &'module self, 735 ) -> impl ExactSizeIterator<Item = ImportType<'module>> + 'module { 736 let module = self.compiled_module().module(); 737 let types = self.types(); 738 let engine = self.engine(); 739 module 740 .imports() 741 .map(move |(imp_mod, imp_field, ty)| { 742 debug_assert!(ty.is_canonicalized_for_runtime_usage()); 743 ImportType::new(imp_mod, imp_field, ty, types, engine) 744 }) 745 .collect::<Vec<_>>() 746 .into_iter() 747 } 748 749 /// Returns the list of exports that this [`Module`] has and will be 750 /// available after instantiation. 751 /// 752 /// This function will return the type of each item that will be returned 753 /// from [`Instance::exports`](crate::Instance::exports). Each entry in this 754 /// list corresponds 1-to-1 with that list, and the entries here will 755 /// indicate the name of the export along with the type of the export. 756 /// 757 /// # Examples 758 /// 759 /// Modules might not have any exports: 760 /// 761 /// ``` 762 /// # use wasmtime::*; 763 /// # fn main() -> Result<()> { 764 /// # let engine = Engine::default(); 765 /// let module = Module::new(&engine, "(module)")?; 766 /// assert!(module.exports().next().is_none()); 767 /// # Ok(()) 768 /// # } 769 /// ``` 770 /// 771 /// When the exports are not empty, you can inspect each export: 772 /// 773 /// ``` 774 /// # use wasmtime::*; 775 /// # fn main() -> Result<()> { 776 /// # let engine = Engine::default(); 777 /// let wat = r#" 778 /// (module 779 /// (func (export "foo")) 780 /// (memory (export "memory") 1) 781 /// ) 782 /// "#; 783 /// let module = Module::new(&engine, wat)?; 784 /// assert_eq!(module.exports().len(), 2); 785 /// 786 /// let mut exports = module.exports(); 787 /// let foo = exports.next().unwrap(); 788 /// assert_eq!(foo.name(), "foo"); 789 /// match foo.ty() { 790 /// ExternType::Func(_) => { /* ... */ } 791 /// _ => panic!("unexpected export type!"), 792 /// } 793 /// 794 /// let memory = exports.next().unwrap(); 795 /// assert_eq!(memory.name(), "memory"); 796 /// match memory.ty() { 797 /// ExternType::Memory(_) => { /* ... */ } 798 /// _ => panic!("unexpected export type!"), 799 /// } 800 /// # Ok(()) 801 /// # } 802 /// ``` 803 pub fn exports<'module>( 804 &'module self, 805 ) -> impl ExactSizeIterator<Item = ExportType<'module>> + 'module { 806 let module = self.compiled_module().module(); 807 let types = self.types(); 808 let engine = self.engine(); 809 module.exports.iter().map(move |(name, entity_index)| { 810 ExportType::new(name, module.type_of(*entity_index), types, engine) 811 }) 812 } 813 814 /// Looks up an export in this [`Module`] by name. 815 /// 816 /// This function will return the type of an export with the given name. 817 /// 818 /// # Examples 819 /// 820 /// There may be no export with that name: 821 /// 822 /// ``` 823 /// # use wasmtime::*; 824 /// # fn main() -> Result<()> { 825 /// # let engine = Engine::default(); 826 /// let module = Module::new(&engine, "(module)")?; 827 /// assert!(module.get_export("foo").is_none()); 828 /// # Ok(()) 829 /// # } 830 /// ``` 831 /// 832 /// When there is an export with that name, it is returned: 833 /// 834 /// ``` 835 /// # use wasmtime::*; 836 /// # fn main() -> Result<()> { 837 /// # let engine = Engine::default(); 838 /// let wat = r#" 839 /// (module 840 /// (func (export "foo")) 841 /// (memory (export "memory") 1) 842 /// ) 843 /// "#; 844 /// let module = Module::new(&engine, wat)?; 845 /// let foo = module.get_export("foo"); 846 /// assert!(foo.is_some()); 847 /// 848 /// let foo = foo.unwrap(); 849 /// match foo { 850 /// ExternType::Func(_) => { /* ... */ } 851 /// _ => panic!("unexpected export type!"), 852 /// } 853 /// 854 /// # Ok(()) 855 /// # } 856 /// ``` 857 pub fn get_export(&self, name: &str) -> Option<ExternType> { 858 let module = self.compiled_module().module(); 859 let entity_index = module.exports.get(name)?; 860 Some(ExternType::from_wasmtime( 861 self.engine(), 862 self.types(), 863 &module.type_of(*entity_index), 864 )) 865 } 866 867 /// Looks up an export in this [`Module`] by name to get its index. 868 /// 869 /// This function will return the index of an export with the given name. This can be useful 870 /// to avoid the cost of looking up the export by name multiple times. Instead the 871 /// [`ModuleExport`] can be stored and used to look up the export on the 872 /// [`Instance`](crate::Instance) later. 873 pub fn get_export_index(&self, name: &str) -> Option<ModuleExport> { 874 let compiled_module = self.compiled_module(); 875 let module = compiled_module.module(); 876 let entity = *module.exports.get(name)?; 877 Some(ModuleExport { 878 module: self.id(), 879 entity, 880 }) 881 } 882 883 /// Returns the [`Engine`] that this [`Module`] was compiled by. 884 pub fn engine(&self) -> &Engine { 885 &self.inner.engine 886 } 887 888 /// Returns a summary of the resources required to instantiate this 889 /// [`Module`]. 890 /// 891 /// Potential uses of the returned information: 892 /// 893 /// * Determining whether your pooling allocator configuration supports 894 /// instantiating this module. 895 /// 896 /// * Deciding how many of which `Module` you want to instantiate within a 897 /// fixed amount of resources, e.g. determining whether to create 5 898 /// instances of module X or 10 instances of module Y. 899 /// 900 /// # Example 901 /// 902 /// ``` 903 /// # fn main() -> wasmtime::Result<()> { 904 /// use wasmtime::{Config, Engine, Module}; 905 /// 906 /// let mut config = Config::new(); 907 /// config.wasm_multi_memory(true); 908 /// let engine = Engine::new(&config)?; 909 /// 910 /// let module = Module::new(&engine, r#" 911 /// (module 912 /// ;; Import a memory. Doesn't count towards required resources. 913 /// (import "a" "b" (memory 10)) 914 /// ;; Define two local memories. These count towards the required 915 /// ;; resources. 916 /// (memory 1) 917 /// (memory 6) 918 /// ) 919 /// "#)?; 920 /// 921 /// let resources = module.resources_required(); 922 /// 923 /// // Instantiating the module will require allocating two memories, and 924 /// // the maximum initial memory size is six Wasm pages. 925 /// assert_eq!(resources.num_memories, 2); 926 /// assert_eq!(resources.max_initial_memory_size, Some(6)); 927 /// 928 /// // The module doesn't need any tables. 929 /// assert_eq!(resources.num_tables, 0); 930 /// assert_eq!(resources.max_initial_table_size, None); 931 /// # Ok(()) } 932 /// ``` 933 pub fn resources_required(&self) -> ResourcesRequired { 934 let em = self.env_module(); 935 let num_memories = u32::try_from(em.num_defined_memories()).unwrap(); 936 let max_initial_memory_size = em 937 .memories 938 .values() 939 .skip(em.num_imported_memories) 940 .map(|memory| memory.limits.min) 941 .max(); 942 let num_tables = u32::try_from(em.num_defined_tables()).unwrap(); 943 let max_initial_table_size = em 944 .tables 945 .values() 946 .skip(em.num_imported_tables) 947 .map(|table| table.limits.min) 948 .max(); 949 ResourcesRequired { 950 num_memories, 951 max_initial_memory_size, 952 num_tables, 953 max_initial_table_size, 954 } 955 } 956 957 /// Returns the range of bytes in memory where this module's compilation 958 /// image resides. 959 /// 960 /// The compilation image for a module contains executable code, data, debug 961 /// information, etc. This is roughly the same as the `Module::serialize` 962 /// but not the exact same. 963 /// 964 /// The range of memory reported here is exposed to allow low-level 965 /// manipulation of the memory in platform-specific manners such as using 966 /// `mlock` to force the contents to be paged in immediately or keep them 967 /// paged in after they're loaded. 968 /// 969 /// It is not safe to modify the memory in this range, nor is it safe to 970 /// modify the protections of memory in this range. 971 /// 972 /// Note that depending on the engine configuration, this image 973 /// range may not actually be the code that is directly executed. 974 pub fn image_range(&self) -> Range<*const u8> { 975 self.engine_code().image().as_ptr_range() 976 } 977 978 /// Force initialization of copy-on-write images to happen here-and-now 979 /// instead of when they're requested during first instantiation. 980 /// 981 /// When [copy-on-write memory 982 /// initialization](crate::Config::memory_init_cow) is enabled then Wasmtime 983 /// will lazily create the initialization image for a module. This method 984 /// can be used to explicitly dictate when this initialization happens. 985 /// 986 /// Note that this largely only matters on Linux when memfd is used. 987 /// Otherwise the copy-on-write image typically comes from disk and in that 988 /// situation the creation of the image is trivial as the image is always 989 /// sourced from disk. On Linux, though, when memfd is used a memfd is 990 /// created and the initialization image is written to it. 991 /// 992 /// Also note that this method is not required to be called, it's available 993 /// as a performance optimization if required but is otherwise handled 994 /// automatically. 995 pub fn initialize_copy_on_write_image(&self) -> Result<()> { 996 self.memory_images()?; 997 Ok(()) 998 } 999 1000 /// Get the map from `.text` section offsets to Wasm binary offsets for this 1001 /// module. 1002 /// 1003 /// Each entry is a (`.text` section offset, Wasm binary offset) pair. 1004 /// 1005 /// Entries are yielded in order of `.text` section offset. 1006 /// 1007 /// Some entries are missing a Wasm binary offset. This is for code that is 1008 /// not associated with any single location in the Wasm binary, or for when 1009 /// source information was optimized away. 1010 /// 1011 /// Not every module has an address map, since address map generation can be 1012 /// turned off on `Config`. 1013 /// 1014 /// There is not an entry for every `.text` section offset. Every offset 1015 /// after an entry's offset, but before the next entry's offset, is 1016 /// considered to map to the same Wasm binary offset as the original 1017 /// entry. For example, the address map will not contain the following 1018 /// sequence of entries: 1019 /// 1020 /// ```ignore 1021 /// [ 1022 /// // ... 1023 /// (10, Some(42)), 1024 /// (11, Some(42)), 1025 /// (12, Some(42)), 1026 /// (13, Some(43)), 1027 /// // ... 1028 /// ] 1029 /// ``` 1030 /// 1031 /// Instead, it will drop the entries for offsets `11` and `12` since they 1032 /// are the same as the entry for offset `10`: 1033 /// 1034 /// ```ignore 1035 /// [ 1036 /// // ... 1037 /// (10, Some(42)), 1038 /// (13, Some(43)), 1039 /// // ... 1040 /// ] 1041 /// ``` 1042 pub fn address_map<'a>(&'a self) -> Option<impl Iterator<Item = (usize, Option<u32>)> + 'a> { 1043 Some( 1044 wasmtime_environ::iterate_address_map(self.engine_code().address_map_data())? 1045 .map(|(offset, file_pos)| (offset as usize, file_pos.file_offset())), 1046 ) 1047 } 1048 1049 /// Get this module's code object's `.text` section, containing its compiled 1050 /// executable code. 1051 pub fn text(&self) -> &[u8] { 1052 self.engine_code().text() 1053 } 1054 1055 /// Get information about functions in this module's `.text` section: their 1056 /// index, name, and offset+length. 1057 /// 1058 /// Results are yielded in a ModuleFunction struct. 1059 pub fn functions<'a>(&'a self) -> impl ExactSizeIterator<Item = ModuleFunction> + 'a { 1060 let module = self.compiled_module(); 1061 self.env_module().defined_func_indices().map(|idx| { 1062 let loc = module.func_loc(idx); 1063 let idx = module.module().func_index(idx); 1064 ModuleFunction { 1065 index: idx, 1066 name: module.func_name(idx).map(|n| n.to_string()), 1067 offset: loc.start as usize, 1068 len: loc.length as usize, 1069 } 1070 }) 1071 } 1072 1073 pub(crate) fn id(&self) -> CompiledModuleId { 1074 self.inner.module.unique_id() 1075 } 1076 1077 pub(crate) fn offsets(&self) -> &VMOffsets<HostPtr> { 1078 &self.inner.offsets 1079 } 1080 1081 /// Return the address, in memory, of the trampoline that allows Wasm to 1082 /// call a array function of the given signature. 1083 /// 1084 /// Note that unlike all other code-pointer-returning functions, 1085 /// this *can* be present on `Module` (without a `StoreCode`) 1086 /// because we can execute the `EngineCode` for trampolines that 1087 /// leave the store to call the host. 1088 pub(crate) fn wasm_to_array_trampoline( 1089 &self, 1090 signature: VMSharedTypeIndex, 1091 ) -> Option<NonNull<VMWasmCallFunction>> { 1092 log::trace!("Looking up trampoline for {signature:?}"); 1093 let trampoline_shared_ty = self.inner.engine.signatures().trampoline_type(signature); 1094 let trampoline_module_ty = self 1095 .inner 1096 .code 1097 .signatures() 1098 .trampoline_type(trampoline_shared_ty)?; 1099 debug_assert!( 1100 self.inner 1101 .engine 1102 .signatures() 1103 .borrow( 1104 self.inner 1105 .code 1106 .signatures() 1107 .shared_type(trampoline_module_ty) 1108 .unwrap() 1109 ) 1110 .unwrap() 1111 .unwrap_func() 1112 .is_trampoline_type() 1113 ); 1114 1115 let ptr = self 1116 .compiled_module() 1117 .wasm_to_array_trampoline(trampoline_module_ty) 1118 .expect("always have a trampoline for the trampoline type") 1119 .as_ptr() 1120 .cast::<VMWasmCallFunction>() 1121 .cast_mut(); 1122 Some(NonNull::new(ptr).unwrap()) 1123 } 1124 1125 pub(crate) fn memory_images(&self) -> Result<Option<&ModuleMemoryImages>> { 1126 let images = self 1127 .inner 1128 .memory_images 1129 .get_or_try_init(|| memory_images(&self.inner))? 1130 .as_ref(); 1131 Ok(images) 1132 } 1133 1134 /// Obtain an exception-table parser on this module's exception metadata. 1135 #[cfg(feature = "gc")] 1136 pub(crate) fn exception_table<'a>(&'a self) -> ExceptionTable<'a> { 1137 ExceptionTable::parse(self.inner.code.exception_tables()) 1138 .expect("Exception tables were validated on module load") 1139 } 1140 1141 /// Obtain a frame-table parser on this module's frame state slot 1142 /// (debug instrumentation) metadata. 1143 #[cfg(feature = "debug")] 1144 pub(crate) fn frame_table<'a>(&'a self) -> Option<FrameTable<'a>> { 1145 let data = self.inner.code.frame_tables(); 1146 if data.is_empty() { 1147 None 1148 } else { 1149 let orig_text = self.inner.code.text(); 1150 Some( 1151 FrameTable::parse(data, orig_text) 1152 .expect("Frame tables were validated on module load"), 1153 ) 1154 } 1155 } 1156 1157 /// Is this `Module` the same as another? 1158 /// 1159 /// Ordinarily, module identity does not matter: a Wasmtime user 1160 /// will create or obtain a module from some source and 1161 /// instantiate it, and any two `Module` objects created from the 1162 /// same source module are interchangeable. However, introspecting 1163 /// module identity may be useful when examining Wasm VM state, 1164 /// e.g. via debug APIs. It is guaranteed that `Module::same` 1165 /// returns true for `Module` objects that reference the same 1166 /// underlying module (e.g., one created via a `clone` of the 1167 /// other). 1168 #[inline] 1169 pub fn same(a: &Module, b: &Module) -> bool { 1170 Arc::ptr_eq(&a.inner, &b.inner) 1171 } 1172 } 1173 1174 /// Describes a function for a given module. 1175 pub struct ModuleFunction { 1176 pub index: wasmtime_environ::FuncIndex, 1177 pub name: Option<String>, 1178 pub offset: usize, 1179 pub len: usize, 1180 } 1181 1182 impl Drop for ModuleInner { 1183 fn drop(&mut self) { 1184 // When a `Module` is being dropped that means that it's no longer 1185 // present in any `Store` and it's additionally not longer held by any 1186 // embedder. Take this opportunity to purge any lingering instantiations 1187 // within a pooling instance allocator, if applicable. 1188 self.engine 1189 .allocator() 1190 .purge_module(self.module.unique_id()); 1191 } 1192 } 1193 1194 /// Describes the location of an export in a module. 1195 #[derive(Copy, Clone)] 1196 pub struct ModuleExport { 1197 /// The module that this export is defined in. 1198 pub(crate) module: CompiledModuleId, 1199 /// A raw index into the wasm module. 1200 pub(crate) entity: EntityIndex, 1201 } 1202 1203 fn _assert_send_sync() { 1204 fn _assert<T: Send + Sync>() {} 1205 _assert::<Module>(); 1206 } 1207 1208 /// Helper method to construct a `ModuleMemoryImages` for an associated 1209 /// `CompiledModule`. 1210 fn memory_images(inner: &Arc<ModuleInner>) -> Result<Option<ModuleMemoryImages>> { 1211 // If initialization via copy-on-write is explicitly disabled in 1212 // configuration then this path is skipped entirely. 1213 if !inner.engine.tunables().memory_init_cow { 1214 return Ok(None); 1215 } 1216 1217 // ... otherwise logic is delegated to the `ModuleMemoryImages::new` 1218 // constructor. 1219 ModuleMemoryImages::new( 1220 &inner.engine, 1221 inner.module.module(), 1222 inner.code.module_memory_image_source(), 1223 ) 1224 } 1225 1226 impl crate::vm::ModuleMemoryImageSource for CodeMemory { 1227 fn wasm_data(&self) -> &[u8] { 1228 <Self>::wasm_data(self) 1229 } 1230 1231 fn mmap(&self) -> Option<&MmapVec> { 1232 Some(<Self>::mmap(self)) 1233 } 1234 } 1235 1236 #[cfg(test)] 1237 mod tests { 1238 use crate::{CodeBuilder, Engine, Module}; 1239 use wasmtime_environ::MemoryInitialization; 1240 1241 #[test] 1242 fn cow_on_by_default() { 1243 let engine = Engine::default(); 1244 let module = Module::new( 1245 &engine, 1246 r#" 1247 (module 1248 (memory 1) 1249 (data (i32.const 100) "abcd") 1250 ) 1251 "#, 1252 ) 1253 .unwrap(); 1254 1255 let init = &module.env_module().memory_initialization; 1256 assert!(matches!(init, MemoryInitialization::Static { .. })); 1257 } 1258 1259 #[test] 1260 #[cfg_attr(miri, ignore)] 1261 fn image_range_is_whole_image() { 1262 let wat = r#" 1263 (module 1264 (memory 1) 1265 (data (i32.const 0) "1234") 1266 (func (export "f") (param i32) (result i32) 1267 local.get 0)) 1268 "#; 1269 let engine = Engine::default(); 1270 let mut builder = CodeBuilder::new(&engine); 1271 builder.wasm_binary_or_text(wat.as_bytes(), None).unwrap(); 1272 let bytes = builder.compile_module_serialized().unwrap(); 1273 1274 let module = unsafe { Module::deserialize(&engine, &bytes).unwrap() }; 1275 let image_range = module.image_range(); 1276 let len = image_range.end.addr() - image_range.start.addr(); 1277 // Length may be strictly greater if it becomes page-aligned. 1278 assert!(len >= bytes.len()); 1279 } 1280 } 1281