gear icon indicating copy to clipboard operation
gear copied to clipboard
verified publisher icon gear-tech

Update wasmi host executor

Open ark0f opened this issue 2 years ago • 2 comments

File Location(s)

sandbox/host

Proposal

Update wasmi executor to 0.30.

The main problem is latest versions of main-stream executors (wasmi, wasmer, wasmtime) implement WASM store using only Rust borrow semantics and no synchronization primitives. As a result, we cannot simply clone required structures elsewhere.

It is the problem because we have lazy pages concept that requires access to WASM globals during WASM function invocation, when accessing protected memory pages. Pseudocode:

let store = Store::new(...);
func.call(&mut store, ...);

// inside WASM function call
fn call(...) {
	// ...some WASM instructions

	memory.write 123 at 0xCAFE
	// let's think 0xCAFE address belongs to protected memory page, so:
    // 1. MMU sees protected memory and causes interruption to OS
	// 2. We set signal handler earlier, so OS jumps to `signal_handler()`
	// 3. After handler is done, OS jumps back to `memory.write` and it will be successful now

	// ..execution continues
}

// when interruption occurs, lazy-pages signal handler is in work
fn signal_handler() {
    let store = ???; // how to access mutable reference again, if `func.call` holds it?
	global.set(&mut store, 333);
    memory.unprotect 0xCAFE // unprotect page which address belongs to
}

Possible solutions:

  • [x] There was the first try in #2931 with https://github.com/gear-tech/wasmi/pull/3. Wrap globals into synchronization primitive. This approach will be required for the future wasmer update, which is harder to implement because wasmer is more complex.
  • [x] Suggested by @gshep. Mutable pointer to store. Very dangerous, very unpredictable because it means we have 2 mutable references or multialiasing, which is UB.
  • [x] Suggested by @grishasobol. Implement callbacks on every memory access at executor's side. It requires maintaining patches as in the first solution.
  • [ ] Perhaps the executor authors know how to deal with the new design? https://github.com/wasmerio/wasmer/issues/4118

ark0f avatar Aug 02 '23 21:08 ark0f

My thoughts about why we can update to wasmer 4 https://github.com/gear-tech/gear/discussions/3917.

grishasobol avatar Apr 24 '24 15:04 grishasobol

Possible safe lazy-pages implementation https://github.com/gear-tech/gear/discussions/3920

grishasobol avatar Apr 24 '24 18:04 grishasobol