Skip to main content

wasmtime/
config.rs

1use crate::Engine;
2use crate::prelude::*;
3use alloc::sync::Arc;
4use bitflags::Flags;
5use core::fmt;
6use core::num::{NonZeroU32, NonZeroUsize};
7use core::str::FromStr;
8#[cfg(any(feature = "cranelift", feature = "winch"))]
9use std::path::Path;
10pub use wasmparser::WasmFeatures;
11#[cfg(any(feature = "cranelift", feature = "winch"))]
12use wasmtime_environ::FlagValue;
13use wasmtime_environ::{ConfigTunables, OperatorCost, OperatorCostStrategy, TripleExt, Tunables};
14
15#[cfg(feature = "runtime")]
16use crate::memory::MemoryCreator;
17#[cfg(feature = "runtime")]
18use crate::profiling_agent::{self, ProfilingAgent};
19#[cfg(feature = "runtime")]
20use crate::runtime::vm::{
21    GcRuntime, InstanceAllocator, OnDemandInstanceAllocator, RuntimeMemoryCreator,
22};
23#[cfg(feature = "runtime")]
24use crate::trampoline::MemoryCreatorProxy;
25
26#[cfg(feature = "async")]
27use crate::stack::{StackCreator, StackCreatorProxy};
28#[cfg(feature = "async")]
29use wasmtime_fiber::RuntimeFiberStackCreator;
30
31#[cfg(feature = "runtime")]
32pub use crate::runtime::code_memory::CustomCodeMemory;
33#[cfg(feature = "cache")]
34pub use wasmtime_cache::{Cache, CacheConfig};
35#[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
36pub use wasmtime_environ::CacheStore;
37pub use wasmtime_environ::Inlining;
38
39pub(crate) const DEFAULT_WASM_BACKTRACE_MAX_FRAMES: NonZeroUsize = NonZeroUsize::new(20).unwrap();
40
41/// Represents the module instance allocation strategy to use.
42#[derive(Clone)]
43#[non_exhaustive]
44pub enum InstanceAllocationStrategy {
45    /// The on-demand instance allocation strategy.
46    ///
47    /// Resources related to a module instance are allocated at instantiation time and
48    /// immediately deallocated when the `Store` referencing the instance is dropped.
49    ///
50    /// This is the default allocation strategy for Wasmtime.
51    OnDemand,
52    /// The pooling instance allocation strategy.
53    ///
54    /// A pool of resources is created in advance and module instantiation reuses resources
55    /// from the pool. Resources are returned to the pool when the `Store` referencing the instance
56    /// is dropped.
57    ///
58    /// When GC is enabled, the pooling allocator requires that the GC heap
59    /// configuration matches the linear memory configuration (i.e.,
60    /// `gc_heap_reservation` must equal `memory_reservation`, etc.). By
61    /// default, if no `gc_heap_*` tunables are explicitly configured, they
62    /// automatically inherit the `memory_*` values.
63    #[cfg(feature = "pooling-allocator")]
64    Pooling(PoolingAllocationConfig),
65}
66
67impl InstanceAllocationStrategy {
68    /// The default pooling instance allocation strategy.
69    #[cfg(feature = "pooling-allocator")]
70    pub fn pooling() -> Self {
71        Self::Pooling(Default::default())
72    }
73}
74
75impl Default for InstanceAllocationStrategy {
76    fn default() -> Self {
77        Self::OnDemand
78    }
79}
80
81#[cfg(feature = "pooling-allocator")]
82impl From<PoolingAllocationConfig> for InstanceAllocationStrategy {
83    fn from(cfg: PoolingAllocationConfig) -> InstanceAllocationStrategy {
84        InstanceAllocationStrategy::Pooling(cfg)
85    }
86}
87
88#[derive(Clone)]
89/// Configure the strategy used for versioning in serializing and deserializing [`crate::Module`].
90pub enum ModuleVersionStrategy {
91    /// Use the wasmtime crate's Cargo package version.
92    WasmtimeVersion,
93    /// Use a custom version string. Must be at most 255 bytes.
94    Custom(String),
95    /// Emit no version string in serialization, and accept all version strings in deserialization.
96    None,
97}
98
99impl Default for ModuleVersionStrategy {
100    fn default() -> Self {
101        ModuleVersionStrategy::WasmtimeVersion
102    }
103}
104
105impl core::hash::Hash for ModuleVersionStrategy {
106    fn hash<H: core::hash::Hasher>(&self, hasher: &mut H) {
107        match self {
108            Self::WasmtimeVersion => env!("CARGO_PKG_VERSION").hash(hasher),
109            Self::Custom(s) => s.hash(hasher),
110            Self::None => {}
111        };
112    }
113}
114
115impl ModuleVersionStrategy {
116    /// Get the string-encoding version of the module.
117    pub fn as_str(&self) -> &str {
118        match &self {
119            Self::WasmtimeVersion => env!("CARGO_PKG_VERSION_MAJOR"),
120            Self::Custom(c) => c,
121            Self::None => "",
122        }
123    }
124}
125
126/// Configuration for record/replay
127#[derive(Clone)]
128#[non_exhaustive]
129pub enum RRConfig {
130    #[cfg(feature = "rr")]
131    /// Recording on store is enabled
132    Recording,
133    #[cfg(feature = "rr")]
134    /// Replaying on store is enabled
135    Replaying,
136    /// No record/replay is enabled
137    None,
138}
139
140/// Global configuration options used to create an [`Engine`]
141/// and customize its behavior.
142///
143/// This structure exposed a builder-like interface and is primarily consumed by
144/// [`Engine::new()`].
145///
146/// The validation of `Config` is deferred until the engine is being built, thus
147/// a problematic config may cause [`Engine::new`] to fail.
148///
149/// # Defaults
150///
151/// The `Default` trait implementation and the return value from
152/// [`Config::new()`] are the same and represent the default set of
153/// configuration for an engine. The exact set of defaults will differ based on
154/// properties such as enabled Cargo features at compile time and the configured
155/// target (see [`Config::target`]). Configuration options document their
156/// default values and what the conditional value of the default is where
157/// applicable.
158#[derive(Clone)]
159pub struct Config {
160    #[cfg(any(feature = "cranelift", feature = "winch"))]
161    compiler_config: Option<CompilerConfig>,
162    target: Option<target_lexicon::Triple>,
163    #[cfg(feature = "gc")]
164    collector: Collector,
165    profiling_strategy: ProfilingStrategy,
166    tunables: ConfigTunables,
167
168    #[cfg(feature = "cache")]
169    pub(crate) cache: Option<Cache>,
170    #[cfg(feature = "runtime")]
171    pub(crate) mem_creator: Option<Arc<dyn RuntimeMemoryCreator>>,
172    #[cfg(feature = "runtime")]
173    pub(crate) custom_code_memory: Option<Arc<dyn CustomCodeMemory>>,
174    pub(crate) allocation_strategy: InstanceAllocationStrategy,
175    pub(crate) max_wasm_stack: usize,
176    /// Explicitly enabled features via `Config::wasm_*` methods. This is a
177    /// signal that the embedder specifically wants something turned on
178    /// regardless of the defaults that Wasmtime might otherwise have enabled.
179    ///
180    /// Note that this, and `disabled_features` below, start as the empty set of
181    /// features to only track explicit user requests.
182    pub(crate) enabled_features: WasmFeatures,
183    /// Same as `enabled_features`, but for those that are explicitly disabled.
184    pub(crate) disabled_features: WasmFeatures,
185    pub(crate) wasm_backtrace_details_env_used: bool,
186    pub(crate) wasm_backtrace_max_frames: Option<NonZeroUsize>,
187    pub(crate) native_unwind_info: Option<bool>,
188    pub(crate) async_stack_size: usize,
189    pub(crate) async_stack_zeroing: bool,
190    #[cfg(feature = "async")]
191    pub(crate) stack_creator: Option<Arc<dyn RuntimeFiberStackCreator>>,
192    pub(crate) module_version: ModuleVersionStrategy,
193    pub(crate) parallel_compilation: bool,
194    pub(crate) memory_guaranteed_dense_image_size: u64,
195    pub(crate) force_memory_init_memfd: bool,
196    pub(crate) wmemcheck: bool,
197    #[cfg(feature = "coredump")]
198    pub(crate) coredump_on_trap: bool,
199    pub(crate) macos_use_mach_ports: bool,
200    pub(crate) detect_host_feature: Option<fn(&str) -> Option<bool>>,
201    pub(crate) x86_float_abi_ok: Option<bool>,
202    pub(crate) shared_memory: bool,
203    pub(crate) rr_config: RRConfig,
204}
205
206/// User-provided configuration for the compiler.
207#[cfg(any(feature = "cranelift", feature = "winch"))]
208#[derive(Debug, Clone)]
209struct CompilerConfig {
210    strategy: Option<Strategy>,
211    settings: crate::hash_map::HashMap<String, (String, UserSpecified)>,
212    flags: crate::hash_map::HashMap<String, UserSpecified>,
213    #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
214    cache_store: Option<Arc<dyn CacheStore>>,
215    clif_dir: Option<std::path::PathBuf>,
216    wmemcheck: bool,
217}
218
219#[cfg(any(feature = "cranelift", feature = "winch"))]
220#[derive(Debug, Clone)]
221enum UserSpecified {
222    Yes,
223    No,
224}
225
226#[cfg(any(feature = "cranelift", feature = "winch"))]
227impl CompilerConfig {
228    fn new() -> Self {
229        Self {
230            strategy: Strategy::Auto.not_auto(),
231            settings: Default::default(),
232            flags: Default::default(),
233            #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
234            cache_store: None,
235            clif_dir: None,
236            wmemcheck: false,
237        }
238    }
239
240    /// Ensures that the key is not set or equals to the given value.
241    /// If the key is not set, it will be set to the given value.
242    ///
243    /// # Returns
244    ///
245    /// Returns true if successfully set or already had the given setting
246    /// value, or false if the setting was explicitly set to something
247    /// else previously.
248    fn ensure_setting_unset_or_given(&mut self, k: &str, v: &str) -> bool {
249        if let Some((value, _)) = self.settings.get(k) {
250            if value != v {
251                return false;
252            }
253        } else {
254            self.settings
255                .insert(k.to_string(), (v.to_string(), UserSpecified::No));
256        }
257        true
258    }
259}
260
261#[cfg(any(feature = "cranelift", feature = "winch"))]
262impl Default for CompilerConfig {
263    fn default() -> Self {
264        Self::new()
265    }
266}
267
268impl Config {
269    /// Creates a new configuration object with the default configuration
270    /// specified.
271    pub fn new() -> Self {
272        let mut ret = Self {
273            tunables: ConfigTunables::default(),
274            #[cfg(any(feature = "cranelift", feature = "winch"))]
275            compiler_config: Some(CompilerConfig::default()),
276            target: None,
277            #[cfg(feature = "gc")]
278            collector: Collector::default(),
279            #[cfg(feature = "cache")]
280            cache: None,
281            profiling_strategy: ProfilingStrategy::None,
282            #[cfg(feature = "runtime")]
283            mem_creator: None,
284            #[cfg(feature = "runtime")]
285            custom_code_memory: None,
286            allocation_strategy: InstanceAllocationStrategy::OnDemand,
287            // 512k of stack -- note that this is chosen currently to not be too
288            // big, not be too small, and be a good default for most platforms.
289            // One platform of particular note is Windows where the stack size
290            // of the main thread seems to, by default, be smaller than that of
291            // Linux and macOS. This 512k value at least lets our current test
292            // suite pass on the main thread of Windows (using `--test-threads
293            // 1` forces this), or at least it passed when this change was
294            // committed.
295            max_wasm_stack: 512 * 1024,
296            wasm_backtrace_details_env_used: false,
297            wasm_backtrace_max_frames: Some(DEFAULT_WASM_BACKTRACE_MAX_FRAMES),
298            native_unwind_info: None,
299            enabled_features: WasmFeatures::empty(),
300            disabled_features: WasmFeatures::empty(),
301            async_stack_size: 2 << 20,
302            async_stack_zeroing: false,
303            #[cfg(feature = "async")]
304            stack_creator: None,
305            module_version: ModuleVersionStrategy::default(),
306            parallel_compilation: !cfg!(miri),
307            memory_guaranteed_dense_image_size: 16 << 20,
308            force_memory_init_memfd: false,
309            wmemcheck: false,
310            #[cfg(feature = "coredump")]
311            coredump_on_trap: false,
312            macos_use_mach_ports: !cfg!(miri),
313            #[cfg(feature = "std")]
314            detect_host_feature: Some(detect_host_feature),
315            #[cfg(not(feature = "std"))]
316            detect_host_feature: None,
317            x86_float_abi_ok: None,
318            shared_memory: false,
319            rr_config: RRConfig::None,
320        };
321        ret.wasm_backtrace_details(WasmBacktraceDetails::Environment);
322        ret
323    }
324
325    #[cfg(any(feature = "cranelift", feature = "winch"))]
326    pub(crate) fn has_compiler(&self) -> bool {
327        self.compiler_config.is_some()
328    }
329
330    #[track_caller]
331    #[cfg(any(feature = "cranelift", feature = "winch"))]
332    fn compiler_config_mut(&mut self) -> &mut CompilerConfig {
333        self.compiler_config.as_mut().expect(
334            "cannot configure compiler settings for `Config`s \
335             created by `Config::without_compiler`",
336        )
337    }
338
339    /// Configure whether Wasm compilation is enabled.
340    ///
341    /// Disabling Wasm compilation will allow you to load and run
342    /// [pre-compiled][Engine::precompile_module] Wasm programs, but not
343    /// to compile and run new Wasm programs that have not already been
344    /// pre-compiled.
345    ///
346    /// Many compilation-related configuration methods will panic if compilation
347    /// has been disabled.
348    ///
349    /// Note that there are two ways to disable Wasm compilation:
350    ///
351    /// 1. Statically, by disabling the `"cranelift"` and `"winch"` cargo
352    ///    features when building Wasmtime. These builds of Wasmtime will have
353    ///    smaller code size, since they do not include any of the code to
354    ///    compile Wasm.
355    ///
356    /// 2. Dynamically, by passing `false` to this method at run-time when
357    ///    configuring Wasmtime. The Wasmtime binary will still include the code
358    ///    for compiling Wasm, it just won't be executed, so code size is larger
359    ///    than with the first approach.
360    ///
361    /// The static approach is better in most cases, however dynamically calling
362    /// `enable_compiler(false)` is useful whenever you create multiple
363    /// [`Engine`]s in the same process, some of which must be able to compile
364    /// Wasm and some of which should never do so. Tests are a common example of
365    /// such a situation, especially when there are multiple Rust binaries in
366    /// the same cargo workspace, and cargo's feature resolution enables the
367    /// `"cranelift"` or `"winch"` features across the whole workspace.
368    #[cfg(any(feature = "cranelift", feature = "winch"))]
369    pub fn enable_compiler(&mut self, enable: bool) -> &mut Self {
370        match (enable, &self.compiler_config) {
371            (true, Some(_)) | (false, None) => {}
372            (true, None) => {
373                self.compiler_config = Some(CompilerConfig::default());
374            }
375            (false, Some(_)) => {
376                self.compiler_config = None;
377            }
378        }
379        self
380    }
381
382    /// Configures the target platform of this [`Config`].
383    ///
384    /// This method is used to configure the output of compilation in an
385    /// [`Engine`]. This can be used, for example, to
386    /// cross-compile from one platform to another. By default, the host target
387    /// triple is used meaning compiled code is suitable to run on the host.
388    ///
389    /// Note that the [`Module`](crate::Module) type can only be created if the
390    /// target configured here matches the host. Otherwise if a cross-compile is
391    /// being performed where the host doesn't match the target then
392    /// [`Engine::precompile_module`] must be used instead.
393    ///
394    /// Target-specific flags (such as CPU features) will not be inferred by
395    /// default for the target when one is provided here. This means that this
396    /// can also be used, for example, with the host architecture to disable all
397    /// host-inferred feature flags. Configuring target-specific flags can be
398    /// done with [`Config::cranelift_flag_set`] and
399    /// [`Config::cranelift_flag_enable`].
400    ///
401    /// # Errors
402    ///
403    /// This method will error if the given target triple is not supported.
404    pub fn target(&mut self, target: &str) -> Result<&mut Self> {
405        self.target =
406            Some(target_lexicon::Triple::from_str(target).map_err(|e| crate::format_err!(e))?);
407
408        Ok(self)
409    }
410
411    /// Enables the incremental compilation cache in Cranelift, using the provided `CacheStore`
412    /// backend for storage.
413    ///
414    /// # Panics
415    ///
416    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
417    #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
418    pub fn enable_incremental_compilation(
419        &mut self,
420        cache_store: Arc<dyn CacheStore>,
421    ) -> Result<&mut Self> {
422        self.compiler_config_mut().cache_store = Some(cache_store);
423        Ok(self)
424    }
425
426    #[doc(hidden)]
427    #[deprecated(note = "no longer has any effect")]
428    #[cfg(feature = "async")]
429    pub fn async_support(&mut self, _enable: bool) -> &mut Self {
430        self
431    }
432
433    /// Configures whether DWARF debug information will be emitted
434    /// during compilation for a native debugger on the Wasmtime
435    /// process to consume.
436    ///
437    /// Note that the `debug-builtins` compile-time Cargo feature must also be
438    /// enabled for native debuggers such as GDB or LLDB to be able to debug
439    /// guest WebAssembly programs.
440    ///
441    /// By default this option is `false`.
442    /// **Note** Enabling this option is not compatible with the Winch compiler.
443    pub fn debug_info(&mut self, enable: bool) -> &mut Self {
444        self.tunables.debug_native = Some(enable);
445        self
446    }
447
448    /// Whether or not symbols are located in generated compiled module
449    /// artifacts.
450    ///
451    /// Wasmtime's currently representation of compiled artifacts is an ELF
452    /// file. ELF files have symbol tables and such and this option enables
453    /// whether symbols are emitted for wasm functions. This utility can be
454    /// useful when profiling wasm modules (many profilers work with
455    /// ELF-in-memory by default without futher configuration), introspection of
456    /// a `*.cwasm` (e.g. the symbol table is what `wasmtime objdump` reads), or
457    /// just general binary analysis of the result ELF file. Large wasm modules
458    /// can have large symbol tables, however, and the symbols serve no purpose
459    /// at runtime meaning that they are pure overhead for minimal module as
460    /// well. This option can be used to disable these symbols which will reduce
461    /// the debuggability of modules but will also reduce their size.
462    ///
463    /// Note that the ELF file representation is considered an implementation
464    /// detail of Wasmtime and embedders should not rely on this format.
465    /// Wasmtime may change the format of artifacts in the future.
466    ///
467    /// This option is `true` by default.
468    ///
469    /// This option is required if [`Config::debug_info`] is enabled.
470    pub fn debug_symbols(&mut self, enable: bool) -> &mut Self {
471        self.tunables.debug_symbols = Some(enable);
472        self
473    }
474
475    /// Configures whether compiled guest code will be instrumented to
476    /// provide debugging at the Wasm VM level.
477    ///
478    /// This is required in order to enable a guest-level debugging
479    /// API that can precisely examine Wasm VM state and (eventually,
480    /// once it is complete) set breakpoints and watchpoints and step
481    /// through code.
482    ///
483    /// Without this enabled, debugging can only be done via a native
484    /// debugger operating on the compiled guest code (see
485    /// [`Config::debug_info`] and is "best-effort": we may be able to
486    /// recover some Wasm locals or operand stack values, but it is
487    /// not guaranteed, even when optimizations are disabled.
488    ///
489    /// When this is enabled, additional instrumentation is inserted
490    /// that directly tracks the Wasm VM state at every step. This has
491    /// some performance impact, but allows perfect debugging
492    /// fidelity.
493    ///
494    /// Breakpoints, watchpoints, and stepping are not yet supported,
495    /// but will be added in a future version of Wasmtime.
496    ///
497    /// This enables use of the [`crate::FrameHandle`] API which is
498    /// provided by [`crate::Caller::debug_exit_frames`] or
499    /// [`crate::Store::debug_exit_frames`].
500    ///
501    /// ***Note*** Enabling this option is not compatible with the
502    /// Winch compiler.
503    #[cfg(feature = "debug")]
504    pub fn guest_debug(&mut self, enable: bool) -> &mut Self {
505        self.tunables.debug_guest = Some(enable);
506        self
507    }
508
509    /// Configures whether [`WasmBacktrace`] will be present in the context of
510    /// errors returned from Wasmtime.
511    ///
512    /// This method is deprecated in favor of
513    /// [`Config::wasm_backtrace_max_frames`]. Calling `wasm_backtrace(false)`
514    /// is equivalent to `wasm_backtrace_max_frames(None)`, and
515    /// `wasm_backtrace(true)` will leave `wasm_backtrace_max_frames` unchanged
516    /// if the value is `Some` and will otherwise restore the default `Some`
517    /// value.
518    ///
519    /// [`WasmBacktrace`]: crate::WasmBacktrace
520    #[deprecated = "use `wasm_backtrace_max_frames` instead"]
521    pub fn wasm_backtrace(&mut self, enable: bool) -> &mut Self {
522        match (enable, self.wasm_backtrace_max_frames) {
523            (false, _) => self.wasm_backtrace_max_frames = None,
524            // Wasm backtraces were disabled; enable them with the
525            // default maximum number of frames to capture.
526            (true, None) => {
527                self.wasm_backtrace_max_frames = Some(DEFAULT_WASM_BACKTRACE_MAX_FRAMES)
528            }
529            // Wasm backtraces are already enabled; keep the existing
530            // max-frames configuration.
531            (true, Some(_)) => {}
532        }
533        self
534    }
535
536    /// Configures whether backtraces in `Trap` will parse debug info in the wasm file to
537    /// have filename/line number information.
538    ///
539    /// When enabled this will causes modules to retain debugging information
540    /// found in wasm binaries. This debug information will be used when a trap
541    /// happens to symbolicate each stack frame and attempt to print a
542    /// filename/line number for each wasm frame in the stack trace.
543    ///
544    /// By default this option is `WasmBacktraceDetails::Environment`, meaning
545    /// that wasm will read `WASMTIME_BACKTRACE_DETAILS` to indicate whether
546    /// details should be parsed. Note that the `std` feature of this crate must
547    /// be active to read environment variables, otherwise this is disabled by
548    /// default.
549    pub fn wasm_backtrace_details(&mut self, enable: WasmBacktraceDetails) -> &mut Self {
550        self.wasm_backtrace_details_env_used = false;
551        self.tunables.parse_wasm_debuginfo = match enable {
552            WasmBacktraceDetails::Enable => Some(true),
553            WasmBacktraceDetails::Disable => Some(false),
554            WasmBacktraceDetails::Environment => {
555                #[cfg(feature = "std")]
556                {
557                    self.wasm_backtrace_details_env_used = true;
558                    std::env::var("WASMTIME_BACKTRACE_DETAILS")
559                        .map(|s| Some(s == "1"))
560                        .unwrap_or(Some(false))
561                }
562                #[cfg(not(feature = "std"))]
563                {
564                    Some(false)
565                }
566            }
567        };
568        self
569    }
570
571    /// Configures the maximum number of WebAssembly frames to collect in
572    /// backtraces.
573    ///
574    /// A backtrace may be collected whenever an error is returned from a host
575    /// function call through to WebAssembly or when WebAssembly itself hits a
576    /// trap condition, such as an out-of-bounds memory access. This flag
577    /// indicates, in these conditions, whether the backtrace is collected or
578    /// not and how many frames should be collected.
579    ///
580    /// Currently wasm backtraces are implemented through frame pointer walking.
581    /// This means that collecting a backtrace is expected to be a fast and
582    /// relatively cheap operation. Additionally backtrace collection is
583    /// suitable in concurrent environments since one thread capturing a
584    /// backtrace won't block other threads.
585    ///
586    /// Collected backtraces are attached via
587    /// [`Error::context`](crate::Error::context) to errors returned from host
588    /// functions. The [`WasmBacktrace`] type can be acquired via
589    /// [`Error::downcast_ref`](crate::Error::downcast_ref) to inspect the
590    /// backtrace. When this option is set to `None` then this context is never
591    /// applied to errors coming out of wasm.
592    ///
593    /// The default value is 20.
594    ///
595    /// [`WasmBacktrace`]: crate::WasmBacktrace
596    pub fn wasm_backtrace_max_frames(&mut self, limit: Option<NonZeroUsize>) -> &mut Self {
597        self.wasm_backtrace_max_frames = limit;
598        self
599    }
600
601    /// Configures whether to generate native unwind information
602    /// (e.g. `.eh_frame` on Linux).
603    ///
604    /// This configuration option only exists to help third-party stack
605    /// capturing mechanisms, such as the system's unwinder or the `backtrace`
606    /// crate, determine how to unwind through Wasm frames. It does not affect
607    /// whether Wasmtime can capture Wasm backtraces or not. The presence of
608    /// [`WasmBacktrace`] is controlled by the
609    /// [`Config::wasm_backtrace_max_frames`] option.
610    ///
611    /// Native unwind information is included:
612    /// - When targeting Windows, since the Windows ABI requires it.
613    /// - By default.
614    ///
615    /// Note that systems loading many modules may wish to disable this
616    /// configuration option instead of leaving it on-by-default. Some platforms
617    /// exhibit quadratic behavior when registering/unregistering unwinding
618    /// information which can greatly slow down the module loading/unloading
619    /// process.
620    ///
621    /// [`WasmBacktrace`]: crate::WasmBacktrace
622    pub fn native_unwind_info(&mut self, enable: bool) -> &mut Self {
623        self.native_unwind_info = Some(enable);
624        self
625    }
626
627    /// Configures whether execution of WebAssembly will "consume fuel" to
628    /// either halt or yield execution as desired.
629    ///
630    /// This can be used to deterministically prevent infinitely-executing
631    /// WebAssembly code by instrumenting generated code to consume fuel as it
632    /// executes. When fuel runs out a trap is raised, however [`Store`] can be
633    /// configured to yield execution periodically via
634    /// [`crate::Store::fuel_async_yield_interval`].
635    ///
636    /// Note that a [`Store`] starts with no fuel, so if you enable this option
637    /// you'll have to be sure to pour some fuel into [`Store`] before
638    /// executing some code.
639    ///
640    /// By default this option is `false`.
641    ///
642    /// **Note** Enabling this option is not compatible with the Winch compiler.
643    ///
644    /// [`Store`]: crate::Store
645    pub fn consume_fuel(&mut self, enable: bool) -> &mut Self {
646        self.tunables.consume_fuel = Some(enable);
647        self
648    }
649
650    /// Configures the fuel cost of each WebAssembly operator.
651    ///
652    /// This is only relevant when [`Config::consume_fuel`] is enabled.
653    pub fn operator_cost(&mut self, cost: OperatorCost) -> &mut Self {
654        self.tunables.operator_cost = Some(OperatorCostStrategy::table(cost));
655        self
656    }
657
658    /// Enables epoch-based interruption.
659    ///
660    /// When executing code in async mode, we sometimes want to
661    /// implement a form of cooperative timeslicing: long-running Wasm
662    /// guest code should periodically yield to the executor
663    /// loop. This yielding could be implemented by using "fuel" (see
664    /// [`consume_fuel`](Config::consume_fuel)). However, fuel
665    /// instrumentation is somewhat expensive: it modifies the
666    /// compiled form of the Wasm code so that it maintains a precise
667    /// instruction count, frequently checking this count against the
668    /// remaining fuel. If one does not need this precise count or
669    /// deterministic interruptions, and only needs a periodic
670    /// interrupt of some form, then It would be better to have a more
671    /// lightweight mechanism.
672    ///
673    /// Epoch-based interruption is that mechanism. There is a global
674    /// "epoch", which is a counter that divides time into arbitrary
675    /// periods (or epochs). This counter lives on the
676    /// [`Engine`] and can be incremented by calling
677    /// [`Engine::increment_epoch`].
678    /// Epoch-based instrumentation works by setting a "deadline
679    /// epoch". The compiled code knows the deadline, and at certain
680    /// points, checks the current epoch against that deadline. It
681    /// will yield if the deadline has been reached.
682    ///
683    /// The idea is that checking an infrequently-changing counter is
684    /// cheaper than counting and frequently storing a precise metric
685    /// (instructions executed) locally. The interruptions are not
686    /// deterministic, but if the embedder increments the epoch in a
687    /// periodic way (say, every regular timer tick by a thread or
688    /// signal handler), then we can ensure that all async code will
689    /// yield to the executor within a bounded time.
690    ///
691    /// The deadline check cannot be avoided by malicious wasm code. It is safe
692    /// to use epoch deadlines to limit the execution time of untrusted
693    /// code.
694    ///
695    /// The [`Store`](crate::Store) tracks the deadline, and controls
696    /// what happens when the deadline is reached during
697    /// execution. Several behaviors are possible:
698    ///
699    /// - Trap if code is executing when the epoch deadline is
700    ///   met. See
701    ///   [`Store::epoch_deadline_trap`](crate::Store::epoch_deadline_trap).
702    ///
703    /// - Call an arbitrary function. This function may chose to trap or
704    ///   increment the epoch. See
705    ///   [`Store::epoch_deadline_callback`](crate::Store::epoch_deadline_callback).
706    ///
707    /// - Yield to the executor loop, then resume when the future is
708    ///   next polled. See
709    ///   [`Store::epoch_deadline_async_yield_and_update`](crate::Store::epoch_deadline_async_yield_and_update).
710    ///
711    /// Trapping is the default. The yielding behaviour may be used for
712    /// the timeslicing behavior described above.
713    ///
714    /// This feature is available with or without async support.
715    /// However, without async support, the timeslicing behaviour is
716    /// not available. This means epoch-based interruption can only
717    /// serve as a simple external-interruption mechanism.
718    ///
719    /// An initial deadline must be set before executing code by calling
720    /// [`Store::set_epoch_deadline`](crate::Store::set_epoch_deadline). If this
721    /// deadline is not configured then wasm will immediately trap.
722    ///
723    /// ## Interaction with blocking host calls
724    ///
725    /// Epochs (and fuel) do not assist in handling WebAssembly code blocked in
726    /// a call to the host. For example if the WebAssembly function calls
727    /// `wasi:io/poll.poll` to sleep epochs will not assist in waking this up or
728    /// timing it out. Epochs intentionally only affect running WebAssembly code
729    /// itself and it's left to the embedder to determine how best to wake up
730    /// indefinitely blocking code in the host.
731    ///
732    /// The typical solution for this, however, is to use the `async` variant of
733    /// WASI host functions. This models computation as a Rust `Future` which
734    /// means that when blocking happens the future is only suspended and
735    /// control yields back to the main event loop. This gives the embedder the
736    /// opportunity to use `tokio::time::timeout` for example on a wasm
737    /// computation and have the desired effect of cancelling a blocking
738    /// operation when a timeout expires.
739    ///
740    /// ## When to use fuel vs. epochs
741    ///
742    /// In general, epoch-based interruption results in faster
743    /// execution. This difference is sometimes significant: in some
744    /// measurements, up to 2-3x. This is because epoch-based
745    /// interruption does less work: it only watches for a global
746    /// rarely-changing counter to increment, rather than keeping a
747    /// local frequently-changing counter and comparing it to a
748    /// deadline.
749    ///
750    /// Fuel, in contrast, should be used when *deterministic*
751    /// yielding or trapping is needed. For example, if it is required
752    /// that the same function call with the same starting state will
753    /// always either complete or trap with an out-of-fuel error,
754    /// deterministically, then fuel with a fixed bound should be
755    /// used.
756    ///
757    /// **Note** Enabling this option is not compatible with the Winch compiler.
758    ///
759    /// # See Also
760    ///
761    /// - [`Store::set_epoch_deadline`](crate::Store::set_epoch_deadline)
762    /// - [`Store::epoch_deadline_trap`](crate::Store::epoch_deadline_trap)
763    /// - [`Store::epoch_deadline_callback`](crate::Store::epoch_deadline_callback)
764    /// - [`Store::epoch_deadline_async_yield_and_update`](crate::Store::epoch_deadline_async_yield_and_update)
765    pub fn epoch_interruption(&mut self, enable: bool) -> &mut Self {
766        self.tunables.epoch_interruption = Some(enable);
767        self
768    }
769
770    /// XXX: For internal fuzzing and debugging use only!
771    #[doc(hidden)]
772    pub fn gc_zeal_alloc_counter(&mut self, counter: Option<NonZeroU32>) -> Result<&mut Self> {
773        #[cfg(not(gc_zeal))]
774        {
775            let _ = counter;
776            bail!(
777                "cannot set `gc_zeal_alloc_counter` because Wasmtime was not built with `cfg(gc_zeal)`"
778            );
779        }
780
781        #[cfg(gc_zeal)]
782        {
783            self.tunables.gc_zeal_alloc_counter = Some(counter);
784            Ok(self)
785        }
786    }
787
788    /// Configures the maximum amount of stack space available for
789    /// executing WebAssembly code.
790    ///
791    /// WebAssembly has well-defined semantics on stack overflow. This is
792    /// intended to be a knob which can help configure how much stack space
793    /// wasm execution is allowed to consume. Note that the number here is not
794    /// super-precise, but rather wasm will take at most "pretty close to this
795    /// much" stack space.
796    ///
797    /// If a wasm call (or series of nested wasm calls) take more stack space
798    /// than the `size` specified then a stack overflow trap will be raised.
799    ///
800    /// Caveat: this knob only limits the stack space consumed by wasm code.
801    /// More importantly, it does not ensure that this much stack space is
802    /// available on the calling thread stack. Exhausting the thread stack
803    /// typically leads to an **abort** of the process.
804    ///
805    /// Here are some examples of how that could happen:
806    ///
807    /// - Let's assume this option is set to 2 MiB and then a thread that has
808    ///   a stack with 512 KiB left.
809    ///
810    ///   If wasm code consumes more than 512 KiB then the process will be aborted.
811    ///
812    /// - Assuming the same conditions, but this time wasm code does not consume
813    ///   any stack but calls into a host function. The host function consumes
814    ///   more than 512 KiB of stack space. The process will be aborted.
815    ///
816    /// There's another gotcha related to recursive calling into wasm: the stack
817    /// space consumed by a host function is counted towards this limit. The
818    /// host functions are not prevented from consuming more than this limit.
819    /// However, if the host function that used more than this limit and called
820    /// back into wasm, then the execution will trap immediately because of
821    /// stack overflow.
822    ///
823    /// When the `async` feature is enabled, this value cannot exceed the
824    /// `async_stack_size` option. Be careful not to set this value too close
825    /// to `async_stack_size` as doing so may limit how much stack space
826    /// is available for host functions.
827    ///
828    /// By default this option is 512 KiB.
829    ///
830    /// # Errors
831    ///
832    /// The [`Engine::new`] method will fail if the `size` specified here is
833    /// either 0 or larger than the [`Config::async_stack_size`] configuration.
834    pub fn max_wasm_stack(&mut self, size: usize) -> &mut Self {
835        self.max_wasm_stack = size;
836        self
837    }
838
839    /// Configures the size of the stacks used for asynchronous execution.
840    ///
841    /// This setting configures the size of the stacks that are allocated for
842    /// asynchronous execution. The value cannot be less than `max_wasm_stack`.
843    ///
844    /// The amount of stack space guaranteed for host functions is
845    /// `async_stack_size - max_wasm_stack`, so take care not to set these two values
846    /// close to one another; doing so may cause host functions to overflow the
847    /// stack and abort the process.
848    ///
849    /// By default this option is 2 MiB.
850    ///
851    /// # Errors
852    ///
853    /// The [`Engine::new`] method will fail if the value for this option is
854    /// smaller than the [`Config::max_wasm_stack`] option.
855    pub fn async_stack_size(&mut self, size: usize) -> &mut Self {
856        self.async_stack_size = size;
857        self
858    }
859
860    /// Configures whether or not stacks used for async futures are zeroed
861    /// before (re)use.
862    ///
863    /// When the [`call_async`] variant of calling WebAssembly is used
864    /// then Wasmtime will create a separate runtime execution stack for each
865    /// future produced by [`call_async`]. By default upon allocation, depending
866    /// on the platform, these stacks might be filled with uninitialized
867    /// memory. This is safe and correct because, modulo bugs in Wasmtime,
868    /// compiled Wasm code will never read from a stack slot before it
869    /// initializes the stack slot.
870    ///
871    /// However, as a defense-in-depth mechanism, you may configure Wasmtime to
872    /// ensure that these stacks are zeroed before they are used. Notably, if
873    /// you are using the pooling allocator, stacks can be pooled and reused
874    /// across different Wasm guests; ensuring that stacks are zeroed can
875    /// prevent data leakage between Wasm guests even in the face of potential
876    /// read-of-stack-slot-before-initialization bugs in Wasmtime's compiler.
877    ///
878    /// Stack zeroing can be a costly operation in highly concurrent
879    /// environments due to modifications of the virtual address space requiring
880    /// process-wide synchronization. It can also be costly in `no-std`
881    /// environments that must manually zero memory, and cannot rely on an OS
882    /// and virtual memory to provide zeroed pages.
883    ///
884    /// This option defaults to `false`.
885    ///
886    /// [`call_async`]: crate::TypedFunc::call_async
887    pub fn async_stack_zeroing(&mut self, enable: bool) -> &mut Self {
888        self.async_stack_zeroing = enable;
889        self
890    }
891
892    /// Explicitly enables (and un-disables) a given set of [`WasmFeatures`].
893    ///
894    /// Note: this is a low-level method that does not necessarily imply that
895    /// wasmtime _supports_ a feature. It should only be used to _disable_
896    /// features that callers want to be rejected by the parser or _enable_
897    /// features callers are certain that the current configuration of wasmtime
898    /// supports.
899    ///
900    /// Feature validation is deferred until an engine is being built, thus by
901    /// enabling features here a caller may cause
902    /// [`Engine::new`] to fail later, if the feature
903    /// configuration isn't supported.
904    pub fn wasm_features(&mut self, flag: WasmFeatures, enable: bool) -> &mut Self {
905        self.enabled_features.set(flag, enable);
906        self.disabled_features.set(flag, !enable);
907        self
908    }
909
910    /// Configures whether the WebAssembly tail calls proposal will be enabled
911    /// for compilation or not.
912    ///
913    /// The [WebAssembly tail calls proposal] introduces the `return_call` and
914    /// `return_call_indirect` instructions. These instructions allow for Wasm
915    /// programs to implement some recursive algorithms with *O(1)* stack space
916    /// usage.
917    ///
918    /// This is `true` by default except when the Winch compiler is enabled.
919    ///
920    /// [WebAssembly tail calls proposal]: https://github.com/WebAssembly/tail-call
921    pub fn wasm_tail_call(&mut self, enable: bool) -> &mut Self {
922        self.wasm_features(WasmFeatures::TAIL_CALL, enable);
923        self
924    }
925
926    /// Configures whether the WebAssembly [branch-hinting] proposal is enabled.
927    ///
928    /// When enabled, the `metadata.code.branch_hint` custom section is parsed
929    /// and used to lay out cold code paths during compilation. The hints are
930    /// advisory and never affect execution semantics.
931    ///
932    /// This is `false` by default until the proposal has been fuzzed.
933    ///
934    /// [branch-hinting]: https://github.com/WebAssembly/branch-hinting
935    pub fn wasm_branch_hinting(&mut self, enable: bool) -> &mut Self {
936        self.tunables.branch_hinting = Some(enable);
937        self
938    }
939
940    /// Configures whether the WebAssembly custom-page-sizes proposal will be
941    /// enabled for compilation or not.
942    ///
943    /// The [WebAssembly custom-page-sizes proposal] allows a memory to
944    /// customize its page sizes. By default, Wasm page sizes are 64KiB
945    /// large. This proposal allows the memory to opt into smaller page sizes
946    /// instead, allowing Wasm to run in environments with less than 64KiB RAM
947    /// available, for example.
948    ///
949    /// Note that the page size is part of the memory's type, and because
950    /// different memories may have different types, they may also have
951    /// different page sizes.
952    ///
953    /// Currently the only valid page sizes are 64KiB (the default) and 1
954    /// byte. Future extensions may relax this constraint and allow all powers
955    /// of two.
956    ///
957    /// Support for this proposal is disabled by default.
958    ///
959    /// [WebAssembly custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes
960    pub fn wasm_custom_page_sizes(&mut self, enable: bool) -> &mut Self {
961        self.wasm_features(WasmFeatures::CUSTOM_PAGE_SIZES, enable);
962        self
963    }
964
965    /// Configures whether the WebAssembly [threads] proposal will be enabled
966    /// for compilation.
967    ///
968    /// This feature gates items such as shared memories and atomic
969    /// instructions. Note that the threads feature depends on the bulk memory
970    /// feature, which is enabled by default. Additionally note that while the
971    /// wasm feature is called "threads" it does not actually include the
972    /// ability to spawn threads. Spawning threads is part of the [wasi-threads]
973    /// proposal which is a separately gated feature in Wasmtime.
974    ///
975    /// Embeddings of Wasmtime are able to build their own custom threading
976    /// scheme on top of the core wasm threads proposal, however.
977    ///
978    /// The default value for this option is whether the `threads`
979    /// crate feature of Wasmtime is enabled or not. By default this crate
980    /// feature is enabled.
981    ///
982    /// [threads]: https://github.com/webassembly/threads
983    /// [wasi-threads]: https://github.com/webassembly/wasi-threads
984    #[cfg(feature = "threads")]
985    pub fn wasm_threads(&mut self, enable: bool) -> &mut Self {
986        self.wasm_features(WasmFeatures::THREADS, enable);
987        self
988    }
989
990    /// Configures whether the WebAssembly [shared-everything-threads] proposal
991    /// will be enabled for compilation.
992    ///
993    /// This feature gates extended use of the `shared` attribute on items other
994    /// than memories, extra atomic instructions, and new component model
995    /// intrinsics for spawning threads. It depends on the
996    /// [`wasm_threads`][Self::wasm_threads] being enabled.
997    ///
998    /// [shared-everything-threads]:
999    ///     https://github.com/webassembly/shared-everything-threads
1000    pub fn wasm_shared_everything_threads(&mut self, enable: bool) -> &mut Self {
1001        self.wasm_features(WasmFeatures::SHARED_EVERYTHING_THREADS, enable);
1002        self
1003    }
1004
1005    /// Configures whether the [WebAssembly reference types proposal][proposal]
1006    /// will be enabled for compilation.
1007    ///
1008    /// This feature gates items such as the `externref` and `funcref` types as
1009    /// well as allowing a module to define multiple tables.
1010    ///
1011    /// Note that the reference types proposal depends on the bulk memory proposal.
1012    ///
1013    /// This feature is `true` by default.
1014    ///
1015    /// # Errors
1016    ///
1017    /// The validation of this feature are deferred until the engine is being built,
1018    /// and thus may cause [`Engine::new`] fail if the `bulk_memory` feature is disabled.
1019    ///
1020    /// [proposal]: https://github.com/webassembly/reference-types
1021    #[cfg(feature = "gc")]
1022    pub fn wasm_reference_types(&mut self, enable: bool) -> &mut Self {
1023        self.wasm_features(WasmFeatures::REFERENCE_TYPES, enable);
1024        self
1025    }
1026
1027    /// Configures whether the [WebAssembly function references
1028    /// proposal][proposal] will be enabled for compilation.
1029    ///
1030    /// This feature gates non-nullable reference types, function reference
1031    /// types, `call_ref`, `ref.func`, and non-nullable reference related
1032    /// instructions.
1033    ///
1034    /// Note that the function references proposal depends on the reference
1035    /// types proposal.
1036    ///
1037    /// This feature is `true` by default.
1038    ///
1039    /// [proposal]: https://github.com/WebAssembly/function-references
1040    #[cfg(feature = "gc")]
1041    pub fn wasm_function_references(&mut self, enable: bool) -> &mut Self {
1042        self.wasm_features(WasmFeatures::FUNCTION_REFERENCES, enable);
1043        self
1044    }
1045
1046    /// Configures whether the [WebAssembly wide-arithmetic][proposal] will be
1047    /// enabled for compilation.
1048    ///
1049    /// This feature is `false` by default.
1050    ///
1051    /// [proposal]: https://github.com/WebAssembly/wide-arithmetic
1052    pub fn wasm_wide_arithmetic(&mut self, enable: bool) -> &mut Self {
1053        self.wasm_features(WasmFeatures::WIDE_ARITHMETIC, enable);
1054        self
1055    }
1056
1057    /// Configures whether the [WebAssembly Garbage Collection
1058    /// proposal][proposal] will be enabled for compilation.
1059    ///
1060    /// This feature gates `struct` and `array` type definitions and references,
1061    /// the `i31ref` type, and all related instructions.
1062    ///
1063    /// Note that the function references proposal depends on the typed function
1064    /// references proposal.
1065    ///
1066    /// This feature is `true` by default.
1067    ///
1068    /// [proposal]: https://github.com/WebAssembly/gc
1069    pub fn wasm_gc(&mut self, enable: bool) -> &mut Self {
1070        self.wasm_features(WasmFeatures::GC, enable);
1071        self
1072    }
1073
1074    /// Configures whether the WebAssembly SIMD proposal will be
1075    /// enabled for compilation.
1076    ///
1077    /// The [WebAssembly SIMD proposal][proposal]. This feature gates items such
1078    /// as the `v128` type and all of its operators being in a module. Note that
1079    /// this does not enable the [relaxed simd proposal].
1080    ///
1081    /// **Note**
1082    ///
1083    /// On x86_64 platforms the base CPU feature requirement for SIMD
1084    /// is SSE2 for the Cranelift compiler and AVX for the Winch compiler.
1085    ///
1086    /// This is `true` by default.
1087    ///
1088    /// [proposal]: https://github.com/webassembly/simd
1089    /// [relaxed simd proposal]: https://github.com/WebAssembly/relaxed-simd
1090    pub fn wasm_simd(&mut self, enable: bool) -> &mut Self {
1091        self.wasm_features(WasmFeatures::SIMD, enable);
1092        self
1093    }
1094
1095    /// Configures whether the WebAssembly Relaxed SIMD proposal will be
1096    /// enabled for compilation.
1097    ///
1098    /// The relaxed SIMD proposal adds new instructions to WebAssembly which,
1099    /// for some specific inputs, are allowed to produce different results on
1100    /// different hosts. More-or-less this proposal enables exposing
1101    /// platform-specific semantics of SIMD instructions in a controlled
1102    /// fashion to a WebAssembly program. From an embedder's perspective this
1103    /// means that WebAssembly programs may execute differently depending on
1104    /// whether the host is x86_64 or AArch64, for example.
1105    ///
1106    /// By default Wasmtime lowers relaxed SIMD instructions to the fastest
1107    /// lowering for the platform it's running on. This means that, by default,
1108    /// some relaxed SIMD instructions may have different results for the same
1109    /// inputs across x86_64 and AArch64. This behavior can be disabled through
1110    /// the [`Config::relaxed_simd_deterministic`] option which will force
1111    /// deterministic behavior across all platforms, as classified by the
1112    /// specification, at the cost of performance.
1113    ///
1114    /// This is `true` by default.
1115    ///
1116    /// [proposal]: https://github.com/webassembly/relaxed-simd
1117    pub fn wasm_relaxed_simd(&mut self, enable: bool) -> &mut Self {
1118        self.wasm_features(WasmFeatures::RELAXED_SIMD, enable);
1119        self
1120    }
1121
1122    /// This option can be used to control the behavior of the [relaxed SIMD
1123    /// proposal's][proposal] instructions.
1124    ///
1125    /// The relaxed SIMD proposal introduces instructions that are allowed to
1126    /// have different behavior on different architectures, primarily to afford
1127    /// an efficient implementation on all architectures. This means, however,
1128    /// that the same module may execute differently on one host than another,
1129    /// which typically is not otherwise the case. This option is provided to
1130    /// force Wasmtime to generate deterministic code for all relaxed simd
1131    /// instructions, at the cost of performance, for all architectures. When
1132    /// this option is enabled then the deterministic behavior of all
1133    /// instructions in the relaxed SIMD proposal is selected.
1134    ///
1135    /// This is `false` by default.
1136    ///
1137    /// [proposal]: https://github.com/webassembly/relaxed-simd
1138    pub fn relaxed_simd_deterministic(&mut self, enable: bool) -> &mut Self {
1139        self.tunables.relaxed_simd_deterministic = Some(enable);
1140        self
1141    }
1142
1143    /// Configures whether the [WebAssembly bulk memory operations
1144    /// proposal][proposal] will be enabled for compilation.
1145    ///
1146    /// This feature gates items such as the `memory.copy` instruction, passive
1147    /// data/table segments, etc, being in a module.
1148    ///
1149    /// This is `true` by default.
1150    ///
1151    /// Feature `reference_types`, which is also `true` by default, requires
1152    /// this feature to be enabled. Thus disabling this feature must also disable
1153    /// `reference_types` as well using [`wasm_reference_types`](crate::Config::wasm_reference_types).
1154    ///
1155    /// # Errors
1156    ///
1157    /// Disabling this feature without disabling `reference_types` will cause
1158    /// [`Engine::new`] to fail.
1159    ///
1160    /// [proposal]: https://github.com/webassembly/bulk-memory-operations
1161    pub fn wasm_bulk_memory(&mut self, enable: bool) -> &mut Self {
1162        self.wasm_features(WasmFeatures::BULK_MEMORY, enable);
1163        self
1164    }
1165
1166    /// Configures whether the WebAssembly multi-value [proposal] will
1167    /// be enabled for compilation.
1168    ///
1169    /// This feature gates functions and blocks returning multiple values in a
1170    /// module, for example.
1171    ///
1172    /// This is `true` by default.
1173    ///
1174    /// [proposal]: https://github.com/webassembly/multi-value
1175    pub fn wasm_multi_value(&mut self, enable: bool) -> &mut Self {
1176        self.wasm_features(WasmFeatures::MULTI_VALUE, enable);
1177        self
1178    }
1179
1180    /// Configures whether the WebAssembly multi-memory [proposal] will
1181    /// be enabled for compilation.
1182    ///
1183    /// This feature gates modules having more than one linear memory
1184    /// declaration or import.
1185    ///
1186    /// This is `true` by default.
1187    ///
1188    /// [proposal]: https://github.com/webassembly/multi-memory
1189    pub fn wasm_multi_memory(&mut self, enable: bool) -> &mut Self {
1190        self.wasm_features(WasmFeatures::MULTI_MEMORY, enable);
1191        self
1192    }
1193
1194    /// Configures whether the WebAssembly memory64 [proposal] will
1195    /// be enabled for compilation.
1196    ///
1197    /// Note that this the upstream specification is not finalized and Wasmtime
1198    /// may also have bugs for this feature since it hasn't been exercised
1199    /// much.
1200    ///
1201    /// This is `false` by default.
1202    ///
1203    /// [proposal]: https://github.com/webassembly/memory64
1204    pub fn wasm_memory64(&mut self, enable: bool) -> &mut Self {
1205        self.wasm_features(WasmFeatures::MEMORY64, enable);
1206        self
1207    }
1208
1209    /// Configures whether the WebAssembly extended-const [proposal] will
1210    /// be enabled for compilation.
1211    ///
1212    /// This is `true` by default.
1213    ///
1214    /// [proposal]: https://github.com/webassembly/extended-const
1215    pub fn wasm_extended_const(&mut self, enable: bool) -> &mut Self {
1216        self.wasm_features(WasmFeatures::EXTENDED_CONST, enable);
1217        self
1218    }
1219
1220    /// Configures whether the [WebAssembly stack switching
1221    /// proposal][proposal] will be enabled for compilation.
1222    ///
1223    /// This feature gates the use of control tags.
1224    ///
1225    /// This feature depends on the `function_reference_types` and
1226    /// `exceptions` features.
1227    ///
1228    /// This feature is `false` by default.
1229    ///
1230    /// # Errors
1231    ///
1232    /// [proposal]: https://github.com/webassembly/stack-switching
1233    pub fn wasm_stack_switching(&mut self, enable: bool) -> &mut Self {
1234        self.wasm_features(WasmFeatures::STACK_SWITCHING, enable);
1235        self
1236    }
1237
1238    /// Configures whether the WebAssembly component-model [proposal] will
1239    /// be enabled for compilation.
1240    ///
1241    /// This flag can be used to blanket disable all components within Wasmtime.
1242    /// Otherwise usage of components requires statically using
1243    /// [`Component`](crate::component::Component) instead of
1244    /// [`Module`](crate::Module) for example anyway.
1245    ///
1246    /// The default value for this option is whether the `component-model`
1247    /// crate feature of Wasmtime is enabled or not. By default this crate
1248    /// feature is enabled.
1249    ///
1250    /// [proposal]: https://github.com/webassembly/component-model
1251    #[cfg(feature = "component-model")]
1252    pub fn wasm_component_model(&mut self, enable: bool) -> &mut Self {
1253        self.wasm_features(WasmFeatures::COMPONENT_MODEL, enable);
1254        self
1255    }
1256
1257    /// Configures whether components support the async ABI [proposal] for
1258    /// lifting and lowering functions, as well as `stream`, `future`, and
1259    /// `error-context` types.
1260    ///
1261    /// Please note that Wasmtime's support for this feature is _very_
1262    /// incomplete.
1263    ///
1264    /// [proposal]:
1265    ///     https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1266    #[cfg(feature = "component-model-async")]
1267    pub fn wasm_component_model_async(&mut self, enable: bool) -> &mut Self {
1268        self.wasm_features(WasmFeatures::CM_ASYNC, enable);
1269        self
1270    }
1271
1272    /// This corresponds to the 🚝 emoji in the component model specification.
1273    ///
1274    /// Please note that Wasmtime's support for this feature is _very_
1275    /// incomplete.
1276    ///
1277    /// [proposal]:
1278    ///     https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1279    #[cfg(feature = "component-model-async")]
1280    pub fn wasm_component_model_more_async_builtins(&mut self, enable: bool) -> &mut Self {
1281        self.wasm_features(WasmFeatures::CM_MORE_ASYNC_BUILTINS, enable);
1282        self
1283    }
1284
1285    /// This corresponds to the 🚟 emoji in the component model specification.
1286    ///
1287    /// Please note that Wasmtime's support for this feature is _very_
1288    /// incomplete.
1289    ///
1290    /// [proposal]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1291    #[cfg(feature = "component-model-async")]
1292    pub fn wasm_component_model_async_stackful(&mut self, enable: bool) -> &mut Self {
1293        self.wasm_features(WasmFeatures::CM_ASYNC_STACKFUL, enable);
1294        self
1295    }
1296
1297    /// This corresponds to the 🧵 emoji in the component model specification.
1298    ///
1299    /// Please note that Wasmtime's support for this feature is _very_
1300    /// incomplete.
1301    ///
1302    /// [proposal]:
1303    ///     https://github.com/WebAssembly/component-model/pull/557
1304    #[cfg(feature = "component-model-async")]
1305    pub fn wasm_component_model_threading(&mut self, enable: bool) -> &mut Self {
1306        self.wasm_features(WasmFeatures::CM_THREADING, enable);
1307        self
1308    }
1309
1310    /// This corresponds to the 📝 emoji in the component model specification.
1311    ///
1312    /// Please note that Wasmtime's support for this feature is _very_
1313    /// incomplete.
1314    ///
1315    /// [proposal]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1316    #[cfg(feature = "component-model")]
1317    pub fn wasm_component_model_error_context(&mut self, enable: bool) -> &mut Self {
1318        self.wasm_features(WasmFeatures::CM_ERROR_CONTEXT, enable);
1319        self
1320    }
1321
1322    /// Configures whether the [GC extension to the component-model
1323    /// proposal][proposal] is enabled or not.
1324    ///
1325    /// This corresponds to the 🛸 emoji in the component model specification.
1326    ///
1327    /// Please note that Wasmtime's support for this feature is _very_
1328    /// incomplete.
1329    ///
1330    /// [proposal]: https://github.com/WebAssembly/component-model/issues/525
1331    #[cfg(feature = "component-model")]
1332    pub fn wasm_component_model_gc(&mut self, enable: bool) -> &mut Self {
1333        self.wasm_features(WasmFeatures::CM_GC, enable);
1334        self
1335    }
1336
1337    /// Configures whether the component model map type is enabled or not.
1338    ///
1339    /// This is part of the component model specification and enables the
1340    /// `map<k, v>` type in WIT and the component binary format.
1341    #[cfg(feature = "component-model")]
1342    pub fn wasm_component_model_map(&mut self, enable: bool) -> &mut Self {
1343        self.wasm_features(WasmFeatures::CM_MAP, enable);
1344        self
1345    }
1346
1347    /// Configures whether the component model memory64 support is enabled
1348    ///
1349    /// This corresponds to the 🐘 emoji in the component model specification.
1350    ///
1351    /// Please note that Wasmtime's support for this feature is _very_
1352    /// incomplete.
1353    #[cfg(feature = "component-model")]
1354    pub fn wasm_component_model_memory64(&mut self, enable: bool) -> &mut Self {
1355        self.wasm_features(WasmFeatures::CM64, enable);
1356        self
1357    }
1358
1359    /// This corresponds to the 🔧 emoji in the component model specification.
1360    ///
1361    /// Please note that Wasmtime's support for this feature is _very_
1362    /// incomplete.
1363    #[cfg(feature = "component-model")]
1364    pub fn wasm_component_model_fixed_length_lists(&mut self, enable: bool) -> &mut Self {
1365        self.wasm_features(WasmFeatures::CM_FIXED_LENGTH_LISTS, enable);
1366        self
1367    }
1368
1369    /// This corresponds to the 🏷️ emoji in the component model specification.
1370    ///
1371    /// Please note that Wasmtime's support for this feature is a work in
1372    /// progress.
1373    #[cfg(feature = "component-model")]
1374    pub fn wasm_component_model_implements(&mut self, enable: bool) -> &mut Self {
1375        self.wasm_features(WasmFeatures::CM_IMPLEMENTS, enable);
1376        self
1377    }
1378
1379    /// Configures whether the [Exception-handling proposal][proposal] is enabled or not.
1380    ///
1381    /// This is `true` by default.
1382    ///
1383    /// [proposal]: https://github.com/WebAssembly/exception-handling
1384    #[cfg(feature = "gc")]
1385    pub fn wasm_exceptions(&mut self, enable: bool) -> &mut Self {
1386        self.wasm_features(WasmFeatures::EXCEPTIONS, enable);
1387        self
1388    }
1389
1390    #[doc(hidden)] // FIXME(#3427) - if/when implemented then un-hide this
1391    #[deprecated = "This configuration option only exists for internal \
1392                    usage with the spec testsuite. It may be removed at \
1393                    any time and without warning. Do not rely on it!"]
1394    pub fn wasm_legacy_exceptions(&mut self, enable: bool) -> &mut Self {
1395        self.wasm_features(WasmFeatures::LEGACY_EXCEPTIONS, enable);
1396        self
1397    }
1398
1399    /// Configures which compilation strategy will be used for wasm modules.
1400    ///
1401    /// This method can be used to configure which compiler is used for wasm
1402    /// modules, and for more documentation consult the [`Strategy`] enumeration
1403    /// and its documentation.
1404    ///
1405    /// The default value for this is `Strategy::Auto`.
1406    ///
1407    /// # Panics
1408    ///
1409    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1410    #[cfg(any(feature = "cranelift", feature = "winch"))]
1411    pub fn strategy(&mut self, strategy: Strategy) -> &mut Self {
1412        self.compiler_config_mut().strategy = strategy.not_auto();
1413        self
1414    }
1415
1416    /// Configures which garbage collector will be used for Wasm modules.
1417    ///
1418    /// This method can be used to configure which garbage collector
1419    /// implementation is used for Wasm modules. For more documentation, consult
1420    /// the [`Collector`] enumeration and its documentation.
1421    ///
1422    /// The default value for this is `Collector::Auto`.
1423    #[cfg(feature = "gc")]
1424    pub fn collector(&mut self, collector: Collector) -> &mut Self {
1425        self.collector = collector;
1426        self
1427    }
1428
1429    /// Configures the initial size, in bytes, of each store's GC heap.
1430    ///
1431    /// By default all GC heaps start out at 0 bytes in size and must grow
1432    /// upwards from there. Growth happens incrementally as GC pressure happens
1433    /// and memory runs out. The amount being grown by is additionally a
1434    /// heuristic of the size of the failed allocation. By providing an initial
1435    /// size of a store's GC heap embedders can more tightly control initial
1436    /// parameters to optimize workloads that might have a predictable pattern.
1437    /// For example if workloads frequently have less than a certain threshold
1438    /// of size then that could be configured as the initial size here to avoid
1439    /// growths happening over time.
1440    ///
1441    /// Note that like WebAssembly linear memories the GC heap does not start
1442    /// with committed memory equal to this size. Instead memory is reserved,
1443    /// but then lazily allocated by the OS on access. In other words it should
1444    /// be relatively cheap to increase this value to help amortize initial
1445    /// startup cost of wasm modules.
1446    ///
1447    /// The `bytes` size is rounded up to the GC heap's page size.
1448    ///
1449    /// This only configures the initially-allocated size of the GC heap; the
1450    /// heap can still grow beyond it on demand. It is separate from
1451    /// [`Config::gc_heap_reservation`], which configures the size of the
1452    /// virtual-memory reservation (and therefore how far the heap can grow
1453    /// in place).
1454    ///
1455    /// The default value for this is 0.
1456    pub fn gc_heap_initial_size(&mut self, bytes: u64) -> &mut Self {
1457        self.tunables.gc_heap_initial_size = Some(bytes);
1458        self
1459    }
1460
1461    /// Creates a default profiler based on the profiling strategy chosen.
1462    ///
1463    /// Profiler creation calls the type's default initializer where the purpose is
1464    /// really just to put in place the type used for profiling.
1465    ///
1466    /// Some [`ProfilingStrategy`] require specific platforms or particular feature
1467    /// to be enabled, such as `ProfilingStrategy::JitDump` requires the `jitdump`
1468    /// feature.
1469    ///
1470    /// # Errors
1471    ///
1472    /// The validation of this field is deferred until the engine is being built, and thus may
1473    /// cause [`Engine::new`] fail if the required feature is disabled, or the platform is not
1474    /// supported.
1475    pub fn profiler(&mut self, profile: ProfilingStrategy) -> &mut Self {
1476        self.profiling_strategy = profile;
1477        self
1478    }
1479
1480    /// Configures whether the debug verifier of Cranelift is enabled or not.
1481    ///
1482    /// When Cranelift is used as a code generation backend this will configure
1483    /// it to have the `enable_verifier` flag which will enable a number of debug
1484    /// checks inside of Cranelift. This is largely only useful for the
1485    /// developers of wasmtime itself.
1486    ///
1487    /// The default value for this is `false`
1488    ///
1489    /// # Panics
1490    ///
1491    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1492    #[cfg(any(feature = "cranelift", feature = "winch"))]
1493    pub fn cranelift_debug_verifier(&mut self, enable: bool) -> &mut Self {
1494        let val = if enable { "true" } else { "false" };
1495        self.compiler_config_mut().settings.insert(
1496            "enable_verifier".to_string(),
1497            (val.to_string(), UserSpecified::No),
1498        );
1499        self
1500    }
1501
1502    /// Configures whether extra debug checks are inserted into
1503    /// Wasmtime-generated code by Cranelift.
1504    ///
1505    /// The default value for this is `false`
1506    ///
1507    /// # Panics
1508    ///
1509    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1510    #[cfg(any(feature = "cranelift", feature = "winch"))]
1511    pub fn cranelift_wasmtime_debug_checks(&mut self, enable: bool) -> &mut Self {
1512        unsafe { self.cranelift_flag_set("wasmtime_debug_checks", &enable.to_string()) }
1513    }
1514
1515    /// Configures the Cranelift code generator optimization level.
1516    ///
1517    /// When the Cranelift code generator is used you can configure the
1518    /// optimization level used for generated code in a few various ways. For
1519    /// more information see the documentation of [`OptLevel`].
1520    ///
1521    /// The default value for this is `OptLevel::Speed`.
1522    ///
1523    /// # Panics
1524    ///
1525    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1526    #[cfg(any(feature = "cranelift", feature = "winch"))]
1527    pub fn cranelift_opt_level(&mut self, level: OptLevel) -> &mut Self {
1528        let val = match level {
1529            OptLevel::None => "none",
1530            OptLevel::Speed => "speed",
1531            OptLevel::SpeedAndSize => "speed_and_size",
1532        };
1533        self.compiler_config_mut().settings.insert(
1534            "opt_level".to_string(),
1535            (val.to_string(), UserSpecified::No),
1536        );
1537        self
1538    }
1539
1540    /// Configures the regalloc algorithm used by the Cranelift code generator.
1541    ///
1542    /// Cranelift can select any of several register allocator algorithms. Each
1543    /// of these algorithms generates correct code, but they represent different
1544    /// tradeoffs between compile speed (how expensive the compilation process
1545    /// is) and run-time speed (how fast the generated code runs).
1546    /// For more information see the documentation of [`RegallocAlgorithm`].
1547    ///
1548    /// The default value for this is `RegallocAlgorithm::Backtracking`.
1549    ///
1550    /// # Panics
1551    ///
1552    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1553    #[cfg(any(feature = "cranelift", feature = "winch"))]
1554    pub fn cranelift_regalloc_algorithm(&mut self, algo: RegallocAlgorithm) -> &mut Self {
1555        let val = match algo {
1556            RegallocAlgorithm::Backtracking => "backtracking",
1557            RegallocAlgorithm::SinglePass => "single_pass",
1558        };
1559        self.compiler_config_mut().settings.insert(
1560            "regalloc_algorithm".to_string(),
1561            (val.to_string(), UserSpecified::No),
1562        );
1563        self
1564    }
1565
1566    /// Configures whether Cranelift should perform a NaN-canonicalization pass.
1567    ///
1568    /// When Cranelift is used as a code generation backend this will configure
1569    /// it to replace NaNs with a single canonical value. This is useful for
1570    /// users requiring entirely deterministic WebAssembly computation.  This is
1571    /// not required by the WebAssembly spec, so it is not enabled by default.
1572    ///
1573    /// Note that this option affects not only WebAssembly's `f32` and `f64`
1574    /// types but additionally the `v128` type. This option will cause
1575    /// operations using any of these types to have extra checks placed after
1576    /// them to normalize NaN values as needed.
1577    ///
1578    /// The default value for this is `false`
1579    ///
1580    /// # Panics
1581    ///
1582    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1583    #[cfg(any(feature = "cranelift", feature = "winch"))]
1584    pub fn cranelift_nan_canonicalization(&mut self, enable: bool) -> &mut Self {
1585        let val = if enable { "true" } else { "false" };
1586        self.compiler_config_mut().settings.insert(
1587            "enable_nan_canonicalization".to_string(),
1588            (val.to_string(), UserSpecified::No),
1589        );
1590        self
1591    }
1592
1593    /// Allows setting a Cranelift boolean flag or preset. This allows
1594    /// fine-tuning of Cranelift settings.
1595    ///
1596    /// Since Cranelift flags may be unstable, this method should not be considered to be stable
1597    /// either; other `Config` functions should be preferred for stability.
1598    ///
1599    /// # Safety
1600    ///
1601    /// This is marked as unsafe, because setting the wrong flag might break invariants,
1602    /// resulting in execution hazards.
1603    ///
1604    /// # Errors
1605    ///
1606    /// The validation of the flags are deferred until the engine is being built, and thus may
1607    /// cause [`Engine::new`] fail if the flag's name does not exist, or the value is not appropriate
1608    /// for the flag type.
1609    ///
1610    /// # Panics
1611    ///
1612    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1613    #[cfg(any(feature = "cranelift", feature = "winch"))]
1614    pub unsafe fn cranelift_flag_enable(&mut self, flag: &str) -> &mut Self {
1615        self.compiler_config_mut()
1616            .flags
1617            .insert(flag.to_string(), UserSpecified::Yes);
1618        self
1619    }
1620
1621    /// Allows settings another Cranelift flag defined by a flag name and value. This allows
1622    /// fine-tuning of Cranelift settings.
1623    ///
1624    /// Since Cranelift flags may be unstable, this method should not be considered to be stable
1625    /// either; other `Config` functions should be preferred for stability.
1626    ///
1627    /// # Safety
1628    ///
1629    /// This is marked as unsafe, because setting the wrong flag might break invariants,
1630    /// resulting in execution hazards.
1631    ///
1632    /// # Errors
1633    ///
1634    /// The validation of the flags are deferred until the engine is being built, and thus may
1635    /// cause [`Engine::new`] fail if the flag's name does not exist, or incompatible with other
1636    /// settings.
1637    ///
1638    /// For example, feature `wasm_backtrace` will set `unwind_info` to `true`, but if it's
1639    /// manually set to false then it will fail.
1640    ///
1641    /// # Panics
1642    ///
1643    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1644    #[cfg(any(feature = "cranelift", feature = "winch"))]
1645    pub unsafe fn cranelift_flag_set(&mut self, name: &str, value: &str) -> &mut Self {
1646        self.compiler_config_mut()
1647            .settings
1648            .insert(name.to_string(), (value.to_string(), UserSpecified::Yes));
1649        self
1650    }
1651
1652    /// Set a custom [`Cache`].
1653    ///
1654    /// To load a cache configuration from a file, use [`Cache::from_file`]. Otherwise, you can
1655    /// create a new cache config using [`CacheConfig::new`] and passing that to [`Cache::new`].
1656    ///
1657    /// If you want to disable the cache, you can call this method with `None`.
1658    ///
1659    /// By default, new configs do not have caching enabled.
1660    /// Every call to [`Module::new(my_wasm)`][crate::Module::new] will recompile `my_wasm`,
1661    /// even when it is unchanged, unless an enabled `CacheConfig` is provided.
1662    ///
1663    /// This method is only available when the `cache` feature of this crate is
1664    /// enabled.
1665    ///
1666    /// [docs]: https://bytecodealliance.github.io/wasmtime/cli-cache.html
1667    #[cfg(feature = "cache")]
1668    pub fn cache(&mut self, cache: Option<Cache>) -> &mut Self {
1669        self.cache = cache;
1670        self
1671    }
1672
1673    /// Sets a custom memory creator.
1674    ///
1675    /// Custom memory creators are used when creating host `Memory` objects or when
1676    /// creating instance linear memories for the on-demand instance allocation strategy.
1677    #[cfg(feature = "runtime")]
1678    pub fn with_host_memory(&mut self, mem_creator: Arc<dyn MemoryCreator>) -> &mut Self {
1679        self.mem_creator = Some(Arc::new(MemoryCreatorProxy(mem_creator)));
1680        self
1681    }
1682
1683    /// Sets a custom stack creator.
1684    ///
1685    /// Custom memory creators are used when creating creating async instance stacks for
1686    /// the on-demand instance allocation strategy.
1687    #[cfg(feature = "async")]
1688    pub fn with_host_stack(&mut self, stack_creator: Arc<dyn StackCreator>) -> &mut Self {
1689        self.stack_creator = Some(Arc::new(StackCreatorProxy(stack_creator)));
1690        self
1691    }
1692
1693    /// Sets a custom executable-memory publisher.
1694    ///
1695    /// Custom executable-memory publishers are hooks that allow
1696    /// Wasmtime to make certain regions of memory executable when
1697    /// loading precompiled modules or compiling new modules
1698    /// in-process. In most modern operating systems, memory allocated
1699    /// for heap usage is readable and writable by default but not
1700    /// executable. To jump to machine code stored in that memory, we
1701    /// need to make it executable. For security reasons, we usually
1702    /// also make it read-only at the same time, so the executing code
1703    /// can't be modified later.
1704    ///
1705    /// By default, Wasmtime will use the appropriate system calls on
1706    /// the host platform for this work. However, it also allows
1707    /// plugging in a custom implementation via this configuration
1708    /// option. This may be useful on custom or `no_std` platforms,
1709    /// for example, especially where virtual memory is not otherwise
1710    /// used by Wasmtime (no `signals-and-traps` feature).
1711    #[cfg(feature = "runtime")]
1712    pub fn with_custom_code_memory(
1713        &mut self,
1714        custom_code_memory: Option<Arc<dyn CustomCodeMemory>>,
1715    ) -> &mut Self {
1716        self.custom_code_memory = custom_code_memory;
1717        self
1718    }
1719
1720    /// Sets the instance allocation strategy to use.
1721    ///
1722    /// This is notably used in conjunction with
1723    /// [`InstanceAllocationStrategy::Pooling`] and [`PoolingAllocationConfig`].
1724    pub fn allocation_strategy(
1725        &mut self,
1726        strategy: impl Into<InstanceAllocationStrategy>,
1727    ) -> &mut Self {
1728        self.allocation_strategy = strategy.into();
1729        self
1730    }
1731
1732    /// Specifies the capacity of linear memories, in bytes, in their initial
1733    /// allocation.
1734    ///
1735    /// > Note: this value has important performance ramifications, be sure to
1736    /// > benchmark when setting this to a non-default value and read over this
1737    /// > documentation.
1738    ///
1739    /// This function will change the size of the initial memory allocation made
1740    /// for linear memories. This setting is only applicable when the initial
1741    /// size of a linear memory is below this threshold. Linear memories are
1742    /// allocated in the virtual address space of the host process with OS APIs
1743    /// such as `mmap` and this setting affects how large the allocation will
1744    /// be.
1745    ///
1746    /// ## Background: WebAssembly Linear Memories
1747    ///
1748    /// WebAssembly linear memories always start with a minimum size and can
1749    /// possibly grow up to a maximum size. The minimum size is always specified
1750    /// in a WebAssembly module itself and the maximum size can either be
1751    /// optionally specified in the module or inherently limited by the index
1752    /// type. For example for this module:
1753    ///
1754    /// ```wasm
1755    /// (module
1756    ///     (memory $a 4)
1757    ///     (memory $b 4096 4096 (pagesize 1))
1758    ///     (memory $c i64 10)
1759    /// )
1760    /// ```
1761    ///
1762    /// * Memory `$a` initially allocates 4 WebAssembly pages (256KiB) and can
1763    ///   grow up to 4GiB, the limit of the 32-bit index space.
1764    /// * Memory `$b` initially allocates 4096 WebAssembly pages, but in this
1765    ///   case its page size is 1, so it's 4096 bytes. Memory can also grow no
1766    ///   further meaning that it will always be 4096 bytes.
1767    /// * Memory `$c` is a 64-bit linear memory which starts with 640KiB of
1768    ///   memory and can theoretically grow up to 2^64 bytes, although most
1769    ///   hosts will run out of memory long before that.
1770    ///
1771    /// All operations on linear memories done by wasm are required to be
1772    /// in-bounds. Any access beyond the end of a linear memory is considered a
1773    /// trap.
1774    ///
1775    /// ## What this setting affects: Virtual Memory
1776    ///
1777    /// This setting is used to configure the behavior of the size of the linear
1778    /// memory allocation performed for each of these memories. For example the
1779    /// initial linear memory allocation looks like this:
1780    ///
1781    /// ```text
1782    ///              memory_reservation
1783    ///                    |
1784    ///          ◄─────────┴────────────────►
1785    /// ┌───────┬─────────┬──────────────────┬───────┐
1786    /// │ guard │ initial │ ... capacity ... │ guard │
1787    /// └───────┴─────────┴──────────────────┴───────┘
1788    ///  ◄──┬──►                              ◄──┬──►
1789    ///     │                                    │
1790    ///     │                             memory_guard_size
1791    ///     │
1792    ///     │
1793    ///  memory_guard_size (if guard_before_linear_memory)
1794    /// ```
1795    ///
1796    /// Memory in the `initial` range is accessible to the instance and can be
1797    /// read/written by wasm code. Memory in the `guard` regions is never
1798    /// accessible to wasm code and memory in `capacity` is initially
1799    /// inaccessible but may become accessible through `memory.grow` instructions
1800    /// for example.
1801    ///
1802    /// This means that this setting is the size of the initial chunk of virtual
1803    /// memory that a linear memory may grow into.
1804    ///
1805    /// ## What this setting affects: Runtime Speed
1806    ///
1807    /// This is a performance-sensitive setting which is taken into account
1808    /// during the compilation process of a WebAssembly module. For example if a
1809    /// 32-bit WebAssembly linear memory has a `memory_reservation` size of 4GiB
1810    /// then bounds checks can be elided because `capacity` will be guaranteed
1811    /// to be unmapped for all addressable bytes that wasm can access (modulo a
1812    /// few details).
1813    ///
1814    /// If `memory_reservation` was something smaller like 256KiB then that
1815    /// would have a much smaller impact on virtual memory but the compile code
1816    /// would then need to have explicit bounds checks to ensure that
1817    /// loads/stores are in-bounds.
1818    ///
1819    /// The goal of this setting is to enable skipping bounds checks in most
1820    /// modules by default. Some situations which require explicit bounds checks
1821    /// though are:
1822    ///
1823    /// * When `memory_reservation` is smaller than the addressable size of the
1824    ///   linear memory. For example if 64-bit linear memories always need
1825    ///   bounds checks as they can address the entire virtual address spacce.
1826    ///   For 32-bit linear memories a `memory_reservation` minimum size of 4GiB
1827    ///   is required to elide bounds checks.
1828    ///
1829    /// * When linear memories have a page size of 1 then bounds checks are
1830    ///   required. In this situation virtual memory can't be relied upon
1831    ///   because that operates at the host page size granularity where wasm
1832    ///   requires a per-byte level granularity.
1833    ///
1834    /// * Configuration settings such as [`Config::signals_based_traps`] can be
1835    ///   used to disable the use of signal handlers and virtual memory so
1836    ///   explicit bounds checks are required.
1837    ///
1838    /// * When [`Config::memory_guard_size`] is too small a bounds check may be
1839    ///   required. For 32-bit wasm addresses are actually 33-bit effective
1840    ///   addresses because loads/stores have a 32-bit static offset to add to
1841    ///   the dynamic 32-bit address. If the static offset is larger than the
1842    ///   size of the guard region then an explicit bounds check is required.
1843    ///
1844    /// ## What this setting affects: Memory Growth Behavior
1845    ///
1846    /// In addition to affecting bounds checks emitted in compiled code this
1847    /// setting also affects how WebAssembly linear memories are grown. The
1848    /// `memory.grow` instruction can be used to make a linear memory larger and
1849    /// this is also affected by APIs such as
1850    /// [`Memory::grow`](crate::Memory::grow).
1851    ///
1852    /// In these situations when the amount being grown is small enough to fit
1853    /// within the remaining capacity then the linear memory doesn't have to be
1854    /// moved at runtime. If the capacity runs out though then a new linear
1855    /// memory allocation must be made and the contents of linear memory is
1856    /// copied over.
1857    ///
1858    /// For example here's a situation where a copy happens:
1859    ///
1860    /// * The `memory_reservation` setting is configured to 128KiB.
1861    /// * A WebAssembly linear memory starts with a single 64KiB page.
1862    /// * This memory can be grown by one page to contain the full 128KiB of
1863    ///   memory.
1864    /// * If grown by one more page, though, then a 192KiB allocation must be
1865    ///   made and the previous 128KiB of contents are copied into the new
1866    ///   allocation.
1867    ///
1868    /// This growth behavior can have a significant performance impact if lots
1869    /// of data needs to be copied on growth. Conversely if memory growth never
1870    /// needs to happen because the capacity will always be large enough then
1871    /// optimizations can be applied to cache the base pointer of linear memory.
1872    ///
1873    /// When memory is grown then the
1874    /// [`Config::memory_reservation_for_growth`] is used for the new
1875    /// memory allocation to have memory to grow into.
1876    ///
1877    /// When using the pooling allocator via [`PoolingAllocationConfig`] then
1878    /// memories are never allowed to move so requests for growth are instead
1879    /// rejected with an error.
1880    ///
1881    /// ## When this setting is not used
1882    ///
1883    /// This setting is ignored and unused when the initial size of linear
1884    /// memory is larger than this threshold. For example if this setting is set
1885    /// to 1MiB but a wasm module requires a 2MiB minimum allocation then this
1886    /// setting is ignored. In this situation the minimum size of memory will be
1887    /// allocated along with [`Config::memory_reservation_for_growth`]
1888    /// after it to grow into.
1889    ///
1890    /// That means that this value can be set to zero. That can be useful in
1891    /// benchmarking to see the overhead of bounds checks for example.
1892    /// Additionally it can be used to minimize the virtual memory allocated by
1893    /// Wasmtime.
1894    ///
1895    /// ## Default Value
1896    ///
1897    /// The default value for this property depends on the host platform. For
1898    /// 64-bit platforms there's lots of address space available, so the default
1899    /// configured here is 4GiB. When coupled with the default size of
1900    /// [`Config::memory_guard_size`] this means that 32-bit WebAssembly linear
1901    /// memories with 64KiB page sizes will skip almost all bounds checks by
1902    /// default.
1903    ///
1904    /// For 32-bit platforms this value defaults to 10MiB. This means that
1905    /// bounds checks will be required on 32-bit platforms.
1906    pub fn memory_reservation(&mut self, bytes: u64) -> &mut Self {
1907        self.tunables.memory_reservation = Some(bytes);
1908        self
1909    }
1910
1911    /// Indicates whether linear memories may relocate their base pointer at
1912    /// runtime.
1913    ///
1914    /// WebAssembly linear memories either have a maximum size that's explicitly
1915    /// listed in the type of a memory or inherently limited by the index type
1916    /// of the memory (e.g. 4GiB for 32-bit linear memories). Depending on how
1917    /// the linear memory is allocated (see [`Config::memory_reservation`]) it
1918    /// may be necessary to move the memory in the host's virtual address space
1919    /// during growth. This option controls whether this movement is allowed or
1920    /// not.
1921    ///
1922    /// An example of a linear memory needing to move is when
1923    /// [`Config::memory_reservation`] is 0 then a linear memory will be
1924    /// allocated as the minimum size of the memory plus
1925    /// [`Config::memory_reservation_for_growth`]. When memory grows beyond the
1926    /// reservation for growth then the memory needs to be relocated.
1927    ///
1928    /// When this option is set to `false` then it can have a number of impacts
1929    /// on how memories work at runtime:
1930    ///
1931    /// * Modules can be compiled with static knowledge the base pointer of
1932    ///   linear memory never changes to enable optimizations such as
1933    ///   loop invariant code motion (hoisting the base pointer out of a loop).
1934    ///
1935    /// * Memories cannot grow in excess of their original allocation. This
1936    ///   means that [`Config::memory_reservation`] and
1937    ///   [`Config::memory_reservation_for_growth`] may need tuning to ensure
1938    ///   the memory configuration works at runtime.
1939    ///
1940    /// The default value for this option is `true`.
1941    pub fn memory_may_move(&mut self, enable: bool) -> &mut Self {
1942        self.tunables.memory_may_move = Some(enable);
1943        self
1944    }
1945
1946    /// Configures the size, in bytes, of the guard region used at the end of a
1947    /// linear memory's address space reservation.
1948    ///
1949    /// > Note: this value has important performance ramifications, be sure to
1950    /// > understand what this value does before tweaking it and benchmarking.
1951    ///
1952    /// This setting controls how many bytes are guaranteed to be unmapped after
1953    /// the virtual memory allocation of a linear memory. When
1954    /// combined with sufficiently large values of
1955    /// [`Config::memory_reservation`] (e.g. 4GiB for 32-bit linear memories)
1956    /// then a guard region can be used to eliminate bounds checks in generated
1957    /// code.
1958    ///
1959    /// This setting additionally can be used to help deduplicate bounds checks
1960    /// in code that otherwise requires bounds checks. For example with a 4KiB
1961    /// guard region then a 64-bit linear memory which accesses addresses `x+8`
1962    /// and `x+16` only needs to perform a single bounds check on `x`. If that
1963    /// bounds check passes then the offset is guaranteed to either reside in
1964    /// linear memory or the guard region, resulting in deterministic behavior
1965    /// either way.
1966    ///
1967    /// ## How big should the guard be?
1968    ///
1969    /// In general, like with configuring [`Config::memory_reservation`], you
1970    /// probably don't want to change this value from the defaults. Removing
1971    /// bounds checks is dependent on a number of factors where the size of the
1972    /// guard region is only one piece of the equation. Other factors include:
1973    ///
1974    /// * [`Config::memory_reservation`]
1975    /// * The index type of the linear memory (e.g. 32-bit or 64-bit)
1976    /// * The page size of the linear memory
1977    /// * Other settings such as [`Config::signals_based_traps`]
1978    ///
1979    /// Embeddings using virtual memory almost always want at least some guard
1980    /// region, but otherwise changes from the default should be profiled
1981    /// locally to see the performance impact.
1982    ///
1983    /// ## Default
1984    ///
1985    /// The default value for this property is 32MiB on 64-bit platforms. This
1986    /// allows eliminating almost all bounds checks on loads/stores with an
1987    /// immediate offset of less than 32MiB. On 32-bit platforms this defaults
1988    /// to 64KiB.
1989    pub fn memory_guard_size(&mut self, bytes: u64) -> &mut Self {
1990        self.tunables.memory_guard_size = Some(bytes);
1991        self
1992    }
1993
1994    /// Configures the size, in bytes, of the extra virtual memory space
1995    /// reserved after a linear memory is relocated.
1996    ///
1997    /// This setting is used in conjunction with [`Config::memory_reservation`]
1998    /// to configure what happens after a linear memory is relocated in the host
1999    /// address space. If the initial size of a linear memory exceeds
2000    /// [`Config::memory_reservation`] or if it grows beyond that size
2001    /// throughout its lifetime then this setting will be used.
2002    ///
2003    /// When a linear memory is relocated it will initially look like this:
2004    ///
2005    /// ```text
2006    ///            memory.size
2007    ///                 │
2008    ///          ◄──────┴─────►
2009    /// ┌───────┬──────────────┬───────┐
2010    /// │ guard │  accessible  │ guard │
2011    /// └───────┴──────────────┴───────┘
2012    ///                         ◄──┬──►
2013    ///                            │
2014    ///                     memory_guard_size
2015    /// ```
2016    ///
2017    /// where `accessible` needs to be grown but there's no more memory to grow
2018    /// into. A new region of the virtual address space will be allocated that
2019    /// looks like this:
2020    ///
2021    /// ```text
2022    ///                           memory_reservation_for_growth
2023    ///                                       │
2024    ///            memory.size                │
2025    ///                 │                     │
2026    ///          ◄──────┴─────► ◄─────────────┴───────────►
2027    /// ┌───────┬──────────────┬───────────────────────────┬───────┐
2028    /// │ guard │  accessible  │ .. reserved for growth .. │ guard │
2029    /// └───────┴──────────────┴───────────────────────────┴───────┘
2030    ///                                                     ◄──┬──►
2031    ///                                                        │
2032    ///                                               memory_guard_size
2033    /// ```
2034    ///
2035    /// This means that up to `memory_reservation_for_growth` bytes can be
2036    /// allocated again before the entire linear memory needs to be moved again
2037    /// when another `memory_reservation_for_growth` bytes will be appended to
2038    /// the size of the allocation.
2039    ///
2040    /// Note that this is a currently simple heuristic for optimizing the growth
2041    /// of dynamic memories, primarily implemented for the memory64 proposal
2042    /// where the maximum size of memory is larger than 4GiB. This setting is
2043    /// unlikely to be a one-size-fits-all style approach and if you're an
2044    /// embedder running into issues with growth and are interested in having
2045    /// other growth strategies available here please feel free to [open an
2046    /// issue on the Wasmtime repository][issue]!
2047    ///
2048    /// [issue]: https://github.com/bytecodealliance/wasmtime/issues/new
2049    ///
2050    /// ## Default
2051    ///
2052    /// For 64-bit platforms this defaults to 2GiB, and for 32-bit platforms
2053    /// this defaults to 1MiB.
2054    pub fn memory_reservation_for_growth(&mut self, bytes: u64) -> &mut Self {
2055        self.tunables.memory_reservation_for_growth = Some(bytes);
2056        self
2057    }
2058
2059    /// Configures the initial size, in bytes, to be allocated for GC heaps.
2060    ///
2061    /// This is similar to [`Config::memory_reservation`] but applies to the GC
2062    /// heap rather than to linear memories. See that method for more details
2063    /// on what "reservation" means and the implications of this setting.
2064    ///
2065    /// ## Default
2066    ///
2067    /// If none of the `gc_heap_*` tunables are explicitly configured, they
2068    /// default to the same values as their `memory_*` counterparts. Otherwise,
2069    /// the default value for this property depends on the host platform: for
2070    /// 64-bit platforms this defaults to 4GiB, and for 32-bit platforms this
2071    /// defaults to 10MiB.
2072    pub fn gc_heap_reservation(&mut self, bytes: u64) -> &mut Self {
2073        self.tunables.gc_heap_reservation = Some(bytes);
2074        self
2075    }
2076
2077    /// Configures the size, in bytes, of the guard page region for GC heaps.
2078    ///
2079    /// This is similar to [`Config::memory_guard_size`] but applies to the GC
2080    /// heap rather than to linear memories. See that method for more details on
2081    /// what guard pages are and the implications of this setting.
2082    ///
2083    /// ## Default
2084    ///
2085    /// If none of the `gc_heap_*` tunables are explicitly configured, they
2086    /// default to the same values as their `memory_*` counterparts. Otherwise,
2087    /// the default value for this property is 32MiB on 64-bit platforms and
2088    /// 64KiB on 32-bit platforms.
2089    pub fn gc_heap_guard_size(&mut self, bytes: u64) -> &mut Self {
2090        self.tunables.gc_heap_guard_size = Some(bytes);
2091        self
2092    }
2093
2094    /// Configures the size, in bytes, of the extra virtual memory space
2095    /// reserved after a GC heap is relocated.
2096    ///
2097    /// This is similar to [`Config::memory_reservation_for_growth`] but applies
2098    /// to the GC heap rather than to linear memories. See that method for more
2099    /// details.
2100    ///
2101    /// ## Default
2102    ///
2103    /// If none of the `gc_heap_*` tunables are explicitly configured, they
2104    /// default to the same values as their `memory_*` counterparts. Otherwise,
2105    /// for 64-bit platforms this defaults to 2GiB, and for 32-bit platforms
2106    /// this defaults to 1MiB.
2107    pub fn gc_heap_reservation_for_growth(&mut self, bytes: u64) -> &mut Self {
2108        self.tunables.gc_heap_reservation_for_growth = Some(bytes);
2109        self
2110    }
2111
2112    /// Indicates whether GC heaps are allowed to be reallocated after initial
2113    /// allocation at runtime.
2114    ///
2115    /// This is similar to [`Config::memory_may_move`] but applies to the GC
2116    /// heap rather than to linear memories. See that method for more details.
2117    ///
2118    /// ## Default
2119    ///
2120    /// If none of the `gc_heap_*` tunables are explicitly configured, they
2121    /// default to the same values as their `memory_*` counterparts. Otherwise,
2122    /// the default value for this option is `true`.
2123    pub fn gc_heap_may_move(&mut self, enable: bool) -> &mut Self {
2124        self.tunables.gc_heap_may_move = Some(enable);
2125        self
2126    }
2127
2128    /// Indicates whether a guard region is present before allocations of
2129    /// linear memory.
2130    ///
2131    /// Guard regions before linear memories are never used during normal
2132    /// operation of WebAssembly modules, even if they have out-of-bounds
2133    /// loads. The only purpose for a preceding guard region in linear memory
2134    /// is extra protection against possible bugs in code generators like
2135    /// Cranelift. This setting does not affect performance in any way, but will
2136    /// result in larger virtual memory reservations for linear memories (it
2137    /// won't actually ever use more memory, just use more of the address
2138    /// space).
2139    ///
2140    /// The size of the guard region before linear memory is the same as the
2141    /// guard size that comes after linear memory, which is configured by
2142    /// [`Config::memory_guard_size`].
2143    ///
2144    /// ## Default
2145    ///
2146    /// This value defaults to `true`.
2147    pub fn guard_before_linear_memory(&mut self, enable: bool) -> &mut Self {
2148        self.tunables.guard_before_linear_memory = Some(enable);
2149        self
2150    }
2151
2152    /// Indicates whether to initialize tables lazily, so that instantiation
2153    /// is fast but indirect calls are a little slower. If false, tables
2154    /// are initialized eagerly during instantiation from any active element
2155    /// segments that apply to them.
2156    ///
2157    /// **Note** Disabling this option is not compatible with the Winch compiler.
2158    ///
2159    /// ## Default
2160    ///
2161    /// This value defaults to `true`.
2162    pub fn table_lazy_init(&mut self, table_lazy_init: bool) -> &mut Self {
2163        self.tunables.table_lazy_init = Some(table_lazy_init);
2164        self
2165    }
2166
2167    /// Configure the version information used in serialized and deserialized [`crate::Module`]s.
2168    /// This effects the behavior of [`crate::Module::serialize()`], as well as
2169    /// [`crate::Module::deserialize()`] and related functions.
2170    ///
2171    /// The default strategy is to use the wasmtime crate's Cargo package version.
2172    pub fn module_version(&mut self, strategy: ModuleVersionStrategy) -> Result<&mut Self> {
2173        match strategy {
2174            // This case requires special precondition for assertion in SerializedModule::to_bytes
2175            ModuleVersionStrategy::Custom(ref v) => {
2176                if v.as_bytes().len() > 255 {
2177                    bail!("custom module version cannot be more than 255 bytes: {v}");
2178                }
2179            }
2180            _ => {}
2181        }
2182        self.module_version = strategy;
2183        Ok(self)
2184    }
2185
2186    /// Configure whether wasmtime should compile a module using multiple
2187    /// threads.
2188    ///
2189    /// Disabling this will result in a single thread being used to compile
2190    /// the wasm bytecode.
2191    ///
2192    /// By default parallel compilation is enabled.
2193    #[cfg(feature = "parallel-compilation")]
2194    pub fn parallel_compilation(&mut self, parallel: bool) -> &mut Self {
2195        self.parallel_compilation = parallel;
2196        self
2197    }
2198
2199    /// Configures whether compiled artifacts will contain information to map
2200    /// native program addresses back to the original wasm module.
2201    ///
2202    /// This configuration option is `true` by default and, if enabled,
2203    /// generates the appropriate tables in compiled modules to map from native
2204    /// address back to wasm source addresses. This is used for displaying wasm
2205    /// program counters in backtraces as well as generating filenames/line
2206    /// numbers if so configured as well (and the original wasm module has DWARF
2207    /// debugging information present).
2208    pub fn generate_address_map(&mut self, generate: bool) -> &mut Self {
2209        self.tunables.generate_address_map = Some(generate);
2210        self
2211    }
2212
2213    /// Configures whether copy-on-write memory-mapped data is used to
2214    /// initialize a linear memory.
2215    ///
2216    /// Initializing linear memory via a copy-on-write mapping can drastically
2217    /// improve instantiation costs of a WebAssembly module because copying
2218    /// memory is deferred. Additionally if a page of memory is only ever read
2219    /// from WebAssembly and never written too then the same underlying page of
2220    /// data will be reused between all instantiations of a module meaning that
2221    /// if a module is instantiated many times this can lower the overall memory
2222    /// required needed to run that module.
2223    ///
2224    /// The main disadvantage of copy-on-write initialization, however, is that
2225    /// it may be possible for highly-parallel scenarios to be less scalable. If
2226    /// a page is read initially by a WebAssembly module then that page will be
2227    /// mapped to a read-only copy shared between all WebAssembly instances. If
2228    /// the same page is then written, however, then a private copy is created
2229    /// and swapped out from the read-only version. This also requires an [IPI],
2230    /// however, which can be a significant bottleneck in high-parallelism
2231    /// situations.
2232    ///
2233    /// This feature is only applicable when a WebAssembly module meets specific
2234    /// criteria to be initialized in this fashion, such as:
2235    ///
2236    /// * Only memories defined in the module can be initialized this way.
2237    /// * Data segments for memory must use statically known offsets.
2238    /// * Data segments for memory must all be in-bounds.
2239    ///
2240    /// Modules which do not meet these criteria will fall back to
2241    /// initialization of linear memory based on copying memory.
2242    ///
2243    /// This feature of Wasmtime is also platform-specific:
2244    ///
2245    /// * Linux - this feature is supported for all instances of [`Module`].
2246    ///   Modules backed by an existing mmap (such as those created by
2247    ///   [`Module::deserialize_file`]) will reuse that mmap to cow-initialize
2248    ///   memory. Other instance of [`Module`] may use the `memfd_create`
2249    ///   syscall to create an initialization image to `mmap`.
2250    /// * Unix (not Linux) - this feature is only supported when loading modules
2251    ///   from a precompiled file via [`Module::deserialize_file`] where there
2252    ///   is a file descriptor to use to map data into the process. Note that
2253    ///   the module must have been compiled with this setting enabled as well.
2254    /// * Windows - there is no support for this feature at this time. Memory
2255    ///   initialization will always copy bytes.
2256    ///
2257    /// By default this option is enabled.
2258    ///
2259    /// [`Module::deserialize_file`]: crate::Module::deserialize_file
2260    /// [`Module`]: crate::Module
2261    /// [IPI]: https://en.wikipedia.org/wiki/Inter-processor_interrupt
2262    pub fn memory_init_cow(&mut self, enable: bool) -> &mut Self {
2263        self.tunables.memory_init_cow = Some(enable);
2264        self
2265    }
2266
2267    /// A configuration option to force the usage of `memfd_create` on Linux to
2268    /// be used as the backing source for a module's initial memory image.
2269    ///
2270    /// When [`Config::memory_init_cow`] is enabled, which is enabled by
2271    /// default, module memory initialization images are taken from a module's
2272    /// original mmap if possible. If a precompiled module was loaded from disk
2273    /// this means that the disk's file is used as an mmap source for the
2274    /// initial linear memory contents. This option can be used to force, on
2275    /// Linux, that instead of using the original file on disk a new in-memory
2276    /// file is created with `memfd_create` to hold the contents of the initial
2277    /// image.
2278    ///
2279    /// This option can be used to avoid possibly loading the contents of memory
2280    /// from disk through a page fault. Instead with `memfd_create` the contents
2281    /// of memory are always in RAM, meaning that even page faults which
2282    /// initially populate a wasm linear memory will only work with RAM instead
2283    /// of ever hitting the disk that the original precompiled module is stored
2284    /// on.
2285    ///
2286    /// This option is disabled by default.
2287    pub fn force_memory_init_memfd(&mut self, enable: bool) -> &mut Self {
2288        self.force_memory_init_memfd = enable;
2289        self
2290    }
2291
2292    /// Configures whether or not a coredump should be generated and attached to
2293    /// the [`Error`](crate::Error) when a trap is raised.
2294    ///
2295    /// This option is disabled by default.
2296    #[cfg(feature = "coredump")]
2297    pub fn coredump_on_trap(&mut self, enable: bool) -> &mut Self {
2298        self.coredump_on_trap = enable;
2299        self
2300    }
2301
2302    /// Enables memory error checking for wasm programs.
2303    ///
2304    /// This option is disabled by default.
2305    ///
2306    /// # Panics
2307    ///
2308    /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
2309    #[cfg(any(feature = "cranelift", feature = "winch"))]
2310    pub fn wmemcheck(&mut self, enable: bool) -> &mut Self {
2311        self.wmemcheck = enable;
2312        self.compiler_config_mut().wmemcheck = enable;
2313        self
2314    }
2315
2316    /// Configures the "guaranteed dense image size" for copy-on-write
2317    /// initialized memories.
2318    ///
2319    /// When using the [`Config::memory_init_cow`] feature to initialize memory
2320    /// efficiently (which is enabled by default), compiled modules contain an
2321    /// image of the module's initial heap. If the module has a fairly sparse
2322    /// initial heap, with just a few data segments at very different offsets,
2323    /// this could result in a large region of zero bytes in the image. In
2324    /// other words, it's not very memory-efficient.
2325    ///
2326    /// We normally use a heuristic to avoid this: if less than half
2327    /// of the initialized range (first non-zero to last non-zero
2328    /// byte) of any memory in the module has pages with nonzero
2329    /// bytes, then we avoid creating a memory image for the entire module.
2330    ///
2331    /// However, if the embedder always needs the instantiation-time efficiency
2332    /// of copy-on-write initialization, and is otherwise carefully controlling
2333    /// parameters of the modules (for example, by limiting the maximum heap
2334    /// size of the modules), then it may be desirable to ensure a memory image
2335    /// is created even if this could go against the heuristic above. Thus, we
2336    /// add another condition: there is a size of initialized data region up to
2337    /// which we *always* allow a memory image. The embedder can set this to a
2338    /// known maximum heap size if they desire to always get the benefits of
2339    /// copy-on-write images.
2340    ///
2341    /// In the future we may implement a "best of both worlds"
2342    /// solution where we have a dense image up to some limit, and
2343    /// then support a sparse list of initializers beyond that; this
2344    /// would get most of the benefit of copy-on-write and pay the incremental
2345    /// cost of eager initialization only for those bits of memory
2346    /// that are out-of-bounds. However, for now, an embedder desiring
2347    /// fast instantiation should ensure that this setting is as large
2348    /// as the maximum module initial memory content size.
2349    ///
2350    /// By default this value is 16 MiB.
2351    pub fn memory_guaranteed_dense_image_size(&mut self, size_in_bytes: u64) -> &mut Self {
2352        self.memory_guaranteed_dense_image_size = size_in_bytes;
2353        self
2354    }
2355
2356    /// Whether to enable function inlining during compilation or not.
2357    ///
2358    /// This may result in faster execution at runtime, but adds additional
2359    /// compilation time. Inlining may also enlarge the size of compiled
2360    /// artifacts (for example, the size of the result of
2361    /// [`Engine::precompile_component`]).
2362    ///
2363    /// Inlining is not supported by all of Wasmtime's compilation strategies;
2364    /// currently, it only Cranelift supports it. This setting will be ignored
2365    /// when using a compilation strategy that does not support inlining, like
2366    /// Winch.
2367    ///
2368    /// The default value for this is `Inlining::No`.
2369    pub fn compiler_inlining(&mut self, inlining: Inlining) -> &mut Self {
2370        self.tunables.inlining = Some(inlining);
2371        self
2372    }
2373
2374    /// Returns the set of features that the currently selected compiler backend
2375    /// does not support at all and may panic on.
2376    ///
2377    /// Wasmtime strives to reject unknown modules or unsupported modules with
2378    /// first-class errors instead of panics. Not all compiler backends have the
2379    /// same level of feature support on all platforms as well. This method
2380    /// returns a set of features that the currently selected compiler
2381    /// configuration is known to not support and may panic on. This acts as a
2382    /// first-level filter on incoming wasm modules/configuration to fail-fast
2383    /// instead of panicking later on.
2384    ///
2385    /// Note that if a feature is not returned here it does not mean that the
2386    /// backend fully supports the proposal. Instead that means that the backend
2387    /// doesn't ever panic on the proposal, but errors during compilation may
2388    /// still be returned. This means that features listed here are definitely
2389    /// not supported at all, but features not listed here may still be
2390    /// partially supported. For example at the time of this writing the Winch
2391    /// backend partially supports simd so it's not listed here. Winch doesn't
2392    /// fully support simd but unimplemented instructions just return errors.
2393    fn compiler_panicking_wasm_features(&self) -> WasmFeatures {
2394        // First we compute the set of features that Wasmtime itself knows;
2395        // this is a sort of "maximal set" that we invert to create a set
2396        // of features we _definitely can't support_ because wasmtime
2397        // has never heard of them.
2398        let features_known_to_wasmtime = WasmFeatures::WASM3
2399            | WasmFeatures::SHARED_EVERYTHING_THREADS
2400            | WasmFeatures::COMPONENT_MODEL
2401            | WasmFeatures::CUSTOM_PAGE_SIZES
2402            | WasmFeatures::STACK_SWITCHING
2403            | WasmFeatures::WIDE_ARITHMETIC
2404            | WasmFeatures::CM_ASYNC
2405            | WasmFeatures::CM_ASYNC_STACKFUL
2406            | WasmFeatures::CM_MORE_ASYNC_BUILTINS
2407            | WasmFeatures::CM_THREADING
2408            | WasmFeatures::CM_ERROR_CONTEXT
2409            | WasmFeatures::CM_GC
2410            | WasmFeatures::CM_MAP
2411            | WasmFeatures::CM64
2412            | WasmFeatures::CM_FIXED_LENGTH_LISTS
2413            | WasmFeatures::CM_IMPLEMENTS;
2414
2415        #[allow(unused_mut, reason = "easier to avoid #[cfg]")]
2416        let mut unsupported = !features_known_to_wasmtime;
2417
2418        #[cfg(any(feature = "cranelift", feature = "winch"))]
2419        match self.compiler_config.as_ref().and_then(|c| c.strategy) {
2420            None | Some(Strategy::Cranelift) => {
2421                // Pulley at this time fundamentally doesn't support the
2422                // `threads` proposal, notably shared memory, because Rust can't
2423                // safely implement loads/stores in the face of shared memory.
2424                // Stack switching is not implemented, either.
2425                if self.compiler_target().is_pulley() {
2426                    unsupported |= WasmFeatures::THREADS;
2427                    unsupported |= WasmFeatures::STACK_SWITCHING;
2428                }
2429
2430                use target_lexicon::*;
2431                match self.compiler_target() {
2432                    Triple {
2433                        architecture: Architecture::X86_64 | Architecture::X86_64h,
2434                        operating_system:
2435                            OperatingSystem::Linux
2436                            | OperatingSystem::MacOSX(_)
2437                            | OperatingSystem::Darwin(_),
2438                        ..
2439                    } => {
2440                        // Stack switching supported on (non-Pulley) Cranelift.
2441                    }
2442
2443                    _ => {
2444                        // On platforms other than x64 Unix-like, we don't
2445                        // support stack switching.
2446                        unsupported |= WasmFeatures::STACK_SWITCHING;
2447                    }
2448                }
2449            }
2450            Some(Strategy::Winch) => {
2451                unsupported |= WasmFeatures::GC
2452                    | WasmFeatures::FUNCTION_REFERENCES
2453                    | WasmFeatures::RELAXED_SIMD
2454                    | WasmFeatures::TAIL_CALL
2455                    | WasmFeatures::GC_TYPES
2456                    | WasmFeatures::EXCEPTIONS
2457                    | WasmFeatures::LEGACY_EXCEPTIONS
2458                    | WasmFeatures::STACK_SWITCHING;
2459                match self.compiler_target().architecture {
2460                    target_lexicon::Architecture::Aarch64(_) => {
2461                        unsupported |= WasmFeatures::THREADS;
2462                    }
2463
2464                    // Winch doesn't support other non-x64 architectures at this
2465                    // time either but will return an first-class error for
2466                    // them.
2467                    _ => {}
2468                }
2469            }
2470            Some(Strategy::Auto) => unreachable!(),
2471        }
2472        unsupported
2473    }
2474
2475    /// Calculates the set of features that are enabled for this `Config`.
2476    ///
2477    /// This is a bit of a subtle function which takes into account inputs such
2478    /// as the default set of features Wasmtime has enabled, the currently
2479    /// enabled compiler, the currently enabled target, compile-time crate
2480    /// features, and explicitly configured wasm proposals. This function does
2481    /// not return a fixed set of all proposals in all cases as it's a bit more
2482    /// nuanced than that.
2483    ///
2484    /// This method internally will start with an empty set of features to
2485    /// avoid being tied to wasmparser's defaults. Next Wasmtime's set of
2486    /// default features are added to this set, some of which are conditional
2487    /// depending on crate features. Finally explicitly requested features via
2488    /// `wasm_*` methods on `Config` are applied. Everything is then validated
2489    /// later in `Config::validate`.
2490    ///
2491    /// Note that the validation later on in `Config::validate` is a crucial
2492    /// step here. The returned features here might include features unsupported
2493    /// at compile time or unsupported by the selected compiler. In that case
2494    /// `Config::validate` will present a first-class error message indicating
2495    /// what's going on, and users should in theory be able to understand "ok
2496    /// yeah that's why I can't enable that feature here".
2497    fn features(&self) -> WasmFeatures {
2498        // Start with an empty set of wasm features. This notably decouples
2499        // features in Wasmtime from features in wasmparser as the two are
2500        // generally on different timelines.
2501        let mut features = WasmFeatures::empty();
2502
2503        // Next add in all on-by-default features that Wasmtime has which are
2504        // subject to the criteria at
2505        // https://docs.wasmtime.dev/contributing-implementing-wasm-proposals.html
2506        // and https://docs.wasmtime.dev/stability-wasm-proposals.html.
2507        //
2508        // Note that the first entry here, `WASM3`, is a fixed feature set that
2509        // won't change over time in wasmparser which represents the union of
2510        // all on-by-default features in Wasmtime. Also note that this is
2511        // further refined in the conditional section below based on crate
2512        // features.
2513        features |= WasmFeatures::WASM3;
2514
2515        // features |= WasmFeatures::YOUR_WASM_FEATURE;
2516        // ...
2517
2518        // NB: if you add a feature above this line please double-check
2519        // https://docs.wasmtime.dev/stability-wasm-proposals.html
2520        // to ensure all requirements are met and/or update the documentation
2521        // there too.
2522
2523        // Next configure some features further based on compile-time features
2524        // of the wasmtime crate itself. For example if "gc" is disabled then
2525        // `GC_TYPES` are disabled (a wasmparser pseudo-feature) as well as
2526        // exceptions, but reference-types is still available (e.g. new
2527        // encodings/types/etc).
2528        //
2529        // These features are all "on by default" in effect but dependent on
2530        // compile-time support being available.
2531        features.set(WasmFeatures::GC_TYPES, cfg!(feature = "gc"));
2532        features.set(WasmFeatures::EXCEPTIONS, cfg!(feature = "gc"));
2533        features.set(WasmFeatures::THREADS, cfg!(feature = "threads"));
2534        features.set(
2535            WasmFeatures::COMPONENT_MODEL,
2536            cfg!(feature = "component-model"),
2537        );
2538        features.set(
2539            WasmFeatures::CM_ASYNC,
2540            self.tunables
2541                .concurrency_support
2542                .unwrap_or(cfg!(feature = "component-model-async")),
2543        );
2544
2545        // Next disable any features which the current compiler/target do not
2546        // support. This handles cases where Winch, for example, doesn't
2547        // implement a feature yet but Cranelift does. Or maybe Cranelift only
2548        // supports one particular platform and not others. Things like that.
2549        features = features & !self.compiler_panicking_wasm_features();
2550
2551        // And, finally, process all explicitly enabled/disabled features on
2552        // behalf of the embedder's frobbing `Config::wasm_*`. These have the
2553        // highest priority since they were explicitly requested.
2554        debug_assert!((self.enabled_features & self.disabled_features).is_empty());
2555        features &= !self.disabled_features;
2556        features |= self.enabled_features;
2557
2558        features
2559    }
2560
2561    /// Returns the configured compiler target for this `Config`.
2562    pub(crate) fn compiler_target(&self) -> target_lexicon::Triple {
2563        // If a target is explicitly configured, always use that.
2564        if let Some(target) = self.target.clone() {
2565            return target;
2566        }
2567
2568        // If the `build.rs` script determined that this platform uses pulley by
2569        // default, then use Pulley.
2570        if cfg!(default_target_pulley) {
2571            return target_lexicon::Triple::pulley_host();
2572        }
2573
2574        // And at this point the target is for sure the host.
2575        target_lexicon::Triple::host()
2576    }
2577
2578    /// Returns `true` if any of the `gc_heap_*` tunables have been explicitly
2579    /// configured.
2580    fn any_gc_heap_tunables_configured(&self) -> bool {
2581        self.tunables.gc_heap_reservation.is_some()
2582            || self.tunables.gc_heap_guard_size.is_some()
2583            || self.tunables.gc_heap_reservation_for_growth.is_some()
2584            || self.tunables.gc_heap_may_move.is_some()
2585    }
2586
2587    pub(crate) fn validate(&self) -> Result<(Tunables, WasmFeatures)> {
2588        let features = self.features();
2589
2590        // First validate that the selected compiler backend and configuration
2591        // supports the set of `features` that are enabled. This will help
2592        // provide more first class errors instead of panics about unsupported
2593        // features and configurations.
2594        let unsupported = features & self.compiler_panicking_wasm_features();
2595        if !unsupported.is_empty() {
2596            for flag in WasmFeatures::FLAGS.iter() {
2597                if !unsupported.contains(*flag.value()) {
2598                    continue;
2599                }
2600                bail!(
2601                    "the wasm_{} feature is not supported on this compiler configuration",
2602                    flag.name().to_lowercase()
2603                );
2604            }
2605
2606            panic!("should have returned an error by now")
2607        }
2608
2609        if self.max_wasm_stack > self.async_stack_size {
2610            bail!("max_wasm_stack size cannot exceed the async_stack_size");
2611        }
2612        if self.max_wasm_stack == 0 {
2613            bail!("max_wasm_stack size cannot be zero");
2614        }
2615        if !cfg!(feature = "wmemcheck") && self.wmemcheck {
2616            bail!("wmemcheck (memory checker) was requested but is not enabled in this build");
2617        }
2618
2619        if !cfg!(feature = "gc") && features.gc_types() {
2620            bail!("support for GC was disabled at compile time")
2621        }
2622
2623        if !cfg!(feature = "gc") && features.contains(WasmFeatures::EXCEPTIONS) {
2624            bail!("exceptions support requires garbage collection (GC) to be enabled in the build");
2625        }
2626
2627        match &self.rr_config {
2628            #[cfg(feature = "rr")]
2629            RRConfig::Recording | RRConfig::Replaying => {
2630                self.validate_rr_determinism_conflicts()?;
2631            }
2632            RRConfig::None => {}
2633        };
2634
2635        let mut tunables = Tunables::default_for_target(&self.compiler_target())?;
2636
2637        // By default this is enabled with the Cargo feature, and if the feature
2638        // is missing this is disabled.
2639        tunables.concurrency_support = cfg!(feature = "component-model-async");
2640
2641        #[cfg(feature = "rr")]
2642        {
2643            tunables.recording = matches!(self.rr_config, RRConfig::Recording);
2644        }
2645
2646        // If no target is explicitly specified then further refine `tunables`
2647        // for the configuration of this host depending on what platform
2648        // features were found available at compile time. This means that anyone
2649        // cross-compiling for a customized host will need to further refine
2650        // compilation options.
2651        if self.target.is_none() {
2652            // If this platform doesn't have native signals then change some
2653            // defaults to account for that. Note that VM guards are turned off
2654            // here because that's primarily a feature of eliding
2655            // bounds-checks.
2656            if !cfg!(has_native_signals) {
2657                tunables.signals_based_traps = cfg!(has_native_signals);
2658                tunables.memory_guard_size = 0;
2659                tunables.gc_heap_guard_size = 0;
2660            }
2661
2662            // When virtual memory is not available use slightly different
2663            // defaults for tunables to be more amenable to `MallocMemory`.
2664            // Note that these can still be overridden by config options.
2665            if !cfg!(has_virtual_memory) {
2666                tunables.memory_reservation = 0;
2667                tunables.memory_reservation_for_growth = 1 << 20; // 1MB
2668                tunables.memory_init_cow = false;
2669                tunables.gc_heap_reservation = 0;
2670                tunables.gc_heap_reservation_for_growth = 1 << 20; // 1MB
2671            }
2672        }
2673
2674        // If guest-debugging is enabled, we must disable
2675        // signals-based traps. Do this before we process the user's
2676        // provided tunables settings so we can detect a conflict with
2677        // an explicit request to use signals-based traps.
2678        #[cfg(feature = "debug")]
2679        if self.tunables.debug_guest == Some(true) {
2680            tunables.signals_based_traps = false;
2681        }
2682
2683        // Inlining currently falls over with the `stack_switch` instruction.
2684        #[cfg(any(feature = "cranelift", feature = "winch"))]
2685        if features.contains(WasmFeatures::STACK_SWITCHING) {
2686            if let Some(inlining) = self.tunables.inlining
2687                && inlining != Inlining::No
2688            {
2689                bail!("cannot enable compiler inlining when stack switching is enabled");
2690            }
2691            tunables.inlining = Inlining::No;
2692        }
2693
2694        self.tunables.configure(&mut tunables);
2695
2696        // If no GC heap tunables are explicitly configured, copy the memory
2697        // tunables' configured values so that GC heaps default to the same
2698        // configuration as linear memories.
2699        if !self.any_gc_heap_tunables_configured() {
2700            tunables.gc_heap_reservation = tunables.memory_reservation;
2701            tunables.gc_heap_guard_size = tunables.memory_guard_size;
2702            tunables.gc_heap_reservation_for_growth = tunables.memory_reservation_for_growth;
2703            tunables.gc_heap_may_move = tunables.memory_may_move;
2704        }
2705
2706        // If we're going to compile with winch, we must use the winch calling convention.
2707        #[cfg(any(feature = "cranelift", feature = "winch"))]
2708        {
2709            tunables.winch_callable = self
2710                .compiler_config
2711                .as_ref()
2712                .is_some_and(|c| c.strategy == Some(Strategy::Winch));
2713        }
2714
2715        tunables.collector = if features.gc_types() {
2716            #[cfg(feature = "gc")]
2717            {
2718                use wasmtime_environ::Collector as EnvCollector;
2719                Some(match self.collector.try_not_auto()? {
2720                    Collector::DeferredReferenceCounting => EnvCollector::DeferredReferenceCounting,
2721                    Collector::Null => EnvCollector::Null,
2722                    Collector::Copying => EnvCollector::Copying,
2723                    Collector::Auto => unreachable!(),
2724                })
2725            }
2726            #[cfg(not(feature = "gc"))]
2727            bail!("cannot use GC types: the `gc` feature was disabled at compile time")
2728        } else {
2729            None
2730        };
2731
2732        if tunables.debug_guest {
2733            ensure!(
2734                cfg!(feature = "debug"),
2735                "debug instrumentation support was disabled at compile time"
2736            );
2737            ensure!(
2738                !tunables.signals_based_traps,
2739                "cannot use signals-based traps with guest debugging enabled"
2740            );
2741        }
2742
2743        // Concurrency support is required for some component model features.
2744        let requires_concurrency = WasmFeatures::CM_ASYNC
2745            | WasmFeatures::CM_MORE_ASYNC_BUILTINS
2746            | WasmFeatures::CM_ASYNC_STACKFUL
2747            | WasmFeatures::CM_THREADING
2748            | WasmFeatures::CM_ERROR_CONTEXT;
2749        if tunables.concurrency_support && !cfg!(feature = "component-model-async") {
2750            bail!(
2751                "concurrency support was requested but was not \
2752                 compiled into this build of Wasmtime"
2753            )
2754        }
2755        if !tunables.concurrency_support && features.intersects(requires_concurrency) {
2756            bail!(
2757                "concurrency support must be enabled to use the component \
2758                 model async or threading features"
2759            )
2760        }
2761
2762        // If the pooling allocator is used and GC is enabled, check that
2763        // memories and the GC heap are configured identically, since the
2764        // pooling allocator can't support differently-configured heaps.
2765        #[cfg(feature = "pooling-allocator")]
2766        if matches!(
2767            &self.allocation_strategy,
2768            InstanceAllocationStrategy::Pooling(_)
2769        ) && tunables.collector.is_some()
2770        {
2771            if tunables.memory_reservation != tunables.gc_heap_reservation {
2772                bail!(
2773                    "when using the pooling allocator with GC, `memory_reservation` ({}) \
2774                     and `gc_heap_reservation` ({}) must be the same",
2775                    tunables.memory_reservation,
2776                    tunables.gc_heap_reservation,
2777                );
2778            }
2779            if tunables.memory_guard_size != tunables.gc_heap_guard_size {
2780                bail!(
2781                    "when using the pooling allocator with GC, `memory_guard_size` ({}) \
2782                     and `gc_heap_guard_size` ({}) must be the same",
2783                    tunables.memory_guard_size,
2784                    tunables.gc_heap_guard_size,
2785                );
2786            }
2787            if tunables.memory_reservation_for_growth != tunables.gc_heap_reservation_for_growth {
2788                bail!(
2789                    "when using the pooling allocator with GC, \
2790                     `memory_reservation_for_growth` ({}) and \
2791                     `gc_heap_reservation_for_growth` ({}) must be the same",
2792                    tunables.memory_reservation_for_growth,
2793                    tunables.gc_heap_reservation_for_growth,
2794                );
2795            }
2796            if tunables.memory_may_move != tunables.gc_heap_may_move {
2797                bail!(
2798                    "when using the pooling allocator with GC, `memory_may_move` ({}) \
2799                     and `gc_heap_may_move` ({}) must be the same",
2800                    tunables.memory_may_move,
2801                    tunables.gc_heap_may_move,
2802                );
2803            }
2804        }
2805
2806        if tunables.debug_native && !tunables.debug_symbols {
2807            bail!("cannot enable native debug info while debug symbols are disabled");
2808        }
2809
2810        Ok((tunables, features))
2811    }
2812
2813    #[cfg(feature = "runtime")]
2814    pub(crate) fn build_allocator(
2815        &self,
2816        tunables: &Tunables,
2817    ) -> Result<Box<dyn InstanceAllocator + Send + Sync>> {
2818        let _ = tunables;
2819
2820        match &self.allocation_strategy {
2821            InstanceAllocationStrategy::OnDemand => {
2822                let mut _allocator = try_new::<Box<_>>(OnDemandInstanceAllocator::new(
2823                    self.mem_creator.clone(),
2824                    self.async_stack_size,
2825                    self.async_stack_zeroing,
2826                ))?;
2827                #[cfg(feature = "async")]
2828                if let Some(stack_creator) = &self.stack_creator {
2829                    _allocator.set_stack_creator(stack_creator.clone());
2830                }
2831                Ok(_allocator as _)
2832            }
2833            #[cfg(feature = "pooling-allocator")]
2834            InstanceAllocationStrategy::Pooling(config) => {
2835                let mut config = config.clone();
2836                let _ = &mut config;
2837                #[cfg(feature = "async")]
2838                {
2839                    config.stack_size = self.async_stack_size;
2840                    config.async_stack_zeroing = self.async_stack_zeroing;
2841                }
2842                let allocator = try_new::<Box<_>>(
2843                    crate::runtime::vm::PoolingInstanceAllocator::new(&config, tunables)?,
2844                )?;
2845                Ok(allocator as _)
2846            }
2847        }
2848    }
2849
2850    #[cfg(feature = "runtime")]
2851    pub(crate) fn build_gc_runtime(&self) -> Result<Option<Arc<dyn GcRuntime>>> {
2852        if !self.features().gc_types() {
2853            return Ok(None);
2854        }
2855
2856        #[cfg(not(feature = "gc"))]
2857        bail!("cannot create a GC runtime: the `gc` feature was disabled at compile time");
2858
2859        #[cfg(feature = "gc")]
2860        #[cfg_attr(
2861            not(any(feature = "gc-null", feature = "gc-drc", feature = "gc-copying")),
2862            expect(unreachable_code, reason = "definitions known to be dummy")
2863        )]
2864        {
2865            Ok(Some(match self.collector.try_not_auto()? {
2866                #[cfg(feature = "gc-drc")]
2867                Collector::DeferredReferenceCounting => {
2868                    try_new::<Arc<_>>(crate::runtime::vm::DrcCollector::default())? as _
2869                }
2870                #[cfg(not(feature = "gc-drc"))]
2871                Collector::DeferredReferenceCounting => unreachable!(),
2872
2873                #[cfg(feature = "gc-null")]
2874                Collector::Null => {
2875                    try_new::<Arc<_>>(crate::runtime::vm::NullCollector::default())? as _
2876                }
2877                #[cfg(not(feature = "gc-null"))]
2878                Collector::Null => unreachable!(),
2879
2880                #[cfg(feature = "gc-copying")]
2881                Collector::Copying => {
2882                    try_new::<Arc<_>>(crate::runtime::vm::CopyingCollector::default())? as _
2883                }
2884                #[cfg(not(feature = "gc-copying"))]
2885                Collector::Copying => unreachable!(),
2886
2887                Collector::Auto => unreachable!(),
2888            }))
2889        }
2890    }
2891
2892    #[cfg(feature = "runtime")]
2893    pub(crate) fn build_profiler(&self) -> Result<Box<dyn ProfilingAgent>> {
2894        Ok(match self.profiling_strategy {
2895            ProfilingStrategy::PerfMap => profiling_agent::new_perfmap()?,
2896            ProfilingStrategy::JitDump => profiling_agent::new_jitdump()?,
2897            ProfilingStrategy::VTune => profiling_agent::new_vtune()?,
2898            ProfilingStrategy::None => profiling_agent::new_null(),
2899            ProfilingStrategy::Pulley => profiling_agent::new_pulley()?,
2900        })
2901    }
2902
2903    #[cfg(any(feature = "cranelift", feature = "winch"))]
2904    pub(crate) fn build_compiler(
2905        mut self,
2906        tunables: &mut Tunables,
2907        features: WasmFeatures,
2908    ) -> Result<(Self, Box<dyn wasmtime_environ::Compiler>)> {
2909        let target = self.compiler_target();
2910
2911        // The target passed to the builders below is an `Option<Triple>` where
2912        // `None` represents the current host with CPU features inferred from
2913        // the host's CPU itself. The `target` above is not an `Option`, so
2914        // switch it to `None` in the case that a target wasn't explicitly
2915        // specified (which indicates no feature inference) and the target
2916        // matches the host.
2917        let target_for_builder =
2918            if self.target.is_none() && target == target_lexicon::Triple::host() {
2919                None
2920            } else {
2921                Some(target.clone())
2922            };
2923
2924        let mut compiler = match self.compiler_config_mut().strategy {
2925            #[cfg(feature = "cranelift")]
2926            Some(Strategy::Cranelift) => wasmtime_cranelift::builder(target_for_builder)?,
2927            #[cfg(not(feature = "cranelift"))]
2928            Some(Strategy::Cranelift) => bail!("cranelift support not compiled in"),
2929            #[cfg(feature = "winch")]
2930            Some(Strategy::Winch) => wasmtime_winch::builder(target_for_builder)?,
2931            #[cfg(not(feature = "winch"))]
2932            Some(Strategy::Winch) => bail!("winch support not compiled in"),
2933
2934            None | Some(Strategy::Auto) => unreachable!(),
2935        };
2936
2937        if let Some(path) = &self.compiler_config_mut().clif_dir {
2938            compiler.clif_dir(path)?;
2939        }
2940
2941        // If probestack is enabled for a target, Wasmtime will always use the
2942        // inline strategy which doesn't require us to define a `__probestack`
2943        // function or similar.
2944        self.compiler_config_mut().settings.insert(
2945            "probestack_strategy".into(),
2946            ("inline".into(), UserSpecified::No),
2947        );
2948
2949        // We enable stack probing by default on all targets.
2950        // This is required on Windows because of the way Windows
2951        // commits its stacks, but it's also a good idea on other
2952        // platforms to ensure guard pages are hit for large frame
2953        // sizes.
2954        self.compiler_config_mut()
2955            .flags
2956            .insert("enable_probestack".into(), UserSpecified::No);
2957
2958        // The current wasm multivalue implementation depends on this.
2959        // FIXME(#9510) handle this in wasmtime-cranelift instead.
2960        self.compiler_config_mut()
2961            .flags
2962            .insert("enable_multi_ret_implicit_sret".into(), UserSpecified::No);
2963
2964        if let Some(unwind_requested) = self.native_unwind_info {
2965            if !self
2966                .compiler_config_mut()
2967                .ensure_setting_unset_or_given("unwind_info", &unwind_requested.to_string())
2968            {
2969                bail!(
2970                    "incompatible settings requested for Cranelift and Wasmtime `unwind-info` settings"
2971                );
2972            }
2973        }
2974
2975        if target.operating_system == target_lexicon::OperatingSystem::Windows {
2976            if !self
2977                .compiler_config_mut()
2978                .ensure_setting_unset_or_given("unwind_info", "true")
2979            {
2980                bail!("`native_unwind_info` cannot be disabled on Windows");
2981            }
2982        }
2983
2984        // We require frame pointers for correct stack walking, which is safety
2985        // critical in the presence of reference types, and otherwise it is just
2986        // really bad developer experience to get wrong.
2987        self.compiler_config_mut().settings.insert(
2988            "preserve_frame_pointers".into(),
2989            ("true".into(), UserSpecified::No),
2990        );
2991
2992        if !tunables.signals_based_traps {
2993            let mut ok = self
2994                .compiler_config_mut()
2995                .ensure_setting_unset_or_given("enable_table_access_spectre_mitigation", "false");
2996            ok = ok
2997                && self.compiler_config_mut().ensure_setting_unset_or_given(
2998                    "enable_heap_access_spectre_mitigation",
2999                    "false",
3000                );
3001
3002            // Right now spectre-mitigated bounds checks will load from zero so
3003            // if host-based signal handlers are disabled then that's a mismatch
3004            // and doesn't work right now. Fixing this will require more thought
3005            // of how to implement the bounds check in spectre-only mode.
3006            if !ok {
3007                bail!(
3008                    "when signals-based traps are disabled then spectre \
3009                     mitigations must also be disabled"
3010                );
3011            }
3012        }
3013
3014        if features.contains(WasmFeatures::RELAXED_SIMD) && !features.contains(WasmFeatures::SIMD) {
3015            bail!("cannot disable the simd proposal but enable the relaxed simd proposal");
3016        }
3017
3018        if features.contains(WasmFeatures::STACK_SWITCHING) {
3019            use target_lexicon::OperatingSystem;
3020            let model = match target.operating_system {
3021                OperatingSystem::Windows => "update_windows_tib",
3022                OperatingSystem::Linux
3023                | OperatingSystem::MacOSX(_)
3024                | OperatingSystem::Darwin(_) => "basic",
3025                _ => bail!("stack-switching feature not supported on this platform "),
3026            };
3027
3028            if !self
3029                .compiler_config_mut()
3030                .ensure_setting_unset_or_given("stack_switch_model", model)
3031            {
3032                bail!(
3033                    "compiler option 'stack_switch_model' must be set to '{model}' on this platform"
3034                );
3035            }
3036        }
3037
3038        // Apply compiler settings and flags
3039        compiler.set_tunables(tunables.clone())?;
3040        for (k, (v, _)) in self.compiler_config_mut().settings.iter() {
3041            compiler.set(k, v)?;
3042        }
3043        for (flag, _) in self.compiler_config_mut().flags.iter() {
3044            compiler.enable(flag)?;
3045        }
3046        *tunables = compiler.tunables().cloned().unwrap();
3047
3048        #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
3049        if let Some(cache_store) = &self.compiler_config_mut().cache_store {
3050            compiler.enable_incremental_compilation(cache_store.clone())?;
3051        }
3052
3053        compiler.wmemcheck(self.compiler_config_mut().wmemcheck);
3054
3055        Ok((self, compiler.build()?))
3056    }
3057
3058    /// Internal setting for whether adapter modules for components will have
3059    /// extra WebAssembly instructions inserted performing more debug checks
3060    /// then are necessary.
3061    #[cfg(feature = "component-model")]
3062    pub fn debug_adapter_modules(&mut self, debug: bool) -> &mut Self {
3063        self.tunables.debug_adapter_modules = Some(debug);
3064        self
3065    }
3066
3067    /// Enables clif output when compiling a WebAssembly module.
3068    #[cfg(any(feature = "cranelift", feature = "winch"))]
3069    pub fn emit_clif(&mut self, path: &Path) -> &mut Self {
3070        self.compiler_config_mut().clif_dir = Some(path.to_path_buf());
3071        self
3072    }
3073
3074    /// Configures whether, when on macOS, Mach ports are used for exception
3075    /// handling instead of traditional Unix-based signal handling.
3076    ///
3077    /// WebAssembly traps in Wasmtime are implemented with native faults, for
3078    /// example a `SIGSEGV` will occur when a WebAssembly guest accesses
3079    /// out-of-bounds memory. Handling this can be configured to either use Unix
3080    /// signals or Mach ports on macOS. By default Mach ports are used.
3081    ///
3082    /// Mach ports enable Wasmtime to work by default with foreign
3083    /// error-handling systems such as breakpad which also use Mach ports to
3084    /// handle signals. In this situation Wasmtime will continue to handle guest
3085    /// faults gracefully while any non-guest faults will get forwarded to
3086    /// process-level handlers such as breakpad. Some more background on this
3087    /// can be found in #2456.
3088    ///
3089    /// A downside of using mach ports, however, is that they don't interact
3090    /// well with `fork()`. Forking a Wasmtime process on macOS will produce a
3091    /// child process that cannot successfully run WebAssembly. In this
3092    /// situation traditional Unix signal handling should be used as that's
3093    /// inherited and works across forks.
3094    ///
3095    /// If your embedding wants to use a custom error handler which leverages
3096    /// Mach ports and you additionally wish to `fork()` the process and use
3097    /// Wasmtime in the child process that's not currently possible. Please
3098    /// reach out to us if you're in this bucket!
3099    ///
3100    /// This option defaults to `true`, using Mach ports by default.
3101    pub fn macos_use_mach_ports(&mut self, mach_ports: bool) -> &mut Self {
3102        self.macos_use_mach_ports = mach_ports;
3103        self
3104    }
3105
3106    /// Configures an embedder-provided function, `detect`, which is used to
3107    /// determine if an ISA-specific feature is available on the current host.
3108    ///
3109    /// This function is used to verify that any features enabled for a compiler
3110    /// backend, such as AVX support on x86\_64, are also available on the host.
3111    /// It is undefined behavior to execute an AVX instruction on a host that
3112    /// doesn't support AVX instructions, for example.
3113    ///
3114    /// When the `std` feature is active on this crate then this function is
3115    /// configured to a default implementation that uses the standard library's
3116    /// feature detection. When the `std` feature is disabled then there is no
3117    /// default available and this method must be called to configure a feature
3118    /// probing function.
3119    ///
3120    /// The `detect` function provided is given a string name of an ISA feature.
3121    /// The function should then return:
3122    ///
3123    /// * `Some(true)` - indicates that the feature was found on the host and it
3124    ///   is supported.
3125    /// * `Some(false)` - the feature name was recognized but it was not
3126    ///   detected on the host, for example the CPU is too old.
3127    /// * `None` - the feature name was not recognized and it's not known
3128    ///   whether it's on the host or not.
3129    ///
3130    /// Feature names passed to `detect` match the same feature name used in the
3131    /// Rust standard library. For example `"sse4.2"` is used on x86\_64.
3132    ///
3133    /// # Unsafety
3134    ///
3135    /// This function is `unsafe` because it is undefined behavior to execute
3136    /// instructions that a host does not support. This means that the result of
3137    /// `detect` must be correct for memory safe execution at runtime.
3138    pub unsafe fn detect_host_feature(&mut self, detect: fn(&str) -> Option<bool>) -> &mut Self {
3139        self.detect_host_feature = Some(detect);
3140        self
3141    }
3142
3143    /// Configures Wasmtime to not use signals-based trap handlers, for example
3144    /// disables `SIGILL` and `SIGSEGV` handler registration on Unix platforms.
3145    ///
3146    /// > **Note:** this option has important performance ramifications, be sure
3147    /// > to understand the implications. Wasm programs have been measured to
3148    /// > run up to 2x slower when signals-based traps are disabled.
3149    ///
3150    /// Wasmtime will by default leverage signals-based trap handlers (or the
3151    /// platform equivalent, for example "vectored exception handlers" on
3152    /// Windows) to make generated code more efficient. For example, when
3153    /// Wasmtime can use signals-based traps, it can elide explicit bounds
3154    /// checks for Wasm linear memory accesses, instead relying on virtual
3155    /// memory guard pages to raise a `SIGSEGV` (on Unix) for out-of-bounds
3156    /// accesses, which Wasmtime's runtime then catches and handles. Another
3157    /// example is divide-by-zero: with signals-based traps, Wasmtime can let
3158    /// the hardware raise a trap when the divisor is zero. Without
3159    /// signals-based traps, Wasmtime must explicitly emit additional
3160    /// instructions to check for zero and conditionally branch to a trapping
3161    /// code path.
3162    ///
3163    /// Some environments however may not have access to signal handlers. For
3164    /// example embedded scenarios may not support virtual memory. Other
3165    /// environments where Wasmtime is embedded within the surrounding
3166    /// environment may require that new signal handlers aren't registered due
3167    /// to the global nature of signal handlers. This option exists to disable
3168    /// the signal handler registration when required for these scenarios.
3169    ///
3170    /// When signals-based trap handlers are disabled, then Wasmtime and its
3171    /// generated code will *never* rely on segfaults or other
3172    /// signals. Generated code will be slower because bounds must be explicitly
3173    /// checked along with other conditions like division by zero.
3174    ///
3175    /// The following additional factors can also affect Wasmtime's ability to
3176    /// elide explicit bounds checks and leverage signals-based traps:
3177    ///
3178    /// * The [`Config::memory_reservation`] and [`Config::memory_guard_size`]
3179    ///   settings
3180    /// * The index type of the linear memory (e.g. 32-bit or 64-bit)
3181    /// * The page size of the linear memory
3182    ///
3183    /// When this option is disabled, the
3184    /// `enable_heap_access_spectre_mitigation` and
3185    /// `enable_table_access_spectre_mitigation` Cranelift settings must also be
3186    /// disabled. This means that generated code must have spectre mitigations
3187    /// disabled. This is because spectre mitigations rely on faults from
3188    /// loading from the null address to implement bounds checks.
3189    ///
3190    /// This option defaults to `true`: signals-based trap handlers are enabled
3191    /// by default.
3192    ///
3193    /// > **Note:** Disabling this option is not compatible with the Winch
3194    /// > compiler.
3195    pub fn signals_based_traps(&mut self, enable: bool) -> &mut Self {
3196        self.tunables.signals_based_traps = Some(enable);
3197        self
3198    }
3199
3200    /// Enable/disable GC support in Wasmtime entirely.
3201    ///
3202    /// This flag can be used to gate whether GC infrastructure is enabled or
3203    /// initialized in Wasmtime at all. Wasmtime's GC implementation is required
3204    /// for the [`Self::wasm_gc`] proposal, [`Self::wasm_function_references`],
3205    /// and [`Self::wasm_exceptions`] at this time. None of those proposal can
3206    /// be enabled without also having this option enabled.
3207    ///
3208    /// This option defaults to whether the crate `gc` feature is enabled or
3209    /// not.
3210    pub fn gc_support(&mut self, enable: bool) -> &mut Self {
3211        self.wasm_features(WasmFeatures::GC_TYPES, enable)
3212    }
3213
3214    /// Explicitly indicate or not whether the host is using a hardware float
3215    /// ABI on x86 targets.
3216    ///
3217    /// This configuration option is only applicable on the
3218    /// `x86_64-unknown-none` Rust target and has no effect on other host
3219    /// targets. The `x86_64-unknown-none` Rust target does not support hardware
3220    /// floats by default and uses a "soft float" implementation and ABI. This
3221    /// means that `f32`, for example, is passed in a general-purpose register
3222    /// between functions instead of a floating-point register. This does not
3223    /// match Cranelift's ABI for `f32` where it's passed in floating-point
3224    /// registers.  Cranelift does not have support for a "soft float"
3225    /// implementation where all floating-point operations are lowered to
3226    /// libcalls.
3227    ///
3228    /// This means that for the `x86_64-unknown-none` target the ABI between
3229    /// Wasmtime's libcalls and the host is incompatible when floats are used.
3230    /// This further means that, by default, Wasmtime is unable to load native
3231    /// code when compiled to the `x86_64-unknown-none` target. The purpose of
3232    /// this option is to explicitly allow loading code and bypass this check.
3233    ///
3234    /// Setting this configuration option to `true` indicates that either:
3235    /// (a) the Rust target is compiled with the hard-float ABI manually via
3236    /// `-Zbuild-std` and a custom target JSON configuration, or (b) sufficient
3237    /// x86 features have been enabled in the compiler such that float libcalls
3238    /// will not be used in Wasmtime. For (a) there is no way in Rust at this
3239    /// time to detect whether a hard-float or soft-float ABI is in use on
3240    /// stable Rust, so this manual opt-in is required. For (b) the only
3241    /// instance where Wasmtime passes a floating-point value in a register
3242    /// between the host and compiled wasm code is with libcalls.
3243    ///
3244    /// Float-based libcalls are only used when the compilation target for a
3245    /// wasm module has insufficient target features enabled for native
3246    /// support. For example SSE4.1 is required for the `f32.ceil` WebAssembly
3247    /// instruction to be compiled to a native instruction. If SSE4.1 is not
3248    /// enabled then `f32.ceil` is translated to a "libcall" which is
3249    /// implemented on the host. Float-based libcalls can be avoided with
3250    /// sufficient target features enabled, for example:
3251    ///
3252    /// * `self.cranelift_flag_enable("has_sse3")`
3253    /// * `self.cranelift_flag_enable("has_ssse3")`
3254    /// * `self.cranelift_flag_enable("has_sse41")`
3255    /// * `self.cranelift_flag_enable("has_sse42")`
3256    /// * `self.cranelift_flag_enable("has_fma")`
3257    ///
3258    /// Note that when these features are enabled Wasmtime will perform a
3259    /// runtime check to determine that the host actually has the feature
3260    /// present.
3261    ///
3262    /// For some more discussion see [#11506].
3263    ///
3264    /// [#11506]: https://github.com/bytecodealliance/wasmtime/issues/11506
3265    ///
3266    /// # Safety
3267    ///
3268    /// This method is not safe because it cannot be detected in Rust right now
3269    /// whether the host is compiled with a soft or hard float ABI. Additionally
3270    /// if the host is compiled with a soft float ABI disabling this check does
3271    /// not ensure that the wasm module in question has zero usage of floats
3272    /// in the boundary to the host.
3273    ///
3274    /// Safely using this method requires one of:
3275    ///
3276    /// * The host target is compiled to use hardware floats.
3277    /// * Wasm modules loaded are compiled with enough x86 Cranelift features
3278    ///   enabled to avoid float-related hostcalls.
3279    pub unsafe fn x86_float_abi_ok(&mut self, enable: bool) -> &mut Self {
3280        self.x86_float_abi_ok = Some(enable);
3281        self
3282    }
3283
3284    /// Enable or disable the ability to create a
3285    /// [`SharedMemory`](crate::SharedMemory).
3286    ///
3287    /// The WebAssembly threads proposal, configured by [`Config::wasm_threads`]
3288    /// is on-by-default but there are enough deficiencies in Wasmtime's
3289    /// implementation and API integration that creation of a shared memory is
3290    /// disabled by default. This configuration knob can be used to enable this.
3291    ///
3292    /// When enabling this method be aware that wasm threads are, at this time,
3293    /// a [tier 2
3294    /// feature](https://docs.wasmtime.dev/stability-tiers.html#tier-2) in
3295    /// Wasmtime meaning that it will not receive security updates or fixes to
3296    /// historical releases. Additionally security CVEs will not be issued for
3297    /// bugs in the implementation.
3298    ///
3299    /// This option is `false` by default.
3300    pub fn shared_memory(&mut self, enable: bool) -> &mut Self {
3301        self.shared_memory = enable;
3302        self
3303    }
3304
3305    /// Specifies whether support for concurrent execution of WebAssembly is
3306    /// supported within this store.
3307    ///
3308    /// This configuration option affects whether runtime data structures are
3309    /// initialized within a `Store` on creation to support concurrent execution
3310    /// of WebAssembly guests. This is primarily applicable to the
3311    /// [`Config::wasm_component_model_async`] configuration which is the first
3312    /// time Wasmtime has supported concurrent execution of guests. This
3313    /// configuration option, for example, enables usage of
3314    /// [`Store::run_concurrent`], [`Func::call_concurrent`], [`StreamReader`],
3315    /// etc.
3316    ///
3317    /// This configuration option can be manually disabled to avoid initializing
3318    /// data structures in the [`Store`] related to concurrent execution. When
3319    /// this option is disabled then APIs related to concurrency will all fail
3320    /// with a panic. For example [`Store::run_concurrent`] will panic, creating
3321    /// a [`StreamReader`] will panic, etc.
3322    ///
3323    /// The value of this option additionally affects whether a [`Config`] is
3324    /// valid and the default set of enabled WebAssembly features. If this
3325    /// option is disabled then component-model features related to concurrency
3326    /// will all be disabled. If this option is enabled, then the options will
3327    /// retain their normal defaults. It is not valid to create a [`Config`]
3328    /// with component-model-async explicitly enabled and this option explicitly
3329    /// disabled, however.
3330    ///
3331    /// This option defaults to `true`.
3332    ///
3333    /// [`Store`]: crate::Store
3334    /// [`Store::run_concurrent`]: crate::Store::run_concurrent
3335    /// [`Func::call_concurrent`]: crate::component::Func::call_concurrent
3336    /// [`StreamReader`]: crate::component::StreamReader
3337    pub fn concurrency_support(&mut self, enable: bool) -> &mut Self {
3338        self.tunables.concurrency_support = Some(enable);
3339        self
3340    }
3341
3342    /// Validate if the current configuration has conflicting overrides that prevent
3343    /// execution determinism. Returns an error if a conflict exists.
3344    ///
3345    /// Note: Keep this in sync with [`Config::enforce_determinism`].
3346    #[inline]
3347    #[cfg(feature = "rr")]
3348    pub(crate) fn validate_rr_determinism_conflicts(&self) -> Result<()> {
3349        if let Some(v) = self.tunables.relaxed_simd_deterministic {
3350            if v == false {
3351                bail!("Relaxed deterministic SIMD cannot be disabled when determinism is enforced");
3352            }
3353        }
3354        #[cfg(any(feature = "cranelift", feature = "winch"))]
3355        if let Some((v, _)) = self
3356            .compiler_config
3357            .as_ref()
3358            .and_then(|c| c.settings.get("enable_nan_canonicalization"))
3359        {
3360            if v != "true" {
3361                bail!("NaN canonicalization cannot be disabled when determinism is enforced");
3362            }
3363        }
3364        Ok(())
3365    }
3366
3367    /// Enable execution trace recording or replaying to the configuration.
3368    ///
3369    /// When either recording/replaying are enabled, validation fails if settings
3370    /// that control determinism are not set appropriately. In particular, RR requires
3371    /// doing the following:
3372    /// * Enabling NaN canonicalization with [`Config::cranelift_nan_canonicalization`].
3373    /// * Enabling deterministic relaxed SIMD with [`Config::relaxed_simd_deterministic`].
3374    #[inline]
3375    pub fn rr(&mut self, cfg: RRConfig) -> &mut Self {
3376        self.rr_config = cfg;
3377        self
3378    }
3379
3380    /// Whether or not trap metadata is generated in compiled wasms for internal
3381    /// asserts in the compiled code itself.
3382    ///
3383    /// Wasmtime inserts metadata within compiled artifacts which contain a
3384    /// table of known trap codes for all instructions. If a trap via a signal
3385    /// happens, and it's not listed in these tables, then that's considered a
3386    /// fatal bug that crashes the process. This option controls whether trap
3387    /// codes are inserted into metadata for internal asserts as part of
3388    /// Wasmtime's translation process. These internal asserts should never be
3389    /// triggered, but if they are then the process dies with a signal.
3390    ///
3391    /// Inserting trap metadata into compiled artifacts can take extra space in
3392    /// the final artifact. The trap tables for the artifact will be larger as
3393    /// they contain more trap codes to contain.
3394    ///
3395    /// This is intended as a debugging option and is set to `false` by
3396    /// default.
3397    pub fn metadata_for_internal_asserts(&mut self, enable: bool) -> &mut Self {
3398        self.tunables.metadata_for_internal_asserts = Some(enable);
3399        self
3400    }
3401
3402    /// Whether or not trap metadata is generated in compiled wasms for
3403    /// detection of corruption in the GC heap.
3404    ///
3405    /// For more information about what metadata is in this scenario, see
3406    /// [`Config::metadata_for_internal_asserts`]. Note, though, that this
3407    /// option is enabled by default unlike internal asserts. This is intended
3408    /// as a defense-in-depth option for generated code in the face of GC heap
3409    /// corruption. If the GC heap is corrupted and is detected then the
3410    /// trapping instruction will be gracefully handled and delivered to the
3411    /// embedder. Otherwise if this option were set to `false` then the process
3412    /// would be aborted due to a signal.
3413    pub fn metadata_for_gc_heap_corruption(&mut self, enable: bool) -> &mut Self {
3414        self.tunables.metadata_for_gc_heap_corruption = Some(enable);
3415        self
3416    }
3417}
3418
3419impl Default for Config {
3420    fn default() -> Config {
3421        Config::new()
3422    }
3423}
3424
3425impl fmt::Debug for Config {
3426    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
3427        let mut f = f.debug_struct("Config");
3428
3429        // Not every flag in WasmFeatures can be enabled as part of creating
3430        // a Config. This impl gives a complete picture of all WasmFeatures
3431        // enabled, and doesn't require maintenance by hand (which has become out
3432        // of date in the past), at the cost of possible confusion for why
3433        // a flag in this set doesn't have a Config setter.
3434        let features = self.features();
3435        for flag in WasmFeatures::FLAGS.iter() {
3436            f.field(
3437                &format!("wasm_{}", flag.name().to_lowercase()),
3438                &features.contains(*flag.value()),
3439            );
3440        }
3441
3442        f.field("parallel_compilation", &self.parallel_compilation);
3443        #[cfg(any(feature = "cranelift", feature = "winch"))]
3444        {
3445            f.field("compiler_config", &self.compiler_config);
3446        }
3447
3448        self.tunables.format(&mut f);
3449        f.finish()
3450    }
3451}
3452
3453/// Possible Compilation strategies for a wasm module.
3454///
3455/// This is used as an argument to the [`Config::strategy`] method.
3456#[non_exhaustive]
3457#[derive(PartialEq, Eq, Clone, Debug, Copy)]
3458pub enum Strategy {
3459    /// An indicator that the compilation strategy should be automatically
3460    /// selected.
3461    ///
3462    /// This is generally what you want for most projects and indicates that the
3463    /// `wasmtime` crate itself should make the decision about what the best
3464    /// code generator for a wasm module is.
3465    ///
3466    /// Currently this always defaults to Cranelift, but the default value may
3467    /// change over time.
3468    Auto,
3469
3470    /// Currently the default backend, Cranelift aims to be a reasonably fast
3471    /// code generator which generates high quality machine code.
3472    Cranelift,
3473
3474    /// A low-latency baseline compiler for WebAssembly.
3475    /// For more details regarding ISA support and Wasm proposals support
3476    /// see <https://docs.wasmtime.dev/stability-tiers.html#current-tier-status>
3477    Winch,
3478}
3479
3480#[cfg(any(feature = "winch", feature = "cranelift"))]
3481impl Strategy {
3482    fn not_auto(&self) -> Option<Strategy> {
3483        match self {
3484            Strategy::Auto => {
3485                if cfg!(feature = "cranelift") {
3486                    Some(Strategy::Cranelift)
3487                } else if cfg!(feature = "winch") {
3488                    Some(Strategy::Winch)
3489                } else {
3490                    None
3491                }
3492            }
3493            other => Some(*other),
3494        }
3495    }
3496}
3497
3498/// Possible garbage collector implementations for Wasm.
3499///
3500/// This is used as an argument to the [`Config::collector`] method.
3501///
3502/// The properties of Wasmtime's available collectors are summarized in the
3503/// following table:
3504///
3505/// | Collector                   | Collects Garbage[^1]  | Latency[^2] | Throughput[^3] | Allocation Speed[^4] | Heap Utilization[^5] |
3506/// |-----------------------------|-----------------------|-------------|----------------|----------------------|----------------------|
3507/// | `Copying`                   | Yes, including cycles | 🙁         | 🙂             | 🙂                   | 🙁                  |
3508/// | `DeferredReferenceCounting` | Yes, but not cycles   | 🙂         | 🙁             | 😐                   | 😐                  |
3509/// | `Null`                      | No                    | 🙂         | 🙂             | 🙂                   | 🙂                  |
3510///
3511/// [^1]: Whether or not the collector is capable of collecting garbage and cyclic garbage.
3512///
3513/// [^2]: How long the Wasm program is paused during garbage
3514///       collections. Shorter is better. In general, better latency implies
3515///       worse throughput and vice versa.
3516///
3517/// [^3]: How fast the Wasm program runs when using this collector. Roughly
3518///       equivalent to the number of Wasm instructions executed per
3519///       second. Faster is better. In general, better throughput implies worse
3520///       latency and vice versa.
3521///
3522/// [^4]: How fast can individual objects be allocated?
3523///
3524/// [^5]: How many objects can the collector fit into N bytes of memory? That
3525///       is, how much space for bookkeeping and metadata does this collector
3526///       require? Less space taken up by metadata means more space for
3527///       additional objects. Reference counts are larger than mark bits and
3528///       free lists are larger than bump pointers, for example.
3529#[non_exhaustive]
3530#[derive(PartialEq, Eq, Clone, Debug, Copy)]
3531pub enum Collector {
3532    /// An indicator that the garbage collector should be automatically
3533    /// selected.
3534    ///
3535    /// This is generally what you want for most projects and indicates that the
3536    /// `wasmtime` crate itself should make the decision about what the best
3537    /// collector to use is.
3538    ///
3539    /// Currently this always defaults to the copying collector, but the default
3540    /// value may change over time.
3541    Auto,
3542
3543    /// The deferred reference-counting collector.
3544    ///
3545    /// A reference-counting collector, generally trading improved latency for
3546    /// worsened throughput. However, to avoid the largest overheads of
3547    /// reference counting, it avoids manipulating reference counts for Wasm
3548    /// objects on the stack. Instead, it will hold a reference count for an
3549    /// over-approximation of all objects that are currently on the stack, trace
3550    /// the stack during collection to find the precise set of on-stack roots,
3551    /// and decrement the reference count of any object that was in the
3552    /// over-approximation but not the precise set. This improves throughput,
3553    /// compared to "pure" reference counting, by performing many fewer
3554    /// refcount-increment and -decrement operations. The cost is the increased
3555    /// latency associated with tracing the stack.
3556    ///
3557    /// This collector cannot currently collect cycles; they will leak until the
3558    /// GC heap's store is dropped.
3559    DeferredReferenceCounting,
3560
3561    /// The null collector.
3562    ///
3563    /// This collector does not actually collect any garbage. It simply
3564    /// allocates objects until it runs out of memory, at which point further
3565    /// objects allocation attempts will trap.
3566    ///
3567    /// This collector is useful for incredibly short-running Wasm instances
3568    /// where additionally you would rather halt an over-allocating Wasm program
3569    /// than spend time collecting its garbage to allow it to keep running. It
3570    /// is also useful for measuring the overheads associated with other
3571    /// collectors, as this collector imposes as close to zero throughput and
3572    /// latency overhead as possible.
3573    Null,
3574
3575    /// The copying collector.
3576    ///
3577    /// A tracing collector that splits the GC heap in half, bump-allocates
3578    /// objects in one half until it fills up, and then does a GC and copies
3579    /// live objects into the other half, and repeats the process. It has fast
3580    /// allocation, collects cyclic garbage, and good collection throughput,
3581    /// however it suffers from poor latency due to its stop-the-world
3582    /// collections and poor heap utilization due to only using half the GC
3583    /// heap's full capacity at any given time.
3584    ///
3585    /// Note that this collector is still under construction and is not yet
3586    /// functional.
3587    Copying,
3588}
3589
3590impl Default for Collector {
3591    fn default() -> Collector {
3592        Collector::Auto
3593    }
3594}
3595
3596#[cfg(feature = "gc")]
3597impl Collector {
3598    fn not_auto(&self) -> Option<Collector> {
3599        match self {
3600            Collector::Auto => {
3601                if cfg!(feature = "gc-copying") {
3602                    Some(Collector::Copying)
3603                } else if cfg!(feature = "gc-drc") {
3604                    Some(Collector::DeferredReferenceCounting)
3605                } else if cfg!(feature = "gc-null") {
3606                    Some(Collector::Null)
3607                } else {
3608                    None
3609                }
3610            }
3611            other => Some(*other),
3612        }
3613    }
3614
3615    fn try_not_auto(&self) -> Result<Self> {
3616        match self.not_auto() {
3617            #[cfg(feature = "gc-drc")]
3618            Some(c @ Collector::DeferredReferenceCounting) => Ok(c),
3619            #[cfg(not(feature = "gc-drc"))]
3620            Some(Collector::DeferredReferenceCounting) => bail!(
3621                "cannot create an engine using the deferred reference-counting \
3622                 collector because the `gc-drc` feature was not enabled at \
3623                 compile time",
3624            ),
3625
3626            #[cfg(feature = "gc-null")]
3627            Some(c @ Collector::Null) => Ok(c),
3628            #[cfg(not(feature = "gc-null"))]
3629            Some(Collector::Null) => bail!(
3630                "cannot create an engine using the null collector because \
3631                 the `gc-null` feature was not enabled at compile time",
3632            ),
3633
3634            #[cfg(feature = "gc-copying")]
3635            Some(c @ Collector::Copying) => Ok(c),
3636            #[cfg(not(feature = "gc-copying"))]
3637            Some(Collector::Copying) => bail!(
3638                "cannot create an engine using the copying collector because \
3639                 the `gc-copying` feature was not enabled at compile time",
3640            ),
3641
3642            Some(Collector::Auto) => unreachable!(),
3643
3644            None => bail!(
3645                "cannot create an engine with GC support when none of the \
3646                 collectors are available; enable one of the following \
3647                 features: `gc-drc`, `gc-null`, `gc-copying`",
3648            ),
3649        }
3650    }
3651}
3652
3653/// Possible optimization levels for the Cranelift codegen backend.
3654#[non_exhaustive]
3655#[derive(Copy, Clone, Debug, Eq, PartialEq)]
3656pub enum OptLevel {
3657    /// No optimizations performed, minimizes compilation time by disabling most
3658    /// optimizations.
3659    None,
3660    /// Generates the fastest possible code, but may take longer.
3661    Speed,
3662    /// Similar to `speed`, but also performs transformations aimed at reducing
3663    /// code size.
3664    SpeedAndSize,
3665}
3666
3667/// Possible register allocator algorithms for the Cranelift codegen backend.
3668#[non_exhaustive]
3669#[derive(Copy, Clone, Debug, Eq, PartialEq)]
3670pub enum RegallocAlgorithm {
3671    /// Generates the fastest possible code, but may take longer.
3672    ///
3673    /// This algorithm performs "backtracking", which means that it may
3674    /// undo its earlier work and retry as it discovers conflicts. This
3675    /// results in better register utilization, producing fewer spills
3676    /// and moves, but can cause super-linear compile runtime.
3677    Backtracking,
3678    /// Generates acceptable code very quickly.
3679    ///
3680    /// This algorithm performs a single pass through the code,
3681    /// guaranteed to work in linear time.  (Note that the rest of
3682    /// Cranelift is not necessarily guaranteed to run in linear time,
3683    /// however.) It cannot undo earlier decisions, however, and it
3684    /// cannot foresee constraints or issues that may occur further
3685    /// ahead in the code, so the code may have more spills and moves as
3686    /// a result.
3687    ///
3688    /// > **Note**: This algorithm is not yet production-ready and has
3689    /// > historically had known problems. It is not recommended to enable this
3690    /// > algorithm for security-sensitive applications and the Wasmtime project
3691    /// > does not consider this configuration option for issuing security
3692    /// > advisories at this time.
3693    SinglePass,
3694}
3695
3696/// Select which profiling technique to support.
3697#[derive(Debug, Clone, Copy, PartialEq)]
3698pub enum ProfilingStrategy {
3699    /// No profiler support.
3700    None,
3701
3702    /// Collect function name information as the "perf map" file format, used with `perf` on Linux.
3703    PerfMap,
3704
3705    /// Collect profiling info for "jitdump" file format, used with `perf` on
3706    /// Linux.
3707    JitDump,
3708
3709    /// Collect profiling info using the "ittapi", used with `VTune` on Linux.
3710    VTune,
3711
3712    /// Support for profiling Pulley, Wasmtime's interpreter. Note that enabling
3713    /// this at runtime requires enabling the `profile-pulley` Cargo feature at
3714    /// compile time.
3715    Pulley,
3716}
3717
3718/// Select how wasm backtrace detailed information is handled.
3719#[derive(Debug, Clone, Copy)]
3720pub enum WasmBacktraceDetails {
3721    /// Support is unconditionally enabled and wasmtime will parse and read
3722    /// debug information.
3723    Enable,
3724
3725    /// Support is disabled, and wasmtime will not parse debug information for
3726    /// backtrace details.
3727    Disable,
3728
3729    /// Support for backtrace details is conditional on the
3730    /// `WASMTIME_BACKTRACE_DETAILS` environment variable.
3731    Environment,
3732}
3733
3734/// Describe the tri-state configuration of keys such as MPK or PAGEMAP_SCAN.
3735#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
3736pub enum Enabled {
3737    /// Enable this feature if it's detected on the host system, otherwise leave
3738    /// it disabled.
3739    Auto,
3740    /// Enable this feature and fail configuration if the feature is not
3741    /// detected on the host system.
3742    Yes,
3743    /// Do not enable this feature, even if the host system supports it.
3744    No,
3745}
3746
3747/// Configuration options used with [`InstanceAllocationStrategy::Pooling`] to
3748/// change the behavior of the pooling instance allocator.
3749///
3750/// This structure has a builder-style API in the same manner as [`Config`] and
3751/// is configured with [`Config::allocation_strategy`].
3752///
3753/// Note that usage of the pooling allocator does not affect compiled
3754/// WebAssembly code. Compiled `*.cwasm` files, for example, are usable both
3755/// with and without the pooling allocator.
3756///
3757/// ## Advantages of Pooled Allocation
3758///
3759/// The main benefit of the pooling allocator is to make WebAssembly
3760/// instantiation both faster and more scalable in terms of parallelism.
3761/// Allocation is faster because virtual memory is already configured and ready
3762/// to go within the pool, there's no need to [`mmap`] (for example on Unix) a
3763/// new region and configure it with guard pages. By avoiding [`mmap`] this
3764/// avoids whole-process virtual memory locks which can improve scalability and
3765/// performance through avoiding this.
3766///
3767/// Additionally with pooled allocation it's possible to create "affine slots"
3768/// to a particular WebAssembly module or component over time. For example if
3769/// the same module is multiple times over time the pooling allocator will, by
3770/// default, attempt to reuse the same slot. This mean that the slot has been
3771/// pre-configured and can retain virtual memory mappings for a copy-on-write
3772/// image, for example (see [`Config::memory_init_cow`] for more information.
3773/// This means that in a steady state instance deallocation is a single
3774/// [`madvise`] to reset linear memory to its original contents followed by a
3775/// single (optional) [`mprotect`] during the next instantiation to shrink
3776/// memory back to its original size. Compared to non-pooled allocation this
3777/// avoids the need to [`mmap`] a new region of memory, [`munmap`] it, and
3778/// [`mprotect`] regions too.
3779///
3780/// Another benefit of pooled allocation is that it's possible to configure
3781/// things such that no virtual memory management is required at all in a steady
3782/// state. For example a pooling allocator can be configured with:
3783///
3784/// * [`Config::memory_init_cow`] disabled
3785/// * [`Config::memory_guard_size`] disabled
3786/// * [`Config::memory_reservation`] shrunk to minimal size
3787/// * [`PoolingAllocationConfig::table_keep_resident`] sufficiently large
3788/// * [`PoolingAllocationConfig::linear_memory_keep_resident`] sufficiently large
3789///
3790/// With all these options in place no virtual memory tricks are used at all and
3791/// everything is manually managed by Wasmtime (for example resetting memory is
3792/// a `memset(0)`). This is not as fast in a single-threaded scenario but can
3793/// provide benefits in high-parallelism situations as no virtual memory locks
3794/// or IPIs need happen.
3795///
3796/// ## Disadvantages of Pooled Allocation
3797///
3798/// Despite the above advantages to instantiation performance the pooling
3799/// allocator is not enabled by default in Wasmtime. One reason is that the
3800/// performance advantages are not necessarily portable, for example while the
3801/// pooling allocator works on Windows it has not been tuned for performance on
3802/// Windows in the same way it has on Linux.
3803///
3804/// Additionally the main cost of the pooling allocator is that it requires a
3805/// very large reservation of virtual memory (on the order of most of the
3806/// addressable virtual address space). WebAssembly 32-bit linear memories in
3807/// Wasmtime are, by default 4G address space reservations with a small guard
3808/// region both before and after the linear memory. Memories in the pooling
3809/// allocator are contiguous which means that we only need a guard after linear
3810/// memory because the previous linear memory's slot post-guard is our own
3811/// pre-guard. This means that, by default, the pooling allocator uses roughly
3812/// 4G of virtual memory per WebAssembly linear memory slot. 4G of virtual
3813/// memory is 32 bits of a 64-bit address. Many 64-bit systems can only
3814/// actually use 48-bit addresses by default (although this can be extended on
3815/// architectures nowadays too), and of those 48 bits one of them is reserved
3816/// to indicate kernel-vs-userspace. This leaves 47-32=15 bits left,
3817/// meaning you can only have at most 32k slots of linear memories on many
3818/// systems by default. This is a relatively small number and shows how the
3819/// pooling allocator can quickly exhaust all of virtual memory.
3820///
3821/// Another disadvantage of the pooling allocator is that it may keep memory
3822/// alive when nothing is using it. A previously used slot for an instance might
3823/// have paged-in memory that will not get paged out until the
3824/// [`Engine`] owning the pooling allocator is dropped. While
3825/// suitable for some applications this behavior may not be suitable for all
3826/// applications.
3827///
3828/// Finally the last disadvantage of the pooling allocator is that the
3829/// configuration values for the maximum number of instances, memories, tables,
3830/// etc, must all be fixed up-front. There's not always a clear answer as to
3831/// what these values should be so not all applications may be able to work
3832/// with this constraint.
3833///
3834/// [`madvise`]: https://man7.org/linux/man-pages/man2/madvise.2.html
3835/// [`mprotect`]: https://man7.org/linux/man-pages/man2/mprotect.2.html
3836/// [`mmap`]: https://man7.org/linux/man-pages/man2/mmap.2.html
3837/// [`munmap`]: https://man7.org/linux/man-pages/man2/munmap.2.html
3838#[derive(Debug, Clone)]
3839pub struct PoolingAllocationConfig {
3840    /// See `PoolingAllocatorConfig::max_unused_warm_slots` in `wasmtime`
3841    pub(crate) max_unused_warm_slots: u32,
3842    /// The target number of decommits to do per batch. This is not precise, as
3843    /// we can queue up decommits at times when we aren't prepared to
3844    /// immediately flush them, and so we may go over this target size
3845    /// occasionally.
3846    pub(crate) decommit_batch_size: usize,
3847    /// The size, in bytes, of async stacks to allocate (not including the guard
3848    /// page).
3849    #[cfg_attr(
3850        not(all(feature = "async", feature = "pooling-allocator")),
3851        expect(dead_code, reason = "easier to cfg")
3852    )]
3853    pub(crate) stack_size: usize,
3854    /// The limits to apply to instances allocated within this allocator.
3855    pub(crate) limits: InstanceLimits,
3856    /// Whether or not async stacks are zeroed after use.
3857    #[cfg_attr(
3858        not(all(feature = "async", feature = "pooling-allocator")),
3859        expect(dead_code, reason = "easier to cfg")
3860    )]
3861    pub(crate) async_stack_zeroing: bool,
3862    /// If async stack zeroing is enabled and the host platform is Linux this is
3863    /// how much memory to zero out with `memset`.
3864    ///
3865    /// The rest of memory will be zeroed out with `madvise`.
3866    pub(crate) async_stack_keep_resident: usize,
3867    /// How much linear memory, in bytes, to keep resident after resetting for
3868    /// use with the next instance. This much memory will be `memset` to zero
3869    /// when a linear memory is deallocated.
3870    ///
3871    /// Memory exceeding this amount in the wasm linear memory will be released
3872    /// with `madvise` back to the kernel.
3873    ///
3874    /// Only applicable on Linux.
3875    pub(crate) linear_memory_keep_resident: usize,
3876    /// Same as `linear_memory_keep_resident` but for tables.
3877    pub(crate) table_keep_resident: usize,
3878    /// Whether to enable memory protection keys.
3879    pub(crate) memory_protection_keys: Enabled,
3880    /// How many memory protection keys to allocate.
3881    pub(crate) max_memory_protection_keys: usize,
3882    /// Whether to enable PAGEMAP_SCAN on Linux.
3883    pub(crate) pagemap_scan: Enabled,
3884}
3885
3886impl Default for PoolingAllocationConfig {
3887    fn default() -> Self {
3888        Self {
3889            max_unused_warm_slots: 100,
3890            decommit_batch_size: 1,
3891            stack_size: 2 << 20,
3892            limits: InstanceLimits::default(),
3893            async_stack_zeroing: false,
3894            async_stack_keep_resident: 0,
3895            linear_memory_keep_resident: 0,
3896            table_keep_resident: 0,
3897            memory_protection_keys: Enabled::No,
3898            max_memory_protection_keys: 16,
3899            pagemap_scan: Enabled::No,
3900        }
3901    }
3902}
3903
3904/// Instance-related limit configuration for pooling.
3905///
3906/// More docs on this can be found at `wasmtime::PoolingAllocationConfig`.
3907#[derive(Debug, Copy, Clone)]
3908pub(crate) struct InstanceLimits {
3909    /// The maximum number of component instances that may be allocated
3910    /// concurrently.
3911    pub(crate) total_component_instances: u32,
3912
3913    /// The maximum size of a component's `VMComponentContext`, including
3914    /// the aggregate size of all its inner core modules' `VMContext` sizes.
3915    pub(crate) component_instance_size: usize,
3916
3917    /// The maximum number of core module instances that may be allocated
3918    /// concurrently.
3919    pub(crate) total_core_instances: u32,
3920
3921    /// The maximum number of core module instances that a single component may
3922    /// transitively contain.
3923    pub(crate) max_core_instances_per_component: u32,
3924
3925    /// The maximum number of Wasm linear memories that a component may
3926    /// transitively contain.
3927    pub(crate) max_memories_per_component: u32,
3928
3929    /// The maximum number of tables that a component may transitively contain.
3930    pub(crate) max_tables_per_component: u32,
3931
3932    /// The total number of linear memories in the pool, across all instances.
3933    pub(crate) total_memories: u32,
3934
3935    /// The total number of tables in the pool, across all instances.
3936    pub(crate) total_tables: u32,
3937
3938    /// The total number of async stacks in the pool, across all instances.
3939    pub(crate) total_stacks: u32,
3940
3941    /// Maximum size of a core instance's `VMContext`.
3942    pub(crate) core_instance_size: usize,
3943
3944    /// Maximum number of tables per instance.
3945    pub(crate) max_tables_per_module: u32,
3946
3947    /// Maximum number of word-size elements per table.
3948    ///
3949    /// Note that tables for element types such as continuations
3950    /// that use more than one word of storage may store fewer
3951    /// elements.
3952    pub(crate) table_elements: usize,
3953
3954    /// Maximum number of linear memories per instance.
3955    pub(crate) max_memories_per_module: u32,
3956
3957    /// Maximum byte size of a linear memory, must be smaller than
3958    /// `memory_reservation` in `Tunables`.
3959    pub(crate) max_memory_size: usize,
3960
3961    /// The total number of GC heaps in the pool, across all instances.
3962    pub(crate) total_gc_heaps: u32,
3963}
3964
3965impl Default for InstanceLimits {
3966    fn default() -> Self {
3967        let total = if cfg!(target_pointer_width = "32") {
3968            100
3969        } else {
3970            1000
3971        };
3972        // See doc comments for `wasmtime::PoolingAllocationConfig` for these
3973        // default values
3974        Self {
3975            total_component_instances: total,
3976            component_instance_size: 1 << 20, // 1 MiB
3977            total_core_instances: total,
3978            max_core_instances_per_component: u32::MAX,
3979            max_memories_per_component: u32::MAX,
3980            max_tables_per_component: u32::MAX,
3981            total_memories: total,
3982            total_tables: total,
3983            total_stacks: total,
3984            core_instance_size: 1 << 20, // 1 MiB
3985            max_tables_per_module: 1,
3986            // NB: in #8504 it was seen that a C# module in debug module can
3987            // have 10k+ elements.
3988            table_elements: 20_000,
3989            max_memories_per_module: 1,
3990            #[cfg(target_pointer_width = "64")]
3991            max_memory_size: 1 << 32, // 4G,
3992            #[cfg(target_pointer_width = "32")]
3993            max_memory_size: 10 << 20, // 10 MiB
3994            total_gc_heaps: total,
3995        }
3996    }
3997}
3998
3999impl PoolingAllocationConfig {
4000    /// Returns a new configuration builder with all default settings
4001    /// configured.
4002    pub fn new() -> PoolingAllocationConfig {
4003        PoolingAllocationConfig::default()
4004    }
4005
4006    /// Configures the maximum number of "unused warm slots" to retain in the
4007    /// pooling allocator.
4008    ///
4009    /// The pooling allocator operates over slots to allocate from, and each
4010    /// slot is considered "cold" if it's never been used before or "warm" if
4011    /// it's been used by some module in the past. Slots in the pooling
4012    /// allocator additionally track an "affinity" flag to a particular core
4013    /// wasm module. When a module is instantiated into a slot then the slot is
4014    /// considered affine to that module, even after the instance has been
4015    /// deallocated.
4016    ///
4017    /// When a new instance is created then a slot must be chosen, and the
4018    /// current algorithm for selecting a slot is:
4019    ///
4020    /// * If there are slots that are affine to the module being instantiated,
4021    ///   then the most recently used slot is selected to be allocated from.
4022    ///   This is done to improve reuse of resources such as memory mappings and
4023    ///   additionally try to benefit from temporal locality for things like
4024    ///   caches.
4025    ///
4026    /// * Otherwise if there are more than N affine slots to other modules, then
4027    ///   one of those affine slots is chosen to be allocated. The slot chosen
4028    ///   is picked on a least-recently-used basis.
4029    ///
4030    /// * Finally, if there are less than N affine slots to other modules, then
4031    ///   the non-affine slots are allocated from.
4032    ///
4033    /// This setting, `max_unused_warm_slots`, is the value for N in the above
4034    /// algorithm. The purpose of this setting is to have a knob over the RSS
4035    /// impact of "unused slots" for a long-running wasm server.
4036    ///
4037    /// If this setting is set to 0, for example, then affine slots are
4038    /// aggressively reused on a least-recently-used basis. A "cold" slot is
4039    /// only used if there are no affine slots available to allocate from. This
4040    /// means that the set of slots used over the lifetime of a program is the
4041    /// same as the maximum concurrent number of wasm instances.
4042    ///
4043    /// If this setting is set to infinity, however, then cold slots are
4044    /// prioritized to be allocated from. This means that the set of slots used
4045    /// over the lifetime of a program will approach
4046    /// [`PoolingAllocationConfig::total_memories`], or the maximum number of
4047    /// slots in the pooling allocator.
4048    ///
4049    /// Wasmtime does not aggressively decommit all resources associated with a
4050    /// slot when the slot is not in use. For example the
4051    /// [`PoolingAllocationConfig::linear_memory_keep_resident`] option can be
4052    /// used to keep memory associated with a slot, even when it's not in use.
4053    /// This means that the total set of used slots in the pooling instance
4054    /// allocator can impact the overall RSS usage of a program.
4055    ///
4056    /// The default value for this option is `100`.
4057    pub fn max_unused_warm_slots(&mut self, max: u32) -> &mut Self {
4058        self.max_unused_warm_slots = max;
4059        self
4060    }
4061
4062    /// The target number of decommits to do per batch.
4063    ///
4064    /// This is not precise, as we can queue up decommits at times when we
4065    /// aren't prepared to immediately flush them, and so we may go over this
4066    /// target size occasionally.
4067    ///
4068    /// Note additionally that the queue of not-yet-decommitted entities is
4069    /// sharded to reduce lock contention: one shard per available CPU, capped
4070    /// at 16. Each shard batches up to this many decommits independently,
4071    /// meaning that up to `min(available_parallelism, 16) * (batch_size - 1)`
4072    /// decommits may be queued and not yet flushed at any given time.
4073    ///
4074    /// A batch size of one effectively disables batching.
4075    ///
4076    /// Defaults to `1`.
4077    pub fn decommit_batch_size(&mut self, batch_size: usize) -> &mut Self {
4078        self.decommit_batch_size = batch_size;
4079        self
4080    }
4081
4082    /// How much memory, in bytes, to keep resident for async stacks allocated
4083    /// with the pooling allocator.
4084    ///
4085    /// When [`Config::async_stack_zeroing`] is enabled then Wasmtime will reset
4086    /// the contents of async stacks back to zero upon deallocation. This option
4087    /// can be used to perform the zeroing operation with `memset` up to a
4088    /// certain threshold of bytes instead of using system calls to reset the
4089    /// stack to zero.
4090    ///
4091    /// Note that when using this option the memory with async stacks will
4092    /// never be decommitted.
4093    pub fn async_stack_keep_resident(&mut self, size: usize) -> &mut Self {
4094        self.async_stack_keep_resident = size;
4095        self
4096    }
4097
4098    /// How much memory, in bytes, to keep resident for each linear memory
4099    /// after deallocation.
4100    ///
4101    /// This option is only applicable on Linux and has no effect on other
4102    /// platforms.
4103    ///
4104    /// By default Wasmtime will use `madvise` to reset the entire contents of
4105    /// linear memory back to zero when a linear memory is deallocated. This
4106    /// option can be used to use `memset` instead to set memory back to zero
4107    /// which can, in some configurations, reduce the number of page faults
4108    /// taken when a slot is reused.
4109    pub fn linear_memory_keep_resident(&mut self, size: usize) -> &mut Self {
4110        self.linear_memory_keep_resident = size;
4111        self
4112    }
4113
4114    /// How much memory, in bytes, to keep resident for each table after
4115    /// deallocation.
4116    ///
4117    /// This option is only applicable on Linux and has no effect on other
4118    /// platforms.
4119    ///
4120    /// This option is the same as
4121    /// [`PoolingAllocationConfig::linear_memory_keep_resident`] except that it
4122    /// is applicable to tables instead.
4123    pub fn table_keep_resident(&mut self, size: usize) -> &mut Self {
4124        self.table_keep_resident = size;
4125        self
4126    }
4127
4128    /// The maximum number of concurrent component instances supported (default
4129    /// is `1000`).
4130    ///
4131    /// This provides an upper-bound on the total size of component
4132    /// metadata-related allocations, along with
4133    /// [`PoolingAllocationConfig::max_component_instance_size`]. The upper bound is
4134    ///
4135    /// ```text
4136    /// total_component_instances * max_component_instance_size
4137    /// ```
4138    ///
4139    /// where `max_component_instance_size` is rounded up to the size and alignment
4140    /// of the internal representation of the metadata.
4141    pub fn total_component_instances(&mut self, count: u32) -> &mut Self {
4142        self.limits.total_component_instances = count;
4143        self
4144    }
4145
4146    /// The maximum size, in bytes, allocated for a component instance's
4147    /// `VMComponentContext` metadata as well as the aggregate size of this
4148    /// component's core instances `VMContext` metadata.
4149    ///
4150    /// The [`wasmtime::component::Instance`][crate::component::Instance] type
4151    /// has a static size but its internal `VMComponentContext` is dynamically
4152    /// sized depending on the component being instantiated. This size limit
4153    /// loosely correlates to the size of the component, taking into account
4154    /// factors such as:
4155    ///
4156    /// * number of lifted and lowered functions,
4157    /// * number of memories
4158    /// * number of inner instances
4159    /// * number of resources
4160    ///
4161    /// If the allocated size per instance is too small then instantiation of a
4162    /// module will fail at runtime with an error indicating how many bytes were
4163    /// needed.
4164    ///
4165    /// In addition to the memory in the runtime for the component itself,
4166    /// components contain one or more core module instances. Each of these
4167    /// require some memory in the runtime as described in
4168    /// [`PoolingAllocationConfig::max_core_instance_size`]. The limit here
4169    /// applies against the sum of all of these individual allocations.
4170    ///
4171    /// The default value for this is 1MiB.
4172    ///
4173    /// This provides an upper-bound on the total size of all component's
4174    /// metadata-related allocations (for both the component and its embedded
4175    /// core module instances), along with
4176    /// [`PoolingAllocationConfig::total_component_instances`]. The upper bound is
4177    ///
4178    /// ```text
4179    /// total_component_instances * max_component_instance_size
4180    /// ```
4181    ///
4182    /// where `max_component_instance_size` is rounded up to the size and alignment
4183    /// of the internal representation of the metadata.
4184    pub fn max_component_instance_size(&mut self, size: usize) -> &mut Self {
4185        self.limits.component_instance_size = size;
4186        self
4187    }
4188
4189    /// The maximum number of core instances a single component may contain
4190    /// (default is unlimited).
4191    ///
4192    /// This method (along with
4193    /// [`PoolingAllocationConfig::max_memories_per_component`],
4194    /// [`PoolingAllocationConfig::max_tables_per_component`], and
4195    /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
4196    /// the amount of resources a single component allocation consumes.
4197    ///
4198    /// If a component will instantiate more core instances than `count`, then
4199    /// the component will fail to instantiate.
4200    pub fn max_core_instances_per_component(&mut self, count: u32) -> &mut Self {
4201        self.limits.max_core_instances_per_component = count;
4202        self
4203    }
4204
4205    /// The maximum number of Wasm linear memories that a single component may
4206    /// transitively contain (default is unlimited).
4207    ///
4208    /// This method (along with
4209    /// [`PoolingAllocationConfig::max_core_instances_per_component`],
4210    /// [`PoolingAllocationConfig::max_tables_per_component`], and
4211    /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
4212    /// the amount of resources a single component allocation consumes.
4213    ///
4214    /// If a component transitively contains more linear memories than `count`,
4215    /// then the component will fail to instantiate.
4216    pub fn max_memories_per_component(&mut self, count: u32) -> &mut Self {
4217        self.limits.max_memories_per_component = count;
4218        self
4219    }
4220
4221    /// The maximum number of tables that a single component may transitively
4222    /// contain (default is unlimited).
4223    ///
4224    /// This method (along with
4225    /// [`PoolingAllocationConfig::max_core_instances_per_component`],
4226    /// [`PoolingAllocationConfig::max_memories_per_component`],
4227    /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
4228    /// the amount of resources a single component allocation consumes.
4229    ///
4230    /// If a component will transitively contains more tables than `count`, then
4231    /// the component will fail to instantiate.
4232    pub fn max_tables_per_component(&mut self, count: u32) -> &mut Self {
4233        self.limits.max_tables_per_component = count;
4234        self
4235    }
4236
4237    /// The maximum number of concurrent Wasm linear memories supported (default
4238    /// is `1000`).
4239    ///
4240    /// This value has a direct impact on the amount of memory allocated by the pooling
4241    /// instance allocator.
4242    ///
4243    /// The pooling instance allocator allocates a memory pool, where each entry
4244    /// in the pool contains the reserved address space for each linear memory
4245    /// supported by an instance.
4246    ///
4247    /// The memory pool will reserve a large quantity of host process address
4248    /// space to elide the bounds checks required for correct WebAssembly memory
4249    /// semantics. Even with 64-bit address spaces, the address space is limited
4250    /// when dealing with a large number of linear memories.
4251    ///
4252    /// For example, on Linux x86_64, the userland address space limit is 128
4253    /// TiB. That might seem like a lot, but each linear memory will *reserve* 6
4254    /// GiB of space by default.
4255    pub fn total_memories(&mut self, count: u32) -> &mut Self {
4256        self.limits.total_memories = count;
4257        self
4258    }
4259
4260    /// The maximum number of concurrent tables supported (default is `1000`).
4261    ///
4262    /// This value has a direct impact on the amount of memory allocated by the
4263    /// pooling instance allocator.
4264    ///
4265    /// The pooling instance allocator allocates a table pool, where each entry
4266    /// in the pool contains the space needed for each WebAssembly table
4267    /// supported by an instance (see `table_elements` to control the size of
4268    /// each table).
4269    pub fn total_tables(&mut self, count: u32) -> &mut Self {
4270        self.limits.total_tables = count;
4271        self
4272    }
4273
4274    /// The maximum number of execution stacks allowed for asynchronous
4275    /// execution, when enabled (default is `1000`).
4276    ///
4277    /// This value has a direct impact on the amount of memory allocated by the
4278    /// pooling instance allocator.
4279    #[cfg(feature = "async")]
4280    pub fn total_stacks(&mut self, count: u32) -> &mut Self {
4281        self.limits.total_stacks = count;
4282        self
4283    }
4284
4285    /// The maximum number of concurrent core instances supported (default is
4286    /// `1000`).
4287    ///
4288    /// This provides an upper-bound on the total size of core instance
4289    /// metadata-related allocations, along with
4290    /// [`PoolingAllocationConfig::max_core_instance_size`]. The upper bound is
4291    ///
4292    /// ```text
4293    /// total_core_instances * max_core_instance_size
4294    /// ```
4295    ///
4296    /// where `max_core_instance_size` is rounded up to the size and alignment of
4297    /// the internal representation of the metadata.
4298    pub fn total_core_instances(&mut self, count: u32) -> &mut Self {
4299        self.limits.total_core_instances = count;
4300        self
4301    }
4302
4303    /// The maximum size, in bytes, allocated for a core instance's `VMContext`
4304    /// metadata.
4305    ///
4306    /// The [`Instance`][crate::Instance] type has a static size but its
4307    /// `VMContext` metadata is dynamically sized depending on the module being
4308    /// instantiated. This size limit loosely correlates to the size of the Wasm
4309    /// module, taking into account factors such as:
4310    ///
4311    /// * number of functions
4312    /// * number of globals
4313    /// * number of memories
4314    /// * number of tables
4315    /// * number of function types
4316    ///
4317    /// If the allocated size per instance is too small then instantiation of a
4318    /// module will fail at runtime with an error indicating how many bytes were
4319    /// needed.
4320    ///
4321    /// The default value for this is 1MiB.
4322    ///
4323    /// This provides an upper-bound on the total size of core instance
4324    /// metadata-related allocations, along with
4325    /// [`PoolingAllocationConfig::total_core_instances`]. The upper bound is
4326    ///
4327    /// ```text
4328    /// total_core_instances * max_core_instance_size
4329    /// ```
4330    ///
4331    /// where `max_core_instance_size` is rounded up to the size and alignment of
4332    /// the internal representation of the metadata.
4333    pub fn max_core_instance_size(&mut self, size: usize) -> &mut Self {
4334        self.limits.core_instance_size = size;
4335        self
4336    }
4337
4338    /// The maximum number of defined tables for a core module (default is `1`).
4339    ///
4340    /// This value controls the capacity of the `VMTableDefinition` table in
4341    /// each instance's `VMContext` structure.
4342    ///
4343    /// The allocated size of the table will be `tables *
4344    /// sizeof(VMTableDefinition)` for each instance regardless of how many
4345    /// tables are defined by an instance's module.
4346    pub fn max_tables_per_module(&mut self, tables: u32) -> &mut Self {
4347        self.limits.max_tables_per_module = tables;
4348        self
4349    }
4350
4351    /// The maximum table elements for any table defined in a module (default is
4352    /// `20000`).
4353    ///
4354    /// If a table's minimum element limit is greater than this value, the
4355    /// module will fail to instantiate.
4356    ///
4357    /// If a table's maximum element limit is unbounded or greater than this
4358    /// value, the maximum will be `table_elements` for the purpose of any
4359    /// `table.grow` instruction.
4360    ///
4361    /// This value is used to reserve the maximum space for each supported
4362    /// table; table elements are pointer-sized in the Wasmtime runtime.
4363    /// Therefore, the space reserved for each instance is `tables *
4364    /// table_elements * sizeof::<*const ()>`.
4365    pub fn table_elements(&mut self, elements: usize) -> &mut Self {
4366        self.limits.table_elements = elements;
4367        self
4368    }
4369
4370    /// The maximum number of defined linear memories for a module (default is
4371    /// `1`).
4372    ///
4373    /// This value controls the capacity of the `VMMemoryDefinition` table in
4374    /// each core instance's `VMContext` structure.
4375    ///
4376    /// The allocated size of the table will be `memories *
4377    /// sizeof(VMMemoryDefinition)` for each core instance regardless of how
4378    /// many memories are defined by the core instance's module.
4379    pub fn max_memories_per_module(&mut self, memories: u32) -> &mut Self {
4380        self.limits.max_memories_per_module = memories;
4381        self
4382    }
4383
4384    /// The maximum byte size that any WebAssembly linear memory may grow to.
4385    ///
4386    /// This option defaults to 4 GiB meaning that for 32-bit linear memories
4387    /// there is no restrictions. 64-bit linear memories will not be allowed to
4388    /// grow beyond 4 GiB by default.
4389    ///
4390    /// If a memory's minimum size is greater than this value, the module will
4391    /// fail to instantiate.
4392    ///
4393    /// If a memory's maximum size is unbounded or greater than this value, the
4394    /// maximum will be `max_memory_size` for the purpose of any `memory.grow`
4395    /// instruction.
4396    ///
4397    /// This value is used to control the maximum accessible space for each
4398    /// linear memory of a core instance. This can be thought of as a simple
4399    /// mechanism like [`Store::limiter`](crate::Store::limiter) to limit memory
4400    /// at runtime. This value can also affect striping/coloring behavior when
4401    /// used in conjunction with
4402    /// [`memory_protection_keys`](PoolingAllocationConfig::memory_protection_keys).
4403    ///
4404    /// The virtual memory reservation size of each linear memory is controlled
4405    /// by the [`Config::memory_reservation`] setting and this method's
4406    /// configuration cannot exceed [`Config::memory_reservation`].
4407    pub fn max_memory_size(&mut self, bytes: usize) -> &mut Self {
4408        self.limits.max_memory_size = bytes;
4409        self
4410    }
4411
4412    /// Configures whether memory protection keys (MPK) should be used for more
4413    /// efficient layout of pool-allocated memories.
4414    ///
4415    /// When using the pooling allocator (see [`Config::allocation_strategy`],
4416    /// [`InstanceAllocationStrategy::Pooling`]), memory protection keys can
4417    /// reduce the total amount of allocated virtual memory by eliminating guard
4418    /// regions between WebAssembly memories in the pool. It does so by
4419    /// "coloring" memory regions with different memory keys and setting which
4420    /// regions are accessible each time executions switches from host to guest
4421    /// (or vice versa).
4422    ///
4423    /// Leveraging MPK requires configuring a smaller-than-default
4424    /// [`max_memory_size`](PoolingAllocationConfig::max_memory_size) to enable
4425    /// this coloring/striping behavior. For example embeddings might want to
4426    /// reduce the default 4G allowance to 128M.
4427    ///
4428    /// MPK is only available on Linux (called `pku` there) and recent x86
4429    /// systems; we check for MPK support at runtime by examining the `CPUID`
4430    /// register. This configuration setting can be in three states:
4431    ///
4432    /// - `auto`: if MPK support is available the guard regions are removed; if
4433    ///   not, the guard regions remain
4434    /// - `yes`: use MPK to eliminate guard regions; fail if MPK is not
4435    ///   supported
4436    /// - `no`: never use MPK
4437    ///
4438    /// By default this value is `no`, but may become `auto` in future
4439    /// releases.
4440    ///
4441    /// __WARNING__: this configuration options is still experimental--use at
4442    /// your own risk! MPK uses kernel and CPU features to protect memory
4443    /// regions; you may observe segmentation faults if anything is
4444    /// misconfigured.
4445    #[cfg(feature = "memory-protection-keys")]
4446    pub fn memory_protection_keys(&mut self, enable: Enabled) -> &mut Self {
4447        self.memory_protection_keys = enable;
4448        self
4449    }
4450
4451    /// Sets an upper limit on how many memory protection keys (MPK) Wasmtime
4452    /// will use.
4453    ///
4454    /// This setting is only applicable when
4455    /// [`PoolingAllocationConfig::memory_protection_keys`] is set to `enable`
4456    /// or `auto`. Configuring this above the HW and OS limits (typically 15)
4457    /// has no effect.
4458    ///
4459    /// If multiple Wasmtime engines are used in the same process, note that all
4460    /// engines will share the same set of allocated keys; this setting will
4461    /// limit how many keys are allocated initially and thus available to all
4462    /// other engines.
4463    #[cfg(feature = "memory-protection-keys")]
4464    pub fn max_memory_protection_keys(&mut self, max: usize) -> &mut Self {
4465        self.max_memory_protection_keys = max;
4466        self
4467    }
4468
4469    /// Check if memory protection keys (MPK) are available on the current host.
4470    ///
4471    /// This is a convenience method for determining MPK availability using the
4472    /// same method that [`Enabled::Auto`] does. See
4473    /// [`PoolingAllocationConfig::memory_protection_keys`] for more
4474    /// information.
4475    #[cfg(feature = "memory-protection-keys")]
4476    pub fn are_memory_protection_keys_available() -> bool {
4477        crate::runtime::vm::mpk::is_supported()
4478    }
4479
4480    /// The maximum number of concurrent GC heaps supported (default is `1000`).
4481    ///
4482    /// This value has a direct impact on the amount of memory allocated by the
4483    /// pooling instance allocator.
4484    ///
4485    /// The pooling instance allocator allocates a GC heap pool, where each
4486    /// entry in the pool contains the space needed for each GC heap used by a
4487    /// store.
4488    #[cfg(feature = "gc")]
4489    pub fn total_gc_heaps(&mut self, count: u32) -> &mut Self {
4490        self.limits.total_gc_heaps = count;
4491        self
4492    }
4493
4494    /// Configures whether the Linux-specific [`PAGEMAP_SCAN` ioctl][ioctl] is
4495    /// used to help reset linear memory.
4496    ///
4497    /// When [`Self::linear_memory_keep_resident`] or
4498    /// [`Self::table_keep_resident`] options are configured to nonzero values
4499    /// the default behavior is to `memset` the lowest addresses of a table or
4500    /// memory back to their original contents. With the `PAGEMAP_SCAN` ioctl on
4501    /// Linux this can be done to more intelligently scan for resident pages in
4502    /// the region and only reset those pages back to their original contents
4503    /// with `memset` rather than assuming the low addresses are all resident.
4504    ///
4505    /// This ioctl has the potential to provide a number of performance benefits
4506    /// in high-reuse and high concurrency scenarios. Notably this enables
4507    /// Wasmtime to scan the entire region of WebAssembly linear memory and
4508    /// manually reset memory back to its original contents, up to
4509    /// [`Self::linear_memory_keep_resident`] bytes, possibly skipping an
4510    /// `madvise` entirely. This can be more efficient by avoiding removing
4511    /// pages from the address space entirely and additionally ensuring that
4512    /// future use of the linear memory doesn't incur page faults as the pages
4513    /// remain resident.
4514    ///
4515    /// At this time this configuration option is still being evaluated as to
4516    /// how appropriate it is for all use cases. It currently defaults to
4517    /// `no` or disabled but may change to `auto`, enable if supported, in the
4518    /// future. This option is only supported on Linux and requires a kernel
4519    /// version of 6.7 or higher.
4520    ///
4521    /// [ioctl]: https://www.man7.org/linux/man-pages/man2/PAGEMAP_SCAN.2const.html
4522    pub fn pagemap_scan(&mut self, enable: Enabled) -> &mut Self {
4523        self.pagemap_scan = enable;
4524        self
4525    }
4526
4527    /// Returns the configured
4528    /// [`PoolingAllocationConfig::decommit_batch_size`], if enabled.
4529    pub fn get_decommit_batch_size(&self) -> usize {
4530        self.decommit_batch_size
4531    }
4532
4533    /// Returns the configured
4534    /// [`PoolingAllocationConfig::max_unused_warm_slots`], if enabled.
4535    pub fn get_max_unused_warm_slots(&self) -> u32 {
4536        self.max_unused_warm_slots
4537    }
4538
4539    /// Returns the configured
4540    /// [`PoolingAllocationConfig::linear_memory_keep_resident`], if
4541    /// enabled.
4542    pub fn get_memory_keep_resident(&self) -> usize {
4543        self.linear_memory_keep_resident
4544    }
4545
4546    /// Returns the configured
4547    /// [`PoolingAllocationConfig::table_keep_resident`], if enabled.
4548    pub fn get_table_keep_resident(&self) -> usize {
4549        self.table_keep_resident
4550    }
4551
4552    /// Returns the configured
4553    /// [`PoolingAllocationConfig::async_stack_keep_resident`], if
4554    /// enabled.
4555    pub fn get_async_stack_keep_resident(&self) -> usize {
4556        self.async_stack_keep_resident
4557    }
4558
4559    /// Returns the configured
4560    /// [`PoolingAllocationConfig::memory_protection_keys`], if enabled.
4561    pub fn get_memory_protection_keys(&self) -> Enabled {
4562        self.memory_protection_keys
4563    }
4564
4565    /// Returns the configured
4566    /// [`PoolingAllocationConfig::max_memory_protection_keys`], if
4567    /// enabled.
4568    pub fn get_max_memory_protection_keys(&self) -> usize {
4569        self.max_memory_protection_keys
4570    }
4571
4572    /// Returns the configured
4573    /// [`PoolingAllocationConfig::pagemap_scan`], if enabled.
4574    pub fn get_pagemap_scan(&self) -> Enabled {
4575        self.pagemap_scan
4576    }
4577
4578    /// Returns the configured
4579    /// [`PoolingAllocationConfig::total_core_instances`], if enabled.
4580    pub fn get_total_core_instances(&self) -> u32 {
4581        self.limits.total_core_instances
4582    }
4583
4584    /// Returns the configured
4585    /// [`PoolingAllocationConfig::total_component_instances`], if
4586    /// enabled.
4587    pub fn get_total_component_instances(&self) -> u32 {
4588        self.limits.total_component_instances
4589    }
4590
4591    /// Returns the configured
4592    /// [`PoolingAllocationConfig::total_memories`], if enabled.
4593    pub fn get_total_memories(&self) -> u32 {
4594        self.limits.total_memories
4595    }
4596
4597    /// Returns the configured
4598    /// [`PoolingAllocationConfig::total_tables`], if enabled.
4599    pub fn get_total_tables(&self) -> u32 {
4600        self.limits.total_tables
4601    }
4602
4603    /// Returns the configured
4604    /// [`PoolingAllocationConfig::total_stacks`], if enabled.
4605    pub fn get_total_stacks(&self) -> u32 {
4606        self.limits.total_stacks
4607    }
4608
4609    /// Returns the configured
4610    /// [`PoolingAllocationConfig::total_gc_heaps`], if enabled.
4611    pub fn get_total_gc_heaps(&self) -> u32 {
4612        self.limits.total_gc_heaps
4613    }
4614
4615    /// Returns the configured
4616    /// [`PoolingAllocationConfig::max_memory_size`], if enabled.
4617    pub fn get_max_memory_size(&self) -> usize {
4618        self.limits.max_memory_size
4619    }
4620
4621    /// Returns the configured
4622    /// [`PoolingAllocationConfig::table_elements`], if enabled.
4623    pub fn get_table_elements(&self) -> usize {
4624        self.limits.table_elements
4625    }
4626
4627    /// Returns the configured
4628    /// [`PoolingAllocationConfig::max_core_instance_size`], if enabled.
4629    pub fn get_max_core_instance_size(&self) -> usize {
4630        self.limits.core_instance_size
4631    }
4632
4633    /// Returns the configured
4634    /// [`PoolingAllocationConfig::max_component_instance_size`], if
4635    /// enabled.
4636    pub fn get_max_component_instance_size(&self) -> usize {
4637        self.limits.component_instance_size
4638    }
4639
4640    /// Returns the configured
4641    /// [`PoolingAllocationConfig::max_core_instances_per_component`], if
4642    /// enabled.
4643    pub fn get_max_core_instances_per_component(&self) -> u32 {
4644        self.limits.max_core_instances_per_component
4645    }
4646
4647    /// Returns the configured
4648    /// [`PoolingAllocationConfig::max_memories_per_component`], if
4649    /// enabled.
4650    pub fn get_max_memories_per_component(&self) -> u32 {
4651        self.limits.max_memories_per_component
4652    }
4653
4654    /// Returns the configured
4655    /// [`PoolingAllocationConfig::max_tables_per_component`], if enabled.
4656    pub fn get_max_tables_per_component(&self) -> u32 {
4657        self.limits.max_tables_per_component
4658    }
4659
4660    /// Returns the configured
4661    /// [`PoolingAllocationConfig::max_tables_per_module`], if enabled.
4662    pub fn get_max_tables_per_module(&self) -> u32 {
4663        self.limits.max_tables_per_module
4664    }
4665
4666    /// Returns the configured
4667    /// [`PoolingAllocationConfig::max_memories_per_module`], if enabled.
4668    pub fn get_max_memories_per_module(&self) -> u32 {
4669        self.limits.max_memories_per_module
4670    }
4671}
4672
4673#[cfg(feature = "std")]
4674fn detect_host_feature(feature: &str) -> Option<bool> {
4675    #[cfg(target_arch = "aarch64")]
4676    {
4677        return match feature {
4678            "lse" => Some(std::arch::is_aarch64_feature_detected!("lse")),
4679            "paca" => Some(std::arch::is_aarch64_feature_detected!("paca")),
4680            "fp16" => Some(std::arch::is_aarch64_feature_detected!("fp16")),
4681            "dotprod" => Some(std::arch::is_aarch64_feature_detected!("dotprod")),
4682
4683            _ => None,
4684        };
4685    }
4686
4687    // `is_s390x_feature_detected` is nightly only for now, so use the
4688    // STORE FACILITY LIST EXTENDED instruction as a temporary measure.
4689    #[cfg(target_arch = "s390x")]
4690    {
4691        let mut facility_list: [u64; 4] = [0; 4];
4692        unsafe {
4693            core::arch::asm!(
4694                "stfle 0({})",
4695                in(reg_addr) facility_list.as_mut_ptr() ,
4696                inout("r0") facility_list.len() as u64 - 1 => _,
4697                options(nostack)
4698            );
4699        }
4700        let get_facility_bit = |n: usize| {
4701            // NOTE: bits are numbered from the left.
4702            facility_list[n / 64] & (1 << (63 - (n % 64))) != 0
4703        };
4704
4705        return match feature {
4706            "mie3" => Some(get_facility_bit(61)),
4707            "mie4" => Some(get_facility_bit(84)),
4708            "vxrs_ext2" => Some(get_facility_bit(148)),
4709            "vxrs_ext3" => Some(get_facility_bit(198)),
4710
4711            _ => None,
4712        };
4713    }
4714
4715    #[cfg(target_arch = "riscv64")]
4716    {
4717        return match feature {
4718            // due to `is_riscv64_feature_detected` is not stable.
4719            // we cannot use it. For now lie and say all features are always
4720            // found to keep tests working.
4721            _ => Some(true),
4722        };
4723    }
4724
4725    #[cfg(target_arch = "x86_64")]
4726    {
4727        return match feature {
4728            "cmpxchg16b" => Some(std::is_x86_feature_detected!("cmpxchg16b")),
4729            "sse3" => Some(std::is_x86_feature_detected!("sse3")),
4730            "ssse3" => Some(std::is_x86_feature_detected!("ssse3")),
4731            "sse4.1" => Some(std::is_x86_feature_detected!("sse4.1")),
4732            "sse4.2" => Some(std::is_x86_feature_detected!("sse4.2")),
4733            "popcnt" => Some(std::is_x86_feature_detected!("popcnt")),
4734            "avx" => Some(std::is_x86_feature_detected!("avx")),
4735            "avx2" => Some(std::is_x86_feature_detected!("avx2")),
4736            "fma" => Some(std::is_x86_feature_detected!("fma")),
4737            "bmi1" => Some(std::is_x86_feature_detected!("bmi1")),
4738            "bmi2" => Some(std::is_x86_feature_detected!("bmi2")),
4739            "avx512bitalg" => Some(std::is_x86_feature_detected!("avx512bitalg")),
4740            "avx512dq" => Some(std::is_x86_feature_detected!("avx512dq")),
4741            "avx512f" => Some(std::is_x86_feature_detected!("avx512f")),
4742            "avx512vl" => Some(std::is_x86_feature_detected!("avx512vl")),
4743            "avx512vbmi" => Some(std::is_x86_feature_detected!("avx512vbmi")),
4744            "lzcnt" => Some(std::is_x86_feature_detected!("lzcnt")),
4745
4746            _ => None,
4747        };
4748    }
4749
4750    #[allow(
4751        unreachable_code,
4752        reason = "reachable or not depending on if a target above matches"
4753    )]
4754    {
4755        let _ = feature;
4756        return None;
4757    }
4758}
4759
4760// What follows in this impl block is intended to be a somewhat-mechanical
4761// mostly-complete set of getters for relevant configuration options on
4762// `Config`. The `Config` type does not reflect a complete configuration so
4763// default values cannot be directly read from it. An `Engine`, however,
4764// represents a concrete and complete configuration with all default values
4765// fully specified. The purpose of these getters are then to perform a dual
4766// function of reflecting what was explicitly configured above as well as
4767// defaults that Wasmtime sets.
4768//
4769// The current pattern is:
4770//
4771// * All methods are `get_<config_name>`
4772// * Return values return `T` instead of `Option<T>` where possible unless the
4773//   state for `T` is completely missing.
4774//
4775// This impl is primarily in service of
4776// `wasmtime_cli_flags::CommonOptions::from_engine` at this time, and CLI flags
4777// are not as comprehensive as `Config` options, but it's expected that the set
4778// will settle/grow over time.
4779impl Engine {
4780    /// Returns the configured [`Config::memory_may_move`] value.
4781    pub fn get_memory_may_move(&self) -> bool {
4782        self.tunables().memory_may_move
4783    }
4784
4785    /// Returns the configured [`Config::memory_reservation`] value.
4786    pub fn get_memory_reservation(&self) -> u64 {
4787        self.tunables().memory_reservation
4788    }
4789
4790    /// Returns the configured [`Config::memory_reservation_for_growth`] value.
4791    pub fn get_memory_reservation_for_growth(&self) -> u64 {
4792        self.tunables().memory_reservation_for_growth
4793    }
4794
4795    /// Returns the configured [`Config::memory_guard_size`] value.
4796    pub fn get_memory_guard_size(&self) -> u64 {
4797        self.tunables().memory_guard_size
4798    }
4799
4800    /// Returns the configured [`Config::gc_heap_may_move`] value.
4801    pub fn get_gc_heap_may_move(&self) -> bool {
4802        self.tunables().gc_heap_may_move
4803    }
4804
4805    /// Returns the configured [`Config::gc_heap_reservation`] value.
4806    pub fn get_gc_heap_reservation(&self) -> u64 {
4807        self.tunables().gc_heap_reservation
4808    }
4809
4810    /// Returns the configured [`Config::gc_heap_initial_size`] value.
4811    pub fn get_gc_heap_initial_size(&self) -> u64 {
4812        self.tunables().gc_heap_initial_size
4813    }
4814
4815    /// Returns the configured [`Config::gc_heap_reservation_for_growth`] value.
4816    pub fn get_gc_heap_reservation_for_growth(&self) -> u64 {
4817        self.tunables().gc_heap_reservation_for_growth
4818    }
4819
4820    /// Returns the configured [`Config::gc_heap_guard_size`] value.
4821    pub fn get_gc_heap_guard_size(&self) -> u64 {
4822        self.tunables().gc_heap_guard_size
4823    }
4824
4825    /// Returns the configured [`Config::guard_before_linear_memory`] value.
4826    pub fn get_guard_before_linear_memory(&self) -> bool {
4827        self.tunables().guard_before_linear_memory
4828    }
4829
4830    /// Returns the configured [`Config::table_lazy_init`] value.
4831    pub fn get_table_lazy_init(&self) -> bool {
4832        self.tunables().table_lazy_init
4833    }
4834
4835    /// Returns the configured [`Config::memory_init_cow`] value.
4836    pub fn get_memory_init_cow(&self) -> bool {
4837        self.tunables().memory_init_cow
4838    }
4839
4840    /// Returns the configured [`Config::memory_guaranteed_dense_image_size`] value.
4841    pub fn get_memory_guaranteed_dense_image_size(&self) -> u64 {
4842        self.config().memory_guaranteed_dense_image_size
4843    }
4844
4845    /// Returns the configured [`Config::signals_based_traps`] value.
4846    pub fn get_signals_based_traps(&self) -> bool {
4847        self.tunables().signals_based_traps
4848    }
4849
4850    /// Returns the configured [`Config::gc_zeal_alloc_counter`] value.
4851    pub fn get_gc_zeal_alloc_counter(&self) -> Option<core::num::NonZeroU32> {
4852        self.tunables().gc_zeal_alloc_counter
4853    }
4854
4855    /// Returns the configured [`Config::cranelift_opt_level`] value.
4856    pub fn get_cranelift_opt_level(&self) -> Option<OptLevel> {
4857        #[cfg(any(feature = "cranelift", feature = "winch"))]
4858        if let Some(compiler) = self.compiler() {
4859            let flags = compiler.flags();
4860            let (_, FlagValue::Enum(opt)) = flags.iter().find(|(f, _)| *f == "opt_level")? else {
4861                return None;
4862            };
4863            return match &opt[..] {
4864                "none" => Some(OptLevel::None),
4865                "speed" => Some(OptLevel::Speed),
4866                "speed_and_size" => Some(OptLevel::SpeedAndSize),
4867                _ => None,
4868            };
4869        }
4870        None
4871    }
4872
4873    /// Returns the configured [`Config::cranelift_regalloc_algorithm`] value.
4874    pub fn get_cranelift_regalloc_algorithm(&self) -> Option<RegallocAlgorithm> {
4875        #[cfg(any(feature = "cranelift", feature = "winch"))]
4876        if let Some(compiler) = self.compiler() {
4877            let flags = compiler.flags();
4878            let (_, FlagValue::Enum(opt)) =
4879                flags.iter().find(|(f, _)| *f == "regalloc_algorithm")?
4880            else {
4881                return None;
4882            };
4883            return match &opt[..] {
4884                "backtracking" => Some(RegallocAlgorithm::Backtracking),
4885                "single_pass" => Some(RegallocAlgorithm::SinglePass),
4886                _ => None,
4887            };
4888        }
4889        None
4890    }
4891
4892    /// Returns the configured [`Config::strategy`] value.
4893    pub fn get_strategy(&self) -> Option<Strategy> {
4894        #[cfg(any(feature = "cranelift", feature = "winch"))]
4895        return self.config().compiler_config.as_ref()?.strategy;
4896        #[cfg(not(any(feature = "cranelift", feature = "winch")))]
4897        return None;
4898    }
4899
4900    /// Returns the configured [`Config::collector`] value.
4901    pub fn get_collector(&self) -> Option<Collector> {
4902        #[cfg(feature = "gc")]
4903        return Some(self.config().collector);
4904        #[cfg(not(feature = "gc"))]
4905        return None;
4906    }
4907
4908    /// Returns the configured [`Config::cranelift_debug_verifier`] value.
4909    pub fn get_cranelift_debug_verifier(&self) -> Option<bool> {
4910        #[cfg(any(feature = "cranelift", feature = "winch"))]
4911        if let Some(compiler) = self.compiler() {
4912            let flags = compiler.flags();
4913            let (_, FlagValue::Bool(b)) = flags.iter().find(|(f, _)| *f == "enable_verifier")?
4914            else {
4915                return None;
4916            };
4917            return Some(*b);
4918        }
4919        None
4920    }
4921
4922    /// Returns the configured [`Config::compiler_inlining`] value.
4923    pub fn get_compiler_inlining(&self) -> Inlining {
4924        self.tunables().inlining
4925    }
4926
4927    /// Returns the configured [`Config::native_unwind_info`] value.
4928    pub fn get_native_unwind_info(&self) -> Option<bool> {
4929        #[cfg(any(feature = "cranelift", feature = "winch"))]
4930        if let Some(compiler) = self.compiler() {
4931            let flags = compiler.flags();
4932            let (_, FlagValue::Bool(b)) = flags.iter().find(|(f, _)| *f == "unwind_info")? else {
4933                return None;
4934            };
4935            return Some(*b);
4936        }
4937        None
4938    }
4939
4940    /// Returns the configured [`Config::parallel_compilation`] value.
4941    pub fn get_parallel_compilation(&self) -> bool {
4942        self.config().parallel_compilation
4943    }
4944
4945    /// Returns the configured [`Config::metadata_for_internal_asserts`] value.
4946    pub fn get_metadata_for_internal_asserts(&self) -> bool {
4947        self.tunables().metadata_for_internal_asserts
4948    }
4949
4950    /// Returns the configured [`Config::metadata_for_gc_heap_corruption`] value.
4951    pub fn get_metadata_for_gc_heap_corruption(&self) -> bool {
4952        self.tunables().metadata_for_gc_heap_corruption
4953    }
4954
4955    /// Returns the runtime pooling allocator configuration, if the pooling
4956    /// allocator is in use.
4957    pub fn get_pooling_config(&self) -> Option<&PoolingAllocationConfig> {
4958        #[cfg(feature = "pooling-allocator")]
4959        {
4960            Some(self.allocator().as_pooling()?.config())
4961        }
4962        #[cfg(not(feature = "pooling-allocator"))]
4963        {
4964            None
4965        }
4966    }
4967
4968    /// Returns the configured wasm proposals enabled in this engine.
4969    pub fn get_wasm_features(&self) -> WasmFeatures {
4970        self.features()
4971    }
4972
4973    /// Returns the configured [`Config::async_stack_size`] value.
4974    pub fn get_async_stack_size(&self) -> usize {
4975        self.config().async_stack_size
4976    }
4977
4978    /// Returns the configured [`Config::async_stack_zeroing`] value.
4979    pub fn get_async_stack_zeroing(&self) -> bool {
4980        self.config().async_stack_zeroing
4981    }
4982
4983    /// Returns the configured [`Config::wasm_branch_hinting`] value.
4984    pub fn get_wasm_branch_hinting(&self) -> bool {
4985        self.tunables().branch_hinting
4986    }
4987
4988    /// Returns the configured [`Config::concurrency_support`] value.
4989    pub fn get_concurrency_support(&self) -> bool {
4990        self.tunables().concurrency_support
4991    }
4992
4993    /// Returns the configured [`Config::epoch_interruption`] value.
4994    pub fn get_epoch_interruption(&self) -> bool {
4995        self.tunables().epoch_interruption
4996    }
4997
4998    /// Returns the configured [`Config::consume_fuel`] value.
4999    pub fn get_consume_fuel(&self) -> bool {
5000        self.tunables().consume_fuel
5001    }
5002
5003    /// Returns the configured [`Config::max_wasm_stack`] value.
5004    pub fn get_max_wasm_stack(&self) -> usize {
5005        self.config().max_wasm_stack
5006    }
5007
5008    /// Returns the configured [`Config::cranelift_nan_canonicalization`] value.
5009    pub fn get_cranelift_nan_canonicalization(&self) -> Option<bool> {
5010        #[cfg(any(feature = "cranelift", feature = "winch"))]
5011        if let Some(compiler) = self.compiler() {
5012            let flags = compiler.flags();
5013            let (_, FlagValue::Bool(b)) = flags
5014                .iter()
5015                .find(|(f, _)| *f == "enable_nan_canonicalization")?
5016            else {
5017                return None;
5018            };
5019            return Some(*b);
5020        }
5021        None
5022    }
5023
5024    /// Returns the configured [`Config::relaxed_simd_deterministic`] value.
5025    pub fn get_relaxed_simd_deterministic(&self) -> bool {
5026        self.tunables().relaxed_simd_deterministic
5027    }
5028
5029    /// Returns the configured [`Config::shared_memory`] value.
5030    pub fn get_shared_memory(&self) -> bool {
5031        self.config().shared_memory
5032    }
5033
5034    /// Returns the configured [`Config::generate_address_map`] value.
5035    pub fn get_generate_address_map(&self) -> bool {
5036        self.tunables().generate_address_map
5037    }
5038
5039    /// Returns the configured [`Config::debug_info`] value.
5040    pub fn get_debug_info(&self) -> bool {
5041        self.tunables().debug_native
5042    }
5043
5044    /// Returns the configured [`Config::guest_debug`] value.
5045    pub fn get_guest_debug(&self) -> bool {
5046        self.tunables().debug_guest
5047    }
5048
5049    /// Returns the configured [`Config::debug_symbols`] value.
5050    pub fn get_debug_symbols(&self) -> bool {
5051        self.tunables().debug_symbols
5052    }
5053
5054    /// Returns the configured [`Config::wasm_backtrace_max_frames`] value.
5055    pub fn get_wasm_backtrace_max_frames(&self) -> usize {
5056        self.config()
5057            .wasm_backtrace_max_frames
5058            .map(|f| f.get())
5059            .unwrap_or(0)
5060    }
5061
5062    /// Returns the configured [`Config::target`] value.
5063    pub fn get_target(&self) -> Option<String> {
5064        #[cfg(any(feature = "cranelift", feature = "winch"))]
5065        if let Some(compiler) = self.compiler() {
5066            return Some(compiler.triple().to_string());
5067        }
5068        None
5069    }
5070
5071    /// Returns the enabled flags via [`Config::cranelift_flag_enable`].
5072    pub fn get_cranelift_flags_enabled(&self) -> impl Iterator<Item = &str> {
5073        #[cfg(any(feature = "cranelift", feature = "winch"))]
5074        if let Some(config) = &self.config().compiler_config {
5075            return config
5076                .flags
5077                .iter()
5078                .filter_map(|(k, v)| match v {
5079                    UserSpecified::Yes => Some(k.as_str()),
5080                    UserSpecified::No => None,
5081                })
5082                .collect::<Vec<_>>()
5083                .into_iter();
5084        }
5085
5086        Vec::new().into_iter()
5087    }
5088
5089    /// Returns the enabled flags via [`Config::cranelift_flag_set`].
5090    pub fn get_cranelift_flags_set(&self) -> impl Iterator<Item = (&str, &str)> {
5091        #[cfg(any(feature = "cranelift", feature = "winch"))]
5092        if let Some(config) = &self.config().compiler_config {
5093            return config
5094                .settings
5095                .iter()
5096                .filter_map(|(k, (v, s))| match s {
5097                    UserSpecified::Yes => Some((k.as_str(), v.as_str())),
5098                    UserSpecified::No => None,
5099                })
5100                .collect::<Vec<_>>()
5101                .into_iter();
5102        }
5103
5104        Vec::new().into_iter()
5105    }
5106}