wasmtime/config.rs
1use crate::Engine;
2use crate::prelude::*;
3use alloc::sync::Arc;
4use bitflags::Flags;
5use core::fmt;
6use core::num::{NonZeroU32, NonZeroUsize};
7use core::str::FromStr;
8#[cfg(any(feature = "cranelift", feature = "winch"))]
9use std::path::Path;
10pub use wasmparser::WasmFeatures;
11#[cfg(any(feature = "cranelift", feature = "winch"))]
12use wasmtime_environ::FlagValue;
13use wasmtime_environ::{ConfigTunables, OperatorCost, OperatorCostStrategy, TripleExt, Tunables};
14
15#[cfg(feature = "runtime")]
16use crate::memory::MemoryCreator;
17#[cfg(feature = "runtime")]
18use crate::profiling_agent::{self, ProfilingAgent};
19#[cfg(feature = "runtime")]
20use crate::runtime::vm::{
21 GcRuntime, InstanceAllocator, OnDemandInstanceAllocator, RuntimeMemoryCreator,
22};
23#[cfg(feature = "runtime")]
24use crate::trampoline::MemoryCreatorProxy;
25
26#[cfg(feature = "async")]
27use crate::stack::{StackCreator, StackCreatorProxy};
28#[cfg(feature = "async")]
29use wasmtime_fiber::RuntimeFiberStackCreator;
30
31#[cfg(feature = "runtime")]
32pub use crate::runtime::code_memory::CustomCodeMemory;
33#[cfg(feature = "cache")]
34pub use wasmtime_cache::{Cache, CacheConfig};
35#[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
36pub use wasmtime_environ::CacheStore;
37pub use wasmtime_environ::Inlining;
38
39pub(crate) const DEFAULT_WASM_BACKTRACE_MAX_FRAMES: NonZeroUsize = NonZeroUsize::new(20).unwrap();
40
41/// Represents the module instance allocation strategy to use.
42#[derive(Clone)]
43#[non_exhaustive]
44pub enum InstanceAllocationStrategy {
45 /// The on-demand instance allocation strategy.
46 ///
47 /// Resources related to a module instance are allocated at instantiation time and
48 /// immediately deallocated when the `Store` referencing the instance is dropped.
49 ///
50 /// This is the default allocation strategy for Wasmtime.
51 OnDemand,
52 /// The pooling instance allocation strategy.
53 ///
54 /// A pool of resources is created in advance and module instantiation reuses resources
55 /// from the pool. Resources are returned to the pool when the `Store` referencing the instance
56 /// is dropped.
57 ///
58 /// When GC is enabled, the pooling allocator requires that the GC heap
59 /// configuration matches the linear memory configuration (i.e.,
60 /// `gc_heap_reservation` must equal `memory_reservation`, etc.). By
61 /// default, if no `gc_heap_*` tunables are explicitly configured, they
62 /// automatically inherit the `memory_*` values.
63 #[cfg(feature = "pooling-allocator")]
64 Pooling(PoolingAllocationConfig),
65}
66
67impl InstanceAllocationStrategy {
68 /// The default pooling instance allocation strategy.
69 #[cfg(feature = "pooling-allocator")]
70 pub fn pooling() -> Self {
71 Self::Pooling(Default::default())
72 }
73}
74
75impl Default for InstanceAllocationStrategy {
76 fn default() -> Self {
77 Self::OnDemand
78 }
79}
80
81#[cfg(feature = "pooling-allocator")]
82impl From<PoolingAllocationConfig> for InstanceAllocationStrategy {
83 fn from(cfg: PoolingAllocationConfig) -> InstanceAllocationStrategy {
84 InstanceAllocationStrategy::Pooling(cfg)
85 }
86}
87
88#[derive(Clone)]
89/// Configure the strategy used for versioning in serializing and deserializing [`crate::Module`].
90pub enum ModuleVersionStrategy {
91 /// Use the wasmtime crate's Cargo package version.
92 WasmtimeVersion,
93 /// Use a custom version string. Must be at most 255 bytes.
94 Custom(String),
95 /// Emit no version string in serialization, and accept all version strings in deserialization.
96 None,
97}
98
99impl Default for ModuleVersionStrategy {
100 fn default() -> Self {
101 ModuleVersionStrategy::WasmtimeVersion
102 }
103}
104
105impl core::hash::Hash for ModuleVersionStrategy {
106 fn hash<H: core::hash::Hasher>(&self, hasher: &mut H) {
107 match self {
108 Self::WasmtimeVersion => env!("CARGO_PKG_VERSION").hash(hasher),
109 Self::Custom(s) => s.hash(hasher),
110 Self::None => {}
111 };
112 }
113}
114
115impl ModuleVersionStrategy {
116 /// Get the string-encoding version of the module.
117 pub fn as_str(&self) -> &str {
118 match &self {
119 Self::WasmtimeVersion => env!("CARGO_PKG_VERSION_MAJOR"),
120 Self::Custom(c) => c,
121 Self::None => "",
122 }
123 }
124}
125
126/// Configuration for record/replay
127#[derive(Clone)]
128#[non_exhaustive]
129pub enum RRConfig {
130 #[cfg(feature = "rr")]
131 /// Recording on store is enabled
132 Recording,
133 #[cfg(feature = "rr")]
134 /// Replaying on store is enabled
135 Replaying,
136 /// No record/replay is enabled
137 None,
138}
139
140/// Global configuration options used to create an [`Engine`]
141/// and customize its behavior.
142///
143/// This structure exposed a builder-like interface and is primarily consumed by
144/// [`Engine::new()`].
145///
146/// The validation of `Config` is deferred until the engine is being built, thus
147/// a problematic config may cause [`Engine::new`] to fail.
148///
149/// # Defaults
150///
151/// The `Default` trait implementation and the return value from
152/// [`Config::new()`] are the same and represent the default set of
153/// configuration for an engine. The exact set of defaults will differ based on
154/// properties such as enabled Cargo features at compile time and the configured
155/// target (see [`Config::target`]). Configuration options document their
156/// default values and what the conditional value of the default is where
157/// applicable.
158#[derive(Clone)]
159pub struct Config {
160 #[cfg(any(feature = "cranelift", feature = "winch"))]
161 compiler_config: Option<CompilerConfig>,
162 target: Option<target_lexicon::Triple>,
163 #[cfg(feature = "gc")]
164 collector: Collector,
165 profiling_strategy: ProfilingStrategy,
166 tunables: ConfigTunables,
167
168 #[cfg(feature = "cache")]
169 pub(crate) cache: Option<Cache>,
170 #[cfg(feature = "runtime")]
171 pub(crate) mem_creator: Option<Arc<dyn RuntimeMemoryCreator>>,
172 #[cfg(feature = "runtime")]
173 pub(crate) custom_code_memory: Option<Arc<dyn CustomCodeMemory>>,
174 pub(crate) allocation_strategy: InstanceAllocationStrategy,
175 pub(crate) max_wasm_stack: usize,
176 /// Explicitly enabled features via `Config::wasm_*` methods. This is a
177 /// signal that the embedder specifically wants something turned on
178 /// regardless of the defaults that Wasmtime might otherwise have enabled.
179 ///
180 /// Note that this, and `disabled_features` below, start as the empty set of
181 /// features to only track explicit user requests.
182 pub(crate) enabled_features: WasmFeatures,
183 /// Same as `enabled_features`, but for those that are explicitly disabled.
184 pub(crate) disabled_features: WasmFeatures,
185 pub(crate) wasm_backtrace_details_env_used: bool,
186 pub(crate) wasm_backtrace_max_frames: Option<NonZeroUsize>,
187 pub(crate) native_unwind_info: Option<bool>,
188 pub(crate) async_stack_size: usize,
189 pub(crate) async_stack_zeroing: bool,
190 #[cfg(feature = "async")]
191 pub(crate) stack_creator: Option<Arc<dyn RuntimeFiberStackCreator>>,
192 pub(crate) module_version: ModuleVersionStrategy,
193 pub(crate) parallel_compilation: bool,
194 pub(crate) memory_guaranteed_dense_image_size: u64,
195 pub(crate) force_memory_init_memfd: bool,
196 pub(crate) wmemcheck: bool,
197 #[cfg(feature = "coredump")]
198 pub(crate) coredump_on_trap: bool,
199 pub(crate) macos_use_mach_ports: bool,
200 pub(crate) detect_host_feature: Option<fn(&str) -> Option<bool>>,
201 pub(crate) x86_float_abi_ok: Option<bool>,
202 pub(crate) shared_memory: bool,
203 pub(crate) rr_config: RRConfig,
204}
205
206/// User-provided configuration for the compiler.
207#[cfg(any(feature = "cranelift", feature = "winch"))]
208#[derive(Debug, Clone)]
209struct CompilerConfig {
210 strategy: Option<Strategy>,
211 settings: crate::hash_map::HashMap<String, (String, UserSpecified)>,
212 flags: crate::hash_map::HashMap<String, UserSpecified>,
213 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
214 cache_store: Option<Arc<dyn CacheStore>>,
215 clif_dir: Option<std::path::PathBuf>,
216 wmemcheck: bool,
217}
218
219#[cfg(any(feature = "cranelift", feature = "winch"))]
220#[derive(Debug, Clone)]
221enum UserSpecified {
222 Yes,
223 No,
224}
225
226#[cfg(any(feature = "cranelift", feature = "winch"))]
227impl CompilerConfig {
228 fn new() -> Self {
229 Self {
230 strategy: Strategy::Auto.not_auto(),
231 settings: Default::default(),
232 flags: Default::default(),
233 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
234 cache_store: None,
235 clif_dir: None,
236 wmemcheck: false,
237 }
238 }
239
240 /// Ensures that the key is not set or equals to the given value.
241 /// If the key is not set, it will be set to the given value.
242 ///
243 /// # Returns
244 ///
245 /// Returns true if successfully set or already had the given setting
246 /// value, or false if the setting was explicitly set to something
247 /// else previously.
248 fn ensure_setting_unset_or_given(&mut self, k: &str, v: &str) -> bool {
249 if let Some((value, _)) = self.settings.get(k) {
250 if value != v {
251 return false;
252 }
253 } else {
254 self.settings
255 .insert(k.to_string(), (v.to_string(), UserSpecified::No));
256 }
257 true
258 }
259}
260
261#[cfg(any(feature = "cranelift", feature = "winch"))]
262impl Default for CompilerConfig {
263 fn default() -> Self {
264 Self::new()
265 }
266}
267
268impl Config {
269 /// Creates a new configuration object with the default configuration
270 /// specified.
271 pub fn new() -> Self {
272 let mut ret = Self {
273 tunables: ConfigTunables::default(),
274 #[cfg(any(feature = "cranelift", feature = "winch"))]
275 compiler_config: Some(CompilerConfig::default()),
276 target: None,
277 #[cfg(feature = "gc")]
278 collector: Collector::default(),
279 #[cfg(feature = "cache")]
280 cache: None,
281 profiling_strategy: ProfilingStrategy::None,
282 #[cfg(feature = "runtime")]
283 mem_creator: None,
284 #[cfg(feature = "runtime")]
285 custom_code_memory: None,
286 allocation_strategy: InstanceAllocationStrategy::OnDemand,
287 // 512k of stack -- note that this is chosen currently to not be too
288 // big, not be too small, and be a good default for most platforms.
289 // One platform of particular note is Windows where the stack size
290 // of the main thread seems to, by default, be smaller than that of
291 // Linux and macOS. This 512k value at least lets our current test
292 // suite pass on the main thread of Windows (using `--test-threads
293 // 1` forces this), or at least it passed when this change was
294 // committed.
295 max_wasm_stack: 512 * 1024,
296 wasm_backtrace_details_env_used: false,
297 wasm_backtrace_max_frames: Some(DEFAULT_WASM_BACKTRACE_MAX_FRAMES),
298 native_unwind_info: None,
299 enabled_features: WasmFeatures::empty(),
300 disabled_features: WasmFeatures::empty(),
301 async_stack_size: 2 << 20,
302 async_stack_zeroing: false,
303 #[cfg(feature = "async")]
304 stack_creator: None,
305 module_version: ModuleVersionStrategy::default(),
306 parallel_compilation: !cfg!(miri),
307 memory_guaranteed_dense_image_size: 16 << 20,
308 force_memory_init_memfd: false,
309 wmemcheck: false,
310 #[cfg(feature = "coredump")]
311 coredump_on_trap: false,
312 macos_use_mach_ports: !cfg!(miri),
313 #[cfg(feature = "std")]
314 detect_host_feature: Some(detect_host_feature),
315 #[cfg(not(feature = "std"))]
316 detect_host_feature: None,
317 x86_float_abi_ok: None,
318 shared_memory: false,
319 rr_config: RRConfig::None,
320 };
321 ret.wasm_backtrace_details(WasmBacktraceDetails::Environment);
322 ret
323 }
324
325 #[cfg(any(feature = "cranelift", feature = "winch"))]
326 pub(crate) fn has_compiler(&self) -> bool {
327 self.compiler_config.is_some()
328 }
329
330 #[track_caller]
331 #[cfg(any(feature = "cranelift", feature = "winch"))]
332 fn compiler_config_mut(&mut self) -> &mut CompilerConfig {
333 self.compiler_config.as_mut().expect(
334 "cannot configure compiler settings for `Config`s \
335 created by `Config::without_compiler`",
336 )
337 }
338
339 /// Configure whether Wasm compilation is enabled.
340 ///
341 /// Disabling Wasm compilation will allow you to load and run
342 /// [pre-compiled][Engine::precompile_module] Wasm programs, but not
343 /// to compile and run new Wasm programs that have not already been
344 /// pre-compiled.
345 ///
346 /// Many compilation-related configuration methods will panic if compilation
347 /// has been disabled.
348 ///
349 /// Note that there are two ways to disable Wasm compilation:
350 ///
351 /// 1. Statically, by disabling the `"cranelift"` and `"winch"` cargo
352 /// features when building Wasmtime. These builds of Wasmtime will have
353 /// smaller code size, since they do not include any of the code to
354 /// compile Wasm.
355 ///
356 /// 2. Dynamically, by passing `false` to this method at run-time when
357 /// configuring Wasmtime. The Wasmtime binary will still include the code
358 /// for compiling Wasm, it just won't be executed, so code size is larger
359 /// than with the first approach.
360 ///
361 /// The static approach is better in most cases, however dynamically calling
362 /// `enable_compiler(false)` is useful whenever you create multiple
363 /// [`Engine`]s in the same process, some of which must be able to compile
364 /// Wasm and some of which should never do so. Tests are a common example of
365 /// such a situation, especially when there are multiple Rust binaries in
366 /// the same cargo workspace, and cargo's feature resolution enables the
367 /// `"cranelift"` or `"winch"` features across the whole workspace.
368 #[cfg(any(feature = "cranelift", feature = "winch"))]
369 pub fn enable_compiler(&mut self, enable: bool) -> &mut Self {
370 match (enable, &self.compiler_config) {
371 (true, Some(_)) | (false, None) => {}
372 (true, None) => {
373 self.compiler_config = Some(CompilerConfig::default());
374 }
375 (false, Some(_)) => {
376 self.compiler_config = None;
377 }
378 }
379 self
380 }
381
382 /// Configures the target platform of this [`Config`].
383 ///
384 /// This method is used to configure the output of compilation in an
385 /// [`Engine`]. This can be used, for example, to
386 /// cross-compile from one platform to another. By default, the host target
387 /// triple is used meaning compiled code is suitable to run on the host.
388 ///
389 /// Note that the [`Module`](crate::Module) type can only be created if the
390 /// target configured here matches the host. Otherwise if a cross-compile is
391 /// being performed where the host doesn't match the target then
392 /// [`Engine::precompile_module`] must be used instead.
393 ///
394 /// Target-specific flags (such as CPU features) will not be inferred by
395 /// default for the target when one is provided here. This means that this
396 /// can also be used, for example, with the host architecture to disable all
397 /// host-inferred feature flags. Configuring target-specific flags can be
398 /// done with [`Config::cranelift_flag_set`] and
399 /// [`Config::cranelift_flag_enable`].
400 ///
401 /// # Errors
402 ///
403 /// This method will error if the given target triple is not supported.
404 pub fn target(&mut self, target: &str) -> Result<&mut Self> {
405 self.target =
406 Some(target_lexicon::Triple::from_str(target).map_err(|e| crate::format_err!(e))?);
407
408 Ok(self)
409 }
410
411 /// Enables the incremental compilation cache in Cranelift, using the provided `CacheStore`
412 /// backend for storage.
413 ///
414 /// # Panics
415 ///
416 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
417 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
418 pub fn enable_incremental_compilation(
419 &mut self,
420 cache_store: Arc<dyn CacheStore>,
421 ) -> Result<&mut Self> {
422 self.compiler_config_mut().cache_store = Some(cache_store);
423 Ok(self)
424 }
425
426 #[doc(hidden)]
427 #[deprecated(note = "no longer has any effect")]
428 #[cfg(feature = "async")]
429 pub fn async_support(&mut self, _enable: bool) -> &mut Self {
430 self
431 }
432
433 /// Configures whether DWARF debug information will be emitted
434 /// during compilation for a native debugger on the Wasmtime
435 /// process to consume.
436 ///
437 /// Note that the `debug-builtins` compile-time Cargo feature must also be
438 /// enabled for native debuggers such as GDB or LLDB to be able to debug
439 /// guest WebAssembly programs.
440 ///
441 /// By default this option is `false`.
442 /// **Note** Enabling this option is not compatible with the Winch compiler.
443 pub fn debug_info(&mut self, enable: bool) -> &mut Self {
444 self.tunables.debug_native = Some(enable);
445 self
446 }
447
448 /// Whether or not symbols are located in generated compiled module
449 /// artifacts.
450 ///
451 /// Wasmtime's currently representation of compiled artifacts is an ELF
452 /// file. ELF files have symbol tables and such and this option enables
453 /// whether symbols are emitted for wasm functions. This utility can be
454 /// useful when profiling wasm modules (many profilers work with
455 /// ELF-in-memory by default without futher configuration), introspection of
456 /// a `*.cwasm` (e.g. the symbol table is what `wasmtime objdump` reads), or
457 /// just general binary analysis of the result ELF file. Large wasm modules
458 /// can have large symbol tables, however, and the symbols serve no purpose
459 /// at runtime meaning that they are pure overhead for minimal module as
460 /// well. This option can be used to disable these symbols which will reduce
461 /// the debuggability of modules but will also reduce their size.
462 ///
463 /// Note that the ELF file representation is considered an implementation
464 /// detail of Wasmtime and embedders should not rely on this format.
465 /// Wasmtime may change the format of artifacts in the future.
466 ///
467 /// This option is `true` by default.
468 ///
469 /// This option is required if [`Config::debug_info`] is enabled.
470 pub fn debug_symbols(&mut self, enable: bool) -> &mut Self {
471 self.tunables.debug_symbols = Some(enable);
472 self
473 }
474
475 /// Configures whether compiled guest code will be instrumented to
476 /// provide debugging at the Wasm VM level.
477 ///
478 /// This is required in order to enable a guest-level debugging
479 /// API that can precisely examine Wasm VM state and (eventually,
480 /// once it is complete) set breakpoints and watchpoints and step
481 /// through code.
482 ///
483 /// Without this enabled, debugging can only be done via a native
484 /// debugger operating on the compiled guest code (see
485 /// [`Config::debug_info`] and is "best-effort": we may be able to
486 /// recover some Wasm locals or operand stack values, but it is
487 /// not guaranteed, even when optimizations are disabled.
488 ///
489 /// When this is enabled, additional instrumentation is inserted
490 /// that directly tracks the Wasm VM state at every step. This has
491 /// some performance impact, but allows perfect debugging
492 /// fidelity.
493 ///
494 /// Breakpoints, watchpoints, and stepping are not yet supported,
495 /// but will be added in a future version of Wasmtime.
496 ///
497 /// This enables use of the [`crate::FrameHandle`] API which is
498 /// provided by [`crate::Caller::debug_exit_frames`] or
499 /// [`crate::Store::debug_exit_frames`].
500 ///
501 /// ***Note*** Enabling this option is not compatible with the
502 /// Winch compiler.
503 #[cfg(feature = "debug")]
504 pub fn guest_debug(&mut self, enable: bool) -> &mut Self {
505 self.tunables.debug_guest = Some(enable);
506 self
507 }
508
509 /// Configures whether [`WasmBacktrace`] will be present in the context of
510 /// errors returned from Wasmtime.
511 ///
512 /// This method is deprecated in favor of
513 /// [`Config::wasm_backtrace_max_frames`]. Calling `wasm_backtrace(false)`
514 /// is equivalent to `wasm_backtrace_max_frames(None)`, and
515 /// `wasm_backtrace(true)` will leave `wasm_backtrace_max_frames` unchanged
516 /// if the value is `Some` and will otherwise restore the default `Some`
517 /// value.
518 ///
519 /// [`WasmBacktrace`]: crate::WasmBacktrace
520 #[deprecated = "use `wasm_backtrace_max_frames` instead"]
521 pub fn wasm_backtrace(&mut self, enable: bool) -> &mut Self {
522 match (enable, self.wasm_backtrace_max_frames) {
523 (false, _) => self.wasm_backtrace_max_frames = None,
524 // Wasm backtraces were disabled; enable them with the
525 // default maximum number of frames to capture.
526 (true, None) => {
527 self.wasm_backtrace_max_frames = Some(DEFAULT_WASM_BACKTRACE_MAX_FRAMES)
528 }
529 // Wasm backtraces are already enabled; keep the existing
530 // max-frames configuration.
531 (true, Some(_)) => {}
532 }
533 self
534 }
535
536 /// Configures whether backtraces in `Trap` will parse debug info in the wasm file to
537 /// have filename/line number information.
538 ///
539 /// When enabled this will causes modules to retain debugging information
540 /// found in wasm binaries. This debug information will be used when a trap
541 /// happens to symbolicate each stack frame and attempt to print a
542 /// filename/line number for each wasm frame in the stack trace.
543 ///
544 /// By default this option is `WasmBacktraceDetails::Environment`, meaning
545 /// that wasm will read `WASMTIME_BACKTRACE_DETAILS` to indicate whether
546 /// details should be parsed. Note that the `std` feature of this crate must
547 /// be active to read environment variables, otherwise this is disabled by
548 /// default.
549 pub fn wasm_backtrace_details(&mut self, enable: WasmBacktraceDetails) -> &mut Self {
550 self.wasm_backtrace_details_env_used = false;
551 self.tunables.parse_wasm_debuginfo = match enable {
552 WasmBacktraceDetails::Enable => Some(true),
553 WasmBacktraceDetails::Disable => Some(false),
554 WasmBacktraceDetails::Environment => {
555 #[cfg(feature = "std")]
556 {
557 self.wasm_backtrace_details_env_used = true;
558 std::env::var("WASMTIME_BACKTRACE_DETAILS")
559 .map(|s| Some(s == "1"))
560 .unwrap_or(Some(false))
561 }
562 #[cfg(not(feature = "std"))]
563 {
564 Some(false)
565 }
566 }
567 };
568 self
569 }
570
571 /// Configures the maximum number of WebAssembly frames to collect in
572 /// backtraces.
573 ///
574 /// A backtrace may be collected whenever an error is returned from a host
575 /// function call through to WebAssembly or when WebAssembly itself hits a
576 /// trap condition, such as an out-of-bounds memory access. This flag
577 /// indicates, in these conditions, whether the backtrace is collected or
578 /// not and how many frames should be collected.
579 ///
580 /// Currently wasm backtraces are implemented through frame pointer walking.
581 /// This means that collecting a backtrace is expected to be a fast and
582 /// relatively cheap operation. Additionally backtrace collection is
583 /// suitable in concurrent environments since one thread capturing a
584 /// backtrace won't block other threads.
585 ///
586 /// Collected backtraces are attached via
587 /// [`Error::context`](crate::Error::context) to errors returned from host
588 /// functions. The [`WasmBacktrace`] type can be acquired via
589 /// [`Error::downcast_ref`](crate::Error::downcast_ref) to inspect the
590 /// backtrace. When this option is set to `None` then this context is never
591 /// applied to errors coming out of wasm.
592 ///
593 /// The default value is 20.
594 ///
595 /// [`WasmBacktrace`]: crate::WasmBacktrace
596 pub fn wasm_backtrace_max_frames(&mut self, limit: Option<NonZeroUsize>) -> &mut Self {
597 self.wasm_backtrace_max_frames = limit;
598 self
599 }
600
601 /// Configures whether to generate native unwind information
602 /// (e.g. `.eh_frame` on Linux).
603 ///
604 /// This configuration option only exists to help third-party stack
605 /// capturing mechanisms, such as the system's unwinder or the `backtrace`
606 /// crate, determine how to unwind through Wasm frames. It does not affect
607 /// whether Wasmtime can capture Wasm backtraces or not. The presence of
608 /// [`WasmBacktrace`] is controlled by the
609 /// [`Config::wasm_backtrace_max_frames`] option.
610 ///
611 /// Native unwind information is included:
612 /// - When targeting Windows, since the Windows ABI requires it.
613 /// - By default.
614 ///
615 /// Note that systems loading many modules may wish to disable this
616 /// configuration option instead of leaving it on-by-default. Some platforms
617 /// exhibit quadratic behavior when registering/unregistering unwinding
618 /// information which can greatly slow down the module loading/unloading
619 /// process.
620 ///
621 /// [`WasmBacktrace`]: crate::WasmBacktrace
622 pub fn native_unwind_info(&mut self, enable: bool) -> &mut Self {
623 self.native_unwind_info = Some(enable);
624 self
625 }
626
627 /// Configures whether execution of WebAssembly will "consume fuel" to
628 /// either halt or yield execution as desired.
629 ///
630 /// This can be used to deterministically prevent infinitely-executing
631 /// WebAssembly code by instrumenting generated code to consume fuel as it
632 /// executes. When fuel runs out a trap is raised, however [`Store`] can be
633 /// configured to yield execution periodically via
634 /// [`crate::Store::fuel_async_yield_interval`].
635 ///
636 /// Note that a [`Store`] starts with no fuel, so if you enable this option
637 /// you'll have to be sure to pour some fuel into [`Store`] before
638 /// executing some code.
639 ///
640 /// By default this option is `false`.
641 ///
642 /// **Note** Enabling this option is not compatible with the Winch compiler.
643 ///
644 /// [`Store`]: crate::Store
645 pub fn consume_fuel(&mut self, enable: bool) -> &mut Self {
646 self.tunables.consume_fuel = Some(enable);
647 self
648 }
649
650 /// Configures the fuel cost of each WebAssembly operator.
651 ///
652 /// This is only relevant when [`Config::consume_fuel`] is enabled.
653 pub fn operator_cost(&mut self, cost: OperatorCost) -> &mut Self {
654 self.tunables.operator_cost = Some(OperatorCostStrategy::table(cost));
655 self
656 }
657
658 /// Enables epoch-based interruption.
659 ///
660 /// When executing code in async mode, we sometimes want to
661 /// implement a form of cooperative timeslicing: long-running Wasm
662 /// guest code should periodically yield to the executor
663 /// loop. This yielding could be implemented by using "fuel" (see
664 /// [`consume_fuel`](Config::consume_fuel)). However, fuel
665 /// instrumentation is somewhat expensive: it modifies the
666 /// compiled form of the Wasm code so that it maintains a precise
667 /// instruction count, frequently checking this count against the
668 /// remaining fuel. If one does not need this precise count or
669 /// deterministic interruptions, and only needs a periodic
670 /// interrupt of some form, then It would be better to have a more
671 /// lightweight mechanism.
672 ///
673 /// Epoch-based interruption is that mechanism. There is a global
674 /// "epoch", which is a counter that divides time into arbitrary
675 /// periods (or epochs). This counter lives on the
676 /// [`Engine`] and can be incremented by calling
677 /// [`Engine::increment_epoch`].
678 /// Epoch-based instrumentation works by setting a "deadline
679 /// epoch". The compiled code knows the deadline, and at certain
680 /// points, checks the current epoch against that deadline. It
681 /// will yield if the deadline has been reached.
682 ///
683 /// The idea is that checking an infrequently-changing counter is
684 /// cheaper than counting and frequently storing a precise metric
685 /// (instructions executed) locally. The interruptions are not
686 /// deterministic, but if the embedder increments the epoch in a
687 /// periodic way (say, every regular timer tick by a thread or
688 /// signal handler), then we can ensure that all async code will
689 /// yield to the executor within a bounded time.
690 ///
691 /// The deadline check cannot be avoided by malicious wasm code. It is safe
692 /// to use epoch deadlines to limit the execution time of untrusted
693 /// code.
694 ///
695 /// The [`Store`](crate::Store) tracks the deadline, and controls
696 /// what happens when the deadline is reached during
697 /// execution. Several behaviors are possible:
698 ///
699 /// - Trap if code is executing when the epoch deadline is
700 /// met. See
701 /// [`Store::epoch_deadline_trap`](crate::Store::epoch_deadline_trap).
702 ///
703 /// - Call an arbitrary function. This function may chose to trap or
704 /// increment the epoch. See
705 /// [`Store::epoch_deadline_callback`](crate::Store::epoch_deadline_callback).
706 ///
707 /// - Yield to the executor loop, then resume when the future is
708 /// next polled. See
709 /// [`Store::epoch_deadline_async_yield_and_update`](crate::Store::epoch_deadline_async_yield_and_update).
710 ///
711 /// Trapping is the default. The yielding behaviour may be used for
712 /// the timeslicing behavior described above.
713 ///
714 /// This feature is available with or without async support.
715 /// However, without async support, the timeslicing behaviour is
716 /// not available. This means epoch-based interruption can only
717 /// serve as a simple external-interruption mechanism.
718 ///
719 /// An initial deadline must be set before executing code by calling
720 /// [`Store::set_epoch_deadline`](crate::Store::set_epoch_deadline). If this
721 /// deadline is not configured then wasm will immediately trap.
722 ///
723 /// ## Interaction with blocking host calls
724 ///
725 /// Epochs (and fuel) do not assist in handling WebAssembly code blocked in
726 /// a call to the host. For example if the WebAssembly function calls
727 /// `wasi:io/poll.poll` to sleep epochs will not assist in waking this up or
728 /// timing it out. Epochs intentionally only affect running WebAssembly code
729 /// itself and it's left to the embedder to determine how best to wake up
730 /// indefinitely blocking code in the host.
731 ///
732 /// The typical solution for this, however, is to use the `async` variant of
733 /// WASI host functions. This models computation as a Rust `Future` which
734 /// means that when blocking happens the future is only suspended and
735 /// control yields back to the main event loop. This gives the embedder the
736 /// opportunity to use `tokio::time::timeout` for example on a wasm
737 /// computation and have the desired effect of cancelling a blocking
738 /// operation when a timeout expires.
739 ///
740 /// ## When to use fuel vs. epochs
741 ///
742 /// In general, epoch-based interruption results in faster
743 /// execution. This difference is sometimes significant: in some
744 /// measurements, up to 2-3x. This is because epoch-based
745 /// interruption does less work: it only watches for a global
746 /// rarely-changing counter to increment, rather than keeping a
747 /// local frequently-changing counter and comparing it to a
748 /// deadline.
749 ///
750 /// Fuel, in contrast, should be used when *deterministic*
751 /// yielding or trapping is needed. For example, if it is required
752 /// that the same function call with the same starting state will
753 /// always either complete or trap with an out-of-fuel error,
754 /// deterministically, then fuel with a fixed bound should be
755 /// used.
756 ///
757 /// **Note** Enabling this option is not compatible with the Winch compiler.
758 ///
759 /// # See Also
760 ///
761 /// - [`Store::set_epoch_deadline`](crate::Store::set_epoch_deadline)
762 /// - [`Store::epoch_deadline_trap`](crate::Store::epoch_deadline_trap)
763 /// - [`Store::epoch_deadline_callback`](crate::Store::epoch_deadline_callback)
764 /// - [`Store::epoch_deadline_async_yield_and_update`](crate::Store::epoch_deadline_async_yield_and_update)
765 pub fn epoch_interruption(&mut self, enable: bool) -> &mut Self {
766 self.tunables.epoch_interruption = Some(enable);
767 self
768 }
769
770 /// XXX: For internal fuzzing and debugging use only!
771 #[doc(hidden)]
772 pub fn gc_zeal_alloc_counter(&mut self, counter: Option<NonZeroU32>) -> Result<&mut Self> {
773 #[cfg(not(gc_zeal))]
774 {
775 let _ = counter;
776 bail!(
777 "cannot set `gc_zeal_alloc_counter` because Wasmtime was not built with `cfg(gc_zeal)`"
778 );
779 }
780
781 #[cfg(gc_zeal)]
782 {
783 self.tunables.gc_zeal_alloc_counter = Some(counter);
784 Ok(self)
785 }
786 }
787
788 /// Configures the maximum amount of stack space available for
789 /// executing WebAssembly code.
790 ///
791 /// WebAssembly has well-defined semantics on stack overflow. This is
792 /// intended to be a knob which can help configure how much stack space
793 /// wasm execution is allowed to consume. Note that the number here is not
794 /// super-precise, but rather wasm will take at most "pretty close to this
795 /// much" stack space.
796 ///
797 /// If a wasm call (or series of nested wasm calls) take more stack space
798 /// than the `size` specified then a stack overflow trap will be raised.
799 ///
800 /// Caveat: this knob only limits the stack space consumed by wasm code.
801 /// More importantly, it does not ensure that this much stack space is
802 /// available on the calling thread stack. Exhausting the thread stack
803 /// typically leads to an **abort** of the process.
804 ///
805 /// Here are some examples of how that could happen:
806 ///
807 /// - Let's assume this option is set to 2 MiB and then a thread that has
808 /// a stack with 512 KiB left.
809 ///
810 /// If wasm code consumes more than 512 KiB then the process will be aborted.
811 ///
812 /// - Assuming the same conditions, but this time wasm code does not consume
813 /// any stack but calls into a host function. The host function consumes
814 /// more than 512 KiB of stack space. The process will be aborted.
815 ///
816 /// There's another gotcha related to recursive calling into wasm: the stack
817 /// space consumed by a host function is counted towards this limit. The
818 /// host functions are not prevented from consuming more than this limit.
819 /// However, if the host function that used more than this limit and called
820 /// back into wasm, then the execution will trap immediately because of
821 /// stack overflow.
822 ///
823 /// When the `async` feature is enabled, this value cannot exceed the
824 /// `async_stack_size` option. Be careful not to set this value too close
825 /// to `async_stack_size` as doing so may limit how much stack space
826 /// is available for host functions.
827 ///
828 /// By default this option is 512 KiB.
829 ///
830 /// # Errors
831 ///
832 /// The [`Engine::new`] method will fail if the `size` specified here is
833 /// either 0 or larger than the [`Config::async_stack_size`] configuration.
834 pub fn max_wasm_stack(&mut self, size: usize) -> &mut Self {
835 self.max_wasm_stack = size;
836 self
837 }
838
839 /// Configures the size of the stacks used for asynchronous execution.
840 ///
841 /// This setting configures the size of the stacks that are allocated for
842 /// asynchronous execution. The value cannot be less than `max_wasm_stack`.
843 ///
844 /// The amount of stack space guaranteed for host functions is
845 /// `async_stack_size - max_wasm_stack`, so take care not to set these two values
846 /// close to one another; doing so may cause host functions to overflow the
847 /// stack and abort the process.
848 ///
849 /// By default this option is 2 MiB.
850 ///
851 /// # Errors
852 ///
853 /// The [`Engine::new`] method will fail if the value for this option is
854 /// smaller than the [`Config::max_wasm_stack`] option.
855 pub fn async_stack_size(&mut self, size: usize) -> &mut Self {
856 self.async_stack_size = size;
857 self
858 }
859
860 /// Configures whether or not stacks used for async futures are zeroed
861 /// before (re)use.
862 ///
863 /// When the [`call_async`] variant of calling WebAssembly is used
864 /// then Wasmtime will create a separate runtime execution stack for each
865 /// future produced by [`call_async`]. By default upon allocation, depending
866 /// on the platform, these stacks might be filled with uninitialized
867 /// memory. This is safe and correct because, modulo bugs in Wasmtime,
868 /// compiled Wasm code will never read from a stack slot before it
869 /// initializes the stack slot.
870 ///
871 /// However, as a defense-in-depth mechanism, you may configure Wasmtime to
872 /// ensure that these stacks are zeroed before they are used. Notably, if
873 /// you are using the pooling allocator, stacks can be pooled and reused
874 /// across different Wasm guests; ensuring that stacks are zeroed can
875 /// prevent data leakage between Wasm guests even in the face of potential
876 /// read-of-stack-slot-before-initialization bugs in Wasmtime's compiler.
877 ///
878 /// Stack zeroing can be a costly operation in highly concurrent
879 /// environments due to modifications of the virtual address space requiring
880 /// process-wide synchronization. It can also be costly in `no-std`
881 /// environments that must manually zero memory, and cannot rely on an OS
882 /// and virtual memory to provide zeroed pages.
883 ///
884 /// This option defaults to `false`.
885 ///
886 /// [`call_async`]: crate::TypedFunc::call_async
887 pub fn async_stack_zeroing(&mut self, enable: bool) -> &mut Self {
888 self.async_stack_zeroing = enable;
889 self
890 }
891
892 /// Explicitly enables (and un-disables) a given set of [`WasmFeatures`].
893 ///
894 /// Note: this is a low-level method that does not necessarily imply that
895 /// wasmtime _supports_ a feature. It should only be used to _disable_
896 /// features that callers want to be rejected by the parser or _enable_
897 /// features callers are certain that the current configuration of wasmtime
898 /// supports.
899 ///
900 /// Feature validation is deferred until an engine is being built, thus by
901 /// enabling features here a caller may cause
902 /// [`Engine::new`] to fail later, if the feature
903 /// configuration isn't supported.
904 pub fn wasm_features(&mut self, flag: WasmFeatures, enable: bool) -> &mut Self {
905 self.enabled_features.set(flag, enable);
906 self.disabled_features.set(flag, !enable);
907 self
908 }
909
910 /// Configures whether the WebAssembly tail calls proposal will be enabled
911 /// for compilation or not.
912 ///
913 /// The [WebAssembly tail calls proposal] introduces the `return_call` and
914 /// `return_call_indirect` instructions. These instructions allow for Wasm
915 /// programs to implement some recursive algorithms with *O(1)* stack space
916 /// usage.
917 ///
918 /// This is `true` by default except when the Winch compiler is enabled.
919 ///
920 /// [WebAssembly tail calls proposal]: https://github.com/WebAssembly/tail-call
921 pub fn wasm_tail_call(&mut self, enable: bool) -> &mut Self {
922 self.wasm_features(WasmFeatures::TAIL_CALL, enable);
923 self
924 }
925
926 /// Configures whether the WebAssembly [branch-hinting] proposal is enabled.
927 ///
928 /// When enabled, the `metadata.code.branch_hint` custom section is parsed
929 /// and used to lay out cold code paths during compilation. The hints are
930 /// advisory and never affect execution semantics.
931 ///
932 /// This is `false` by default until the proposal has been fuzzed.
933 ///
934 /// [branch-hinting]: https://github.com/WebAssembly/branch-hinting
935 pub fn wasm_branch_hinting(&mut self, enable: bool) -> &mut Self {
936 self.tunables.branch_hinting = Some(enable);
937 self
938 }
939
940 /// Configures whether the WebAssembly custom-page-sizes proposal will be
941 /// enabled for compilation or not.
942 ///
943 /// The [WebAssembly custom-page-sizes proposal] allows a memory to
944 /// customize its page sizes. By default, Wasm page sizes are 64KiB
945 /// large. This proposal allows the memory to opt into smaller page sizes
946 /// instead, allowing Wasm to run in environments with less than 64KiB RAM
947 /// available, for example.
948 ///
949 /// Note that the page size is part of the memory's type, and because
950 /// different memories may have different types, they may also have
951 /// different page sizes.
952 ///
953 /// Currently the only valid page sizes are 64KiB (the default) and 1
954 /// byte. Future extensions may relax this constraint and allow all powers
955 /// of two.
956 ///
957 /// Support for this proposal is disabled by default.
958 ///
959 /// [WebAssembly custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes
960 pub fn wasm_custom_page_sizes(&mut self, enable: bool) -> &mut Self {
961 self.wasm_features(WasmFeatures::CUSTOM_PAGE_SIZES, enable);
962 self
963 }
964
965 /// Configures whether the WebAssembly [threads] proposal will be enabled
966 /// for compilation.
967 ///
968 /// This feature gates items such as shared memories and atomic
969 /// instructions. Note that the threads feature depends on the bulk memory
970 /// feature, which is enabled by default. Additionally note that while the
971 /// wasm feature is called "threads" it does not actually include the
972 /// ability to spawn threads. Spawning threads is part of the [wasi-threads]
973 /// proposal which is a separately gated feature in Wasmtime.
974 ///
975 /// Embeddings of Wasmtime are able to build their own custom threading
976 /// scheme on top of the core wasm threads proposal, however.
977 ///
978 /// The default value for this option is whether the `threads`
979 /// crate feature of Wasmtime is enabled or not. By default this crate
980 /// feature is enabled.
981 ///
982 /// [threads]: https://github.com/webassembly/threads
983 /// [wasi-threads]: https://github.com/webassembly/wasi-threads
984 #[cfg(feature = "threads")]
985 pub fn wasm_threads(&mut self, enable: bool) -> &mut Self {
986 self.wasm_features(WasmFeatures::THREADS, enable);
987 self
988 }
989
990 /// Configures whether the WebAssembly [shared-everything-threads] proposal
991 /// will be enabled for compilation.
992 ///
993 /// This feature gates extended use of the `shared` attribute on items other
994 /// than memories, extra atomic instructions, and new component model
995 /// intrinsics for spawning threads. It depends on the
996 /// [`wasm_threads`][Self::wasm_threads] being enabled.
997 ///
998 /// [shared-everything-threads]:
999 /// https://github.com/webassembly/shared-everything-threads
1000 pub fn wasm_shared_everything_threads(&mut self, enable: bool) -> &mut Self {
1001 self.wasm_features(WasmFeatures::SHARED_EVERYTHING_THREADS, enable);
1002 self
1003 }
1004
1005 /// Configures whether the [WebAssembly reference types proposal][proposal]
1006 /// will be enabled for compilation.
1007 ///
1008 /// This feature gates items such as the `externref` and `funcref` types as
1009 /// well as allowing a module to define multiple tables.
1010 ///
1011 /// Note that the reference types proposal depends on the bulk memory proposal.
1012 ///
1013 /// This feature is `true` by default.
1014 ///
1015 /// # Errors
1016 ///
1017 /// The validation of this feature are deferred until the engine is being built,
1018 /// and thus may cause [`Engine::new`] fail if the `bulk_memory` feature is disabled.
1019 ///
1020 /// [proposal]: https://github.com/webassembly/reference-types
1021 #[cfg(feature = "gc")]
1022 pub fn wasm_reference_types(&mut self, enable: bool) -> &mut Self {
1023 self.wasm_features(WasmFeatures::REFERENCE_TYPES, enable);
1024 self
1025 }
1026
1027 /// Configures whether the [WebAssembly function references
1028 /// proposal][proposal] will be enabled for compilation.
1029 ///
1030 /// This feature gates non-nullable reference types, function reference
1031 /// types, `call_ref`, `ref.func`, and non-nullable reference related
1032 /// instructions.
1033 ///
1034 /// Note that the function references proposal depends on the reference
1035 /// types proposal.
1036 ///
1037 /// This feature is `true` by default.
1038 ///
1039 /// [proposal]: https://github.com/WebAssembly/function-references
1040 #[cfg(feature = "gc")]
1041 pub fn wasm_function_references(&mut self, enable: bool) -> &mut Self {
1042 self.wasm_features(WasmFeatures::FUNCTION_REFERENCES, enable);
1043 self
1044 }
1045
1046 /// Configures whether the [WebAssembly wide-arithmetic][proposal] will be
1047 /// enabled for compilation.
1048 ///
1049 /// This feature is `false` by default.
1050 ///
1051 /// [proposal]: https://github.com/WebAssembly/wide-arithmetic
1052 pub fn wasm_wide_arithmetic(&mut self, enable: bool) -> &mut Self {
1053 self.wasm_features(WasmFeatures::WIDE_ARITHMETIC, enable);
1054 self
1055 }
1056
1057 /// Configures whether the [WebAssembly Garbage Collection
1058 /// proposal][proposal] will be enabled for compilation.
1059 ///
1060 /// This feature gates `struct` and `array` type definitions and references,
1061 /// the `i31ref` type, and all related instructions.
1062 ///
1063 /// Note that the function references proposal depends on the typed function
1064 /// references proposal.
1065 ///
1066 /// This feature is `true` by default.
1067 ///
1068 /// [proposal]: https://github.com/WebAssembly/gc
1069 pub fn wasm_gc(&mut self, enable: bool) -> &mut Self {
1070 self.wasm_features(WasmFeatures::GC, enable);
1071 self
1072 }
1073
1074 /// Configures whether the WebAssembly SIMD proposal will be
1075 /// enabled for compilation.
1076 ///
1077 /// The [WebAssembly SIMD proposal][proposal]. This feature gates items such
1078 /// as the `v128` type and all of its operators being in a module. Note that
1079 /// this does not enable the [relaxed simd proposal].
1080 ///
1081 /// **Note**
1082 ///
1083 /// On x86_64 platforms the base CPU feature requirement for SIMD
1084 /// is SSE2 for the Cranelift compiler and AVX for the Winch compiler.
1085 ///
1086 /// This is `true` by default.
1087 ///
1088 /// [proposal]: https://github.com/webassembly/simd
1089 /// [relaxed simd proposal]: https://github.com/WebAssembly/relaxed-simd
1090 pub fn wasm_simd(&mut self, enable: bool) -> &mut Self {
1091 self.wasm_features(WasmFeatures::SIMD, enable);
1092 self
1093 }
1094
1095 /// Configures whether the WebAssembly Relaxed SIMD proposal will be
1096 /// enabled for compilation.
1097 ///
1098 /// The relaxed SIMD proposal adds new instructions to WebAssembly which,
1099 /// for some specific inputs, are allowed to produce different results on
1100 /// different hosts. More-or-less this proposal enables exposing
1101 /// platform-specific semantics of SIMD instructions in a controlled
1102 /// fashion to a WebAssembly program. From an embedder's perspective this
1103 /// means that WebAssembly programs may execute differently depending on
1104 /// whether the host is x86_64 or AArch64, for example.
1105 ///
1106 /// By default Wasmtime lowers relaxed SIMD instructions to the fastest
1107 /// lowering for the platform it's running on. This means that, by default,
1108 /// some relaxed SIMD instructions may have different results for the same
1109 /// inputs across x86_64 and AArch64. This behavior can be disabled through
1110 /// the [`Config::relaxed_simd_deterministic`] option which will force
1111 /// deterministic behavior across all platforms, as classified by the
1112 /// specification, at the cost of performance.
1113 ///
1114 /// This is `true` by default.
1115 ///
1116 /// [proposal]: https://github.com/webassembly/relaxed-simd
1117 pub fn wasm_relaxed_simd(&mut self, enable: bool) -> &mut Self {
1118 self.wasm_features(WasmFeatures::RELAXED_SIMD, enable);
1119 self
1120 }
1121
1122 /// This option can be used to control the behavior of the [relaxed SIMD
1123 /// proposal's][proposal] instructions.
1124 ///
1125 /// The relaxed SIMD proposal introduces instructions that are allowed to
1126 /// have different behavior on different architectures, primarily to afford
1127 /// an efficient implementation on all architectures. This means, however,
1128 /// that the same module may execute differently on one host than another,
1129 /// which typically is not otherwise the case. This option is provided to
1130 /// force Wasmtime to generate deterministic code for all relaxed simd
1131 /// instructions, at the cost of performance, for all architectures. When
1132 /// this option is enabled then the deterministic behavior of all
1133 /// instructions in the relaxed SIMD proposal is selected.
1134 ///
1135 /// This is `false` by default.
1136 ///
1137 /// [proposal]: https://github.com/webassembly/relaxed-simd
1138 pub fn relaxed_simd_deterministic(&mut self, enable: bool) -> &mut Self {
1139 self.tunables.relaxed_simd_deterministic = Some(enable);
1140 self
1141 }
1142
1143 /// Configures whether the [WebAssembly bulk memory operations
1144 /// proposal][proposal] will be enabled for compilation.
1145 ///
1146 /// This feature gates items such as the `memory.copy` instruction, passive
1147 /// data/table segments, etc, being in a module.
1148 ///
1149 /// This is `true` by default.
1150 ///
1151 /// Feature `reference_types`, which is also `true` by default, requires
1152 /// this feature to be enabled. Thus disabling this feature must also disable
1153 /// `reference_types` as well using [`wasm_reference_types`](crate::Config::wasm_reference_types).
1154 ///
1155 /// # Errors
1156 ///
1157 /// Disabling this feature without disabling `reference_types` will cause
1158 /// [`Engine::new`] to fail.
1159 ///
1160 /// [proposal]: https://github.com/webassembly/bulk-memory-operations
1161 pub fn wasm_bulk_memory(&mut self, enable: bool) -> &mut Self {
1162 self.wasm_features(WasmFeatures::BULK_MEMORY, enable);
1163 self
1164 }
1165
1166 /// Configures whether the WebAssembly multi-value [proposal] will
1167 /// be enabled for compilation.
1168 ///
1169 /// This feature gates functions and blocks returning multiple values in a
1170 /// module, for example.
1171 ///
1172 /// This is `true` by default.
1173 ///
1174 /// [proposal]: https://github.com/webassembly/multi-value
1175 pub fn wasm_multi_value(&mut self, enable: bool) -> &mut Self {
1176 self.wasm_features(WasmFeatures::MULTI_VALUE, enable);
1177 self
1178 }
1179
1180 /// Configures whether the WebAssembly multi-memory [proposal] will
1181 /// be enabled for compilation.
1182 ///
1183 /// This feature gates modules having more than one linear memory
1184 /// declaration or import.
1185 ///
1186 /// This is `true` by default.
1187 ///
1188 /// [proposal]: https://github.com/webassembly/multi-memory
1189 pub fn wasm_multi_memory(&mut self, enable: bool) -> &mut Self {
1190 self.wasm_features(WasmFeatures::MULTI_MEMORY, enable);
1191 self
1192 }
1193
1194 /// Configures whether the WebAssembly memory64 [proposal] will
1195 /// be enabled for compilation.
1196 ///
1197 /// Note that this the upstream specification is not finalized and Wasmtime
1198 /// may also have bugs for this feature since it hasn't been exercised
1199 /// much.
1200 ///
1201 /// This is `false` by default.
1202 ///
1203 /// [proposal]: https://github.com/webassembly/memory64
1204 pub fn wasm_memory64(&mut self, enable: bool) -> &mut Self {
1205 self.wasm_features(WasmFeatures::MEMORY64, enable);
1206 self
1207 }
1208
1209 /// Configures whether the WebAssembly extended-const [proposal] will
1210 /// be enabled for compilation.
1211 ///
1212 /// This is `true` by default.
1213 ///
1214 /// [proposal]: https://github.com/webassembly/extended-const
1215 pub fn wasm_extended_const(&mut self, enable: bool) -> &mut Self {
1216 self.wasm_features(WasmFeatures::EXTENDED_CONST, enable);
1217 self
1218 }
1219
1220 /// Configures whether the [WebAssembly stack switching
1221 /// proposal][proposal] will be enabled for compilation.
1222 ///
1223 /// This feature gates the use of control tags.
1224 ///
1225 /// This feature depends on the `function_reference_types` and
1226 /// `exceptions` features.
1227 ///
1228 /// This feature is `false` by default.
1229 ///
1230 /// # Errors
1231 ///
1232 /// [proposal]: https://github.com/webassembly/stack-switching
1233 pub fn wasm_stack_switching(&mut self, enable: bool) -> &mut Self {
1234 self.wasm_features(WasmFeatures::STACK_SWITCHING, enable);
1235 self
1236 }
1237
1238 /// Configures whether the WebAssembly component-model [proposal] will
1239 /// be enabled for compilation.
1240 ///
1241 /// This flag can be used to blanket disable all components within Wasmtime.
1242 /// Otherwise usage of components requires statically using
1243 /// [`Component`](crate::component::Component) instead of
1244 /// [`Module`](crate::Module) for example anyway.
1245 ///
1246 /// The default value for this option is whether the `component-model`
1247 /// crate feature of Wasmtime is enabled or not. By default this crate
1248 /// feature is enabled.
1249 ///
1250 /// [proposal]: https://github.com/webassembly/component-model
1251 #[cfg(feature = "component-model")]
1252 pub fn wasm_component_model(&mut self, enable: bool) -> &mut Self {
1253 self.wasm_features(WasmFeatures::COMPONENT_MODEL, enable);
1254 self
1255 }
1256
1257 /// Configures whether components support the async ABI [proposal] for
1258 /// lifting and lowering functions, as well as `stream`, `future`, and
1259 /// `error-context` types.
1260 ///
1261 /// Please note that Wasmtime's support for this feature is _very_
1262 /// incomplete.
1263 ///
1264 /// [proposal]:
1265 /// https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1266 #[cfg(feature = "component-model-async")]
1267 pub fn wasm_component_model_async(&mut self, enable: bool) -> &mut Self {
1268 self.wasm_features(WasmFeatures::CM_ASYNC, enable);
1269 self
1270 }
1271
1272 /// This corresponds to the 🚝 emoji in the component model specification.
1273 ///
1274 /// Please note that Wasmtime's support for this feature is _very_
1275 /// incomplete.
1276 ///
1277 /// [proposal]:
1278 /// https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1279 #[cfg(feature = "component-model-async")]
1280 pub fn wasm_component_model_more_async_builtins(&mut self, enable: bool) -> &mut Self {
1281 self.wasm_features(WasmFeatures::CM_MORE_ASYNC_BUILTINS, enable);
1282 self
1283 }
1284
1285 /// This corresponds to the 🚟 emoji in the component model specification.
1286 ///
1287 /// Please note that Wasmtime's support for this feature is _very_
1288 /// incomplete.
1289 ///
1290 /// [proposal]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1291 #[cfg(feature = "component-model-async")]
1292 pub fn wasm_component_model_async_stackful(&mut self, enable: bool) -> &mut Self {
1293 self.wasm_features(WasmFeatures::CM_ASYNC_STACKFUL, enable);
1294 self
1295 }
1296
1297 /// This corresponds to the 🧵 emoji in the component model specification.
1298 ///
1299 /// Please note that Wasmtime's support for this feature is _very_
1300 /// incomplete.
1301 ///
1302 /// [proposal]:
1303 /// https://github.com/WebAssembly/component-model/pull/557
1304 #[cfg(feature = "component-model-async")]
1305 pub fn wasm_component_model_threading(&mut self, enable: bool) -> &mut Self {
1306 self.wasm_features(WasmFeatures::CM_THREADING, enable);
1307 self
1308 }
1309
1310 /// This corresponds to the 📝 emoji in the component model specification.
1311 ///
1312 /// Please note that Wasmtime's support for this feature is _very_
1313 /// incomplete.
1314 ///
1315 /// [proposal]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1316 #[cfg(feature = "component-model")]
1317 pub fn wasm_component_model_error_context(&mut self, enable: bool) -> &mut Self {
1318 self.wasm_features(WasmFeatures::CM_ERROR_CONTEXT, enable);
1319 self
1320 }
1321
1322 /// Configures whether the [GC extension to the component-model
1323 /// proposal][proposal] is enabled or not.
1324 ///
1325 /// This corresponds to the 🛸 emoji in the component model specification.
1326 ///
1327 /// Please note that Wasmtime's support for this feature is _very_
1328 /// incomplete.
1329 ///
1330 /// [proposal]: https://github.com/WebAssembly/component-model/issues/525
1331 #[cfg(feature = "component-model")]
1332 pub fn wasm_component_model_gc(&mut self, enable: bool) -> &mut Self {
1333 self.wasm_features(WasmFeatures::CM_GC, enable);
1334 self
1335 }
1336
1337 /// Configures whether the component model map type is enabled or not.
1338 ///
1339 /// This is part of the component model specification and enables the
1340 /// `map<k, v>` type in WIT and the component binary format.
1341 #[cfg(feature = "component-model")]
1342 pub fn wasm_component_model_map(&mut self, enable: bool) -> &mut Self {
1343 self.wasm_features(WasmFeatures::CM_MAP, enable);
1344 self
1345 }
1346
1347 /// This corresponds to the 🔧 emoji in the component model specification.
1348 ///
1349 /// Please note that Wasmtime's support for this feature is _very_
1350 /// incomplete.
1351 #[cfg(feature = "component-model")]
1352 pub fn wasm_component_model_fixed_length_lists(&mut self, enable: bool) -> &mut Self {
1353 self.wasm_features(WasmFeatures::CM_FIXED_LENGTH_LISTS, enable);
1354 self
1355 }
1356
1357 /// This corresponds to the 🏷️ emoji in the component model specification.
1358 ///
1359 /// Please note that Wasmtime's support for this feature is a work in
1360 /// progress.
1361 #[cfg(feature = "component-model")]
1362 pub fn wasm_component_model_implements(&mut self, enable: bool) -> &mut Self {
1363 self.wasm_features(WasmFeatures::CM_IMPLEMENTS, enable);
1364 self
1365 }
1366
1367 /// Configures whether the [Exception-handling proposal][proposal] is enabled or not.
1368 ///
1369 /// This is `true` by default.
1370 ///
1371 /// [proposal]: https://github.com/WebAssembly/exception-handling
1372 #[cfg(feature = "gc")]
1373 pub fn wasm_exceptions(&mut self, enable: bool) -> &mut Self {
1374 self.wasm_features(WasmFeatures::EXCEPTIONS, enable);
1375 self
1376 }
1377
1378 #[doc(hidden)] // FIXME(#3427) - if/when implemented then un-hide this
1379 #[deprecated = "This configuration option only exists for internal \
1380 usage with the spec testsuite. It may be removed at \
1381 any time and without warning. Do not rely on it!"]
1382 pub fn wasm_legacy_exceptions(&mut self, enable: bool) -> &mut Self {
1383 self.wasm_features(WasmFeatures::LEGACY_EXCEPTIONS, enable);
1384 self
1385 }
1386
1387 /// Configures which compilation strategy will be used for wasm modules.
1388 ///
1389 /// This method can be used to configure which compiler is used for wasm
1390 /// modules, and for more documentation consult the [`Strategy`] enumeration
1391 /// and its documentation.
1392 ///
1393 /// The default value for this is `Strategy::Auto`.
1394 ///
1395 /// # Panics
1396 ///
1397 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1398 #[cfg(any(feature = "cranelift", feature = "winch"))]
1399 pub fn strategy(&mut self, strategy: Strategy) -> &mut Self {
1400 self.compiler_config_mut().strategy = strategy.not_auto();
1401 self
1402 }
1403
1404 /// Configures which garbage collector will be used for Wasm modules.
1405 ///
1406 /// This method can be used to configure which garbage collector
1407 /// implementation is used for Wasm modules. For more documentation, consult
1408 /// the [`Collector`] enumeration and its documentation.
1409 ///
1410 /// The default value for this is `Collector::Auto`.
1411 #[cfg(feature = "gc")]
1412 pub fn collector(&mut self, collector: Collector) -> &mut Self {
1413 self.collector = collector;
1414 self
1415 }
1416
1417 /// Configures the initial size, in bytes, of each store's GC heap.
1418 ///
1419 /// By default all GC heaps start out at 0 bytes in size and must grow
1420 /// upwards from there. Growth happens incrementally as GC pressure happens
1421 /// and memory runs out. The amount being grown by is additionally a
1422 /// heuristic of the size of the failed allocation. By providing an initial
1423 /// size of a store's GC heap embedders can more tightly control initial
1424 /// parameters to optimize workloads that might have a predictable pattern.
1425 /// For example if workloads frequently have less than a certain threshold
1426 /// of size then that could be configured as the initial size here to avoid
1427 /// growths happening over time.
1428 ///
1429 /// Note that like WebAssembly linear memories the GC heap does not start
1430 /// with committed memory equal to this size. Instead memory is reserved,
1431 /// but then lazily allocated by the OS on access. In other words it should
1432 /// be relatively cheap to increase this value to help amortize initial
1433 /// startup cost of wasm modules.
1434 ///
1435 /// The `bytes` size is rounded up to the GC heap's page size.
1436 ///
1437 /// This only configures the initially-allocated size of the GC heap; the
1438 /// heap can still grow beyond it on demand. It is separate from
1439 /// [`Config::gc_heap_reservation`], which configures the size of the
1440 /// virtual-memory reservation (and therefore how far the heap can grow
1441 /// in place).
1442 ///
1443 /// The default value for this is 0.
1444 pub fn gc_heap_initial_size(&mut self, bytes: u64) -> &mut Self {
1445 self.tunables.gc_heap_initial_size = Some(bytes);
1446 self
1447 }
1448
1449 /// Creates a default profiler based on the profiling strategy chosen.
1450 ///
1451 /// Profiler creation calls the type's default initializer where the purpose is
1452 /// really just to put in place the type used for profiling.
1453 ///
1454 /// Some [`ProfilingStrategy`] require specific platforms or particular feature
1455 /// to be enabled, such as `ProfilingStrategy::JitDump` requires the `jitdump`
1456 /// feature.
1457 ///
1458 /// # Errors
1459 ///
1460 /// The validation of this field is deferred until the engine is being built, and thus may
1461 /// cause [`Engine::new`] fail if the required feature is disabled, or the platform is not
1462 /// supported.
1463 pub fn profiler(&mut self, profile: ProfilingStrategy) -> &mut Self {
1464 self.profiling_strategy = profile;
1465 self
1466 }
1467
1468 /// Configures whether the debug verifier of Cranelift is enabled or not.
1469 ///
1470 /// When Cranelift is used as a code generation backend this will configure
1471 /// it to have the `enable_verifier` flag which will enable a number of debug
1472 /// checks inside of Cranelift. This is largely only useful for the
1473 /// developers of wasmtime itself.
1474 ///
1475 /// The default value for this is `false`
1476 ///
1477 /// # Panics
1478 ///
1479 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1480 #[cfg(any(feature = "cranelift", feature = "winch"))]
1481 pub fn cranelift_debug_verifier(&mut self, enable: bool) -> &mut Self {
1482 let val = if enable { "true" } else { "false" };
1483 self.compiler_config_mut().settings.insert(
1484 "enable_verifier".to_string(),
1485 (val.to_string(), UserSpecified::No),
1486 );
1487 self
1488 }
1489
1490 /// Configures whether extra debug checks are inserted into
1491 /// Wasmtime-generated code by Cranelift.
1492 ///
1493 /// The default value for this is `false`
1494 ///
1495 /// # Panics
1496 ///
1497 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1498 #[cfg(any(feature = "cranelift", feature = "winch"))]
1499 pub fn cranelift_wasmtime_debug_checks(&mut self, enable: bool) -> &mut Self {
1500 unsafe { self.cranelift_flag_set("wasmtime_debug_checks", &enable.to_string()) }
1501 }
1502
1503 /// Configures the Cranelift code generator optimization level.
1504 ///
1505 /// When the Cranelift code generator is used you can configure the
1506 /// optimization level used for generated code in a few various ways. For
1507 /// more information see the documentation of [`OptLevel`].
1508 ///
1509 /// The default value for this is `OptLevel::Speed`.
1510 ///
1511 /// # Panics
1512 ///
1513 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1514 #[cfg(any(feature = "cranelift", feature = "winch"))]
1515 pub fn cranelift_opt_level(&mut self, level: OptLevel) -> &mut Self {
1516 let val = match level {
1517 OptLevel::None => "none",
1518 OptLevel::Speed => "speed",
1519 OptLevel::SpeedAndSize => "speed_and_size",
1520 };
1521 self.compiler_config_mut().settings.insert(
1522 "opt_level".to_string(),
1523 (val.to_string(), UserSpecified::No),
1524 );
1525 self
1526 }
1527
1528 /// Configures the regalloc algorithm used by the Cranelift code generator.
1529 ///
1530 /// Cranelift can select any of several register allocator algorithms. Each
1531 /// of these algorithms generates correct code, but they represent different
1532 /// tradeoffs between compile speed (how expensive the compilation process
1533 /// is) and run-time speed (how fast the generated code runs).
1534 /// For more information see the documentation of [`RegallocAlgorithm`].
1535 ///
1536 /// The default value for this is `RegallocAlgorithm::Backtracking`.
1537 ///
1538 /// # Panics
1539 ///
1540 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1541 #[cfg(any(feature = "cranelift", feature = "winch"))]
1542 pub fn cranelift_regalloc_algorithm(&mut self, algo: RegallocAlgorithm) -> &mut Self {
1543 let val = match algo {
1544 RegallocAlgorithm::Backtracking => "backtracking",
1545 RegallocAlgorithm::SinglePass => "single_pass",
1546 };
1547 self.compiler_config_mut().settings.insert(
1548 "regalloc_algorithm".to_string(),
1549 (val.to_string(), UserSpecified::No),
1550 );
1551 self
1552 }
1553
1554 /// Configures whether Cranelift should perform a NaN-canonicalization pass.
1555 ///
1556 /// When Cranelift is used as a code generation backend this will configure
1557 /// it to replace NaNs with a single canonical value. This is useful for
1558 /// users requiring entirely deterministic WebAssembly computation. This is
1559 /// not required by the WebAssembly spec, so it is not enabled by default.
1560 ///
1561 /// Note that this option affects not only WebAssembly's `f32` and `f64`
1562 /// types but additionally the `v128` type. This option will cause
1563 /// operations using any of these types to have extra checks placed after
1564 /// them to normalize NaN values as needed.
1565 ///
1566 /// The default value for this is `false`
1567 ///
1568 /// # Panics
1569 ///
1570 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1571 #[cfg(any(feature = "cranelift", feature = "winch"))]
1572 pub fn cranelift_nan_canonicalization(&mut self, enable: bool) -> &mut Self {
1573 let val = if enable { "true" } else { "false" };
1574 self.compiler_config_mut().settings.insert(
1575 "enable_nan_canonicalization".to_string(),
1576 (val.to_string(), UserSpecified::No),
1577 );
1578 self
1579 }
1580
1581 /// Allows setting a Cranelift boolean flag or preset. This allows
1582 /// fine-tuning of Cranelift settings.
1583 ///
1584 /// Since Cranelift flags may be unstable, this method should not be considered to be stable
1585 /// either; other `Config` functions should be preferred for stability.
1586 ///
1587 /// # Safety
1588 ///
1589 /// This is marked as unsafe, because setting the wrong flag might break invariants,
1590 /// resulting in execution hazards.
1591 ///
1592 /// # Errors
1593 ///
1594 /// The validation of the flags are deferred until the engine is being built, and thus may
1595 /// cause [`Engine::new`] fail if the flag's name does not exist, or the value is not appropriate
1596 /// for the flag type.
1597 ///
1598 /// # Panics
1599 ///
1600 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1601 #[cfg(any(feature = "cranelift", feature = "winch"))]
1602 pub unsafe fn cranelift_flag_enable(&mut self, flag: &str) -> &mut Self {
1603 self.compiler_config_mut()
1604 .flags
1605 .insert(flag.to_string(), UserSpecified::Yes);
1606 self
1607 }
1608
1609 /// Allows settings another Cranelift flag defined by a flag name and value. This allows
1610 /// fine-tuning of Cranelift settings.
1611 ///
1612 /// Since Cranelift flags may be unstable, this method should not be considered to be stable
1613 /// either; other `Config` functions should be preferred for stability.
1614 ///
1615 /// # Safety
1616 ///
1617 /// This is marked as unsafe, because setting the wrong flag might break invariants,
1618 /// resulting in execution hazards.
1619 ///
1620 /// # Errors
1621 ///
1622 /// The validation of the flags are deferred until the engine is being built, and thus may
1623 /// cause [`Engine::new`] fail if the flag's name does not exist, or incompatible with other
1624 /// settings.
1625 ///
1626 /// For example, feature `wasm_backtrace` will set `unwind_info` to `true`, but if it's
1627 /// manually set to false then it will fail.
1628 ///
1629 /// # Panics
1630 ///
1631 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1632 #[cfg(any(feature = "cranelift", feature = "winch"))]
1633 pub unsafe fn cranelift_flag_set(&mut self, name: &str, value: &str) -> &mut Self {
1634 self.compiler_config_mut()
1635 .settings
1636 .insert(name.to_string(), (value.to_string(), UserSpecified::Yes));
1637 self
1638 }
1639
1640 /// Set a custom [`Cache`].
1641 ///
1642 /// To load a cache configuration from a file, use [`Cache::from_file`]. Otherwise, you can
1643 /// create a new cache config using [`CacheConfig::new`] and passing that to [`Cache::new`].
1644 ///
1645 /// If you want to disable the cache, you can call this method with `None`.
1646 ///
1647 /// By default, new configs do not have caching enabled.
1648 /// Every call to [`Module::new(my_wasm)`][crate::Module::new] will recompile `my_wasm`,
1649 /// even when it is unchanged, unless an enabled `CacheConfig` is provided.
1650 ///
1651 /// This method is only available when the `cache` feature of this crate is
1652 /// enabled.
1653 ///
1654 /// [docs]: https://bytecodealliance.github.io/wasmtime/cli-cache.html
1655 #[cfg(feature = "cache")]
1656 pub fn cache(&mut self, cache: Option<Cache>) -> &mut Self {
1657 self.cache = cache;
1658 self
1659 }
1660
1661 /// Sets a custom memory creator.
1662 ///
1663 /// Custom memory creators are used when creating host `Memory` objects or when
1664 /// creating instance linear memories for the on-demand instance allocation strategy.
1665 #[cfg(feature = "runtime")]
1666 pub fn with_host_memory(&mut self, mem_creator: Arc<dyn MemoryCreator>) -> &mut Self {
1667 self.mem_creator = Some(Arc::new(MemoryCreatorProxy(mem_creator)));
1668 self
1669 }
1670
1671 /// Sets a custom stack creator.
1672 ///
1673 /// Custom memory creators are used when creating creating async instance stacks for
1674 /// the on-demand instance allocation strategy.
1675 #[cfg(feature = "async")]
1676 pub fn with_host_stack(&mut self, stack_creator: Arc<dyn StackCreator>) -> &mut Self {
1677 self.stack_creator = Some(Arc::new(StackCreatorProxy(stack_creator)));
1678 self
1679 }
1680
1681 /// Sets a custom executable-memory publisher.
1682 ///
1683 /// Custom executable-memory publishers are hooks that allow
1684 /// Wasmtime to make certain regions of memory executable when
1685 /// loading precompiled modules or compiling new modules
1686 /// in-process. In most modern operating systems, memory allocated
1687 /// for heap usage is readable and writable by default but not
1688 /// executable. To jump to machine code stored in that memory, we
1689 /// need to make it executable. For security reasons, we usually
1690 /// also make it read-only at the same time, so the executing code
1691 /// can't be modified later.
1692 ///
1693 /// By default, Wasmtime will use the appropriate system calls on
1694 /// the host platform for this work. However, it also allows
1695 /// plugging in a custom implementation via this configuration
1696 /// option. This may be useful on custom or `no_std` platforms,
1697 /// for example, especially where virtual memory is not otherwise
1698 /// used by Wasmtime (no `signals-and-traps` feature).
1699 #[cfg(feature = "runtime")]
1700 pub fn with_custom_code_memory(
1701 &mut self,
1702 custom_code_memory: Option<Arc<dyn CustomCodeMemory>>,
1703 ) -> &mut Self {
1704 self.custom_code_memory = custom_code_memory;
1705 self
1706 }
1707
1708 /// Sets the instance allocation strategy to use.
1709 ///
1710 /// This is notably used in conjunction with
1711 /// [`InstanceAllocationStrategy::Pooling`] and [`PoolingAllocationConfig`].
1712 pub fn allocation_strategy(
1713 &mut self,
1714 strategy: impl Into<InstanceAllocationStrategy>,
1715 ) -> &mut Self {
1716 self.allocation_strategy = strategy.into();
1717 self
1718 }
1719
1720 /// Specifies the capacity of linear memories, in bytes, in their initial
1721 /// allocation.
1722 ///
1723 /// > Note: this value has important performance ramifications, be sure to
1724 /// > benchmark when setting this to a non-default value and read over this
1725 /// > documentation.
1726 ///
1727 /// This function will change the size of the initial memory allocation made
1728 /// for linear memories. This setting is only applicable when the initial
1729 /// size of a linear memory is below this threshold. Linear memories are
1730 /// allocated in the virtual address space of the host process with OS APIs
1731 /// such as `mmap` and this setting affects how large the allocation will
1732 /// be.
1733 ///
1734 /// ## Background: WebAssembly Linear Memories
1735 ///
1736 /// WebAssembly linear memories always start with a minimum size and can
1737 /// possibly grow up to a maximum size. The minimum size is always specified
1738 /// in a WebAssembly module itself and the maximum size can either be
1739 /// optionally specified in the module or inherently limited by the index
1740 /// type. For example for this module:
1741 ///
1742 /// ```wasm
1743 /// (module
1744 /// (memory $a 4)
1745 /// (memory $b 4096 4096 (pagesize 1))
1746 /// (memory $c i64 10)
1747 /// )
1748 /// ```
1749 ///
1750 /// * Memory `$a` initially allocates 4 WebAssembly pages (256KiB) and can
1751 /// grow up to 4GiB, the limit of the 32-bit index space.
1752 /// * Memory `$b` initially allocates 4096 WebAssembly pages, but in this
1753 /// case its page size is 1, so it's 4096 bytes. Memory can also grow no
1754 /// further meaning that it will always be 4096 bytes.
1755 /// * Memory `$c` is a 64-bit linear memory which starts with 640KiB of
1756 /// memory and can theoretically grow up to 2^64 bytes, although most
1757 /// hosts will run out of memory long before that.
1758 ///
1759 /// All operations on linear memories done by wasm are required to be
1760 /// in-bounds. Any access beyond the end of a linear memory is considered a
1761 /// trap.
1762 ///
1763 /// ## What this setting affects: Virtual Memory
1764 ///
1765 /// This setting is used to configure the behavior of the size of the linear
1766 /// memory allocation performed for each of these memories. For example the
1767 /// initial linear memory allocation looks like this:
1768 ///
1769 /// ```text
1770 /// memory_reservation
1771 /// |
1772 /// ◄─────────┴────────────────►
1773 /// ┌───────┬─────────┬──────────────────┬───────┐
1774 /// │ guard │ initial │ ... capacity ... │ guard │
1775 /// └───────┴─────────┴──────────────────┴───────┘
1776 /// ◄──┬──► ◄──┬──►
1777 /// │ │
1778 /// │ memory_guard_size
1779 /// │
1780 /// │
1781 /// memory_guard_size (if guard_before_linear_memory)
1782 /// ```
1783 ///
1784 /// Memory in the `initial` range is accessible to the instance and can be
1785 /// read/written by wasm code. Memory in the `guard` regions is never
1786 /// accessible to wasm code and memory in `capacity` is initially
1787 /// inaccessible but may become accessible through `memory.grow` instructions
1788 /// for example.
1789 ///
1790 /// This means that this setting is the size of the initial chunk of virtual
1791 /// memory that a linear memory may grow into.
1792 ///
1793 /// ## What this setting affects: Runtime Speed
1794 ///
1795 /// This is a performance-sensitive setting which is taken into account
1796 /// during the compilation process of a WebAssembly module. For example if a
1797 /// 32-bit WebAssembly linear memory has a `memory_reservation` size of 4GiB
1798 /// then bounds checks can be elided because `capacity` will be guaranteed
1799 /// to be unmapped for all addressable bytes that wasm can access (modulo a
1800 /// few details).
1801 ///
1802 /// If `memory_reservation` was something smaller like 256KiB then that
1803 /// would have a much smaller impact on virtual memory but the compile code
1804 /// would then need to have explicit bounds checks to ensure that
1805 /// loads/stores are in-bounds.
1806 ///
1807 /// The goal of this setting is to enable skipping bounds checks in most
1808 /// modules by default. Some situations which require explicit bounds checks
1809 /// though are:
1810 ///
1811 /// * When `memory_reservation` is smaller than the addressable size of the
1812 /// linear memory. For example if 64-bit linear memories always need
1813 /// bounds checks as they can address the entire virtual address spacce.
1814 /// For 32-bit linear memories a `memory_reservation` minimum size of 4GiB
1815 /// is required to elide bounds checks.
1816 ///
1817 /// * When linear memories have a page size of 1 then bounds checks are
1818 /// required. In this situation virtual memory can't be relied upon
1819 /// because that operates at the host page size granularity where wasm
1820 /// requires a per-byte level granularity.
1821 ///
1822 /// * Configuration settings such as [`Config::signals_based_traps`] can be
1823 /// used to disable the use of signal handlers and virtual memory so
1824 /// explicit bounds checks are required.
1825 ///
1826 /// * When [`Config::memory_guard_size`] is too small a bounds check may be
1827 /// required. For 32-bit wasm addresses are actually 33-bit effective
1828 /// addresses because loads/stores have a 32-bit static offset to add to
1829 /// the dynamic 32-bit address. If the static offset is larger than the
1830 /// size of the guard region then an explicit bounds check is required.
1831 ///
1832 /// ## What this setting affects: Memory Growth Behavior
1833 ///
1834 /// In addition to affecting bounds checks emitted in compiled code this
1835 /// setting also affects how WebAssembly linear memories are grown. The
1836 /// `memory.grow` instruction can be used to make a linear memory larger and
1837 /// this is also affected by APIs such as
1838 /// [`Memory::grow`](crate::Memory::grow).
1839 ///
1840 /// In these situations when the amount being grown is small enough to fit
1841 /// within the remaining capacity then the linear memory doesn't have to be
1842 /// moved at runtime. If the capacity runs out though then a new linear
1843 /// memory allocation must be made and the contents of linear memory is
1844 /// copied over.
1845 ///
1846 /// For example here's a situation where a copy happens:
1847 ///
1848 /// * The `memory_reservation` setting is configured to 128KiB.
1849 /// * A WebAssembly linear memory starts with a single 64KiB page.
1850 /// * This memory can be grown by one page to contain the full 128KiB of
1851 /// memory.
1852 /// * If grown by one more page, though, then a 192KiB allocation must be
1853 /// made and the previous 128KiB of contents are copied into the new
1854 /// allocation.
1855 ///
1856 /// This growth behavior can have a significant performance impact if lots
1857 /// of data needs to be copied on growth. Conversely if memory growth never
1858 /// needs to happen because the capacity will always be large enough then
1859 /// optimizations can be applied to cache the base pointer of linear memory.
1860 ///
1861 /// When memory is grown then the
1862 /// [`Config::memory_reservation_for_growth`] is used for the new
1863 /// memory allocation to have memory to grow into.
1864 ///
1865 /// When using the pooling allocator via [`PoolingAllocationConfig`] then
1866 /// memories are never allowed to move so requests for growth are instead
1867 /// rejected with an error.
1868 ///
1869 /// ## When this setting is not used
1870 ///
1871 /// This setting is ignored and unused when the initial size of linear
1872 /// memory is larger than this threshold. For example if this setting is set
1873 /// to 1MiB but a wasm module requires a 2MiB minimum allocation then this
1874 /// setting is ignored. In this situation the minimum size of memory will be
1875 /// allocated along with [`Config::memory_reservation_for_growth`]
1876 /// after it to grow into.
1877 ///
1878 /// That means that this value can be set to zero. That can be useful in
1879 /// benchmarking to see the overhead of bounds checks for example.
1880 /// Additionally it can be used to minimize the virtual memory allocated by
1881 /// Wasmtime.
1882 ///
1883 /// ## Default Value
1884 ///
1885 /// The default value for this property depends on the host platform. For
1886 /// 64-bit platforms there's lots of address space available, so the default
1887 /// configured here is 4GiB. When coupled with the default size of
1888 /// [`Config::memory_guard_size`] this means that 32-bit WebAssembly linear
1889 /// memories with 64KiB page sizes will skip almost all bounds checks by
1890 /// default.
1891 ///
1892 /// For 32-bit platforms this value defaults to 10MiB. This means that
1893 /// bounds checks will be required on 32-bit platforms.
1894 pub fn memory_reservation(&mut self, bytes: u64) -> &mut Self {
1895 self.tunables.memory_reservation = Some(bytes);
1896 self
1897 }
1898
1899 /// Indicates whether linear memories may relocate their base pointer at
1900 /// runtime.
1901 ///
1902 /// WebAssembly linear memories either have a maximum size that's explicitly
1903 /// listed in the type of a memory or inherently limited by the index type
1904 /// of the memory (e.g. 4GiB for 32-bit linear memories). Depending on how
1905 /// the linear memory is allocated (see [`Config::memory_reservation`]) it
1906 /// may be necessary to move the memory in the host's virtual address space
1907 /// during growth. This option controls whether this movement is allowed or
1908 /// not.
1909 ///
1910 /// An example of a linear memory needing to move is when
1911 /// [`Config::memory_reservation`] is 0 then a linear memory will be
1912 /// allocated as the minimum size of the memory plus
1913 /// [`Config::memory_reservation_for_growth`]. When memory grows beyond the
1914 /// reservation for growth then the memory needs to be relocated.
1915 ///
1916 /// When this option is set to `false` then it can have a number of impacts
1917 /// on how memories work at runtime:
1918 ///
1919 /// * Modules can be compiled with static knowledge the base pointer of
1920 /// linear memory never changes to enable optimizations such as
1921 /// loop invariant code motion (hoisting the base pointer out of a loop).
1922 ///
1923 /// * Memories cannot grow in excess of their original allocation. This
1924 /// means that [`Config::memory_reservation`] and
1925 /// [`Config::memory_reservation_for_growth`] may need tuning to ensure
1926 /// the memory configuration works at runtime.
1927 ///
1928 /// The default value for this option is `true`.
1929 pub fn memory_may_move(&mut self, enable: bool) -> &mut Self {
1930 self.tunables.memory_may_move = Some(enable);
1931 self
1932 }
1933
1934 /// Configures the size, in bytes, of the guard region used at the end of a
1935 /// linear memory's address space reservation.
1936 ///
1937 /// > Note: this value has important performance ramifications, be sure to
1938 /// > understand what this value does before tweaking it and benchmarking.
1939 ///
1940 /// This setting controls how many bytes are guaranteed to be unmapped after
1941 /// the virtual memory allocation of a linear memory. When
1942 /// combined with sufficiently large values of
1943 /// [`Config::memory_reservation`] (e.g. 4GiB for 32-bit linear memories)
1944 /// then a guard region can be used to eliminate bounds checks in generated
1945 /// code.
1946 ///
1947 /// This setting additionally can be used to help deduplicate bounds checks
1948 /// in code that otherwise requires bounds checks. For example with a 4KiB
1949 /// guard region then a 64-bit linear memory which accesses addresses `x+8`
1950 /// and `x+16` only needs to perform a single bounds check on `x`. If that
1951 /// bounds check passes then the offset is guaranteed to either reside in
1952 /// linear memory or the guard region, resulting in deterministic behavior
1953 /// either way.
1954 ///
1955 /// ## How big should the guard be?
1956 ///
1957 /// In general, like with configuring [`Config::memory_reservation`], you
1958 /// probably don't want to change this value from the defaults. Removing
1959 /// bounds checks is dependent on a number of factors where the size of the
1960 /// guard region is only one piece of the equation. Other factors include:
1961 ///
1962 /// * [`Config::memory_reservation`]
1963 /// * The index type of the linear memory (e.g. 32-bit or 64-bit)
1964 /// * The page size of the linear memory
1965 /// * Other settings such as [`Config::signals_based_traps`]
1966 ///
1967 /// Embeddings using virtual memory almost always want at least some guard
1968 /// region, but otherwise changes from the default should be profiled
1969 /// locally to see the performance impact.
1970 ///
1971 /// ## Default
1972 ///
1973 /// The default value for this property is 32MiB on 64-bit platforms. This
1974 /// allows eliminating almost all bounds checks on loads/stores with an
1975 /// immediate offset of less than 32MiB. On 32-bit platforms this defaults
1976 /// to 64KiB.
1977 pub fn memory_guard_size(&mut self, bytes: u64) -> &mut Self {
1978 self.tunables.memory_guard_size = Some(bytes);
1979 self
1980 }
1981
1982 /// Configures the size, in bytes, of the extra virtual memory space
1983 /// reserved after a linear memory is relocated.
1984 ///
1985 /// This setting is used in conjunction with [`Config::memory_reservation`]
1986 /// to configure what happens after a linear memory is relocated in the host
1987 /// address space. If the initial size of a linear memory exceeds
1988 /// [`Config::memory_reservation`] or if it grows beyond that size
1989 /// throughout its lifetime then this setting will be used.
1990 ///
1991 /// When a linear memory is relocated it will initially look like this:
1992 ///
1993 /// ```text
1994 /// memory.size
1995 /// │
1996 /// ◄──────┴─────►
1997 /// ┌───────┬──────────────┬───────┐
1998 /// │ guard │ accessible │ guard │
1999 /// └───────┴──────────────┴───────┘
2000 /// ◄──┬──►
2001 /// │
2002 /// memory_guard_size
2003 /// ```
2004 ///
2005 /// where `accessible` needs to be grown but there's no more memory to grow
2006 /// into. A new region of the virtual address space will be allocated that
2007 /// looks like this:
2008 ///
2009 /// ```text
2010 /// memory_reservation_for_growth
2011 /// │
2012 /// memory.size │
2013 /// │ │
2014 /// ◄──────┴─────► ◄─────────────┴───────────►
2015 /// ┌───────┬──────────────┬───────────────────────────┬───────┐
2016 /// │ guard │ accessible │ .. reserved for growth .. │ guard │
2017 /// └───────┴──────────────┴───────────────────────────┴───────┘
2018 /// ◄──┬──►
2019 /// │
2020 /// memory_guard_size
2021 /// ```
2022 ///
2023 /// This means that up to `memory_reservation_for_growth` bytes can be
2024 /// allocated again before the entire linear memory needs to be moved again
2025 /// when another `memory_reservation_for_growth` bytes will be appended to
2026 /// the size of the allocation.
2027 ///
2028 /// Note that this is a currently simple heuristic for optimizing the growth
2029 /// of dynamic memories, primarily implemented for the memory64 proposal
2030 /// where the maximum size of memory is larger than 4GiB. This setting is
2031 /// unlikely to be a one-size-fits-all style approach and if you're an
2032 /// embedder running into issues with growth and are interested in having
2033 /// other growth strategies available here please feel free to [open an
2034 /// issue on the Wasmtime repository][issue]!
2035 ///
2036 /// [issue]: https://github.com/bytecodealliance/wasmtime/issues/new
2037 ///
2038 /// ## Default
2039 ///
2040 /// For 64-bit platforms this defaults to 2GiB, and for 32-bit platforms
2041 /// this defaults to 1MiB.
2042 pub fn memory_reservation_for_growth(&mut self, bytes: u64) -> &mut Self {
2043 self.tunables.memory_reservation_for_growth = Some(bytes);
2044 self
2045 }
2046
2047 /// Configures the initial size, in bytes, to be allocated for GC heaps.
2048 ///
2049 /// This is similar to [`Config::memory_reservation`] but applies to the GC
2050 /// heap rather than to linear memories. See that method for more details
2051 /// on what "reservation" means and the implications of this setting.
2052 ///
2053 /// ## Default
2054 ///
2055 /// If none of the `gc_heap_*` tunables are explicitly configured, they
2056 /// default to the same values as their `memory_*` counterparts. Otherwise,
2057 /// the default value for this property depends on the host platform: for
2058 /// 64-bit platforms this defaults to 4GiB, and for 32-bit platforms this
2059 /// defaults to 10MiB.
2060 pub fn gc_heap_reservation(&mut self, bytes: u64) -> &mut Self {
2061 self.tunables.gc_heap_reservation = Some(bytes);
2062 self
2063 }
2064
2065 /// Configures the size, in bytes, of the guard page region for GC heaps.
2066 ///
2067 /// This is similar to [`Config::memory_guard_size`] but applies to the GC
2068 /// heap rather than to linear memories. See that method for more details on
2069 /// what guard pages are and the implications of this setting.
2070 ///
2071 /// ## Default
2072 ///
2073 /// If none of the `gc_heap_*` tunables are explicitly configured, they
2074 /// default to the same values as their `memory_*` counterparts. Otherwise,
2075 /// the default value for this property is 32MiB on 64-bit platforms and
2076 /// 64KiB on 32-bit platforms.
2077 pub fn gc_heap_guard_size(&mut self, bytes: u64) -> &mut Self {
2078 self.tunables.gc_heap_guard_size = Some(bytes);
2079 self
2080 }
2081
2082 /// Configures the size, in bytes, of the extra virtual memory space
2083 /// reserved after a GC heap is relocated.
2084 ///
2085 /// This is similar to [`Config::memory_reservation_for_growth`] but applies
2086 /// to the GC heap rather than to linear memories. See that method for more
2087 /// details.
2088 ///
2089 /// ## Default
2090 ///
2091 /// If none of the `gc_heap_*` tunables are explicitly configured, they
2092 /// default to the same values as their `memory_*` counterparts. Otherwise,
2093 /// for 64-bit platforms this defaults to 2GiB, and for 32-bit platforms
2094 /// this defaults to 1MiB.
2095 pub fn gc_heap_reservation_for_growth(&mut self, bytes: u64) -> &mut Self {
2096 self.tunables.gc_heap_reservation_for_growth = Some(bytes);
2097 self
2098 }
2099
2100 /// Indicates whether GC heaps are allowed to be reallocated after initial
2101 /// allocation at runtime.
2102 ///
2103 /// This is similar to [`Config::memory_may_move`] but applies to the GC
2104 /// heap rather than to linear memories. See that method for more details.
2105 ///
2106 /// ## Default
2107 ///
2108 /// If none of the `gc_heap_*` tunables are explicitly configured, they
2109 /// default to the same values as their `memory_*` counterparts. Otherwise,
2110 /// the default value for this option is `true`.
2111 pub fn gc_heap_may_move(&mut self, enable: bool) -> &mut Self {
2112 self.tunables.gc_heap_may_move = Some(enable);
2113 self
2114 }
2115
2116 /// Indicates whether a guard region is present before allocations of
2117 /// linear memory.
2118 ///
2119 /// Guard regions before linear memories are never used during normal
2120 /// operation of WebAssembly modules, even if they have out-of-bounds
2121 /// loads. The only purpose for a preceding guard region in linear memory
2122 /// is extra protection against possible bugs in code generators like
2123 /// Cranelift. This setting does not affect performance in any way, but will
2124 /// result in larger virtual memory reservations for linear memories (it
2125 /// won't actually ever use more memory, just use more of the address
2126 /// space).
2127 ///
2128 /// The size of the guard region before linear memory is the same as the
2129 /// guard size that comes after linear memory, which is configured by
2130 /// [`Config::memory_guard_size`].
2131 ///
2132 /// ## Default
2133 ///
2134 /// This value defaults to `true`.
2135 pub fn guard_before_linear_memory(&mut self, enable: bool) -> &mut Self {
2136 self.tunables.guard_before_linear_memory = Some(enable);
2137 self
2138 }
2139
2140 /// Indicates whether to initialize tables lazily, so that instantiation
2141 /// is fast but indirect calls are a little slower. If false, tables
2142 /// are initialized eagerly during instantiation from any active element
2143 /// segments that apply to them.
2144 ///
2145 /// **Note** Disabling this option is not compatible with the Winch compiler.
2146 ///
2147 /// ## Default
2148 ///
2149 /// This value defaults to `true`.
2150 pub fn table_lazy_init(&mut self, table_lazy_init: bool) -> &mut Self {
2151 self.tunables.table_lazy_init = Some(table_lazy_init);
2152 self
2153 }
2154
2155 /// Configure the version information used in serialized and deserialized [`crate::Module`]s.
2156 /// This effects the behavior of [`crate::Module::serialize()`], as well as
2157 /// [`crate::Module::deserialize()`] and related functions.
2158 ///
2159 /// The default strategy is to use the wasmtime crate's Cargo package version.
2160 pub fn module_version(&mut self, strategy: ModuleVersionStrategy) -> Result<&mut Self> {
2161 match strategy {
2162 // This case requires special precondition for assertion in SerializedModule::to_bytes
2163 ModuleVersionStrategy::Custom(ref v) => {
2164 if v.as_bytes().len() > 255 {
2165 bail!("custom module version cannot be more than 255 bytes: {v}");
2166 }
2167 }
2168 _ => {}
2169 }
2170 self.module_version = strategy;
2171 Ok(self)
2172 }
2173
2174 /// Configure whether wasmtime should compile a module using multiple
2175 /// threads.
2176 ///
2177 /// Disabling this will result in a single thread being used to compile
2178 /// the wasm bytecode.
2179 ///
2180 /// By default parallel compilation is enabled.
2181 #[cfg(feature = "parallel-compilation")]
2182 pub fn parallel_compilation(&mut self, parallel: bool) -> &mut Self {
2183 self.parallel_compilation = parallel;
2184 self
2185 }
2186
2187 /// Configures whether compiled artifacts will contain information to map
2188 /// native program addresses back to the original wasm module.
2189 ///
2190 /// This configuration option is `true` by default and, if enabled,
2191 /// generates the appropriate tables in compiled modules to map from native
2192 /// address back to wasm source addresses. This is used for displaying wasm
2193 /// program counters in backtraces as well as generating filenames/line
2194 /// numbers if so configured as well (and the original wasm module has DWARF
2195 /// debugging information present).
2196 pub fn generate_address_map(&mut self, generate: bool) -> &mut Self {
2197 self.tunables.generate_address_map = Some(generate);
2198 self
2199 }
2200
2201 /// Configures whether copy-on-write memory-mapped data is used to
2202 /// initialize a linear memory.
2203 ///
2204 /// Initializing linear memory via a copy-on-write mapping can drastically
2205 /// improve instantiation costs of a WebAssembly module because copying
2206 /// memory is deferred. Additionally if a page of memory is only ever read
2207 /// from WebAssembly and never written too then the same underlying page of
2208 /// data will be reused between all instantiations of a module meaning that
2209 /// if a module is instantiated many times this can lower the overall memory
2210 /// required needed to run that module.
2211 ///
2212 /// The main disadvantage of copy-on-write initialization, however, is that
2213 /// it may be possible for highly-parallel scenarios to be less scalable. If
2214 /// a page is read initially by a WebAssembly module then that page will be
2215 /// mapped to a read-only copy shared between all WebAssembly instances. If
2216 /// the same page is then written, however, then a private copy is created
2217 /// and swapped out from the read-only version. This also requires an [IPI],
2218 /// however, which can be a significant bottleneck in high-parallelism
2219 /// situations.
2220 ///
2221 /// This feature is only applicable when a WebAssembly module meets specific
2222 /// criteria to be initialized in this fashion, such as:
2223 ///
2224 /// * Only memories defined in the module can be initialized this way.
2225 /// * Data segments for memory must use statically known offsets.
2226 /// * Data segments for memory must all be in-bounds.
2227 ///
2228 /// Modules which do not meet these criteria will fall back to
2229 /// initialization of linear memory based on copying memory.
2230 ///
2231 /// This feature of Wasmtime is also platform-specific:
2232 ///
2233 /// * Linux - this feature is supported for all instances of [`Module`].
2234 /// Modules backed by an existing mmap (such as those created by
2235 /// [`Module::deserialize_file`]) will reuse that mmap to cow-initialize
2236 /// memory. Other instance of [`Module`] may use the `memfd_create`
2237 /// syscall to create an initialization image to `mmap`.
2238 /// * Unix (not Linux) - this feature is only supported when loading modules
2239 /// from a precompiled file via [`Module::deserialize_file`] where there
2240 /// is a file descriptor to use to map data into the process. Note that
2241 /// the module must have been compiled with this setting enabled as well.
2242 /// * Windows - there is no support for this feature at this time. Memory
2243 /// initialization will always copy bytes.
2244 ///
2245 /// By default this option is enabled.
2246 ///
2247 /// [`Module::deserialize_file`]: crate::Module::deserialize_file
2248 /// [`Module`]: crate::Module
2249 /// [IPI]: https://en.wikipedia.org/wiki/Inter-processor_interrupt
2250 pub fn memory_init_cow(&mut self, enable: bool) -> &mut Self {
2251 self.tunables.memory_init_cow = Some(enable);
2252 self
2253 }
2254
2255 /// A configuration option to force the usage of `memfd_create` on Linux to
2256 /// be used as the backing source for a module's initial memory image.
2257 ///
2258 /// When [`Config::memory_init_cow`] is enabled, which is enabled by
2259 /// default, module memory initialization images are taken from a module's
2260 /// original mmap if possible. If a precompiled module was loaded from disk
2261 /// this means that the disk's file is used as an mmap source for the
2262 /// initial linear memory contents. This option can be used to force, on
2263 /// Linux, that instead of using the original file on disk a new in-memory
2264 /// file is created with `memfd_create` to hold the contents of the initial
2265 /// image.
2266 ///
2267 /// This option can be used to avoid possibly loading the contents of memory
2268 /// from disk through a page fault. Instead with `memfd_create` the contents
2269 /// of memory are always in RAM, meaning that even page faults which
2270 /// initially populate a wasm linear memory will only work with RAM instead
2271 /// of ever hitting the disk that the original precompiled module is stored
2272 /// on.
2273 ///
2274 /// This option is disabled by default.
2275 pub fn force_memory_init_memfd(&mut self, enable: bool) -> &mut Self {
2276 self.force_memory_init_memfd = enable;
2277 self
2278 }
2279
2280 /// Configures whether or not a coredump should be generated and attached to
2281 /// the [`Error`](crate::Error) when a trap is raised.
2282 ///
2283 /// This option is disabled by default.
2284 #[cfg(feature = "coredump")]
2285 pub fn coredump_on_trap(&mut self, enable: bool) -> &mut Self {
2286 self.coredump_on_trap = enable;
2287 self
2288 }
2289
2290 /// Enables memory error checking for wasm programs.
2291 ///
2292 /// This option is disabled by default.
2293 ///
2294 /// # Panics
2295 ///
2296 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
2297 #[cfg(any(feature = "cranelift", feature = "winch"))]
2298 pub fn wmemcheck(&mut self, enable: bool) -> &mut Self {
2299 self.wmemcheck = enable;
2300 self.compiler_config_mut().wmemcheck = enable;
2301 self
2302 }
2303
2304 /// Configures the "guaranteed dense image size" for copy-on-write
2305 /// initialized memories.
2306 ///
2307 /// When using the [`Config::memory_init_cow`] feature to initialize memory
2308 /// efficiently (which is enabled by default), compiled modules contain an
2309 /// image of the module's initial heap. If the module has a fairly sparse
2310 /// initial heap, with just a few data segments at very different offsets,
2311 /// this could result in a large region of zero bytes in the image. In
2312 /// other words, it's not very memory-efficient.
2313 ///
2314 /// We normally use a heuristic to avoid this: if less than half
2315 /// of the initialized range (first non-zero to last non-zero
2316 /// byte) of any memory in the module has pages with nonzero
2317 /// bytes, then we avoid creating a memory image for the entire module.
2318 ///
2319 /// However, if the embedder always needs the instantiation-time efficiency
2320 /// of copy-on-write initialization, and is otherwise carefully controlling
2321 /// parameters of the modules (for example, by limiting the maximum heap
2322 /// size of the modules), then it may be desirable to ensure a memory image
2323 /// is created even if this could go against the heuristic above. Thus, we
2324 /// add another condition: there is a size of initialized data region up to
2325 /// which we *always* allow a memory image. The embedder can set this to a
2326 /// known maximum heap size if they desire to always get the benefits of
2327 /// copy-on-write images.
2328 ///
2329 /// In the future we may implement a "best of both worlds"
2330 /// solution where we have a dense image up to some limit, and
2331 /// then support a sparse list of initializers beyond that; this
2332 /// would get most of the benefit of copy-on-write and pay the incremental
2333 /// cost of eager initialization only for those bits of memory
2334 /// that are out-of-bounds. However, for now, an embedder desiring
2335 /// fast instantiation should ensure that this setting is as large
2336 /// as the maximum module initial memory content size.
2337 ///
2338 /// By default this value is 16 MiB.
2339 pub fn memory_guaranteed_dense_image_size(&mut self, size_in_bytes: u64) -> &mut Self {
2340 self.memory_guaranteed_dense_image_size = size_in_bytes;
2341 self
2342 }
2343
2344 /// Whether to enable function inlining during compilation or not.
2345 ///
2346 /// This may result in faster execution at runtime, but adds additional
2347 /// compilation time. Inlining may also enlarge the size of compiled
2348 /// artifacts (for example, the size of the result of
2349 /// [`Engine::precompile_component`]).
2350 ///
2351 /// Inlining is not supported by all of Wasmtime's compilation strategies;
2352 /// currently, it only Cranelift supports it. This setting will be ignored
2353 /// when using a compilation strategy that does not support inlining, like
2354 /// Winch.
2355 ///
2356 /// The default value for this is `Inlining::No`.
2357 pub fn compiler_inlining(&mut self, inlining: Inlining) -> &mut Self {
2358 self.tunables.inlining = Some(inlining);
2359 self
2360 }
2361
2362 /// Returns the set of features that the currently selected compiler backend
2363 /// does not support at all and may panic on.
2364 ///
2365 /// Wasmtime strives to reject unknown modules or unsupported modules with
2366 /// first-class errors instead of panics. Not all compiler backends have the
2367 /// same level of feature support on all platforms as well. This method
2368 /// returns a set of features that the currently selected compiler
2369 /// configuration is known to not support and may panic on. This acts as a
2370 /// first-level filter on incoming wasm modules/configuration to fail-fast
2371 /// instead of panicking later on.
2372 ///
2373 /// Note that if a feature is not returned here it does not mean that the
2374 /// backend fully supports the proposal. Instead that means that the backend
2375 /// doesn't ever panic on the proposal, but errors during compilation may
2376 /// still be returned. This means that features listed here are definitely
2377 /// not supported at all, but features not listed here may still be
2378 /// partially supported. For example at the time of this writing the Winch
2379 /// backend partially supports simd so it's not listed here. Winch doesn't
2380 /// fully support simd but unimplemented instructions just return errors.
2381 fn compiler_panicking_wasm_features(&self) -> WasmFeatures {
2382 // First we compute the set of features that Wasmtime itself knows;
2383 // this is a sort of "maximal set" that we invert to create a set
2384 // of features we _definitely can't support_ because wasmtime
2385 // has never heard of them.
2386 let features_known_to_wasmtime = WasmFeatures::WASM3
2387 | WasmFeatures::SHARED_EVERYTHING_THREADS
2388 | WasmFeatures::COMPONENT_MODEL
2389 | WasmFeatures::CUSTOM_PAGE_SIZES
2390 | WasmFeatures::STACK_SWITCHING
2391 | WasmFeatures::WIDE_ARITHMETIC
2392 | WasmFeatures::CM_ASYNC
2393 | WasmFeatures::CM_ASYNC_STACKFUL
2394 | WasmFeatures::CM_MORE_ASYNC_BUILTINS
2395 | WasmFeatures::CM_THREADING
2396 | WasmFeatures::CM_ERROR_CONTEXT
2397 | WasmFeatures::CM_GC
2398 | WasmFeatures::CM_MAP
2399 | WasmFeatures::CM_FIXED_LENGTH_LISTS
2400 | WasmFeatures::CM_IMPLEMENTS;
2401
2402 #[allow(unused_mut, reason = "easier to avoid #[cfg]")]
2403 let mut unsupported = !features_known_to_wasmtime;
2404
2405 #[cfg(any(feature = "cranelift", feature = "winch"))]
2406 match self.compiler_config.as_ref().and_then(|c| c.strategy) {
2407 None | Some(Strategy::Cranelift) => {
2408 // Pulley at this time fundamentally doesn't support the
2409 // `threads` proposal, notably shared memory, because Rust can't
2410 // safely implement loads/stores in the face of shared memory.
2411 // Stack switching is not implemented, either.
2412 if self.compiler_target().is_pulley() {
2413 unsupported |= WasmFeatures::THREADS;
2414 unsupported |= WasmFeatures::STACK_SWITCHING;
2415 }
2416
2417 use target_lexicon::*;
2418 match self.compiler_target() {
2419 Triple {
2420 architecture: Architecture::X86_64 | Architecture::X86_64h,
2421 operating_system:
2422 OperatingSystem::Linux
2423 | OperatingSystem::MacOSX(_)
2424 | OperatingSystem::Darwin(_),
2425 ..
2426 } => {
2427 // Stack switching supported on (non-Pulley) Cranelift.
2428 }
2429
2430 _ => {
2431 // On platforms other than x64 Unix-like, we don't
2432 // support stack switching.
2433 unsupported |= WasmFeatures::STACK_SWITCHING;
2434 }
2435 }
2436 }
2437 Some(Strategy::Winch) => {
2438 unsupported |= WasmFeatures::GC
2439 | WasmFeatures::FUNCTION_REFERENCES
2440 | WasmFeatures::RELAXED_SIMD
2441 | WasmFeatures::TAIL_CALL
2442 | WasmFeatures::GC_TYPES
2443 | WasmFeatures::EXCEPTIONS
2444 | WasmFeatures::LEGACY_EXCEPTIONS
2445 | WasmFeatures::STACK_SWITCHING;
2446 match self.compiler_target().architecture {
2447 target_lexicon::Architecture::Aarch64(_) => {
2448 unsupported |= WasmFeatures::THREADS;
2449 }
2450
2451 // Winch doesn't support other non-x64 architectures at this
2452 // time either but will return an first-class error for
2453 // them.
2454 _ => {}
2455 }
2456 }
2457 Some(Strategy::Auto) => unreachable!(),
2458 }
2459 unsupported
2460 }
2461
2462 /// Calculates the set of features that are enabled for this `Config`.
2463 ///
2464 /// This is a bit of a subtle function which takes into account inputs such
2465 /// as the default set of features Wasmtime has enabled, the currently
2466 /// enabled compiler, the currently enabled target, compile-time crate
2467 /// features, and explicitly configured wasm proposals. This function does
2468 /// not return a fixed set of all proposals in all cases as it's a bit more
2469 /// nuanced than that.
2470 ///
2471 /// This method internally will start with an empty set of features to
2472 /// avoid being tied to wasmparser's defaults. Next Wasmtime's set of
2473 /// default features are added to this set, some of which are conditional
2474 /// depending on crate features. Finally explicitly requested features via
2475 /// `wasm_*` methods on `Config` are applied. Everything is then validated
2476 /// later in `Config::validate`.
2477 ///
2478 /// Note that the validation later on in `Config::validate` is a crucial
2479 /// step here. The returned features here might include features unsupported
2480 /// at compile time or unsupported by the selected compiler. In that case
2481 /// `Config::validate` will present a first-class error message indicating
2482 /// what's going on, and users should in theory be able to understand "ok
2483 /// yeah that's why I can't enable that feature here".
2484 fn features(&self) -> WasmFeatures {
2485 // Start with an empty set of wasm features. This notably decouples
2486 // features in Wasmtime from features in wasmparser as the two are
2487 // generally on different timelines.
2488 let mut features = WasmFeatures::empty();
2489
2490 // Next add in all on-by-default features that Wasmtime has which are
2491 // subject to the criteria at
2492 // https://docs.wasmtime.dev/contributing-implementing-wasm-proposals.html
2493 // and https://docs.wasmtime.dev/stability-wasm-proposals.html.
2494 //
2495 // Note that the first entry here, `WASM3`, is a fixed feature set that
2496 // won't change over time in wasmparser which represents the union of
2497 // all on-by-default features in Wasmtime. Also note that this is
2498 // further refined in the conditional section below based on crate
2499 // features.
2500 features |= WasmFeatures::WASM3;
2501
2502 // features |= WasmFeatures::YOUR_WASM_FEATURE;
2503 // ...
2504
2505 // NB: if you add a feature above this line please double-check
2506 // https://docs.wasmtime.dev/stability-wasm-proposals.html
2507 // to ensure all requirements are met and/or update the documentation
2508 // there too.
2509
2510 // Next configure some features further based on compile-time features
2511 // of the wasmtime crate itself. For example if "gc" is disabled then
2512 // `GC_TYPES` are disabled (a wasmparser pseudo-feature) as well as
2513 // exceptions, but reference-types is still available (e.g. new
2514 // encodings/types/etc).
2515 //
2516 // These features are all "on by default" in effect but dependent on
2517 // compile-time support being available.
2518 features.set(WasmFeatures::GC_TYPES, cfg!(feature = "gc"));
2519 features.set(WasmFeatures::EXCEPTIONS, cfg!(feature = "gc"));
2520 features.set(WasmFeatures::THREADS, cfg!(feature = "threads"));
2521 features.set(
2522 WasmFeatures::COMPONENT_MODEL,
2523 cfg!(feature = "component-model"),
2524 );
2525 features.set(
2526 WasmFeatures::CM_ASYNC,
2527 self.tunables
2528 .concurrency_support
2529 .unwrap_or(cfg!(feature = "component-model-async")),
2530 );
2531
2532 // Next disable any features which the current compiler/target do not
2533 // support. This handles cases where Winch, for example, doesn't
2534 // implement a feature yet but Cranelift does. Or maybe Cranelift only
2535 // supports one particular platform and not others. Things like that.
2536 features = features & !self.compiler_panicking_wasm_features();
2537
2538 // And, finally, process all explicitly enabled/disabled features on
2539 // behalf of the embedder's frobbing `Config::wasm_*`. These have the
2540 // highest priority since they were explicitly requested.
2541 debug_assert!((self.enabled_features & self.disabled_features).is_empty());
2542 features &= !self.disabled_features;
2543 features |= self.enabled_features;
2544
2545 features
2546 }
2547
2548 /// Returns the configured compiler target for this `Config`.
2549 pub(crate) fn compiler_target(&self) -> target_lexicon::Triple {
2550 // If a target is explicitly configured, always use that.
2551 if let Some(target) = self.target.clone() {
2552 return target;
2553 }
2554
2555 // If the `build.rs` script determined that this platform uses pulley by
2556 // default, then use Pulley.
2557 if cfg!(default_target_pulley) {
2558 return target_lexicon::Triple::pulley_host();
2559 }
2560
2561 // And at this point the target is for sure the host.
2562 target_lexicon::Triple::host()
2563 }
2564
2565 /// Returns `true` if any of the `gc_heap_*` tunables have been explicitly
2566 /// configured.
2567 fn any_gc_heap_tunables_configured(&self) -> bool {
2568 self.tunables.gc_heap_reservation.is_some()
2569 || self.tunables.gc_heap_guard_size.is_some()
2570 || self.tunables.gc_heap_reservation_for_growth.is_some()
2571 || self.tunables.gc_heap_may_move.is_some()
2572 }
2573
2574 pub(crate) fn validate(&self) -> Result<(Tunables, WasmFeatures)> {
2575 let features = self.features();
2576
2577 // First validate that the selected compiler backend and configuration
2578 // supports the set of `features` that are enabled. This will help
2579 // provide more first class errors instead of panics about unsupported
2580 // features and configurations.
2581 let unsupported = features & self.compiler_panicking_wasm_features();
2582 if !unsupported.is_empty() {
2583 for flag in WasmFeatures::FLAGS.iter() {
2584 if !unsupported.contains(*flag.value()) {
2585 continue;
2586 }
2587 bail!(
2588 "the wasm_{} feature is not supported on this compiler configuration",
2589 flag.name().to_lowercase()
2590 );
2591 }
2592
2593 panic!("should have returned an error by now")
2594 }
2595
2596 if self.max_wasm_stack > self.async_stack_size {
2597 bail!("max_wasm_stack size cannot exceed the async_stack_size");
2598 }
2599 if self.max_wasm_stack == 0 {
2600 bail!("max_wasm_stack size cannot be zero");
2601 }
2602 if !cfg!(feature = "wmemcheck") && self.wmemcheck {
2603 bail!("wmemcheck (memory checker) was requested but is not enabled in this build");
2604 }
2605
2606 if !cfg!(feature = "gc") && features.gc_types() {
2607 bail!("support for GC was disabled at compile time")
2608 }
2609
2610 if !cfg!(feature = "gc") && features.contains(WasmFeatures::EXCEPTIONS) {
2611 bail!("exceptions support requires garbage collection (GC) to be enabled in the build");
2612 }
2613
2614 match &self.rr_config {
2615 #[cfg(feature = "rr")]
2616 RRConfig::Recording | RRConfig::Replaying => {
2617 self.validate_rr_determinism_conflicts()?;
2618 }
2619 RRConfig::None => {}
2620 };
2621
2622 let mut tunables = Tunables::default_for_target(&self.compiler_target())?;
2623
2624 // By default this is enabled with the Cargo feature, and if the feature
2625 // is missing this is disabled.
2626 tunables.concurrency_support = cfg!(feature = "component-model-async");
2627
2628 #[cfg(feature = "rr")]
2629 {
2630 tunables.recording = matches!(self.rr_config, RRConfig::Recording);
2631 }
2632
2633 // If no target is explicitly specified then further refine `tunables`
2634 // for the configuration of this host depending on what platform
2635 // features were found available at compile time. This means that anyone
2636 // cross-compiling for a customized host will need to further refine
2637 // compilation options.
2638 if self.target.is_none() {
2639 // If this platform doesn't have native signals then change some
2640 // defaults to account for that. Note that VM guards are turned off
2641 // here because that's primarily a feature of eliding
2642 // bounds-checks.
2643 if !cfg!(has_native_signals) {
2644 tunables.signals_based_traps = cfg!(has_native_signals);
2645 tunables.memory_guard_size = 0;
2646 tunables.gc_heap_guard_size = 0;
2647 }
2648
2649 // When virtual memory is not available use slightly different
2650 // defaults for tunables to be more amenable to `MallocMemory`.
2651 // Note that these can still be overridden by config options.
2652 if !cfg!(has_virtual_memory) {
2653 tunables.memory_reservation = 0;
2654 tunables.memory_reservation_for_growth = 1 << 20; // 1MB
2655 tunables.memory_init_cow = false;
2656 tunables.gc_heap_reservation = 0;
2657 tunables.gc_heap_reservation_for_growth = 1 << 20; // 1MB
2658 }
2659 }
2660
2661 // If guest-debugging is enabled, we must disable
2662 // signals-based traps. Do this before we process the user's
2663 // provided tunables settings so we can detect a conflict with
2664 // an explicit request to use signals-based traps.
2665 #[cfg(feature = "debug")]
2666 if self.tunables.debug_guest == Some(true) {
2667 tunables.signals_based_traps = false;
2668 }
2669
2670 // Inlining currently falls over with the `stack_switch` instruction.
2671 #[cfg(any(feature = "cranelift", feature = "winch"))]
2672 if features.contains(WasmFeatures::STACK_SWITCHING) {
2673 if let Some(inlining) = self.tunables.inlining
2674 && inlining != Inlining::No
2675 {
2676 bail!("cannot enable compiler inlining when stack switching is enabled");
2677 }
2678 tunables.inlining = Inlining::No;
2679 }
2680
2681 self.tunables.configure(&mut tunables);
2682
2683 // If no GC heap tunables are explicitly configured, copy the memory
2684 // tunables' configured values so that GC heaps default to the same
2685 // configuration as linear memories.
2686 if !self.any_gc_heap_tunables_configured() {
2687 tunables.gc_heap_reservation = tunables.memory_reservation;
2688 tunables.gc_heap_guard_size = tunables.memory_guard_size;
2689 tunables.gc_heap_reservation_for_growth = tunables.memory_reservation_for_growth;
2690 tunables.gc_heap_may_move = tunables.memory_may_move;
2691 }
2692
2693 // If we're going to compile with winch, we must use the winch calling convention.
2694 #[cfg(any(feature = "cranelift", feature = "winch"))]
2695 {
2696 tunables.winch_callable = self
2697 .compiler_config
2698 .as_ref()
2699 .is_some_and(|c| c.strategy == Some(Strategy::Winch));
2700 }
2701
2702 tunables.collector = if features.gc_types() {
2703 #[cfg(feature = "gc")]
2704 {
2705 use wasmtime_environ::Collector as EnvCollector;
2706 Some(match self.collector.try_not_auto()? {
2707 Collector::DeferredReferenceCounting => EnvCollector::DeferredReferenceCounting,
2708 Collector::Null => EnvCollector::Null,
2709 Collector::Copying => EnvCollector::Copying,
2710 Collector::Auto => unreachable!(),
2711 })
2712 }
2713 #[cfg(not(feature = "gc"))]
2714 bail!("cannot use GC types: the `gc` feature was disabled at compile time")
2715 } else {
2716 None
2717 };
2718
2719 if tunables.debug_guest {
2720 ensure!(
2721 cfg!(feature = "debug"),
2722 "debug instrumentation support was disabled at compile time"
2723 );
2724 ensure!(
2725 !tunables.signals_based_traps,
2726 "cannot use signals-based traps with guest debugging enabled"
2727 );
2728 }
2729
2730 // Concurrency support is required for some component model features.
2731 let requires_concurrency = WasmFeatures::CM_ASYNC
2732 | WasmFeatures::CM_MORE_ASYNC_BUILTINS
2733 | WasmFeatures::CM_ASYNC_STACKFUL
2734 | WasmFeatures::CM_THREADING
2735 | WasmFeatures::CM_ERROR_CONTEXT;
2736 if tunables.concurrency_support && !cfg!(feature = "component-model-async") {
2737 bail!(
2738 "concurrency support was requested but was not \
2739 compiled into this build of Wasmtime"
2740 )
2741 }
2742 if !tunables.concurrency_support && features.intersects(requires_concurrency) {
2743 bail!(
2744 "concurrency support must be enabled to use the component \
2745 model async or threading features"
2746 )
2747 }
2748
2749 // If the pooling allocator is used and GC is enabled, check that
2750 // memories and the GC heap are configured identically, since the
2751 // pooling allocator can't support differently-configured heaps.
2752 #[cfg(feature = "pooling-allocator")]
2753 if matches!(
2754 &self.allocation_strategy,
2755 InstanceAllocationStrategy::Pooling(_)
2756 ) && tunables.collector.is_some()
2757 {
2758 if tunables.memory_reservation != tunables.gc_heap_reservation {
2759 bail!(
2760 "when using the pooling allocator with GC, `memory_reservation` ({}) \
2761 and `gc_heap_reservation` ({}) must be the same",
2762 tunables.memory_reservation,
2763 tunables.gc_heap_reservation,
2764 );
2765 }
2766 if tunables.memory_guard_size != tunables.gc_heap_guard_size {
2767 bail!(
2768 "when using the pooling allocator with GC, `memory_guard_size` ({}) \
2769 and `gc_heap_guard_size` ({}) must be the same",
2770 tunables.memory_guard_size,
2771 tunables.gc_heap_guard_size,
2772 );
2773 }
2774 if tunables.memory_reservation_for_growth != tunables.gc_heap_reservation_for_growth {
2775 bail!(
2776 "when using the pooling allocator with GC, \
2777 `memory_reservation_for_growth` ({}) and \
2778 `gc_heap_reservation_for_growth` ({}) must be the same",
2779 tunables.memory_reservation_for_growth,
2780 tunables.gc_heap_reservation_for_growth,
2781 );
2782 }
2783 if tunables.memory_may_move != tunables.gc_heap_may_move {
2784 bail!(
2785 "when using the pooling allocator with GC, `memory_may_move` ({}) \
2786 and `gc_heap_may_move` ({}) must be the same",
2787 tunables.memory_may_move,
2788 tunables.gc_heap_may_move,
2789 );
2790 }
2791 }
2792
2793 if tunables.debug_native && !tunables.debug_symbols {
2794 bail!("cannot enable native debug info while debug symbols are disabled");
2795 }
2796
2797 Ok((tunables, features))
2798 }
2799
2800 #[cfg(feature = "runtime")]
2801 pub(crate) fn build_allocator(
2802 &self,
2803 tunables: &Tunables,
2804 ) -> Result<Box<dyn InstanceAllocator + Send + Sync>> {
2805 let _ = tunables;
2806
2807 match &self.allocation_strategy {
2808 InstanceAllocationStrategy::OnDemand => {
2809 let mut _allocator = try_new::<Box<_>>(OnDemandInstanceAllocator::new(
2810 self.mem_creator.clone(),
2811 self.async_stack_size,
2812 self.async_stack_zeroing,
2813 ))?;
2814 #[cfg(feature = "async")]
2815 if let Some(stack_creator) = &self.stack_creator {
2816 _allocator.set_stack_creator(stack_creator.clone());
2817 }
2818 Ok(_allocator as _)
2819 }
2820 #[cfg(feature = "pooling-allocator")]
2821 InstanceAllocationStrategy::Pooling(config) => {
2822 let mut config = config.clone();
2823 let _ = &mut config;
2824 #[cfg(feature = "async")]
2825 {
2826 config.stack_size = self.async_stack_size;
2827 config.async_stack_zeroing = self.async_stack_zeroing;
2828 }
2829 let allocator = try_new::<Box<_>>(
2830 crate::runtime::vm::PoolingInstanceAllocator::new(&config, tunables)?,
2831 )?;
2832 Ok(allocator as _)
2833 }
2834 }
2835 }
2836
2837 #[cfg(feature = "runtime")]
2838 pub(crate) fn build_gc_runtime(&self) -> Result<Option<Arc<dyn GcRuntime>>> {
2839 if !self.features().gc_types() {
2840 return Ok(None);
2841 }
2842
2843 #[cfg(not(feature = "gc"))]
2844 bail!("cannot create a GC runtime: the `gc` feature was disabled at compile time");
2845
2846 #[cfg(feature = "gc")]
2847 #[cfg_attr(
2848 not(any(feature = "gc-null", feature = "gc-drc", feature = "gc-copying")),
2849 expect(unreachable_code, reason = "definitions known to be dummy")
2850 )]
2851 {
2852 Ok(Some(match self.collector.try_not_auto()? {
2853 #[cfg(feature = "gc-drc")]
2854 Collector::DeferredReferenceCounting => {
2855 try_new::<Arc<_>>(crate::runtime::vm::DrcCollector::default())? as _
2856 }
2857 #[cfg(not(feature = "gc-drc"))]
2858 Collector::DeferredReferenceCounting => unreachable!(),
2859
2860 #[cfg(feature = "gc-null")]
2861 Collector::Null => {
2862 try_new::<Arc<_>>(crate::runtime::vm::NullCollector::default())? as _
2863 }
2864 #[cfg(not(feature = "gc-null"))]
2865 Collector::Null => unreachable!(),
2866
2867 #[cfg(feature = "gc-copying")]
2868 Collector::Copying => {
2869 try_new::<Arc<_>>(crate::runtime::vm::CopyingCollector::default())? as _
2870 }
2871 #[cfg(not(feature = "gc-copying"))]
2872 Collector::Copying => unreachable!(),
2873
2874 Collector::Auto => unreachable!(),
2875 }))
2876 }
2877 }
2878
2879 #[cfg(feature = "runtime")]
2880 pub(crate) fn build_profiler(&self) -> Result<Box<dyn ProfilingAgent>> {
2881 Ok(match self.profiling_strategy {
2882 ProfilingStrategy::PerfMap => profiling_agent::new_perfmap()?,
2883 ProfilingStrategy::JitDump => profiling_agent::new_jitdump()?,
2884 ProfilingStrategy::VTune => profiling_agent::new_vtune()?,
2885 ProfilingStrategy::None => profiling_agent::new_null(),
2886 ProfilingStrategy::Pulley => profiling_agent::new_pulley()?,
2887 })
2888 }
2889
2890 #[cfg(any(feature = "cranelift", feature = "winch"))]
2891 pub(crate) fn build_compiler(
2892 mut self,
2893 tunables: &mut Tunables,
2894 features: WasmFeatures,
2895 ) -> Result<(Self, Box<dyn wasmtime_environ::Compiler>)> {
2896 let target = self.compiler_target();
2897
2898 // The target passed to the builders below is an `Option<Triple>` where
2899 // `None` represents the current host with CPU features inferred from
2900 // the host's CPU itself. The `target` above is not an `Option`, so
2901 // switch it to `None` in the case that a target wasn't explicitly
2902 // specified (which indicates no feature inference) and the target
2903 // matches the host.
2904 let target_for_builder =
2905 if self.target.is_none() && target == target_lexicon::Triple::host() {
2906 None
2907 } else {
2908 Some(target.clone())
2909 };
2910
2911 let mut compiler = match self.compiler_config_mut().strategy {
2912 #[cfg(feature = "cranelift")]
2913 Some(Strategy::Cranelift) => wasmtime_cranelift::builder(target_for_builder)?,
2914 #[cfg(not(feature = "cranelift"))]
2915 Some(Strategy::Cranelift) => bail!("cranelift support not compiled in"),
2916 #[cfg(feature = "winch")]
2917 Some(Strategy::Winch) => wasmtime_winch::builder(target_for_builder)?,
2918 #[cfg(not(feature = "winch"))]
2919 Some(Strategy::Winch) => bail!("winch support not compiled in"),
2920
2921 None | Some(Strategy::Auto) => unreachable!(),
2922 };
2923
2924 if let Some(path) = &self.compiler_config_mut().clif_dir {
2925 compiler.clif_dir(path)?;
2926 }
2927
2928 // If probestack is enabled for a target, Wasmtime will always use the
2929 // inline strategy which doesn't require us to define a `__probestack`
2930 // function or similar.
2931 self.compiler_config_mut().settings.insert(
2932 "probestack_strategy".into(),
2933 ("inline".into(), UserSpecified::No),
2934 );
2935
2936 // We enable stack probing by default on all targets.
2937 // This is required on Windows because of the way Windows
2938 // commits its stacks, but it's also a good idea on other
2939 // platforms to ensure guard pages are hit for large frame
2940 // sizes.
2941 self.compiler_config_mut()
2942 .flags
2943 .insert("enable_probestack".into(), UserSpecified::No);
2944
2945 // The current wasm multivalue implementation depends on this.
2946 // FIXME(#9510) handle this in wasmtime-cranelift instead.
2947 self.compiler_config_mut()
2948 .flags
2949 .insert("enable_multi_ret_implicit_sret".into(), UserSpecified::No);
2950
2951 if let Some(unwind_requested) = self.native_unwind_info {
2952 if !self
2953 .compiler_config_mut()
2954 .ensure_setting_unset_or_given("unwind_info", &unwind_requested.to_string())
2955 {
2956 bail!(
2957 "incompatible settings requested for Cranelift and Wasmtime `unwind-info` settings"
2958 );
2959 }
2960 }
2961
2962 if target.operating_system == target_lexicon::OperatingSystem::Windows {
2963 if !self
2964 .compiler_config_mut()
2965 .ensure_setting_unset_or_given("unwind_info", "true")
2966 {
2967 bail!("`native_unwind_info` cannot be disabled on Windows");
2968 }
2969 }
2970
2971 // We require frame pointers for correct stack walking, which is safety
2972 // critical in the presence of reference types, and otherwise it is just
2973 // really bad developer experience to get wrong.
2974 self.compiler_config_mut().settings.insert(
2975 "preserve_frame_pointers".into(),
2976 ("true".into(), UserSpecified::No),
2977 );
2978
2979 if !tunables.signals_based_traps {
2980 let mut ok = self
2981 .compiler_config_mut()
2982 .ensure_setting_unset_or_given("enable_table_access_spectre_mitigation", "false");
2983 ok = ok
2984 && self.compiler_config_mut().ensure_setting_unset_or_given(
2985 "enable_heap_access_spectre_mitigation",
2986 "false",
2987 );
2988
2989 // Right now spectre-mitigated bounds checks will load from zero so
2990 // if host-based signal handlers are disabled then that's a mismatch
2991 // and doesn't work right now. Fixing this will require more thought
2992 // of how to implement the bounds check in spectre-only mode.
2993 if !ok {
2994 bail!(
2995 "when signals-based traps are disabled then spectre \
2996 mitigations must also be disabled"
2997 );
2998 }
2999 }
3000
3001 if features.contains(WasmFeatures::RELAXED_SIMD) && !features.contains(WasmFeatures::SIMD) {
3002 bail!("cannot disable the simd proposal but enable the relaxed simd proposal");
3003 }
3004
3005 if features.contains(WasmFeatures::STACK_SWITCHING) {
3006 use target_lexicon::OperatingSystem;
3007 let model = match target.operating_system {
3008 OperatingSystem::Windows => "update_windows_tib",
3009 OperatingSystem::Linux
3010 | OperatingSystem::MacOSX(_)
3011 | OperatingSystem::Darwin(_) => "basic",
3012 _ => bail!("stack-switching feature not supported on this platform "),
3013 };
3014
3015 if !self
3016 .compiler_config_mut()
3017 .ensure_setting_unset_or_given("stack_switch_model", model)
3018 {
3019 bail!(
3020 "compiler option 'stack_switch_model' must be set to '{model}' on this platform"
3021 );
3022 }
3023 }
3024
3025 // Apply compiler settings and flags
3026 compiler.set_tunables(tunables.clone())?;
3027 for (k, (v, _)) in self.compiler_config_mut().settings.iter() {
3028 compiler.set(k, v)?;
3029 }
3030 for (flag, _) in self.compiler_config_mut().flags.iter() {
3031 compiler.enable(flag)?;
3032 }
3033 *tunables = compiler.tunables().cloned().unwrap();
3034
3035 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
3036 if let Some(cache_store) = &self.compiler_config_mut().cache_store {
3037 compiler.enable_incremental_compilation(cache_store.clone())?;
3038 }
3039
3040 compiler.wmemcheck(self.compiler_config_mut().wmemcheck);
3041
3042 Ok((self, compiler.build()?))
3043 }
3044
3045 /// Internal setting for whether adapter modules for components will have
3046 /// extra WebAssembly instructions inserted performing more debug checks
3047 /// then are necessary.
3048 #[cfg(feature = "component-model")]
3049 pub fn debug_adapter_modules(&mut self, debug: bool) -> &mut Self {
3050 self.tunables.debug_adapter_modules = Some(debug);
3051 self
3052 }
3053
3054 /// Enables clif output when compiling a WebAssembly module.
3055 #[cfg(any(feature = "cranelift", feature = "winch"))]
3056 pub fn emit_clif(&mut self, path: &Path) -> &mut Self {
3057 self.compiler_config_mut().clif_dir = Some(path.to_path_buf());
3058 self
3059 }
3060
3061 /// Configures whether, when on macOS, Mach ports are used for exception
3062 /// handling instead of traditional Unix-based signal handling.
3063 ///
3064 /// WebAssembly traps in Wasmtime are implemented with native faults, for
3065 /// example a `SIGSEGV` will occur when a WebAssembly guest accesses
3066 /// out-of-bounds memory. Handling this can be configured to either use Unix
3067 /// signals or Mach ports on macOS. By default Mach ports are used.
3068 ///
3069 /// Mach ports enable Wasmtime to work by default with foreign
3070 /// error-handling systems such as breakpad which also use Mach ports to
3071 /// handle signals. In this situation Wasmtime will continue to handle guest
3072 /// faults gracefully while any non-guest faults will get forwarded to
3073 /// process-level handlers such as breakpad. Some more background on this
3074 /// can be found in #2456.
3075 ///
3076 /// A downside of using mach ports, however, is that they don't interact
3077 /// well with `fork()`. Forking a Wasmtime process on macOS will produce a
3078 /// child process that cannot successfully run WebAssembly. In this
3079 /// situation traditional Unix signal handling should be used as that's
3080 /// inherited and works across forks.
3081 ///
3082 /// If your embedding wants to use a custom error handler which leverages
3083 /// Mach ports and you additionally wish to `fork()` the process and use
3084 /// Wasmtime in the child process that's not currently possible. Please
3085 /// reach out to us if you're in this bucket!
3086 ///
3087 /// This option defaults to `true`, using Mach ports by default.
3088 pub fn macos_use_mach_ports(&mut self, mach_ports: bool) -> &mut Self {
3089 self.macos_use_mach_ports = mach_ports;
3090 self
3091 }
3092
3093 /// Configures an embedder-provided function, `detect`, which is used to
3094 /// determine if an ISA-specific feature is available on the current host.
3095 ///
3096 /// This function is used to verify that any features enabled for a compiler
3097 /// backend, such as AVX support on x86\_64, are also available on the host.
3098 /// It is undefined behavior to execute an AVX instruction on a host that
3099 /// doesn't support AVX instructions, for example.
3100 ///
3101 /// When the `std` feature is active on this crate then this function is
3102 /// configured to a default implementation that uses the standard library's
3103 /// feature detection. When the `std` feature is disabled then there is no
3104 /// default available and this method must be called to configure a feature
3105 /// probing function.
3106 ///
3107 /// The `detect` function provided is given a string name of an ISA feature.
3108 /// The function should then return:
3109 ///
3110 /// * `Some(true)` - indicates that the feature was found on the host and it
3111 /// is supported.
3112 /// * `Some(false)` - the feature name was recognized but it was not
3113 /// detected on the host, for example the CPU is too old.
3114 /// * `None` - the feature name was not recognized and it's not known
3115 /// whether it's on the host or not.
3116 ///
3117 /// Feature names passed to `detect` match the same feature name used in the
3118 /// Rust standard library. For example `"sse4.2"` is used on x86\_64.
3119 ///
3120 /// # Unsafety
3121 ///
3122 /// This function is `unsafe` because it is undefined behavior to execute
3123 /// instructions that a host does not support. This means that the result of
3124 /// `detect` must be correct for memory safe execution at runtime.
3125 pub unsafe fn detect_host_feature(&mut self, detect: fn(&str) -> Option<bool>) -> &mut Self {
3126 self.detect_host_feature = Some(detect);
3127 self
3128 }
3129
3130 /// Configures Wasmtime to not use signals-based trap handlers, for example
3131 /// disables `SIGILL` and `SIGSEGV` handler registration on Unix platforms.
3132 ///
3133 /// > **Note:** this option has important performance ramifications, be sure
3134 /// > to understand the implications. Wasm programs have been measured to
3135 /// > run up to 2x slower when signals-based traps are disabled.
3136 ///
3137 /// Wasmtime will by default leverage signals-based trap handlers (or the
3138 /// platform equivalent, for example "vectored exception handlers" on
3139 /// Windows) to make generated code more efficient. For example, when
3140 /// Wasmtime can use signals-based traps, it can elide explicit bounds
3141 /// checks for Wasm linear memory accesses, instead relying on virtual
3142 /// memory guard pages to raise a `SIGSEGV` (on Unix) for out-of-bounds
3143 /// accesses, which Wasmtime's runtime then catches and handles. Another
3144 /// example is divide-by-zero: with signals-based traps, Wasmtime can let
3145 /// the hardware raise a trap when the divisor is zero. Without
3146 /// signals-based traps, Wasmtime must explicitly emit additional
3147 /// instructions to check for zero and conditionally branch to a trapping
3148 /// code path.
3149 ///
3150 /// Some environments however may not have access to signal handlers. For
3151 /// example embedded scenarios may not support virtual memory. Other
3152 /// environments where Wasmtime is embedded within the surrounding
3153 /// environment may require that new signal handlers aren't registered due
3154 /// to the global nature of signal handlers. This option exists to disable
3155 /// the signal handler registration when required for these scenarios.
3156 ///
3157 /// When signals-based trap handlers are disabled, then Wasmtime and its
3158 /// generated code will *never* rely on segfaults or other
3159 /// signals. Generated code will be slower because bounds must be explicitly
3160 /// checked along with other conditions like division by zero.
3161 ///
3162 /// The following additional factors can also affect Wasmtime's ability to
3163 /// elide explicit bounds checks and leverage signals-based traps:
3164 ///
3165 /// * The [`Config::memory_reservation`] and [`Config::memory_guard_size`]
3166 /// settings
3167 /// * The index type of the linear memory (e.g. 32-bit or 64-bit)
3168 /// * The page size of the linear memory
3169 ///
3170 /// When this option is disabled, the
3171 /// `enable_heap_access_spectre_mitigation` and
3172 /// `enable_table_access_spectre_mitigation` Cranelift settings must also be
3173 /// disabled. This means that generated code must have spectre mitigations
3174 /// disabled. This is because spectre mitigations rely on faults from
3175 /// loading from the null address to implement bounds checks.
3176 ///
3177 /// This option defaults to `true`: signals-based trap handlers are enabled
3178 /// by default.
3179 ///
3180 /// > **Note:** Disabling this option is not compatible with the Winch
3181 /// > compiler.
3182 pub fn signals_based_traps(&mut self, enable: bool) -> &mut Self {
3183 self.tunables.signals_based_traps = Some(enable);
3184 self
3185 }
3186
3187 /// Enable/disable GC support in Wasmtime entirely.
3188 ///
3189 /// This flag can be used to gate whether GC infrastructure is enabled or
3190 /// initialized in Wasmtime at all. Wasmtime's GC implementation is required
3191 /// for the [`Self::wasm_gc`] proposal, [`Self::wasm_function_references`],
3192 /// and [`Self::wasm_exceptions`] at this time. None of those proposal can
3193 /// be enabled without also having this option enabled.
3194 ///
3195 /// This option defaults to whether the crate `gc` feature is enabled or
3196 /// not.
3197 pub fn gc_support(&mut self, enable: bool) -> &mut Self {
3198 self.wasm_features(WasmFeatures::GC_TYPES, enable)
3199 }
3200
3201 /// Explicitly indicate or not whether the host is using a hardware float
3202 /// ABI on x86 targets.
3203 ///
3204 /// This configuration option is only applicable on the
3205 /// `x86_64-unknown-none` Rust target and has no effect on other host
3206 /// targets. The `x86_64-unknown-none` Rust target does not support hardware
3207 /// floats by default and uses a "soft float" implementation and ABI. This
3208 /// means that `f32`, for example, is passed in a general-purpose register
3209 /// between functions instead of a floating-point register. This does not
3210 /// match Cranelift's ABI for `f32` where it's passed in floating-point
3211 /// registers. Cranelift does not have support for a "soft float"
3212 /// implementation where all floating-point operations are lowered to
3213 /// libcalls.
3214 ///
3215 /// This means that for the `x86_64-unknown-none` target the ABI between
3216 /// Wasmtime's libcalls and the host is incompatible when floats are used.
3217 /// This further means that, by default, Wasmtime is unable to load native
3218 /// code when compiled to the `x86_64-unknown-none` target. The purpose of
3219 /// this option is to explicitly allow loading code and bypass this check.
3220 ///
3221 /// Setting this configuration option to `true` indicates that either:
3222 /// (a) the Rust target is compiled with the hard-float ABI manually via
3223 /// `-Zbuild-std` and a custom target JSON configuration, or (b) sufficient
3224 /// x86 features have been enabled in the compiler such that float libcalls
3225 /// will not be used in Wasmtime. For (a) there is no way in Rust at this
3226 /// time to detect whether a hard-float or soft-float ABI is in use on
3227 /// stable Rust, so this manual opt-in is required. For (b) the only
3228 /// instance where Wasmtime passes a floating-point value in a register
3229 /// between the host and compiled wasm code is with libcalls.
3230 ///
3231 /// Float-based libcalls are only used when the compilation target for a
3232 /// wasm module has insufficient target features enabled for native
3233 /// support. For example SSE4.1 is required for the `f32.ceil` WebAssembly
3234 /// instruction to be compiled to a native instruction. If SSE4.1 is not
3235 /// enabled then `f32.ceil` is translated to a "libcall" which is
3236 /// implemented on the host. Float-based libcalls can be avoided with
3237 /// sufficient target features enabled, for example:
3238 ///
3239 /// * `self.cranelift_flag_enable("has_sse3")`
3240 /// * `self.cranelift_flag_enable("has_ssse3")`
3241 /// * `self.cranelift_flag_enable("has_sse41")`
3242 /// * `self.cranelift_flag_enable("has_sse42")`
3243 /// * `self.cranelift_flag_enable("has_fma")`
3244 ///
3245 /// Note that when these features are enabled Wasmtime will perform a
3246 /// runtime check to determine that the host actually has the feature
3247 /// present.
3248 ///
3249 /// For some more discussion see [#11506].
3250 ///
3251 /// [#11506]: https://github.com/bytecodealliance/wasmtime/issues/11506
3252 ///
3253 /// # Safety
3254 ///
3255 /// This method is not safe because it cannot be detected in Rust right now
3256 /// whether the host is compiled with a soft or hard float ABI. Additionally
3257 /// if the host is compiled with a soft float ABI disabling this check does
3258 /// not ensure that the wasm module in question has zero usage of floats
3259 /// in the boundary to the host.
3260 ///
3261 /// Safely using this method requires one of:
3262 ///
3263 /// * The host target is compiled to use hardware floats.
3264 /// * Wasm modules loaded are compiled with enough x86 Cranelift features
3265 /// enabled to avoid float-related hostcalls.
3266 pub unsafe fn x86_float_abi_ok(&mut self, enable: bool) -> &mut Self {
3267 self.x86_float_abi_ok = Some(enable);
3268 self
3269 }
3270
3271 /// Enable or disable the ability to create a
3272 /// [`SharedMemory`](crate::SharedMemory).
3273 ///
3274 /// The WebAssembly threads proposal, configured by [`Config::wasm_threads`]
3275 /// is on-by-default but there are enough deficiencies in Wasmtime's
3276 /// implementation and API integration that creation of a shared memory is
3277 /// disabled by default. This configuration knob can be used to enable this.
3278 ///
3279 /// When enabling this method be aware that wasm threads are, at this time,
3280 /// a [tier 2
3281 /// feature](https://docs.wasmtime.dev/stability-tiers.html#tier-2) in
3282 /// Wasmtime meaning that it will not receive security updates or fixes to
3283 /// historical releases. Additionally security CVEs will not be issued for
3284 /// bugs in the implementation.
3285 ///
3286 /// This option is `false` by default.
3287 pub fn shared_memory(&mut self, enable: bool) -> &mut Self {
3288 self.shared_memory = enable;
3289 self
3290 }
3291
3292 /// Specifies whether support for concurrent execution of WebAssembly is
3293 /// supported within this store.
3294 ///
3295 /// This configuration option affects whether runtime data structures are
3296 /// initialized within a `Store` on creation to support concurrent execution
3297 /// of WebAssembly guests. This is primarily applicable to the
3298 /// [`Config::wasm_component_model_async`] configuration which is the first
3299 /// time Wasmtime has supported concurrent execution of guests. This
3300 /// configuration option, for example, enables usage of
3301 /// [`Store::run_concurrent`], [`Func::call_concurrent`], [`StreamReader`],
3302 /// etc.
3303 ///
3304 /// This configuration option can be manually disabled to avoid initializing
3305 /// data structures in the [`Store`] related to concurrent execution. When
3306 /// this option is disabled then APIs related to concurrency will all fail
3307 /// with a panic. For example [`Store::run_concurrent`] will panic, creating
3308 /// a [`StreamReader`] will panic, etc.
3309 ///
3310 /// The value of this option additionally affects whether a [`Config`] is
3311 /// valid and the default set of enabled WebAssembly features. If this
3312 /// option is disabled then component-model features related to concurrency
3313 /// will all be disabled. If this option is enabled, then the options will
3314 /// retain their normal defaults. It is not valid to create a [`Config`]
3315 /// with component-model-async explicitly enabled and this option explicitly
3316 /// disabled, however.
3317 ///
3318 /// This option defaults to `true`.
3319 ///
3320 /// [`Store`]: crate::Store
3321 /// [`Store::run_concurrent`]: crate::Store::run_concurrent
3322 /// [`Func::call_concurrent`]: crate::component::Func::call_concurrent
3323 /// [`StreamReader`]: crate::component::StreamReader
3324 pub fn concurrency_support(&mut self, enable: bool) -> &mut Self {
3325 self.tunables.concurrency_support = Some(enable);
3326 self
3327 }
3328
3329 /// Validate if the current configuration has conflicting overrides that prevent
3330 /// execution determinism. Returns an error if a conflict exists.
3331 ///
3332 /// Note: Keep this in sync with [`Config::enforce_determinism`].
3333 #[inline]
3334 #[cfg(feature = "rr")]
3335 pub(crate) fn validate_rr_determinism_conflicts(&self) -> Result<()> {
3336 if let Some(v) = self.tunables.relaxed_simd_deterministic {
3337 if v == false {
3338 bail!("Relaxed deterministic SIMD cannot be disabled when determinism is enforced");
3339 }
3340 }
3341 #[cfg(any(feature = "cranelift", feature = "winch"))]
3342 if let Some((v, _)) = self
3343 .compiler_config
3344 .as_ref()
3345 .and_then(|c| c.settings.get("enable_nan_canonicalization"))
3346 {
3347 if v != "true" {
3348 bail!("NaN canonicalization cannot be disabled when determinism is enforced");
3349 }
3350 }
3351 Ok(())
3352 }
3353
3354 /// Enable execution trace recording or replaying to the configuration.
3355 ///
3356 /// When either recording/replaying are enabled, validation fails if settings
3357 /// that control determinism are not set appropriately. In particular, RR requires
3358 /// doing the following:
3359 /// * Enabling NaN canonicalization with [`Config::cranelift_nan_canonicalization`].
3360 /// * Enabling deterministic relaxed SIMD with [`Config::relaxed_simd_deterministic`].
3361 #[inline]
3362 pub fn rr(&mut self, cfg: RRConfig) -> &mut Self {
3363 self.rr_config = cfg;
3364 self
3365 }
3366
3367 /// Whether or not trap metadata is generated in compiled wasms for internal
3368 /// asserts in the compiled code itself.
3369 ///
3370 /// Wasmtime inserts metadata within compiled artifacts which contain a
3371 /// table of known trap codes for all instructions. If a trap via a signal
3372 /// happens, and it's not listed in these tables, then that's considered a
3373 /// fatal bug that crashes the process. This option controls whether trap
3374 /// codes are inserted into metadata for internal asserts as part of
3375 /// Wasmtime's translation process. These internal asserts should never be
3376 /// triggered, but if they are then the process dies with a signal.
3377 ///
3378 /// Inserting trap metadata into compiled artifacts can take extra space in
3379 /// the final artifact. The trap tables for the artifact will be larger as
3380 /// they contain more trap codes to contain.
3381 ///
3382 /// This is intended as a debugging option and is set to `false` by
3383 /// default.
3384 pub fn metadata_for_internal_asserts(&mut self, enable: bool) -> &mut Self {
3385 self.tunables.metadata_for_internal_asserts = Some(enable);
3386 self
3387 }
3388
3389 /// Whether or not trap metadata is generated in compiled wasms for
3390 /// detection of corruption in the GC heap.
3391 ///
3392 /// For more information about what metadata is in this scenario, see
3393 /// [`Config::metadata_for_internal_asserts`]. Note, though, that this
3394 /// option is enabled by default unlike internal asserts. This is intended
3395 /// as a defense-in-depth option for generated code in the face of GC heap
3396 /// corruption. If the GC heap is corrupted and is detected then the
3397 /// trapping instruction will be gracefully handled and delivered to the
3398 /// embedder. Otherwise if this option were set to `false` then the process
3399 /// would be aborted due to a signal.
3400 pub fn metadata_for_gc_heap_corruption(&mut self, enable: bool) -> &mut Self {
3401 self.tunables.metadata_for_gc_heap_corruption = Some(enable);
3402 self
3403 }
3404}
3405
3406impl Default for Config {
3407 fn default() -> Config {
3408 Config::new()
3409 }
3410}
3411
3412impl fmt::Debug for Config {
3413 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
3414 let mut f = f.debug_struct("Config");
3415
3416 // Not every flag in WasmFeatures can be enabled as part of creating
3417 // a Config. This impl gives a complete picture of all WasmFeatures
3418 // enabled, and doesn't require maintenance by hand (which has become out
3419 // of date in the past), at the cost of possible confusion for why
3420 // a flag in this set doesn't have a Config setter.
3421 let features = self.features();
3422 for flag in WasmFeatures::FLAGS.iter() {
3423 f.field(
3424 &format!("wasm_{}", flag.name().to_lowercase()),
3425 &features.contains(*flag.value()),
3426 );
3427 }
3428
3429 f.field("parallel_compilation", &self.parallel_compilation);
3430 #[cfg(any(feature = "cranelift", feature = "winch"))]
3431 {
3432 f.field("compiler_config", &self.compiler_config);
3433 }
3434
3435 self.tunables.format(&mut f);
3436 f.finish()
3437 }
3438}
3439
3440/// Possible Compilation strategies for a wasm module.
3441///
3442/// This is used as an argument to the [`Config::strategy`] method.
3443#[non_exhaustive]
3444#[derive(PartialEq, Eq, Clone, Debug, Copy)]
3445pub enum Strategy {
3446 /// An indicator that the compilation strategy should be automatically
3447 /// selected.
3448 ///
3449 /// This is generally what you want for most projects and indicates that the
3450 /// `wasmtime` crate itself should make the decision about what the best
3451 /// code generator for a wasm module is.
3452 ///
3453 /// Currently this always defaults to Cranelift, but the default value may
3454 /// change over time.
3455 Auto,
3456
3457 /// Currently the default backend, Cranelift aims to be a reasonably fast
3458 /// code generator which generates high quality machine code.
3459 Cranelift,
3460
3461 /// A low-latency baseline compiler for WebAssembly.
3462 /// For more details regarding ISA support and Wasm proposals support
3463 /// see <https://docs.wasmtime.dev/stability-tiers.html#current-tier-status>
3464 Winch,
3465}
3466
3467#[cfg(any(feature = "winch", feature = "cranelift"))]
3468impl Strategy {
3469 fn not_auto(&self) -> Option<Strategy> {
3470 match self {
3471 Strategy::Auto => {
3472 if cfg!(feature = "cranelift") {
3473 Some(Strategy::Cranelift)
3474 } else if cfg!(feature = "winch") {
3475 Some(Strategy::Winch)
3476 } else {
3477 None
3478 }
3479 }
3480 other => Some(*other),
3481 }
3482 }
3483}
3484
3485/// Possible garbage collector implementations for Wasm.
3486///
3487/// This is used as an argument to the [`Config::collector`] method.
3488///
3489/// The properties of Wasmtime's available collectors are summarized in the
3490/// following table:
3491///
3492/// | Collector | Collects Garbage[^1] | Latency[^2] | Throughput[^3] | Allocation Speed[^4] | Heap Utilization[^5] |
3493/// |-----------------------------|-----------------------|-------------|----------------|----------------------|----------------------|
3494/// | `Copying` | Yes, including cycles | 🙁 | 🙂 | 🙂 | 🙁 |
3495/// | `DeferredReferenceCounting` | Yes, but not cycles | 🙂 | 🙁 | 😐 | 😐 |
3496/// | `Null` | No | 🙂 | 🙂 | 🙂 | 🙂 |
3497///
3498/// [^1]: Whether or not the collector is capable of collecting garbage and cyclic garbage.
3499///
3500/// [^2]: How long the Wasm program is paused during garbage
3501/// collections. Shorter is better. In general, better latency implies
3502/// worse throughput and vice versa.
3503///
3504/// [^3]: How fast the Wasm program runs when using this collector. Roughly
3505/// equivalent to the number of Wasm instructions executed per
3506/// second. Faster is better. In general, better throughput implies worse
3507/// latency and vice versa.
3508///
3509/// [^4]: How fast can individual objects be allocated?
3510///
3511/// [^5]: How many objects can the collector fit into N bytes of memory? That
3512/// is, how much space for bookkeeping and metadata does this collector
3513/// require? Less space taken up by metadata means more space for
3514/// additional objects. Reference counts are larger than mark bits and
3515/// free lists are larger than bump pointers, for example.
3516#[non_exhaustive]
3517#[derive(PartialEq, Eq, Clone, Debug, Copy)]
3518pub enum Collector {
3519 /// An indicator that the garbage collector should be automatically
3520 /// selected.
3521 ///
3522 /// This is generally what you want for most projects and indicates that the
3523 /// `wasmtime` crate itself should make the decision about what the best
3524 /// collector to use is.
3525 ///
3526 /// Currently this always defaults to the copying collector, but the default
3527 /// value may change over time.
3528 Auto,
3529
3530 /// The deferred reference-counting collector.
3531 ///
3532 /// A reference-counting collector, generally trading improved latency for
3533 /// worsened throughput. However, to avoid the largest overheads of
3534 /// reference counting, it avoids manipulating reference counts for Wasm
3535 /// objects on the stack. Instead, it will hold a reference count for an
3536 /// over-approximation of all objects that are currently on the stack, trace
3537 /// the stack during collection to find the precise set of on-stack roots,
3538 /// and decrement the reference count of any object that was in the
3539 /// over-approximation but not the precise set. This improves throughput,
3540 /// compared to "pure" reference counting, by performing many fewer
3541 /// refcount-increment and -decrement operations. The cost is the increased
3542 /// latency associated with tracing the stack.
3543 ///
3544 /// This collector cannot currently collect cycles; they will leak until the
3545 /// GC heap's store is dropped.
3546 DeferredReferenceCounting,
3547
3548 /// The null collector.
3549 ///
3550 /// This collector does not actually collect any garbage. It simply
3551 /// allocates objects until it runs out of memory, at which point further
3552 /// objects allocation attempts will trap.
3553 ///
3554 /// This collector is useful for incredibly short-running Wasm instances
3555 /// where additionally you would rather halt an over-allocating Wasm program
3556 /// than spend time collecting its garbage to allow it to keep running. It
3557 /// is also useful for measuring the overheads associated with other
3558 /// collectors, as this collector imposes as close to zero throughput and
3559 /// latency overhead as possible.
3560 Null,
3561
3562 /// The copying collector.
3563 ///
3564 /// A tracing collector that splits the GC heap in half, bump-allocates
3565 /// objects in one half until it fills up, and then does a GC and copies
3566 /// live objects into the other half, and repeats the process. It has fast
3567 /// allocation, collects cyclic garbage, and good collection throughput,
3568 /// however it suffers from poor latency due to its stop-the-world
3569 /// collections and poor heap utilization due to only using half the GC
3570 /// heap's full capacity at any given time.
3571 ///
3572 /// Note that this collector is still under construction and is not yet
3573 /// functional.
3574 Copying,
3575}
3576
3577impl Default for Collector {
3578 fn default() -> Collector {
3579 Collector::Auto
3580 }
3581}
3582
3583#[cfg(feature = "gc")]
3584impl Collector {
3585 fn not_auto(&self) -> Option<Collector> {
3586 match self {
3587 Collector::Auto => {
3588 if cfg!(feature = "gc-copying") {
3589 Some(Collector::Copying)
3590 } else if cfg!(feature = "gc-drc") {
3591 Some(Collector::DeferredReferenceCounting)
3592 } else if cfg!(feature = "gc-null") {
3593 Some(Collector::Null)
3594 } else {
3595 None
3596 }
3597 }
3598 other => Some(*other),
3599 }
3600 }
3601
3602 fn try_not_auto(&self) -> Result<Self> {
3603 match self.not_auto() {
3604 #[cfg(feature = "gc-drc")]
3605 Some(c @ Collector::DeferredReferenceCounting) => Ok(c),
3606 #[cfg(not(feature = "gc-drc"))]
3607 Some(Collector::DeferredReferenceCounting) => bail!(
3608 "cannot create an engine using the deferred reference-counting \
3609 collector because the `gc-drc` feature was not enabled at \
3610 compile time",
3611 ),
3612
3613 #[cfg(feature = "gc-null")]
3614 Some(c @ Collector::Null) => Ok(c),
3615 #[cfg(not(feature = "gc-null"))]
3616 Some(Collector::Null) => bail!(
3617 "cannot create an engine using the null collector because \
3618 the `gc-null` feature was not enabled at compile time",
3619 ),
3620
3621 #[cfg(feature = "gc-copying")]
3622 Some(c @ Collector::Copying) => Ok(c),
3623 #[cfg(not(feature = "gc-copying"))]
3624 Some(Collector::Copying) => bail!(
3625 "cannot create an engine using the copying collector because \
3626 the `gc-copying` feature was not enabled at compile time",
3627 ),
3628
3629 Some(Collector::Auto) => unreachable!(),
3630
3631 None => bail!(
3632 "cannot create an engine with GC support when none of the \
3633 collectors are available; enable one of the following \
3634 features: `gc-drc`, `gc-null`, `gc-copying`",
3635 ),
3636 }
3637 }
3638}
3639
3640/// Possible optimization levels for the Cranelift codegen backend.
3641#[non_exhaustive]
3642#[derive(Copy, Clone, Debug, Eq, PartialEq)]
3643pub enum OptLevel {
3644 /// No optimizations performed, minimizes compilation time by disabling most
3645 /// optimizations.
3646 None,
3647 /// Generates the fastest possible code, but may take longer.
3648 Speed,
3649 /// Similar to `speed`, but also performs transformations aimed at reducing
3650 /// code size.
3651 SpeedAndSize,
3652}
3653
3654/// Possible register allocator algorithms for the Cranelift codegen backend.
3655#[non_exhaustive]
3656#[derive(Copy, Clone, Debug, Eq, PartialEq)]
3657pub enum RegallocAlgorithm {
3658 /// Generates the fastest possible code, but may take longer.
3659 ///
3660 /// This algorithm performs "backtracking", which means that it may
3661 /// undo its earlier work and retry as it discovers conflicts. This
3662 /// results in better register utilization, producing fewer spills
3663 /// and moves, but can cause super-linear compile runtime.
3664 Backtracking,
3665 /// Generates acceptable code very quickly.
3666 ///
3667 /// This algorithm performs a single pass through the code,
3668 /// guaranteed to work in linear time. (Note that the rest of
3669 /// Cranelift is not necessarily guaranteed to run in linear time,
3670 /// however.) It cannot undo earlier decisions, however, and it
3671 /// cannot foresee constraints or issues that may occur further
3672 /// ahead in the code, so the code may have more spills and moves as
3673 /// a result.
3674 ///
3675 /// > **Note**: This algorithm is not yet production-ready and has
3676 /// > historically had known problems. It is not recommended to enable this
3677 /// > algorithm for security-sensitive applications and the Wasmtime project
3678 /// > does not consider this configuration option for issuing security
3679 /// > advisories at this time.
3680 SinglePass,
3681}
3682
3683/// Select which profiling technique to support.
3684#[derive(Debug, Clone, Copy, PartialEq)]
3685pub enum ProfilingStrategy {
3686 /// No profiler support.
3687 None,
3688
3689 /// Collect function name information as the "perf map" file format, used with `perf` on Linux.
3690 PerfMap,
3691
3692 /// Collect profiling info for "jitdump" file format, used with `perf` on
3693 /// Linux.
3694 JitDump,
3695
3696 /// Collect profiling info using the "ittapi", used with `VTune` on Linux.
3697 VTune,
3698
3699 /// Support for profiling Pulley, Wasmtime's interpreter. Note that enabling
3700 /// this at runtime requires enabling the `profile-pulley` Cargo feature at
3701 /// compile time.
3702 Pulley,
3703}
3704
3705/// Select how wasm backtrace detailed information is handled.
3706#[derive(Debug, Clone, Copy)]
3707pub enum WasmBacktraceDetails {
3708 /// Support is unconditionally enabled and wasmtime will parse and read
3709 /// debug information.
3710 Enable,
3711
3712 /// Support is disabled, and wasmtime will not parse debug information for
3713 /// backtrace details.
3714 Disable,
3715
3716 /// Support for backtrace details is conditional on the
3717 /// `WASMTIME_BACKTRACE_DETAILS` environment variable.
3718 Environment,
3719}
3720
3721/// Describe the tri-state configuration of keys such as MPK or PAGEMAP_SCAN.
3722#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
3723pub enum Enabled {
3724 /// Enable this feature if it's detected on the host system, otherwise leave
3725 /// it disabled.
3726 Auto,
3727 /// Enable this feature and fail configuration if the feature is not
3728 /// detected on the host system.
3729 Yes,
3730 /// Do not enable this feature, even if the host system supports it.
3731 No,
3732}
3733
3734/// Configuration options used with [`InstanceAllocationStrategy::Pooling`] to
3735/// change the behavior of the pooling instance allocator.
3736///
3737/// This structure has a builder-style API in the same manner as [`Config`] and
3738/// is configured with [`Config::allocation_strategy`].
3739///
3740/// Note that usage of the pooling allocator does not affect compiled
3741/// WebAssembly code. Compiled `*.cwasm` files, for example, are usable both
3742/// with and without the pooling allocator.
3743///
3744/// ## Advantages of Pooled Allocation
3745///
3746/// The main benefit of the pooling allocator is to make WebAssembly
3747/// instantiation both faster and more scalable in terms of parallelism.
3748/// Allocation is faster because virtual memory is already configured and ready
3749/// to go within the pool, there's no need to [`mmap`] (for example on Unix) a
3750/// new region and configure it with guard pages. By avoiding [`mmap`] this
3751/// avoids whole-process virtual memory locks which can improve scalability and
3752/// performance through avoiding this.
3753///
3754/// Additionally with pooled allocation it's possible to create "affine slots"
3755/// to a particular WebAssembly module or component over time. For example if
3756/// the same module is multiple times over time the pooling allocator will, by
3757/// default, attempt to reuse the same slot. This mean that the slot has been
3758/// pre-configured and can retain virtual memory mappings for a copy-on-write
3759/// image, for example (see [`Config::memory_init_cow`] for more information.
3760/// This means that in a steady state instance deallocation is a single
3761/// [`madvise`] to reset linear memory to its original contents followed by a
3762/// single (optional) [`mprotect`] during the next instantiation to shrink
3763/// memory back to its original size. Compared to non-pooled allocation this
3764/// avoids the need to [`mmap`] a new region of memory, [`munmap`] it, and
3765/// [`mprotect`] regions too.
3766///
3767/// Another benefit of pooled allocation is that it's possible to configure
3768/// things such that no virtual memory management is required at all in a steady
3769/// state. For example a pooling allocator can be configured with:
3770///
3771/// * [`Config::memory_init_cow`] disabled
3772/// * [`Config::memory_guard_size`] disabled
3773/// * [`Config::memory_reservation`] shrunk to minimal size
3774/// * [`PoolingAllocationConfig::table_keep_resident`] sufficiently large
3775/// * [`PoolingAllocationConfig::linear_memory_keep_resident`] sufficiently large
3776///
3777/// With all these options in place no virtual memory tricks are used at all and
3778/// everything is manually managed by Wasmtime (for example resetting memory is
3779/// a `memset(0)`). This is not as fast in a single-threaded scenario but can
3780/// provide benefits in high-parallelism situations as no virtual memory locks
3781/// or IPIs need happen.
3782///
3783/// ## Disadvantages of Pooled Allocation
3784///
3785/// Despite the above advantages to instantiation performance the pooling
3786/// allocator is not enabled by default in Wasmtime. One reason is that the
3787/// performance advantages are not necessarily portable, for example while the
3788/// pooling allocator works on Windows it has not been tuned for performance on
3789/// Windows in the same way it has on Linux.
3790///
3791/// Additionally the main cost of the pooling allocator is that it requires a
3792/// very large reservation of virtual memory (on the order of most of the
3793/// addressable virtual address space). WebAssembly 32-bit linear memories in
3794/// Wasmtime are, by default 4G address space reservations with a small guard
3795/// region both before and after the linear memory. Memories in the pooling
3796/// allocator are contiguous which means that we only need a guard after linear
3797/// memory because the previous linear memory's slot post-guard is our own
3798/// pre-guard. This means that, by default, the pooling allocator uses roughly
3799/// 4G of virtual memory per WebAssembly linear memory slot. 4G of virtual
3800/// memory is 32 bits of a 64-bit address. Many 64-bit systems can only
3801/// actually use 48-bit addresses by default (although this can be extended on
3802/// architectures nowadays too), and of those 48 bits one of them is reserved
3803/// to indicate kernel-vs-userspace. This leaves 47-32=15 bits left,
3804/// meaning you can only have at most 32k slots of linear memories on many
3805/// systems by default. This is a relatively small number and shows how the
3806/// pooling allocator can quickly exhaust all of virtual memory.
3807///
3808/// Another disadvantage of the pooling allocator is that it may keep memory
3809/// alive when nothing is using it. A previously used slot for an instance might
3810/// have paged-in memory that will not get paged out until the
3811/// [`Engine`] owning the pooling allocator is dropped. While
3812/// suitable for some applications this behavior may not be suitable for all
3813/// applications.
3814///
3815/// Finally the last disadvantage of the pooling allocator is that the
3816/// configuration values for the maximum number of instances, memories, tables,
3817/// etc, must all be fixed up-front. There's not always a clear answer as to
3818/// what these values should be so not all applications may be able to work
3819/// with this constraint.
3820///
3821/// [`madvise`]: https://man7.org/linux/man-pages/man2/madvise.2.html
3822/// [`mprotect`]: https://man7.org/linux/man-pages/man2/mprotect.2.html
3823/// [`mmap`]: https://man7.org/linux/man-pages/man2/mmap.2.html
3824/// [`munmap`]: https://man7.org/linux/man-pages/man2/munmap.2.html
3825#[derive(Debug, Clone)]
3826pub struct PoolingAllocationConfig {
3827 /// See `PoolingAllocatorConfig::max_unused_warm_slots` in `wasmtime`
3828 pub(crate) max_unused_warm_slots: u32,
3829 /// The target number of decommits to do per batch. This is not precise, as
3830 /// we can queue up decommits at times when we aren't prepared to
3831 /// immediately flush them, and so we may go over this target size
3832 /// occasionally.
3833 pub(crate) decommit_batch_size: usize,
3834 /// The size, in bytes, of async stacks to allocate (not including the guard
3835 /// page).
3836 #[cfg_attr(
3837 not(all(feature = "async", feature = "pooling-allocator")),
3838 expect(dead_code, reason = "easier to cfg")
3839 )]
3840 pub(crate) stack_size: usize,
3841 /// The limits to apply to instances allocated within this allocator.
3842 pub(crate) limits: InstanceLimits,
3843 /// Whether or not async stacks are zeroed after use.
3844 #[cfg_attr(
3845 not(all(feature = "async", feature = "pooling-allocator")),
3846 expect(dead_code, reason = "easier to cfg")
3847 )]
3848 pub(crate) async_stack_zeroing: bool,
3849 /// If async stack zeroing is enabled and the host platform is Linux this is
3850 /// how much memory to zero out with `memset`.
3851 ///
3852 /// The rest of memory will be zeroed out with `madvise`.
3853 pub(crate) async_stack_keep_resident: usize,
3854 /// How much linear memory, in bytes, to keep resident after resetting for
3855 /// use with the next instance. This much memory will be `memset` to zero
3856 /// when a linear memory is deallocated.
3857 ///
3858 /// Memory exceeding this amount in the wasm linear memory will be released
3859 /// with `madvise` back to the kernel.
3860 ///
3861 /// Only applicable on Linux.
3862 pub(crate) linear_memory_keep_resident: usize,
3863 /// Same as `linear_memory_keep_resident` but for tables.
3864 pub(crate) table_keep_resident: usize,
3865 /// Whether to enable memory protection keys.
3866 pub(crate) memory_protection_keys: Enabled,
3867 /// How many memory protection keys to allocate.
3868 pub(crate) max_memory_protection_keys: usize,
3869 /// Whether to enable PAGEMAP_SCAN on Linux.
3870 pub(crate) pagemap_scan: Enabled,
3871}
3872
3873impl Default for PoolingAllocationConfig {
3874 fn default() -> Self {
3875 Self {
3876 max_unused_warm_slots: 100,
3877 decommit_batch_size: 1,
3878 stack_size: 2 << 20,
3879 limits: InstanceLimits::default(),
3880 async_stack_zeroing: false,
3881 async_stack_keep_resident: 0,
3882 linear_memory_keep_resident: 0,
3883 table_keep_resident: 0,
3884 memory_protection_keys: Enabled::No,
3885 max_memory_protection_keys: 16,
3886 pagemap_scan: Enabled::No,
3887 }
3888 }
3889}
3890
3891/// Instance-related limit configuration for pooling.
3892///
3893/// More docs on this can be found at `wasmtime::PoolingAllocationConfig`.
3894#[derive(Debug, Copy, Clone)]
3895pub(crate) struct InstanceLimits {
3896 /// The maximum number of component instances that may be allocated
3897 /// concurrently.
3898 pub(crate) total_component_instances: u32,
3899
3900 /// The maximum size of a component's `VMComponentContext`, including
3901 /// the aggregate size of all its inner core modules' `VMContext` sizes.
3902 pub(crate) component_instance_size: usize,
3903
3904 /// The maximum number of core module instances that may be allocated
3905 /// concurrently.
3906 pub(crate) total_core_instances: u32,
3907
3908 /// The maximum number of core module instances that a single component may
3909 /// transitively contain.
3910 pub(crate) max_core_instances_per_component: u32,
3911
3912 /// The maximum number of Wasm linear memories that a component may
3913 /// transitively contain.
3914 pub(crate) max_memories_per_component: u32,
3915
3916 /// The maximum number of tables that a component may transitively contain.
3917 pub(crate) max_tables_per_component: u32,
3918
3919 /// The total number of linear memories in the pool, across all instances.
3920 pub(crate) total_memories: u32,
3921
3922 /// The total number of tables in the pool, across all instances.
3923 pub(crate) total_tables: u32,
3924
3925 /// The total number of async stacks in the pool, across all instances.
3926 pub(crate) total_stacks: u32,
3927
3928 /// Maximum size of a core instance's `VMContext`.
3929 pub(crate) core_instance_size: usize,
3930
3931 /// Maximum number of tables per instance.
3932 pub(crate) max_tables_per_module: u32,
3933
3934 /// Maximum number of word-size elements per table.
3935 ///
3936 /// Note that tables for element types such as continuations
3937 /// that use more than one word of storage may store fewer
3938 /// elements.
3939 pub(crate) table_elements: usize,
3940
3941 /// Maximum number of linear memories per instance.
3942 pub(crate) max_memories_per_module: u32,
3943
3944 /// Maximum byte size of a linear memory, must be smaller than
3945 /// `memory_reservation` in `Tunables`.
3946 pub(crate) max_memory_size: usize,
3947
3948 /// The total number of GC heaps in the pool, across all instances.
3949 pub(crate) total_gc_heaps: u32,
3950}
3951
3952impl Default for InstanceLimits {
3953 fn default() -> Self {
3954 let total = if cfg!(target_pointer_width = "32") {
3955 100
3956 } else {
3957 1000
3958 };
3959 // See doc comments for `wasmtime::PoolingAllocationConfig` for these
3960 // default values
3961 Self {
3962 total_component_instances: total,
3963 component_instance_size: 1 << 20, // 1 MiB
3964 total_core_instances: total,
3965 max_core_instances_per_component: u32::MAX,
3966 max_memories_per_component: u32::MAX,
3967 max_tables_per_component: u32::MAX,
3968 total_memories: total,
3969 total_tables: total,
3970 total_stacks: total,
3971 core_instance_size: 1 << 20, // 1 MiB
3972 max_tables_per_module: 1,
3973 // NB: in #8504 it was seen that a C# module in debug module can
3974 // have 10k+ elements.
3975 table_elements: 20_000,
3976 max_memories_per_module: 1,
3977 #[cfg(target_pointer_width = "64")]
3978 max_memory_size: 1 << 32, // 4G,
3979 #[cfg(target_pointer_width = "32")]
3980 max_memory_size: 10 << 20, // 10 MiB
3981 total_gc_heaps: total,
3982 }
3983 }
3984}
3985
3986impl PoolingAllocationConfig {
3987 /// Returns a new configuration builder with all default settings
3988 /// configured.
3989 pub fn new() -> PoolingAllocationConfig {
3990 PoolingAllocationConfig::default()
3991 }
3992
3993 /// Configures the maximum number of "unused warm slots" to retain in the
3994 /// pooling allocator.
3995 ///
3996 /// The pooling allocator operates over slots to allocate from, and each
3997 /// slot is considered "cold" if it's never been used before or "warm" if
3998 /// it's been used by some module in the past. Slots in the pooling
3999 /// allocator additionally track an "affinity" flag to a particular core
4000 /// wasm module. When a module is instantiated into a slot then the slot is
4001 /// considered affine to that module, even after the instance has been
4002 /// deallocated.
4003 ///
4004 /// When a new instance is created then a slot must be chosen, and the
4005 /// current algorithm for selecting a slot is:
4006 ///
4007 /// * If there are slots that are affine to the module being instantiated,
4008 /// then the most recently used slot is selected to be allocated from.
4009 /// This is done to improve reuse of resources such as memory mappings and
4010 /// additionally try to benefit from temporal locality for things like
4011 /// caches.
4012 ///
4013 /// * Otherwise if there are more than N affine slots to other modules, then
4014 /// one of those affine slots is chosen to be allocated. The slot chosen
4015 /// is picked on a least-recently-used basis.
4016 ///
4017 /// * Finally, if there are less than N affine slots to other modules, then
4018 /// the non-affine slots are allocated from.
4019 ///
4020 /// This setting, `max_unused_warm_slots`, is the value for N in the above
4021 /// algorithm. The purpose of this setting is to have a knob over the RSS
4022 /// impact of "unused slots" for a long-running wasm server.
4023 ///
4024 /// If this setting is set to 0, for example, then affine slots are
4025 /// aggressively reused on a least-recently-used basis. A "cold" slot is
4026 /// only used if there are no affine slots available to allocate from. This
4027 /// means that the set of slots used over the lifetime of a program is the
4028 /// same as the maximum concurrent number of wasm instances.
4029 ///
4030 /// If this setting is set to infinity, however, then cold slots are
4031 /// prioritized to be allocated from. This means that the set of slots used
4032 /// over the lifetime of a program will approach
4033 /// [`PoolingAllocationConfig::total_memories`], or the maximum number of
4034 /// slots in the pooling allocator.
4035 ///
4036 /// Wasmtime does not aggressively decommit all resources associated with a
4037 /// slot when the slot is not in use. For example the
4038 /// [`PoolingAllocationConfig::linear_memory_keep_resident`] option can be
4039 /// used to keep memory associated with a slot, even when it's not in use.
4040 /// This means that the total set of used slots in the pooling instance
4041 /// allocator can impact the overall RSS usage of a program.
4042 ///
4043 /// The default value for this option is `100`.
4044 pub fn max_unused_warm_slots(&mut self, max: u32) -> &mut Self {
4045 self.max_unused_warm_slots = max;
4046 self
4047 }
4048
4049 /// The target number of decommits to do per batch.
4050 ///
4051 /// This is not precise, as we can queue up decommits at times when we
4052 /// aren't prepared to immediately flush them, and so we may go over this
4053 /// target size occasionally.
4054 ///
4055 /// Note additionally that the queue of not-yet-decommitted entities is
4056 /// sharded to reduce lock contention: one shard per available CPU, capped
4057 /// at 16. Each shard batches up to this many decommits independently,
4058 /// meaning that up to `min(available_parallelism, 16) * (batch_size - 1)`
4059 /// decommits may be queued and not yet flushed at any given time.
4060 ///
4061 /// A batch size of one effectively disables batching.
4062 ///
4063 /// Defaults to `1`.
4064 pub fn decommit_batch_size(&mut self, batch_size: usize) -> &mut Self {
4065 self.decommit_batch_size = batch_size;
4066 self
4067 }
4068
4069 /// How much memory, in bytes, to keep resident for async stacks allocated
4070 /// with the pooling allocator.
4071 ///
4072 /// When [`Config::async_stack_zeroing`] is enabled then Wasmtime will reset
4073 /// the contents of async stacks back to zero upon deallocation. This option
4074 /// can be used to perform the zeroing operation with `memset` up to a
4075 /// certain threshold of bytes instead of using system calls to reset the
4076 /// stack to zero.
4077 ///
4078 /// Note that when using this option the memory with async stacks will
4079 /// never be decommitted.
4080 pub fn async_stack_keep_resident(&mut self, size: usize) -> &mut Self {
4081 self.async_stack_keep_resident = size;
4082 self
4083 }
4084
4085 /// How much memory, in bytes, to keep resident for each linear memory
4086 /// after deallocation.
4087 ///
4088 /// This option is only applicable on Linux and has no effect on other
4089 /// platforms.
4090 ///
4091 /// By default Wasmtime will use `madvise` to reset the entire contents of
4092 /// linear memory back to zero when a linear memory is deallocated. This
4093 /// option can be used to use `memset` instead to set memory back to zero
4094 /// which can, in some configurations, reduce the number of page faults
4095 /// taken when a slot is reused.
4096 pub fn linear_memory_keep_resident(&mut self, size: usize) -> &mut Self {
4097 self.linear_memory_keep_resident = size;
4098 self
4099 }
4100
4101 /// How much memory, in bytes, to keep resident for each table after
4102 /// deallocation.
4103 ///
4104 /// This option is only applicable on Linux and has no effect on other
4105 /// platforms.
4106 ///
4107 /// This option is the same as
4108 /// [`PoolingAllocationConfig::linear_memory_keep_resident`] except that it
4109 /// is applicable to tables instead.
4110 pub fn table_keep_resident(&mut self, size: usize) -> &mut Self {
4111 self.table_keep_resident = size;
4112 self
4113 }
4114
4115 /// The maximum number of concurrent component instances supported (default
4116 /// is `1000`).
4117 ///
4118 /// This provides an upper-bound on the total size of component
4119 /// metadata-related allocations, along with
4120 /// [`PoolingAllocationConfig::max_component_instance_size`]. The upper bound is
4121 ///
4122 /// ```text
4123 /// total_component_instances * max_component_instance_size
4124 /// ```
4125 ///
4126 /// where `max_component_instance_size` is rounded up to the size and alignment
4127 /// of the internal representation of the metadata.
4128 pub fn total_component_instances(&mut self, count: u32) -> &mut Self {
4129 self.limits.total_component_instances = count;
4130 self
4131 }
4132
4133 /// The maximum size, in bytes, allocated for a component instance's
4134 /// `VMComponentContext` metadata as well as the aggregate size of this
4135 /// component's core instances `VMContext` metadata.
4136 ///
4137 /// The [`wasmtime::component::Instance`][crate::component::Instance] type
4138 /// has a static size but its internal `VMComponentContext` is dynamically
4139 /// sized depending on the component being instantiated. This size limit
4140 /// loosely correlates to the size of the component, taking into account
4141 /// factors such as:
4142 ///
4143 /// * number of lifted and lowered functions,
4144 /// * number of memories
4145 /// * number of inner instances
4146 /// * number of resources
4147 ///
4148 /// If the allocated size per instance is too small then instantiation of a
4149 /// module will fail at runtime with an error indicating how many bytes were
4150 /// needed.
4151 ///
4152 /// In addition to the memory in the runtime for the component itself,
4153 /// components contain one or more core module instances. Each of these
4154 /// require some memory in the runtime as described in
4155 /// [`PoolingAllocationConfig::max_core_instance_size`]. The limit here
4156 /// applies against the sum of all of these individual allocations.
4157 ///
4158 /// The default value for this is 1MiB.
4159 ///
4160 /// This provides an upper-bound on the total size of all component's
4161 /// metadata-related allocations (for both the component and its embedded
4162 /// core module instances), along with
4163 /// [`PoolingAllocationConfig::total_component_instances`]. The upper bound is
4164 ///
4165 /// ```text
4166 /// total_component_instances * max_component_instance_size
4167 /// ```
4168 ///
4169 /// where `max_component_instance_size` is rounded up to the size and alignment
4170 /// of the internal representation of the metadata.
4171 pub fn max_component_instance_size(&mut self, size: usize) -> &mut Self {
4172 self.limits.component_instance_size = size;
4173 self
4174 }
4175
4176 /// The maximum number of core instances a single component may contain
4177 /// (default is unlimited).
4178 ///
4179 /// This method (along with
4180 /// [`PoolingAllocationConfig::max_memories_per_component`],
4181 /// [`PoolingAllocationConfig::max_tables_per_component`], and
4182 /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
4183 /// the amount of resources a single component allocation consumes.
4184 ///
4185 /// If a component will instantiate more core instances than `count`, then
4186 /// the component will fail to instantiate.
4187 pub fn max_core_instances_per_component(&mut self, count: u32) -> &mut Self {
4188 self.limits.max_core_instances_per_component = count;
4189 self
4190 }
4191
4192 /// The maximum number of Wasm linear memories that a single component may
4193 /// transitively contain (default is unlimited).
4194 ///
4195 /// This method (along with
4196 /// [`PoolingAllocationConfig::max_core_instances_per_component`],
4197 /// [`PoolingAllocationConfig::max_tables_per_component`], and
4198 /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
4199 /// the amount of resources a single component allocation consumes.
4200 ///
4201 /// If a component transitively contains more linear memories than `count`,
4202 /// then the component will fail to instantiate.
4203 pub fn max_memories_per_component(&mut self, count: u32) -> &mut Self {
4204 self.limits.max_memories_per_component = count;
4205 self
4206 }
4207
4208 /// The maximum number of tables that a single component may transitively
4209 /// contain (default is unlimited).
4210 ///
4211 /// This method (along with
4212 /// [`PoolingAllocationConfig::max_core_instances_per_component`],
4213 /// [`PoolingAllocationConfig::max_memories_per_component`],
4214 /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
4215 /// the amount of resources a single component allocation consumes.
4216 ///
4217 /// If a component will transitively contains more tables than `count`, then
4218 /// the component will fail to instantiate.
4219 pub fn max_tables_per_component(&mut self, count: u32) -> &mut Self {
4220 self.limits.max_tables_per_component = count;
4221 self
4222 }
4223
4224 /// The maximum number of concurrent Wasm linear memories supported (default
4225 /// is `1000`).
4226 ///
4227 /// This value has a direct impact on the amount of memory allocated by the pooling
4228 /// instance allocator.
4229 ///
4230 /// The pooling instance allocator allocates a memory pool, where each entry
4231 /// in the pool contains the reserved address space for each linear memory
4232 /// supported by an instance.
4233 ///
4234 /// The memory pool will reserve a large quantity of host process address
4235 /// space to elide the bounds checks required for correct WebAssembly memory
4236 /// semantics. Even with 64-bit address spaces, the address space is limited
4237 /// when dealing with a large number of linear memories.
4238 ///
4239 /// For example, on Linux x86_64, the userland address space limit is 128
4240 /// TiB. That might seem like a lot, but each linear memory will *reserve* 6
4241 /// GiB of space by default.
4242 pub fn total_memories(&mut self, count: u32) -> &mut Self {
4243 self.limits.total_memories = count;
4244 self
4245 }
4246
4247 /// The maximum number of concurrent tables supported (default is `1000`).
4248 ///
4249 /// This value has a direct impact on the amount of memory allocated by the
4250 /// pooling instance allocator.
4251 ///
4252 /// The pooling instance allocator allocates a table pool, where each entry
4253 /// in the pool contains the space needed for each WebAssembly table
4254 /// supported by an instance (see `table_elements` to control the size of
4255 /// each table).
4256 pub fn total_tables(&mut self, count: u32) -> &mut Self {
4257 self.limits.total_tables = count;
4258 self
4259 }
4260
4261 /// The maximum number of execution stacks allowed for asynchronous
4262 /// execution, when enabled (default is `1000`).
4263 ///
4264 /// This value has a direct impact on the amount of memory allocated by the
4265 /// pooling instance allocator.
4266 #[cfg(feature = "async")]
4267 pub fn total_stacks(&mut self, count: u32) -> &mut Self {
4268 self.limits.total_stacks = count;
4269 self
4270 }
4271
4272 /// The maximum number of concurrent core instances supported (default is
4273 /// `1000`).
4274 ///
4275 /// This provides an upper-bound on the total size of core instance
4276 /// metadata-related allocations, along with
4277 /// [`PoolingAllocationConfig::max_core_instance_size`]. The upper bound is
4278 ///
4279 /// ```text
4280 /// total_core_instances * max_core_instance_size
4281 /// ```
4282 ///
4283 /// where `max_core_instance_size` is rounded up to the size and alignment of
4284 /// the internal representation of the metadata.
4285 pub fn total_core_instances(&mut self, count: u32) -> &mut Self {
4286 self.limits.total_core_instances = count;
4287 self
4288 }
4289
4290 /// The maximum size, in bytes, allocated for a core instance's `VMContext`
4291 /// metadata.
4292 ///
4293 /// The [`Instance`][crate::Instance] type has a static size but its
4294 /// `VMContext` metadata is dynamically sized depending on the module being
4295 /// instantiated. This size limit loosely correlates to the size of the Wasm
4296 /// module, taking into account factors such as:
4297 ///
4298 /// * number of functions
4299 /// * number of globals
4300 /// * number of memories
4301 /// * number of tables
4302 /// * number of function types
4303 ///
4304 /// If the allocated size per instance is too small then instantiation of a
4305 /// module will fail at runtime with an error indicating how many bytes were
4306 /// needed.
4307 ///
4308 /// The default value for this is 1MiB.
4309 ///
4310 /// This provides an upper-bound on the total size of core instance
4311 /// metadata-related allocations, along with
4312 /// [`PoolingAllocationConfig::total_core_instances`]. The upper bound is
4313 ///
4314 /// ```text
4315 /// total_core_instances * max_core_instance_size
4316 /// ```
4317 ///
4318 /// where `max_core_instance_size` is rounded up to the size and alignment of
4319 /// the internal representation of the metadata.
4320 pub fn max_core_instance_size(&mut self, size: usize) -> &mut Self {
4321 self.limits.core_instance_size = size;
4322 self
4323 }
4324
4325 /// The maximum number of defined tables for a core module (default is `1`).
4326 ///
4327 /// This value controls the capacity of the `VMTableDefinition` table in
4328 /// each instance's `VMContext` structure.
4329 ///
4330 /// The allocated size of the table will be `tables *
4331 /// sizeof(VMTableDefinition)` for each instance regardless of how many
4332 /// tables are defined by an instance's module.
4333 pub fn max_tables_per_module(&mut self, tables: u32) -> &mut Self {
4334 self.limits.max_tables_per_module = tables;
4335 self
4336 }
4337
4338 /// The maximum table elements for any table defined in a module (default is
4339 /// `20000`).
4340 ///
4341 /// If a table's minimum element limit is greater than this value, the
4342 /// module will fail to instantiate.
4343 ///
4344 /// If a table's maximum element limit is unbounded or greater than this
4345 /// value, the maximum will be `table_elements` for the purpose of any
4346 /// `table.grow` instruction.
4347 ///
4348 /// This value is used to reserve the maximum space for each supported
4349 /// table; table elements are pointer-sized in the Wasmtime runtime.
4350 /// Therefore, the space reserved for each instance is `tables *
4351 /// table_elements * sizeof::<*const ()>`.
4352 pub fn table_elements(&mut self, elements: usize) -> &mut Self {
4353 self.limits.table_elements = elements;
4354 self
4355 }
4356
4357 /// The maximum number of defined linear memories for a module (default is
4358 /// `1`).
4359 ///
4360 /// This value controls the capacity of the `VMMemoryDefinition` table in
4361 /// each core instance's `VMContext` structure.
4362 ///
4363 /// The allocated size of the table will be `memories *
4364 /// sizeof(VMMemoryDefinition)` for each core instance regardless of how
4365 /// many memories are defined by the core instance's module.
4366 pub fn max_memories_per_module(&mut self, memories: u32) -> &mut Self {
4367 self.limits.max_memories_per_module = memories;
4368 self
4369 }
4370
4371 /// The maximum byte size that any WebAssembly linear memory may grow to.
4372 ///
4373 /// This option defaults to 4 GiB meaning that for 32-bit linear memories
4374 /// there is no restrictions. 64-bit linear memories will not be allowed to
4375 /// grow beyond 4 GiB by default.
4376 ///
4377 /// If a memory's minimum size is greater than this value, the module will
4378 /// fail to instantiate.
4379 ///
4380 /// If a memory's maximum size is unbounded or greater than this value, the
4381 /// maximum will be `max_memory_size` for the purpose of any `memory.grow`
4382 /// instruction.
4383 ///
4384 /// This value is used to control the maximum accessible space for each
4385 /// linear memory of a core instance. This can be thought of as a simple
4386 /// mechanism like [`Store::limiter`](crate::Store::limiter) to limit memory
4387 /// at runtime. This value can also affect striping/coloring behavior when
4388 /// used in conjunction with
4389 /// [`memory_protection_keys`](PoolingAllocationConfig::memory_protection_keys).
4390 ///
4391 /// The virtual memory reservation size of each linear memory is controlled
4392 /// by the [`Config::memory_reservation`] setting and this method's
4393 /// configuration cannot exceed [`Config::memory_reservation`].
4394 pub fn max_memory_size(&mut self, bytes: usize) -> &mut Self {
4395 self.limits.max_memory_size = bytes;
4396 self
4397 }
4398
4399 /// Configures whether memory protection keys (MPK) should be used for more
4400 /// efficient layout of pool-allocated memories.
4401 ///
4402 /// When using the pooling allocator (see [`Config::allocation_strategy`],
4403 /// [`InstanceAllocationStrategy::Pooling`]), memory protection keys can
4404 /// reduce the total amount of allocated virtual memory by eliminating guard
4405 /// regions between WebAssembly memories in the pool. It does so by
4406 /// "coloring" memory regions with different memory keys and setting which
4407 /// regions are accessible each time executions switches from host to guest
4408 /// (or vice versa).
4409 ///
4410 /// Leveraging MPK requires configuring a smaller-than-default
4411 /// [`max_memory_size`](PoolingAllocationConfig::max_memory_size) to enable
4412 /// this coloring/striping behavior. For example embeddings might want to
4413 /// reduce the default 4G allowance to 128M.
4414 ///
4415 /// MPK is only available on Linux (called `pku` there) and recent x86
4416 /// systems; we check for MPK support at runtime by examining the `CPUID`
4417 /// register. This configuration setting can be in three states:
4418 ///
4419 /// - `auto`: if MPK support is available the guard regions are removed; if
4420 /// not, the guard regions remain
4421 /// - `yes`: use MPK to eliminate guard regions; fail if MPK is not
4422 /// supported
4423 /// - `no`: never use MPK
4424 ///
4425 /// By default this value is `no`, but may become `auto` in future
4426 /// releases.
4427 ///
4428 /// __WARNING__: this configuration options is still experimental--use at
4429 /// your own risk! MPK uses kernel and CPU features to protect memory
4430 /// regions; you may observe segmentation faults if anything is
4431 /// misconfigured.
4432 #[cfg(feature = "memory-protection-keys")]
4433 pub fn memory_protection_keys(&mut self, enable: Enabled) -> &mut Self {
4434 self.memory_protection_keys = enable;
4435 self
4436 }
4437
4438 /// Sets an upper limit on how many memory protection keys (MPK) Wasmtime
4439 /// will use.
4440 ///
4441 /// This setting is only applicable when
4442 /// [`PoolingAllocationConfig::memory_protection_keys`] is set to `enable`
4443 /// or `auto`. Configuring this above the HW and OS limits (typically 15)
4444 /// has no effect.
4445 ///
4446 /// If multiple Wasmtime engines are used in the same process, note that all
4447 /// engines will share the same set of allocated keys; this setting will
4448 /// limit how many keys are allocated initially and thus available to all
4449 /// other engines.
4450 #[cfg(feature = "memory-protection-keys")]
4451 pub fn max_memory_protection_keys(&mut self, max: usize) -> &mut Self {
4452 self.max_memory_protection_keys = max;
4453 self
4454 }
4455
4456 /// Check if memory protection keys (MPK) are available on the current host.
4457 ///
4458 /// This is a convenience method for determining MPK availability using the
4459 /// same method that [`Enabled::Auto`] does. See
4460 /// [`PoolingAllocationConfig::memory_protection_keys`] for more
4461 /// information.
4462 #[cfg(feature = "memory-protection-keys")]
4463 pub fn are_memory_protection_keys_available() -> bool {
4464 crate::runtime::vm::mpk::is_supported()
4465 }
4466
4467 /// The maximum number of concurrent GC heaps supported (default is `1000`).
4468 ///
4469 /// This value has a direct impact on the amount of memory allocated by the
4470 /// pooling instance allocator.
4471 ///
4472 /// The pooling instance allocator allocates a GC heap pool, where each
4473 /// entry in the pool contains the space needed for each GC heap used by a
4474 /// store.
4475 #[cfg(feature = "gc")]
4476 pub fn total_gc_heaps(&mut self, count: u32) -> &mut Self {
4477 self.limits.total_gc_heaps = count;
4478 self
4479 }
4480
4481 /// Configures whether the Linux-specific [`PAGEMAP_SCAN` ioctl][ioctl] is
4482 /// used to help reset linear memory.
4483 ///
4484 /// When [`Self::linear_memory_keep_resident`] or
4485 /// [`Self::table_keep_resident`] options are configured to nonzero values
4486 /// the default behavior is to `memset` the lowest addresses of a table or
4487 /// memory back to their original contents. With the `PAGEMAP_SCAN` ioctl on
4488 /// Linux this can be done to more intelligently scan for resident pages in
4489 /// the region and only reset those pages back to their original contents
4490 /// with `memset` rather than assuming the low addresses are all resident.
4491 ///
4492 /// This ioctl has the potential to provide a number of performance benefits
4493 /// in high-reuse and high concurrency scenarios. Notably this enables
4494 /// Wasmtime to scan the entire region of WebAssembly linear memory and
4495 /// manually reset memory back to its original contents, up to
4496 /// [`Self::linear_memory_keep_resident`] bytes, possibly skipping an
4497 /// `madvise` entirely. This can be more efficient by avoiding removing
4498 /// pages from the address space entirely and additionally ensuring that
4499 /// future use of the linear memory doesn't incur page faults as the pages
4500 /// remain resident.
4501 ///
4502 /// At this time this configuration option is still being evaluated as to
4503 /// how appropriate it is for all use cases. It currently defaults to
4504 /// `no` or disabled but may change to `auto`, enable if supported, in the
4505 /// future. This option is only supported on Linux and requires a kernel
4506 /// version of 6.7 or higher.
4507 ///
4508 /// [ioctl]: https://www.man7.org/linux/man-pages/man2/PAGEMAP_SCAN.2const.html
4509 pub fn pagemap_scan(&mut self, enable: Enabled) -> &mut Self {
4510 self.pagemap_scan = enable;
4511 self
4512 }
4513
4514 /// Returns the configured
4515 /// [`PoolingAllocationConfig::decommit_batch_size`], if enabled.
4516 pub fn get_decommit_batch_size(&self) -> usize {
4517 self.decommit_batch_size
4518 }
4519
4520 /// Returns the configured
4521 /// [`PoolingAllocationConfig::max_unused_warm_slots`], if enabled.
4522 pub fn get_max_unused_warm_slots(&self) -> u32 {
4523 self.max_unused_warm_slots
4524 }
4525
4526 /// Returns the configured
4527 /// [`PoolingAllocationConfig::linear_memory_keep_resident`], if
4528 /// enabled.
4529 pub fn get_memory_keep_resident(&self) -> usize {
4530 self.linear_memory_keep_resident
4531 }
4532
4533 /// Returns the configured
4534 /// [`PoolingAllocationConfig::table_keep_resident`], if enabled.
4535 pub fn get_table_keep_resident(&self) -> usize {
4536 self.table_keep_resident
4537 }
4538
4539 /// Returns the configured
4540 /// [`PoolingAllocationConfig::async_stack_keep_resident`], if
4541 /// enabled.
4542 pub fn get_async_stack_keep_resident(&self) -> usize {
4543 self.async_stack_keep_resident
4544 }
4545
4546 /// Returns the configured
4547 /// [`PoolingAllocationConfig::memory_protection_keys`], if enabled.
4548 pub fn get_memory_protection_keys(&self) -> Enabled {
4549 self.memory_protection_keys
4550 }
4551
4552 /// Returns the configured
4553 /// [`PoolingAllocationConfig::max_memory_protection_keys`], if
4554 /// enabled.
4555 pub fn get_max_memory_protection_keys(&self) -> usize {
4556 self.max_memory_protection_keys
4557 }
4558
4559 /// Returns the configured
4560 /// [`PoolingAllocationConfig::pagemap_scan`], if enabled.
4561 pub fn get_pagemap_scan(&self) -> Enabled {
4562 self.pagemap_scan
4563 }
4564
4565 /// Returns the configured
4566 /// [`PoolingAllocationConfig::total_core_instances`], if enabled.
4567 pub fn get_total_core_instances(&self) -> u32 {
4568 self.limits.total_core_instances
4569 }
4570
4571 /// Returns the configured
4572 /// [`PoolingAllocationConfig::total_component_instances`], if
4573 /// enabled.
4574 pub fn get_total_component_instances(&self) -> u32 {
4575 self.limits.total_component_instances
4576 }
4577
4578 /// Returns the configured
4579 /// [`PoolingAllocationConfig::total_memories`], if enabled.
4580 pub fn get_total_memories(&self) -> u32 {
4581 self.limits.total_memories
4582 }
4583
4584 /// Returns the configured
4585 /// [`PoolingAllocationConfig::total_tables`], if enabled.
4586 pub fn get_total_tables(&self) -> u32 {
4587 self.limits.total_tables
4588 }
4589
4590 /// Returns the configured
4591 /// [`PoolingAllocationConfig::total_stacks`], if enabled.
4592 pub fn get_total_stacks(&self) -> u32 {
4593 self.limits.total_stacks
4594 }
4595
4596 /// Returns the configured
4597 /// [`PoolingAllocationConfig::total_gc_heaps`], if enabled.
4598 pub fn get_total_gc_heaps(&self) -> u32 {
4599 self.limits.total_gc_heaps
4600 }
4601
4602 /// Returns the configured
4603 /// [`PoolingAllocationConfig::max_memory_size`], if enabled.
4604 pub fn get_max_memory_size(&self) -> usize {
4605 self.limits.max_memory_size
4606 }
4607
4608 /// Returns the configured
4609 /// [`PoolingAllocationConfig::table_elements`], if enabled.
4610 pub fn get_table_elements(&self) -> usize {
4611 self.limits.table_elements
4612 }
4613
4614 /// Returns the configured
4615 /// [`PoolingAllocationConfig::max_core_instance_size`], if enabled.
4616 pub fn get_max_core_instance_size(&self) -> usize {
4617 self.limits.core_instance_size
4618 }
4619
4620 /// Returns the configured
4621 /// [`PoolingAllocationConfig::max_component_instance_size`], if
4622 /// enabled.
4623 pub fn get_max_component_instance_size(&self) -> usize {
4624 self.limits.component_instance_size
4625 }
4626
4627 /// Returns the configured
4628 /// [`PoolingAllocationConfig::max_core_instances_per_component`], if
4629 /// enabled.
4630 pub fn get_max_core_instances_per_component(&self) -> u32 {
4631 self.limits.max_core_instances_per_component
4632 }
4633
4634 /// Returns the configured
4635 /// [`PoolingAllocationConfig::max_memories_per_component`], if
4636 /// enabled.
4637 pub fn get_max_memories_per_component(&self) -> u32 {
4638 self.limits.max_memories_per_component
4639 }
4640
4641 /// Returns the configured
4642 /// [`PoolingAllocationConfig::max_tables_per_component`], if enabled.
4643 pub fn get_max_tables_per_component(&self) -> u32 {
4644 self.limits.max_tables_per_component
4645 }
4646
4647 /// Returns the configured
4648 /// [`PoolingAllocationConfig::max_tables_per_module`], if enabled.
4649 pub fn get_max_tables_per_module(&self) -> u32 {
4650 self.limits.max_tables_per_module
4651 }
4652
4653 /// Returns the configured
4654 /// [`PoolingAllocationConfig::max_memories_per_module`], if enabled.
4655 pub fn get_max_memories_per_module(&self) -> u32 {
4656 self.limits.max_memories_per_module
4657 }
4658}
4659
4660#[cfg(feature = "std")]
4661fn detect_host_feature(feature: &str) -> Option<bool> {
4662 #[cfg(target_arch = "aarch64")]
4663 {
4664 return match feature {
4665 "lse" => Some(std::arch::is_aarch64_feature_detected!("lse")),
4666 "paca" => Some(std::arch::is_aarch64_feature_detected!("paca")),
4667 "fp16" => Some(std::arch::is_aarch64_feature_detected!("fp16")),
4668 "dotprod" => Some(std::arch::is_aarch64_feature_detected!("dotprod")),
4669
4670 _ => None,
4671 };
4672 }
4673
4674 // `is_s390x_feature_detected` is nightly only for now, so use the
4675 // STORE FACILITY LIST EXTENDED instruction as a temporary measure.
4676 #[cfg(target_arch = "s390x")]
4677 {
4678 let mut facility_list: [u64; 4] = [0; 4];
4679 unsafe {
4680 core::arch::asm!(
4681 "stfle 0({})",
4682 in(reg_addr) facility_list.as_mut_ptr() ,
4683 inout("r0") facility_list.len() as u64 - 1 => _,
4684 options(nostack)
4685 );
4686 }
4687 let get_facility_bit = |n: usize| {
4688 // NOTE: bits are numbered from the left.
4689 facility_list[n / 64] & (1 << (63 - (n % 64))) != 0
4690 };
4691
4692 return match feature {
4693 "mie3" => Some(get_facility_bit(61)),
4694 "mie4" => Some(get_facility_bit(84)),
4695 "vxrs_ext2" => Some(get_facility_bit(148)),
4696 "vxrs_ext3" => Some(get_facility_bit(198)),
4697
4698 _ => None,
4699 };
4700 }
4701
4702 #[cfg(target_arch = "riscv64")]
4703 {
4704 return match feature {
4705 // due to `is_riscv64_feature_detected` is not stable.
4706 // we cannot use it. For now lie and say all features are always
4707 // found to keep tests working.
4708 _ => Some(true),
4709 };
4710 }
4711
4712 #[cfg(target_arch = "x86_64")]
4713 {
4714 return match feature {
4715 "cmpxchg16b" => Some(std::is_x86_feature_detected!("cmpxchg16b")),
4716 "sse3" => Some(std::is_x86_feature_detected!("sse3")),
4717 "ssse3" => Some(std::is_x86_feature_detected!("ssse3")),
4718 "sse4.1" => Some(std::is_x86_feature_detected!("sse4.1")),
4719 "sse4.2" => Some(std::is_x86_feature_detected!("sse4.2")),
4720 "popcnt" => Some(std::is_x86_feature_detected!("popcnt")),
4721 "avx" => Some(std::is_x86_feature_detected!("avx")),
4722 "avx2" => Some(std::is_x86_feature_detected!("avx2")),
4723 "fma" => Some(std::is_x86_feature_detected!("fma")),
4724 "bmi1" => Some(std::is_x86_feature_detected!("bmi1")),
4725 "bmi2" => Some(std::is_x86_feature_detected!("bmi2")),
4726 "avx512bitalg" => Some(std::is_x86_feature_detected!("avx512bitalg")),
4727 "avx512dq" => Some(std::is_x86_feature_detected!("avx512dq")),
4728 "avx512f" => Some(std::is_x86_feature_detected!("avx512f")),
4729 "avx512vl" => Some(std::is_x86_feature_detected!("avx512vl")),
4730 "avx512vbmi" => Some(std::is_x86_feature_detected!("avx512vbmi")),
4731 "lzcnt" => Some(std::is_x86_feature_detected!("lzcnt")),
4732
4733 _ => None,
4734 };
4735 }
4736
4737 #[allow(
4738 unreachable_code,
4739 reason = "reachable or not depending on if a target above matches"
4740 )]
4741 {
4742 let _ = feature;
4743 return None;
4744 }
4745}
4746
4747// What follows in this impl block is intended to be a somewhat-mechanical
4748// mostly-complete set of getters for relevant configuration options on
4749// `Config`. The `Config` type does not reflect a complete configuration so
4750// default values cannot be directly read from it. An `Engine`, however,
4751// represents a concrete and complete configuration with all default values
4752// fully specified. The purpose of these getters are then to perform a dual
4753// function of reflecting what was explicitly configured above as well as
4754// defaults that Wasmtime sets.
4755//
4756// The current pattern is:
4757//
4758// * All methods are `get_<config_name>`
4759// * Return values return `T` instead of `Option<T>` where possible unless the
4760// state for `T` is completely missing.
4761//
4762// This impl is primarily in service of
4763// `wasmtime_cli_flags::CommonOptions::from_engine` at this time, and CLI flags
4764// are not as comprehensive as `Config` options, but it's expected that the set
4765// will settle/grow over time.
4766impl Engine {
4767 /// Returns the configured [`Config::memory_may_move`] value.
4768 pub fn get_memory_may_move(&self) -> bool {
4769 self.tunables().memory_may_move
4770 }
4771
4772 /// Returns the configured [`Config::memory_reservation`] value.
4773 pub fn get_memory_reservation(&self) -> u64 {
4774 self.tunables().memory_reservation
4775 }
4776
4777 /// Returns the configured [`Config::memory_reservation_for_growth`] value.
4778 pub fn get_memory_reservation_for_growth(&self) -> u64 {
4779 self.tunables().memory_reservation_for_growth
4780 }
4781
4782 /// Returns the configured [`Config::memory_guard_size`] value.
4783 pub fn get_memory_guard_size(&self) -> u64 {
4784 self.tunables().memory_guard_size
4785 }
4786
4787 /// Returns the configured [`Config::gc_heap_may_move`] value.
4788 pub fn get_gc_heap_may_move(&self) -> bool {
4789 self.tunables().gc_heap_may_move
4790 }
4791
4792 /// Returns the configured [`Config::gc_heap_reservation`] value.
4793 pub fn get_gc_heap_reservation(&self) -> u64 {
4794 self.tunables().gc_heap_reservation
4795 }
4796
4797 /// Returns the configured [`Config::gc_heap_initial_size`] value.
4798 pub fn get_gc_heap_initial_size(&self) -> u64 {
4799 self.tunables().gc_heap_initial_size
4800 }
4801
4802 /// Returns the configured [`Config::gc_heap_reservation_for_growth`] value.
4803 pub fn get_gc_heap_reservation_for_growth(&self) -> u64 {
4804 self.tunables().gc_heap_reservation_for_growth
4805 }
4806
4807 /// Returns the configured [`Config::gc_heap_guard_size`] value.
4808 pub fn get_gc_heap_guard_size(&self) -> u64 {
4809 self.tunables().gc_heap_guard_size
4810 }
4811
4812 /// Returns the configured [`Config::guard_before_linear_memory`] value.
4813 pub fn get_guard_before_linear_memory(&self) -> bool {
4814 self.tunables().guard_before_linear_memory
4815 }
4816
4817 /// Returns the configured [`Config::table_lazy_init`] value.
4818 pub fn get_table_lazy_init(&self) -> bool {
4819 self.tunables().table_lazy_init
4820 }
4821
4822 /// Returns the configured [`Config::memory_init_cow`] value.
4823 pub fn get_memory_init_cow(&self) -> bool {
4824 self.tunables().memory_init_cow
4825 }
4826
4827 /// Returns the configured [`Config::memory_guaranteed_dense_image_size`] value.
4828 pub fn get_memory_guaranteed_dense_image_size(&self) -> u64 {
4829 self.config().memory_guaranteed_dense_image_size
4830 }
4831
4832 /// Returns the configured [`Config::signals_based_traps`] value.
4833 pub fn get_signals_based_traps(&self) -> bool {
4834 self.tunables().signals_based_traps
4835 }
4836
4837 /// Returns the configured [`Config::gc_zeal_alloc_counter`] value.
4838 pub fn get_gc_zeal_alloc_counter(&self) -> Option<core::num::NonZeroU32> {
4839 self.tunables().gc_zeal_alloc_counter
4840 }
4841
4842 /// Returns the configured [`Config::cranelift_opt_level`] value.
4843 pub fn get_cranelift_opt_level(&self) -> Option<OptLevel> {
4844 #[cfg(any(feature = "cranelift", feature = "winch"))]
4845 if let Some(compiler) = self.compiler() {
4846 let flags = compiler.flags();
4847 let (_, FlagValue::Enum(opt)) = flags.iter().find(|(f, _)| *f == "opt_level")? else {
4848 return None;
4849 };
4850 return match &opt[..] {
4851 "none" => Some(OptLevel::None),
4852 "speed" => Some(OptLevel::Speed),
4853 "speed_and_size" => Some(OptLevel::SpeedAndSize),
4854 _ => None,
4855 };
4856 }
4857 None
4858 }
4859
4860 /// Returns the configured [`Config::cranelift_regalloc_algorithm`] value.
4861 pub fn get_cranelift_regalloc_algorithm(&self) -> Option<RegallocAlgorithm> {
4862 #[cfg(any(feature = "cranelift", feature = "winch"))]
4863 if let Some(compiler) = self.compiler() {
4864 let flags = compiler.flags();
4865 let (_, FlagValue::Enum(opt)) =
4866 flags.iter().find(|(f, _)| *f == "regalloc_algorithm")?
4867 else {
4868 return None;
4869 };
4870 return match &opt[..] {
4871 "backtracking" => Some(RegallocAlgorithm::Backtracking),
4872 "single_pass" => Some(RegallocAlgorithm::SinglePass),
4873 _ => None,
4874 };
4875 }
4876 None
4877 }
4878
4879 /// Returns the configured [`Config::strategy`] value.
4880 pub fn get_strategy(&self) -> Option<Strategy> {
4881 #[cfg(any(feature = "cranelift", feature = "winch"))]
4882 return self.config().compiler_config.as_ref()?.strategy;
4883 #[cfg(not(any(feature = "cranelift", feature = "winch")))]
4884 return None;
4885 }
4886
4887 /// Returns the configured [`Config::collector`] value.
4888 pub fn get_collector(&self) -> Option<Collector> {
4889 #[cfg(feature = "gc")]
4890 return Some(self.config().collector);
4891 #[cfg(not(feature = "gc"))]
4892 return None;
4893 }
4894
4895 /// Returns the configured [`Config::cranelift_debug_verifier`] value.
4896 pub fn get_cranelift_debug_verifier(&self) -> Option<bool> {
4897 #[cfg(any(feature = "cranelift", feature = "winch"))]
4898 if let Some(compiler) = self.compiler() {
4899 let flags = compiler.flags();
4900 let (_, FlagValue::Bool(b)) = flags.iter().find(|(f, _)| *f == "enable_verifier")?
4901 else {
4902 return None;
4903 };
4904 return Some(*b);
4905 }
4906 None
4907 }
4908
4909 /// Returns the configured [`Config::compiler_inlining`] value.
4910 pub fn get_compiler_inlining(&self) -> Inlining {
4911 self.tunables().inlining
4912 }
4913
4914 /// Returns the configured [`Config::native_unwind_info`] value.
4915 pub fn get_native_unwind_info(&self) -> Option<bool> {
4916 #[cfg(any(feature = "cranelift", feature = "winch"))]
4917 if let Some(compiler) = self.compiler() {
4918 let flags = compiler.flags();
4919 let (_, FlagValue::Bool(b)) = flags.iter().find(|(f, _)| *f == "unwind_info")? else {
4920 return None;
4921 };
4922 return Some(*b);
4923 }
4924 None
4925 }
4926
4927 /// Returns the configured [`Config::parallel_compilation`] value.
4928 pub fn get_parallel_compilation(&self) -> bool {
4929 self.config().parallel_compilation
4930 }
4931
4932 /// Returns the configured [`Config::metadata_for_internal_asserts`] value.
4933 pub fn get_metadata_for_internal_asserts(&self) -> bool {
4934 self.tunables().metadata_for_internal_asserts
4935 }
4936
4937 /// Returns the configured [`Config::metadata_for_gc_heap_corruption`] value.
4938 pub fn get_metadata_for_gc_heap_corruption(&self) -> bool {
4939 self.tunables().metadata_for_gc_heap_corruption
4940 }
4941
4942 /// Returns the runtime pooling allocator configuration, if the pooling
4943 /// allocator is in use.
4944 pub fn get_pooling_config(&self) -> Option<&PoolingAllocationConfig> {
4945 #[cfg(feature = "pooling-allocator")]
4946 {
4947 Some(self.allocator().as_pooling()?.config())
4948 }
4949 #[cfg(not(feature = "pooling-allocator"))]
4950 {
4951 None
4952 }
4953 }
4954
4955 /// Returns the configured wasm proposals enabled in this engine.
4956 pub fn get_wasm_features(&self) -> WasmFeatures {
4957 self.features()
4958 }
4959
4960 /// Returns the configured [`Config::async_stack_size`] value.
4961 pub fn get_async_stack_size(&self) -> usize {
4962 self.config().async_stack_size
4963 }
4964
4965 /// Returns the configured [`Config::async_stack_zeroing`] value.
4966 pub fn get_async_stack_zeroing(&self) -> bool {
4967 self.config().async_stack_zeroing
4968 }
4969
4970 /// Returns the configured [`Config::wasm_branch_hinting`] value.
4971 pub fn get_wasm_branch_hinting(&self) -> bool {
4972 self.tunables().branch_hinting
4973 }
4974
4975 /// Returns the configured [`Config::concurrency_support`] value.
4976 pub fn get_concurrency_support(&self) -> bool {
4977 self.tunables().concurrency_support
4978 }
4979
4980 /// Returns the configured [`Config::epoch_interruption`] value.
4981 pub fn get_epoch_interruption(&self) -> bool {
4982 self.tunables().epoch_interruption
4983 }
4984
4985 /// Returns the configured [`Config::consume_fuel`] value.
4986 pub fn get_consume_fuel(&self) -> bool {
4987 self.tunables().consume_fuel
4988 }
4989
4990 /// Returns the configured [`Config::max_wasm_stack`] value.
4991 pub fn get_max_wasm_stack(&self) -> usize {
4992 self.config().max_wasm_stack
4993 }
4994
4995 /// Returns the configured [`Config::cranelift_nan_canonicalization`] value.
4996 pub fn get_cranelift_nan_canonicalization(&self) -> Option<bool> {
4997 #[cfg(any(feature = "cranelift", feature = "winch"))]
4998 if let Some(compiler) = self.compiler() {
4999 let flags = compiler.flags();
5000 let (_, FlagValue::Bool(b)) = flags
5001 .iter()
5002 .find(|(f, _)| *f == "enable_nan_canonicalization")?
5003 else {
5004 return None;
5005 };
5006 return Some(*b);
5007 }
5008 None
5009 }
5010
5011 /// Returns the configured [`Config::relaxed_simd_deterministic`] value.
5012 pub fn get_relaxed_simd_deterministic(&self) -> bool {
5013 self.tunables().relaxed_simd_deterministic
5014 }
5015
5016 /// Returns the configured [`Config::shared_memory`] value.
5017 pub fn get_shared_memory(&self) -> bool {
5018 self.config().shared_memory
5019 }
5020
5021 /// Returns the configured [`Config::generate_address_map`] value.
5022 pub fn get_generate_address_map(&self) -> bool {
5023 self.tunables().generate_address_map
5024 }
5025
5026 /// Returns the configured [`Config::debug_info`] value.
5027 pub fn get_debug_info(&self) -> bool {
5028 self.tunables().debug_native
5029 }
5030
5031 /// Returns the configured [`Config::guest_debug`] value.
5032 pub fn get_guest_debug(&self) -> bool {
5033 self.tunables().debug_guest
5034 }
5035
5036 /// Returns the configured [`Config::debug_symbols`] value.
5037 pub fn get_debug_symbols(&self) -> bool {
5038 self.tunables().debug_symbols
5039 }
5040
5041 /// Returns the configured [`Config::wasm_backtrace_max_frames`] value.
5042 pub fn get_wasm_backtrace_max_frames(&self) -> usize {
5043 self.config()
5044 .wasm_backtrace_max_frames
5045 .map(|f| f.get())
5046 .unwrap_or(0)
5047 }
5048
5049 /// Returns the configured [`Config::target`] value.
5050 pub fn get_target(&self) -> Option<String> {
5051 #[cfg(any(feature = "cranelift", feature = "winch"))]
5052 if let Some(compiler) = self.compiler() {
5053 return Some(compiler.triple().to_string());
5054 }
5055 None
5056 }
5057
5058 /// Returns the enabled flags via [`Config::cranelift_flag_enable`].
5059 pub fn get_cranelift_flags_enabled(&self) -> impl Iterator<Item = &str> {
5060 #[cfg(any(feature = "cranelift", feature = "winch"))]
5061 if let Some(config) = &self.config().compiler_config {
5062 return config
5063 .flags
5064 .iter()
5065 .filter_map(|(k, v)| match v {
5066 UserSpecified::Yes => Some(k.as_str()),
5067 UserSpecified::No => None,
5068 })
5069 .collect::<Vec<_>>()
5070 .into_iter();
5071 }
5072
5073 Vec::new().into_iter()
5074 }
5075
5076 /// Returns the enabled flags via [`Config::cranelift_flag_set`].
5077 pub fn get_cranelift_flags_set(&self) -> impl Iterator<Item = (&str, &str)> {
5078 #[cfg(any(feature = "cranelift", feature = "winch"))]
5079 if let Some(config) = &self.config().compiler_config {
5080 return config
5081 .settings
5082 .iter()
5083 .filter_map(|(k, (v, s))| match s {
5084 UserSpecified::Yes => Some((k.as_str(), v.as_str())),
5085 UserSpecified::No => None,
5086 })
5087 .collect::<Vec<_>>()
5088 .into_iter();
5089 }
5090
5091 Vec::new().into_iter()
5092 }
5093}