wasmtime/runtime/func.rs
1use crate::error::OutOfMemory;
2use crate::prelude::*;
3use crate::runtime::vm::{
4 self, InterpreterRef, SendSyncPtr, StoreBox, VMArrayCallHostFuncContext,
5 VMCommonStackInformation, VMContext, VMFuncRef, VMFunctionImport, VMOpaqueContext,
6 VMStoreContext,
7};
8use crate::store::{Asyncness, AutoAssertNoGc, InstanceId, StoreId, StoreOpaque};
9use crate::type_registry::RegisteredType;
10use crate::{
11 AsContext, AsContextMut, CallHook, Engine, Extern, FuncType, Instance, ModuleExport, Ref,
12 StoreContext, StoreContextMut, Val, ValRaw, ValType,
13};
14use alloc::sync::Arc;
15use core::convert::Infallible;
16use core::ffi::c_void;
17#[cfg(feature = "async")]
18use core::future::Future;
19use core::mem::{self, MaybeUninit};
20use core::ptr::NonNull;
21use wasmtime_environ::{PanicOnOom as _, VMSharedTypeIndex};
22
23/// A reference to the abstract `nofunc` heap value.
24///
25/// The are no instances of `(ref nofunc)`: it is an uninhabited type.
26///
27/// There is precisely one instance of `(ref null nofunc)`, aka `nullfuncref`:
28/// the null reference.
29///
30/// This `NoFunc` Rust type's sole purpose is for use with [`Func::wrap`]- and
31/// [`Func::typed`]-style APIs for statically typing a function as taking or
32/// returning a `(ref null nofunc)` (aka `Option<NoFunc>`) which is always
33/// `None`.
34///
35/// # Example
36///
37/// ```
38/// # use wasmtime::*;
39/// # fn _foo() -> Result<()> {
40/// let mut config = Config::new();
41/// config.wasm_function_references(true);
42/// let engine = Engine::new(&config)?;
43///
44/// let module = Module::new(
45/// &engine,
46/// r#"
47/// (module
48/// (func (export "f") (param (ref null nofunc))
49/// ;; If the reference is null, return.
50/// local.get 0
51/// ref.is_null nofunc
52/// br_if 0
53///
54/// ;; If the reference was not null (which is impossible)
55/// ;; then raise a trap.
56/// unreachable
57/// )
58/// )
59/// "#,
60/// )?;
61///
62/// let mut store = Store::new(&engine, ());
63/// let instance = Instance::new(&mut store, &module, &[])?;
64/// let f = instance.get_func(&mut store, "f").unwrap();
65///
66/// // We can cast a `(ref null nofunc)`-taking function into a typed function that
67/// // takes an `Option<NoFunc>` via the `Func::typed` method.
68/// let f = f.typed::<Option<NoFunc>, ()>(&store)?;
69///
70/// // We can call the typed function, passing the null `nofunc` reference.
71/// let result = f.call(&mut store, NoFunc::null());
72///
73/// // The function should not have trapped, because the reference we gave it was
74/// // null (as it had to be, since `NoFunc` is uninhabited).
75/// assert!(result.is_ok());
76/// # Ok(())
77/// # }
78/// ```
79#[derive(Copy, Clone, Debug, PartialEq, Eq)]
80pub struct NoFunc {
81 _inner: Infallible,
82}
83
84impl NoFunc {
85 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference.
86 #[inline]
87 pub fn null() -> Option<NoFunc> {
88 None
89 }
90
91 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a
92 /// [`Ref`].
93 #[inline]
94 pub fn null_ref() -> Ref {
95 Ref::Func(None)
96 }
97
98 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a
99 /// [`Val`].
100 #[inline]
101 pub fn null_val() -> Val {
102 Val::FuncRef(None)
103 }
104}
105
106/// A WebAssembly function which can be called.
107///
108/// This type typically represents an exported function from a WebAssembly
109/// module instance. In this case a [`Func`] belongs to an [`Instance`] and is
110/// loaded from there. A [`Func`] may also represent a host function as well in
111/// some cases, too.
112///
113/// Functions can be called in a few different ways, either synchronous or async
114/// and either typed or untyped (more on this below). Note that host functions
115/// are normally inserted directly into a [`Linker`](crate::Linker) rather than
116/// using this directly, but both options are available.
117///
118/// # `Func` and `async`
119///
120/// Functions from the perspective of WebAssembly are always synchronous. You
121/// might have an `async` function in Rust, however, which you'd like to make
122/// available from WebAssembly. Wasmtime supports asynchronously calling
123/// WebAssembly through native stack switching. You can get some more
124/// information about [asynchronous configs](crate#async), but
125/// from the perspective of `Func` it's important to know that whether or not
126/// your [`Store`](crate::Store) is asynchronous will dictate whether you call
127/// functions through [`Func::call`] or [`Func::call_async`] (or the typed
128/// wrappers such as [`TypedFunc::call`] vs [`TypedFunc::call_async`]).
129///
130/// # To `Func::call` or to `Func::typed().call()`
131///
132/// There's a 2x2 matrix of methods to call [`Func`]. Invocations can either be
133/// asynchronous or synchronous. They can also be statically typed or not.
134/// Whether or not an invocation is asynchronous is indicated via the method
135/// being `async` and [`call_async`](Func::call_async) being the entry point.
136/// Otherwise for statically typed or not your options are:
137///
138/// * Dynamically typed - if you don't statically know the signature of the
139/// function that you're calling you'll be using [`Func::call`] or
140/// [`Func::call_async`]. These functions take a variable-length slice of
141/// "boxed" arguments in their [`Val`] representation. Additionally the
142/// results are returned as an owned slice of [`Val`]. These methods are not
143/// optimized due to the dynamic type checks that must occur, in addition to
144/// some dynamic allocations for where to put all the arguments. While this
145/// allows you to call all possible wasm function signatures, if you're
146/// looking for a speedier alternative you can also use...
147///
148/// * Statically typed - if you statically know the type signature of the wasm
149/// function you're calling, then you'll want to use the [`Func::typed`]
150/// method to acquire an instance of [`TypedFunc`]. This structure is static proof
151/// that the underlying wasm function has the ascripted type, and type
152/// validation is only done once up-front. The [`TypedFunc::call`] and
153/// [`TypedFunc::call_async`] methods are much more efficient than [`Func::call`]
154/// and [`Func::call_async`] because the type signature is statically known.
155/// This eschews runtime checks as much as possible to get into wasm as fast
156/// as possible.
157///
158/// # Examples
159///
160/// One way to get a `Func` is from an [`Instance`] after you've instantiated
161/// it:
162///
163/// ```
164/// # use wasmtime::*;
165/// # fn main() -> Result<()> {
166/// let engine = Engine::default();
167/// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?;
168/// let mut store = Store::new(&engine, ());
169/// let instance = Instance::new(&mut store, &module, &[])?;
170/// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function");
171///
172/// // Work with `foo` as a `Func` at this point, such as calling it
173/// // dynamically...
174/// match foo.call(&mut store, &[], &mut []) {
175/// Ok(()) => { /* ... */ }
176/// Err(trap) => {
177/// panic!("execution of `foo` resulted in a wasm trap: {}", trap);
178/// }
179/// }
180/// foo.call(&mut store, &[], &mut [])?;
181///
182/// // ... or we can make a static assertion about its signature and call it.
183/// // Our first call here can fail if the signatures don't match, and then the
184/// // second call can fail if the function traps (like the `match` above).
185/// let foo = foo.typed::<(), ()>(&store)?;
186/// foo.call(&mut store, ())?;
187/// # Ok(())
188/// # }
189/// ```
190///
191/// You can also use the [`wrap` function](Func::wrap) to create a
192/// `Func`
193///
194/// ```
195/// # use wasmtime::*;
196/// # fn main() -> Result<()> {
197/// let mut store = Store::<()>::default();
198///
199/// // Create a custom `Func` which can execute arbitrary code inside of the
200/// // closure.
201/// let add = Func::wrap(&mut store, |a: i32, b: i32| -> i32 { a + b });
202///
203/// // Next we can hook that up to a wasm module which uses it.
204/// let module = Module::new(
205/// store.engine(),
206/// r#"
207/// (module
208/// (import "" "" (func $add (param i32 i32) (result i32)))
209/// (func (export "call_add_twice") (result i32)
210/// i32.const 1
211/// i32.const 2
212/// call $add
213/// i32.const 3
214/// i32.const 4
215/// call $add
216/// i32.add))
217/// "#,
218/// )?;
219/// let instance = Instance::new(&mut store, &module, &[add.into()])?;
220/// let call_add_twice = instance.get_typed_func::<(), i32>(&mut store, "call_add_twice")?;
221///
222/// assert_eq!(call_add_twice.call(&mut store, ())?, 10);
223/// # Ok(())
224/// # }
225/// ```
226///
227/// Or you could also create an entirely dynamic `Func`!
228///
229/// ```
230/// # use wasmtime::*;
231/// # fn main() -> Result<()> {
232/// let mut store = Store::<()>::default();
233///
234/// // Here we need to define the type signature of our `Double` function and
235/// // then wrap it up in a `Func`
236/// let double_type = wasmtime::FuncType::new(
237/// store.engine(),
238/// [wasmtime::ValType::I32].iter().cloned(),
239/// [wasmtime::ValType::I32].iter().cloned(),
240/// );
241/// let double = Func::new(&mut store, double_type, |_, params, results| {
242/// let mut value = params[0].unwrap_i32();
243/// value *= 2;
244/// results[0] = value.into();
245/// Ok(())
246/// });
247///
248/// let module = Module::new(
249/// store.engine(),
250/// r#"
251/// (module
252/// (import "" "" (func $double (param i32) (result i32)))
253/// (func $start
254/// i32.const 1
255/// call $double
256/// drop)
257/// (start $start))
258/// "#,
259/// )?;
260/// let instance = Instance::new(&mut store, &module, &[double.into()])?;
261/// // .. work with `instance` if necessary
262/// # Ok(())
263/// # }
264/// ```
265#[derive(Copy, Clone, Debug)]
266#[repr(C)] // here for the C API
267pub struct Func {
268 /// The store that the below pointer belongs to.
269 ///
270 /// It's only safe to look at the contents of the pointer below when the
271 /// `StoreOpaque` matching this id is in-scope.
272 store: StoreId,
273
274 /// The raw `VMFuncRef`, whose lifetime is bound to the store this func
275 /// belongs to.
276 ///
277 /// Note that this field has an `unsafe_*` prefix to discourage use of it.
278 /// This is only safe to read/use if `self.store` is validated to belong to
279 /// an ambiently provided `StoreOpaque` or similar. Use the
280 /// `self.func_ref()` method instead of this field to perform this check.
281 unsafe_func_ref: SendSyncPtr<VMFuncRef>,
282}
283
284// Double-check that the C representation in `extern.h` matches our in-Rust
285// representation here in terms of size/alignment/etc.
286const _: () = {
287 #[repr(C)]
288 struct C(u64, *mut u8);
289 assert!(core::mem::size_of::<C>() == core::mem::size_of::<Func>());
290 assert!(core::mem::align_of::<C>() == core::mem::align_of::<Func>());
291 assert!(core::mem::offset_of!(Func, store) == 0);
292};
293
294macro_rules! for_each_function_signature {
295 ($mac:ident) => {
296 $mac!(0);
297 $mac!(1 A1);
298 $mac!(2 A1 A2);
299 $mac!(3 A1 A2 A3);
300 $mac!(4 A1 A2 A3 A4);
301 $mac!(5 A1 A2 A3 A4 A5);
302 $mac!(6 A1 A2 A3 A4 A5 A6);
303 $mac!(7 A1 A2 A3 A4 A5 A6 A7);
304 $mac!(8 A1 A2 A3 A4 A5 A6 A7 A8);
305 $mac!(9 A1 A2 A3 A4 A5 A6 A7 A8 A9);
306 $mac!(10 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10);
307 $mac!(11 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11);
308 $mac!(12 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12);
309 $mac!(13 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13);
310 $mac!(14 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14);
311 $mac!(15 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15);
312 $mac!(16 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16);
313 $mac!(17 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16 A17);
314 };
315}
316
317mod typed;
318use crate::runtime::vm::VMStackChain;
319pub use typed::*;
320
321impl Func {
322 /// Creates a new `Func` with the given arguments, typically to create a
323 /// host-defined function to pass as an import to a module.
324 ///
325 /// * `store` - the store in which to create this [`Func`], which will own
326 /// the return value.
327 ///
328 /// * `ty` - the signature of this function, used to indicate what the
329 /// inputs and outputs are.
330 ///
331 /// * `func` - the native code invoked whenever this `Func` will be called.
332 /// This closure is provided a [`Caller`] as its first argument to learn
333 /// information about the caller, and then it's passed a list of
334 /// parameters as a slice along with a mutable slice of where to write
335 /// results.
336 ///
337 /// Note that the implementation of `func` must adhere to the `ty` signature
338 /// given, error or traps may occur if it does not respect the `ty`
339 /// signature. For example if the function type declares that it returns one
340 /// i32 but the `func` closures does not write anything into the results
341 /// slice then a trap may be generated.
342 ///
343 /// Additionally note that this is quite a dynamic function since signatures
344 /// are not statically known. For a more performant and ergonomic `Func`
345 /// it's recommended to use [`Func::wrap`] if you can because with
346 /// statically known signatures Wasmtime can optimize the implementation
347 /// much more.
348 ///
349 /// For more information about `Send + Sync + 'static` requirements on the
350 /// `func`, see [`Func::wrap`](#why-send--sync--static).
351 ///
352 /// # Errors
353 ///
354 /// The host-provided function here returns a
355 /// [`Result<()>`](crate::Result). If the function returns `Ok(())` then
356 /// that indicates that the host function completed successfully and wrote
357 /// the result into the `&mut [Val]` argument.
358 ///
359 /// If the function returns `Err(e)`, however, then this is equivalent to
360 /// the host function triggering a trap for wasm. WebAssembly execution is
361 /// immediately halted and the original caller of [`Func::call`], for
362 /// example, will receive the error returned here (possibly with
363 /// [`WasmBacktrace`](crate::WasmBacktrace) context information attached).
364 ///
365 /// For more information about errors in Wasmtime see the [`Trap`]
366 /// documentation.
367 ///
368 /// [`Trap`]: crate::Trap
369 ///
370 /// # Panics
371 ///
372 /// Panics if the given function type is not associated with this store's
373 /// engine.
374 pub fn new<T: 'static>(
375 store: impl AsContextMut<Data = T>,
376 ty: FuncType,
377 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static,
378 ) -> Self {
379 Self::try_new_(store, ty, func).panic_on_oom()
380 }
381
382 /// Same as [`Func::new`] but returns an error instead of panicking on
383 /// allocation failure.
384 ///
385 /// # Errors
386 ///
387 /// This function will return an [`OutOfMemory`][crate::OutOfMemory] error when
388 /// memory allocation fails. See the `OutOfMemory` type's documentation for
389 /// details on Wasmtime's out-of-memory handling.
390 pub fn try_new<T: 'static>(
391 store: impl AsContextMut<Data = T>,
392 ty: FuncType,
393 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static,
394 ) -> Result<Self> {
395 Ok(Self::try_new_(store, ty, func)?)
396 }
397
398 fn try_new_<T: 'static>(
399 mut store: impl AsContextMut<Data = T>,
400 ty: FuncType,
401 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static,
402 ) -> Result<Self, OutOfMemory> {
403 let store = store.as_context_mut().0;
404 let host = HostFunc::new(store.engine(), ty, func)?;
405
406 // SAFETY: the `T` used by `func` matches the `T` of the store we're
407 // inserting into via this function's type signature.
408 unsafe { host.into_func(store) }
409 }
410
411 /// Creates a new [`Func`] with the given arguments, although has fewer
412 /// runtime checks than [`Func::new`].
413 ///
414 /// This function takes a callback of a different signature than
415 /// [`Func::new`], instead receiving a raw pointer with a list of [`ValRaw`]
416 /// structures. These values have no type information associated with them
417 /// so it's up to the caller to provide a function that will correctly
418 /// interpret the list of values as those coming from the `ty` specified.
419 ///
420 /// If you're calling this from Rust it's recommended to either instead use
421 /// [`Func::new`] or [`Func::wrap`]. The [`Func::wrap`] API, in particular,
422 /// is both safer and faster than this API.
423 ///
424 /// # Errors
425 ///
426 /// See [`Func::new`] for the behavior of returning an error from the host
427 /// function provided here.
428 ///
429 /// # Unsafety
430 ///
431 /// This function is not safe because it's not known at compile time that
432 /// the `func` provided correctly interprets the argument types provided to
433 /// it, or that the results it produces will be of the correct type.
434 ///
435 /// # Panics
436 ///
437 /// Panics if the given function type is not associated with this store's
438 /// engine.
439 pub unsafe fn new_unchecked<T: 'static>(
440 mut store: impl AsContextMut<Data = T>,
441 ty: FuncType,
442 func: impl Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + Send + Sync + 'static,
443 ) -> Self {
444 let store = store.as_context_mut().0;
445
446 // SAFETY: the contract required by `new_unchecked` is the same as the
447 // contract required by this function itself.
448 let host = unsafe { HostFunc::new_unchecked(store.engine(), ty, func).panic_on_oom() };
449
450 // SAFETY: the `T` used by `func` matches the `T` of the store we're
451 // inserting into via this function's type signature.
452 unsafe { host.into_func(store).panic_on_oom() }
453 }
454
455 /// Creates a new host-defined WebAssembly function which, when called,
456 /// will run the asynchronous computation defined by `func` to completion
457 /// and then return the result to WebAssembly.
458 ///
459 /// This function is the asynchronous analogue of [`Func::new`] and much of
460 /// that documentation applies to this as well. The key difference is that
461 /// `func` returns a future instead of simply a `Result`. Note that the
462 /// returned future can close over any of the arguments, but it cannot close
463 /// over the state of the closure itself. It's recommended to store any
464 /// necessary async state in the `T` of the [`Store<T>`](crate::Store) which
465 /// can be accessed through [`Caller::data`] or [`Caller::data_mut`].
466 ///
467 /// For more information on `Send + Sync + 'static`, see
468 /// [`Func::wrap`](#why-send--sync--static).
469 ///
470 /// # Panics
471 ///
472 /// Panics if the given function type is not associated with this store's
473 /// engine.
474 ///
475 /// # Errors
476 ///
477 /// See [`Func::new`] for the behavior of returning an error from the host
478 /// function provided here.
479 ///
480 /// # Examples
481 ///
482 /// ```
483 /// # use wasmtime::*;
484 /// # fn main() -> Result<()> {
485 /// // Simulate some application-specific state as well as asynchronous
486 /// // functions to query that state.
487 /// struct MyDatabase {
488 /// // ...
489 /// }
490 ///
491 /// impl MyDatabase {
492 /// async fn get_row_count(&self) -> u32 {
493 /// // ...
494 /// # 100
495 /// }
496 /// }
497 ///
498 /// let my_database = MyDatabase {
499 /// // ...
500 /// };
501 ///
502 /// // Using `new_async` we can hook up into calling our async
503 /// // `get_row_count` function.
504 /// let engine = Engine::default();
505 /// let mut store = Store::new(&engine, MyDatabase {
506 /// // ...
507 /// });
508 /// let get_row_count_type = wasmtime::FuncType::new(
509 /// &engine,
510 /// None,
511 /// Some(wasmtime::ValType::I32),
512 /// );
513 /// let get = Func::new_async(&mut store, get_row_count_type, |caller, _params, results| {
514 /// Box::new(async move {
515 /// let count = caller.data().get_row_count().await;
516 /// results[0] = Val::I32(count as i32);
517 /// Ok(())
518 /// })
519 /// });
520 /// // ...
521 /// # Ok(())
522 /// # }
523 /// ```
524 #[cfg(feature = "async")]
525 pub fn new_async<T, F>(mut store: impl AsContextMut<Data = T>, ty: FuncType, func: F) -> Func
526 where
527 F: for<'a> Fn(
528 Caller<'a, T>,
529 &'a [Val],
530 &'a mut [Val],
531 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a>
532 + Send
533 + Sync
534 + 'static,
535 T: Send + 'static,
536 {
537 let store = store.as_context_mut().0;
538
539 let host = HostFunc::new_async(store.engine(), ty, func).panic_on_oom();
540
541 // SAFETY: the `T` used by `func` matches the `T` of the store we're
542 // inserting into via this function's type signature.
543 unsafe { host.into_func(store).panic_on_oom() }
544 }
545
546 /// Creates a new `Func` from a store and a funcref within that store.
547 ///
548 /// # Safety
549 ///
550 /// The safety of this function requires that `func_ref` is a valid function
551 /// pointer owned by `store`.
552 pub(crate) unsafe fn from_vm_func_ref(store: StoreId, func_ref: NonNull<VMFuncRef>) -> Func {
553 // SAFETY: given the contract of this function it's safe to read the
554 // `type_index` field.
555 unsafe {
556 debug_assert!(func_ref.as_ref().type_index != VMSharedTypeIndex::default());
557 }
558 Func {
559 store,
560 unsafe_func_ref: func_ref.into(),
561 }
562 }
563
564 /// Creates a new `Func` from the given Rust closure.
565 ///
566 /// This function will create a new `Func` which, when called, will
567 /// execute the given Rust closure. Unlike [`Func::new`] the target
568 /// function being called is known statically so the type signature can
569 /// be inferred. Rust types will map to WebAssembly types as follows:
570 ///
571 /// | Rust Argument Type | WebAssembly Type |
572 /// |-----------------------------------|-------------------------------------------|
573 /// | `i32` | `i32` |
574 /// | `u32` | `i32` |
575 /// | `i64` | `i64` |
576 /// | `u64` | `i64` |
577 /// | `f32` | `f32` |
578 /// | `f64` | `f64` |
579 /// | `V128` on x86-64 and aarch64 only | `v128` |
580 /// | `Option<Func>` | `funcref` aka `(ref null func)` |
581 /// | `Func` | `(ref func)` |
582 /// | `Option<Nofunc>` | `nullfuncref` aka `(ref null nofunc)` |
583 /// | `NoFunc` | `(ref nofunc)` |
584 /// | `Option<Rooted<ExternRef>>` | `externref` aka `(ref null extern)` |
585 /// | `Rooted<ExternRef>` | `(ref extern)` |
586 /// | `Option<NoExtern>` | `nullexternref` aka `(ref null noextern)` |
587 /// | `NoExtern` | `(ref noextern)` |
588 /// | `Option<Rooted<AnyRef>>` | `anyref` aka `(ref null any)` |
589 /// | `Rooted<AnyRef>` | `(ref any)` |
590 /// | `Option<Rooted<EqRef>>` | `eqref` aka `(ref null eq)` |
591 /// | `Rooted<EqRef>` | `(ref eq)` |
592 /// | `Option<I31>` | `i31ref` aka `(ref null i31)` |
593 /// | `I31` | `(ref i31)` |
594 /// | `Option<Rooted<StructRef>>` | `(ref null struct)` |
595 /// | `Rooted<StructRef>` | `(ref struct)` |
596 /// | `Option<Rooted<ArrayRef>>` | `(ref null array)` |
597 /// | `Rooted<ArrayRef>` | `(ref array)` |
598 /// | `Option<NoneRef>` | `nullref` aka `(ref null none)` |
599 /// | `NoneRef` | `(ref none)` |
600 ///
601 /// Note that anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also
602 /// be used.
603 ///
604 /// Any of the Rust types can be returned from the closure as well, in
605 /// addition to some extra types
606 ///
607 /// | Rust Return Type | WebAssembly Return Type | Meaning |
608 /// |-------------------|-------------------------|-----------------------|
609 /// | `()` | nothing | no return value |
610 /// | `T` | `T` | a single return value |
611 /// | `(T1, T2, ...)` | `T1 T2 ...` | multiple returns |
612 ///
613 /// Note that all return types can also be wrapped in `Result<_>` to
614 /// indicate that the host function can generate a trap as well as possibly
615 /// returning a value.
616 ///
617 /// Finally you can also optionally take [`Caller`] as the first argument of
618 /// your closure. If inserted then you're able to inspect the caller's
619 /// state, for example the [`Memory`](crate::Memory) it has exported so you
620 /// can read what pointers point to.
621 ///
622 /// Note that when using this API, the intention is to create as thin of a
623 /// layer as possible for when WebAssembly calls the function provided. With
624 /// sufficient inlining and optimization the WebAssembly will call straight
625 /// into `func` provided, with no extra fluff entailed.
626 ///
627 /// # Why `Send + Sync + 'static`?
628 ///
629 /// All host functions defined in a [`Store`](crate::Store) (including
630 /// those from [`Func::new`] and other constructors) require that the
631 /// `func` provided is `Send + Sync + 'static`. Additionally host functions
632 /// always are `Fn` as opposed to `FnMut` or `FnOnce`. This can at-a-glance
633 /// feel restrictive since the closure cannot close over as many types as
634 /// before. The reason for this, though, is to ensure that
635 /// [`Store<T>`](crate::Store) can implement both the `Send` and `Sync`
636 /// traits.
637 ///
638 /// Fear not, however, because this isn't as restrictive as it seems! Host
639 /// functions are provided a [`Caller<'_, T>`](crate::Caller) argument which
640 /// allows access to the host-defined data within the
641 /// [`Store`](crate::Store). The `T` type is not required to be any of
642 /// `Send`, `Sync`, or `'static`! This means that you can store whatever
643 /// you'd like in `T` and have it accessible by all host functions.
644 /// Additionally mutable access to `T` is allowed through
645 /// [`Caller::data_mut`].
646 ///
647 /// Most host-defined [`Func`] values provide closures that end up not
648 /// actually closing over any values. These zero-sized types will use the
649 /// context from [`Caller`] for host-defined information.
650 ///
651 /// # Errors
652 ///
653 /// The closure provided here to `wrap` can optionally return a
654 /// [`Result<T>`](crate::Result). Returning `Ok(t)` represents the host
655 /// function successfully completing with the `t` result. Returning
656 /// `Err(e)`, however, is equivalent to raising a custom wasm trap.
657 /// Execution of WebAssembly does not resume and the stack is unwound to the
658 /// original caller of the function where the error is returned.
659 ///
660 /// For more information about errors in Wasmtime see the [`Trap`]
661 /// documentation.
662 ///
663 /// [`Trap`]: crate::Trap
664 ///
665 /// # Examples
666 ///
667 /// First up we can see how simple wasm imports can be implemented, such
668 /// as a function that adds its two arguments and returns the result.
669 ///
670 /// ```
671 /// # use wasmtime::*;
672 /// # fn main() -> Result<()> {
673 /// # let mut store = Store::<()>::default();
674 /// let add = Func::wrap(&mut store, |a: i32, b: i32| a + b);
675 /// let module = Module::new(
676 /// store.engine(),
677 /// r#"
678 /// (module
679 /// (import "" "" (func $add (param i32 i32) (result i32)))
680 /// (func (export "foo") (param i32 i32) (result i32)
681 /// local.get 0
682 /// local.get 1
683 /// call $add))
684 /// "#,
685 /// )?;
686 /// let instance = Instance::new(&mut store, &module, &[add.into()])?;
687 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?;
688 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3);
689 /// # Ok(())
690 /// # }
691 /// ```
692 ///
693 /// We can also do the same thing, but generate a trap if the addition
694 /// overflows:
695 ///
696 /// ```
697 /// # use wasmtime::*;
698 /// # fn main() -> Result<()> {
699 /// # let mut store = Store::<()>::default();
700 /// let add = Func::wrap(&mut store, |a: i32, b: i32| {
701 /// match a.checked_add(b) {
702 /// Some(i) => Ok(i),
703 /// None => bail!("overflow"),
704 /// }
705 /// });
706 /// let module = Module::new(
707 /// store.engine(),
708 /// r#"
709 /// (module
710 /// (import "" "" (func $add (param i32 i32) (result i32)))
711 /// (func (export "foo") (param i32 i32) (result i32)
712 /// local.get 0
713 /// local.get 1
714 /// call $add))
715 /// "#,
716 /// )?;
717 /// let instance = Instance::new(&mut store, &module, &[add.into()])?;
718 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?;
719 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3);
720 /// assert!(foo.call(&mut store, (i32::max_value(), 1)).is_err());
721 /// # Ok(())
722 /// # }
723 /// ```
724 ///
725 /// And don't forget all the wasm types are supported!
726 ///
727 /// ```
728 /// # use wasmtime::*;
729 /// # fn main() -> Result<()> {
730 /// # let mut store = Store::<()>::default();
731 /// let debug = Func::wrap(&mut store, |a: i32, b: u32, c: f32, d: i64, e: u64, f: f64| {
732 ///
733 /// println!("a={}", a);
734 /// println!("b={}", b);
735 /// println!("c={}", c);
736 /// println!("d={}", d);
737 /// println!("e={}", e);
738 /// println!("f={}", f);
739 /// });
740 /// let module = Module::new(
741 /// store.engine(),
742 /// r#"
743 /// (module
744 /// (import "" "" (func $debug (param i32 i32 f32 i64 i64 f64)))
745 /// (func (export "foo")
746 /// i32.const -1
747 /// i32.const 1
748 /// f32.const 2
749 /// i64.const -3
750 /// i64.const 3
751 /// f64.const 4
752 /// call $debug))
753 /// "#,
754 /// )?;
755 /// let instance = Instance::new(&mut store, &module, &[debug.into()])?;
756 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?;
757 /// foo.call(&mut store, ())?;
758 /// # Ok(())
759 /// # }
760 /// ```
761 ///
762 /// Finally if you want to get really fancy you can also implement
763 /// imports that read/write wasm module's memory
764 ///
765 /// ```
766 /// use std::str;
767 ///
768 /// # use wasmtime::*;
769 /// # fn main() -> Result<()> {
770 /// # let mut store = Store::default();
771 /// let log_str = Func::wrap(&mut store, |mut caller: Caller<'_, ()>, ptr: i32, len: i32| {
772 /// let mem = match caller.get_export("memory") {
773 /// Some(Extern::Memory(mem)) => mem,
774 /// _ => bail!("failed to find host memory"),
775 /// };
776 /// let data = mem.data(&caller)
777 /// .get(ptr as u32 as usize..)
778 /// .and_then(|arr| arr.get(..len as u32 as usize));
779 /// let string = match data {
780 /// Some(data) => match str::from_utf8(data) {
781 /// Ok(s) => s,
782 /// Err(_) => bail!("invalid utf-8"),
783 /// },
784 /// None => bail!("pointer/length out of bounds"),
785 /// };
786 /// assert_eq!(string, "Hello, world!");
787 /// println!("{}", string);
788 /// Ok(())
789 /// });
790 /// let module = Module::new(
791 /// store.engine(),
792 /// r#"
793 /// (module
794 /// (import "" "" (func $log_str (param i32 i32)))
795 /// (func (export "foo")
796 /// i32.const 4 ;; ptr
797 /// i32.const 13 ;; len
798 /// call $log_str)
799 /// (memory (export "memory") 1)
800 /// (data (i32.const 4) "Hello, world!"))
801 /// "#,
802 /// )?;
803 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?;
804 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?;
805 /// foo.call(&mut store, ())?;
806 /// # Ok(())
807 /// # }
808 /// ```
809 pub fn wrap<T, Params, Results>(
810 store: impl AsContextMut<Data = T>,
811 func: impl IntoFunc<T, Params, Results>,
812 ) -> Func
813 where
814 T: 'static,
815 {
816 Self::try_wrap(store, func).expect(
817 "allocation failure during `Func::wrap` (use `Func::try_wrap` to handle such errors)",
818 )
819 }
820
821 /// Fallible version of [`Func::wrap`] that returns an error on
822 /// out-of-memory instead of panicking.
823 ///
824 /// # Errors
825 ///
826 /// This function will return an [`OutOfMemory`][crate::OutOfMemory] error when
827 /// memory allocation fails. See the `OutOfMemory` type's documentation for
828 /// details on Wasmtime's out-of-memory handling.
829 pub fn try_wrap<T, Params, Results>(
830 mut store: impl AsContextMut<Data = T>,
831 func: impl IntoFunc<T, Params, Results>,
832 ) -> Result<Func>
833 where
834 T: 'static,
835 {
836 let store = store.as_context_mut().0;
837 let engine = store.engine();
838 let host = func.into_func(engine)?;
839
840 // SAFETY: The `T` the closure takes is the same as the `T` of the store
841 // we're inserting into via the type signature above.
842 Ok(unsafe { host.into_func(store)? })
843 }
844
845 /// Same as [`Func::wrap`], except the closure asynchronously produces the
846 /// result and the arguments are passed within a tuple. For more information
847 /// see the [`Func`] documentation.
848 #[cfg(feature = "async")]
849 pub fn wrap_async<T, F, P, R>(mut store: impl AsContextMut<Data = T>, func: F) -> Func
850 where
851 F: for<'a> Fn(Caller<'a, T>, P) -> Box<dyn Future<Output = R> + Send + 'a>
852 + Send
853 + Sync
854 + 'static,
855 P: WasmTyList,
856 R: WasmRet,
857 T: Send + 'static,
858 {
859 let store = store.as_context_mut().0;
860 let host = HostFunc::wrap_async(store.engine(), func).panic_on_oom();
861
862 // SAFETY: The `T` the closure takes is the same as the `T` of the store
863 // we're inserting into via the type signature above.
864 unsafe { host.into_func(store).panic_on_oom() }
865 }
866
867 /// Returns the underlying wasm type that this `Func` has.
868 ///
869 /// # Panics
870 ///
871 /// Panics if `store` does not own this function.
872 pub fn ty(&self, store: impl AsContext) -> FuncType {
873 self.load_ty(&store.as_context().0)
874 }
875
876 /// Forcibly loads the type of this function from the `Engine`.
877 ///
878 /// Note that this is a somewhat expensive method since it requires taking a
879 /// lock as well as cloning a type.
880 pub(crate) fn load_ty(&self, store: &StoreOpaque) -> FuncType {
881 FuncType::from_shared_type_index(store.engine(), self.type_index(store))
882 }
883
884 /// Does this function match the given type?
885 ///
886 /// That is, is this function's type a subtype of the given type?
887 ///
888 /// # Panics
889 ///
890 /// Panics if this function is not associated with the given store or if the
891 /// function type is not associated with the store's engine.
892 pub fn matches_ty(&self, store: impl AsContext, func_ty: &FuncType) -> bool {
893 self._matches_ty(store.as_context().0, func_ty)
894 }
895
896 pub(crate) fn _matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> bool {
897 let actual_ty = self.load_ty(store);
898 actual_ty.matches(func_ty)
899 }
900
901 pub(crate) fn ensure_matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> Result<()> {
902 if !self.comes_from_same_store(store) {
903 bail!("function used with wrong store");
904 }
905 if self._matches_ty(store, func_ty) {
906 Ok(())
907 } else {
908 let actual_ty = self.load_ty(store);
909 bail!("type mismatch: expected {func_ty}, found {actual_ty}")
910 }
911 }
912
913 pub(crate) fn type_index(&self, data: &StoreOpaque) -> VMSharedTypeIndex {
914 unsafe { self.vm_func_ref(data).as_ref().type_index }
915 }
916
917 /// Invokes this function with the `params` given and writes returned values
918 /// to `results`.
919 ///
920 /// The `params` here must match the type signature of this `Func`, or an
921 /// error will occur. Additionally `results` must have the same
922 /// length as the number of results for this function. Calling this function
923 /// will synchronously execute the WebAssembly function referenced to get
924 /// the results.
925 ///
926 /// This function will return `Ok(())` if execution completed without a trap
927 /// or error of any kind. In this situation the results will be written to
928 /// the provided `results` array.
929 ///
930 /// # Errors
931 ///
932 /// Any error which occurs throughout the execution of the function will be
933 /// returned as `Err(e)`. The [`Error`](crate::Error) type can be inspected
934 /// for the precise error cause such as:
935 ///
936 /// * [`Trap`] - indicates that a wasm trap happened and execution was
937 /// halted.
938 /// * [`WasmBacktrace`] - optionally included on errors for backtrace
939 /// information of the trap/error.
940 /// * Other string-based errors to indicate issues such as type errors with
941 /// `params`.
942 /// * Any host-originating error originally returned from a function defined
943 /// via [`Func::new`], for example.
944 /// * The `store` provided is configured to require `call_async` to be used
945 /// instead, such as with epochs or fuel.
946 ///
947 /// Errors typically indicate that execution of WebAssembly was halted
948 /// mid-way and did not complete after the error condition happened.
949 ///
950 /// [`Trap`]: crate::Trap
951 ///
952 /// # Panics
953 ///
954 /// Panics if `store` does not own this function.
955 ///
956 /// [`WasmBacktrace`]: crate::WasmBacktrace
957 ///
958 /// This function will return an [`OutOfMemory`][crate::OutOfMemory] error when
959 /// memory allocation fails. See the `OutOfMemory` type's documentation for
960 /// details on Wasmtime's out-of-memory handling.
961 pub fn call(
962 &self,
963 mut store: impl AsContextMut,
964 params: &[Val],
965 results: &mut [Val],
966 ) -> Result<()> {
967 let mut store = store.as_context_mut();
968 store.0.validate_sync_call()?;
969
970 self.call_impl_check_args(&mut store, params, results)?;
971
972 unsafe { self.call_impl_do_call(&mut store, params, results) }
973 }
974
975 /// Invokes this function in an "unchecked" fashion, reading parameters and
976 /// writing results to `params_and_returns`.
977 ///
978 /// This function is the same as [`Func::call`] except that the arguments
979 /// and results both use a different representation. If possible it's
980 /// recommended to use [`Func::call`] if safety isn't necessary or to use
981 /// [`Func::typed`] in conjunction with [`TypedFunc::call`] since that's
982 /// both safer and faster than this method of invoking a function.
983 ///
984 /// Note that if this function takes `externref` arguments then it will
985 /// **not** automatically GC unlike the [`Func::call`] and
986 /// [`TypedFunc::call`] functions. This means that if this function is
987 /// invoked many times with new `ExternRef` values and no other GC happens
988 /// via any other means then no values will get collected.
989 ///
990 /// # Errors
991 ///
992 /// For more information about errors see the [`Func::call`] documentation.
993 ///
994 /// # Unsafety
995 ///
996 /// This function is unsafe because the `params_and_returns` argument is not
997 /// validated at all. It must uphold invariants such as:
998 ///
999 /// * It's a valid pointer to an array
1000 /// * It has enough space to store all parameters
1001 /// * It has enough space to store all results (not at the same time as
1002 /// parameters)
1003 /// * Parameters are initially written to the array and have the correct
1004 /// types and such.
1005 /// * Reference types like `externref` and `funcref` are valid at the
1006 /// time of this call and for the `store` specified.
1007 ///
1008 /// These invariants are all upheld for you with [`Func::call`] and
1009 /// [`TypedFunc::call`].
1010 pub unsafe fn call_unchecked(
1011 &self,
1012 mut store: impl AsContextMut,
1013 params_and_returns: *mut [ValRaw],
1014 ) -> Result<()> {
1015 let mut store = store.as_context_mut();
1016 let func_ref = self.vm_func_ref(store.0);
1017 let params_and_returns = NonNull::new(params_and_returns).unwrap_or(NonNull::from(&mut []));
1018
1019 // SAFETY: the safety of this function call is the same as the contract
1020 // of this function.
1021 unsafe { Self::call_unchecked_raw(&mut store, func_ref, params_and_returns) }
1022 }
1023
1024 pub(crate) unsafe fn call_unchecked_raw<T>(
1025 store: &mut StoreContextMut<'_, T>,
1026 func_ref: NonNull<VMFuncRef>,
1027 params_and_returns: NonNull<[ValRaw]>,
1028 ) -> Result<()> {
1029 // SAFETY: the safety of this function call is the same as the contract
1030 // of this function.
1031 invoke_wasm_and_catch_traps(store, |caller, vm| unsafe {
1032 VMFuncRef::array_call(func_ref, vm, caller, params_and_returns)
1033 })
1034 }
1035
1036 /// Converts the raw representation of a `funcref` into an `Option<Func>`
1037 ///
1038 /// This is intended to be used in conjunction with [`Func::new_unchecked`],
1039 /// [`Func::call_unchecked`], and [`ValRaw`] with its `funcref` field. This
1040 /// is the dual of [`Func::to_raw`].
1041 ///
1042 /// # Unsafety
1043 ///
1044 /// This function is not safe because `raw` is not validated at all. The
1045 /// caller must guarantee that `raw` is owned by the `store` provided and is
1046 /// valid within the `store`.
1047 pub unsafe fn from_raw(mut store: impl AsContextMut, raw: *mut c_void) -> Option<Func> {
1048 // SAFETY: this function's own contract is that `raw` is owned by store
1049 // to make this safe.
1050 unsafe { Self::_from_raw(store.as_context_mut().0, raw) }
1051 }
1052
1053 /// Same as `from_raw`, but with the internal `StoreOpaque` type.
1054 pub(crate) unsafe fn _from_raw(store: &mut StoreOpaque, raw: *mut c_void) -> Option<Func> {
1055 // SAFETY: this function's own contract is that `raw` is owned by store
1056 // to make this safe.
1057 unsafe {
1058 Some(Func::from_vm_func_ref(
1059 store.id(),
1060 NonNull::new(raw.cast())?,
1061 ))
1062 }
1063 }
1064
1065 /// Extracts the raw value of this `Func`, which is owned by `store`.
1066 ///
1067 /// This function returns a value that's suitable for writing into the
1068 /// `funcref` field of the [`ValRaw`] structure.
1069 ///
1070 /// # Safety
1071 ///
1072 /// The returned value is only valid for as long as the store is alive.
1073 /// This value is safe to pass to [`Func::from_raw`] so long as the same
1074 /// `store` is provided.
1075 pub fn to_raw(&self, mut store: impl AsContextMut) -> *mut c_void {
1076 self.to_raw_(store.as_context_mut().0)
1077 }
1078
1079 pub(crate) fn to_raw_(&self, store: &mut StoreOpaque) -> *mut c_void {
1080 self.vm_func_ref(store).as_ptr().cast()
1081 }
1082
1083 /// Invokes this function with the `params` given, returning the results
1084 /// asynchronously.
1085 ///
1086 /// This function is the same as [`Func::call`] except that it is
1087 /// asynchronous.
1088 ///
1089 /// It's important to note that the execution of WebAssembly will happen
1090 /// synchronously in the `poll` method of the future returned from this
1091 /// function. Wasmtime does not manage its own thread pool or similar to
1092 /// execute WebAssembly in. Future `poll` methods are generally expected to
1093 /// resolve quickly, so it's recommended that you run or poll this future
1094 /// in a "blocking context".
1095 ///
1096 /// For more information see the documentation on [asynchronous
1097 /// configs](crate#async).
1098 ///
1099 /// # Errors
1100 ///
1101 /// For more information on errors see the [`Func::call`] documentation.
1102 ///
1103 /// # Panics
1104 ///
1105 /// Panics if this is called on a function in a synchronous store. This
1106 /// only works with functions defined within an asynchronous store. Also
1107 /// panics if `store` does not own this function.
1108 ///
1109 /// This function will return an [`OutOfMemory`][crate::OutOfMemory] error when
1110 /// memory allocation fails. See the `OutOfMemory` type's documentation for
1111 /// details on Wasmtime's out-of-memory handling.
1112 #[cfg(feature = "async")]
1113 pub async fn call_async(
1114 &self,
1115 mut store: impl AsContextMut<Data: Send>,
1116 params: &[Val],
1117 results: &mut [Val],
1118 ) -> Result<()> {
1119 let mut store = store.as_context_mut();
1120
1121 self.call_impl_check_args(&mut store, params, results)?;
1122
1123 let result = store
1124 .on_fiber(|store| unsafe { self.call_impl_do_call(store, params, results) })
1125 .await??;
1126 Ok(result)
1127 }
1128
1129 /// Perform dynamic checks that the arguments given to us match
1130 /// the signature of this function and are appropriate to pass to this
1131 /// function.
1132 ///
1133 /// This involves checking to make sure we have the right number and types
1134 /// of arguments as well as making sure everything is from the same `Store`.
1135 ///
1136 /// This must be called just before `call_impl_do_call`.
1137 fn call_impl_check_args<T>(
1138 &self,
1139 store: &mut StoreContextMut<'_, T>,
1140 params: &[Val],
1141 results: &mut [Val],
1142 ) -> Result<()> {
1143 let ty = self.load_ty(store.0);
1144 if ty.params().len() != params.len() {
1145 bail!(
1146 "expected {} arguments, got {}",
1147 ty.params().len(),
1148 params.len()
1149 );
1150 }
1151 if ty.results().len() != results.len() {
1152 bail!(
1153 "expected {} results, got {}",
1154 ty.results().len(),
1155 results.len()
1156 );
1157 }
1158
1159 for (ty, arg) in ty.params().zip(params) {
1160 arg.ensure_matches_ty(store.0, &ty)
1161 .context("argument type mismatch")?;
1162 if !arg.comes_from_same_store(store.0) {
1163 bail!("cross-`Store` values are not currently supported");
1164 }
1165 }
1166
1167 Ok(())
1168 }
1169
1170 /// Do the actual call into Wasm.
1171 ///
1172 /// # Safety
1173 ///
1174 /// You must have type checked the arguments by calling
1175 /// `call_impl_check_args` immediately before calling this function. It is
1176 /// only safe to call this function if that one did not return an error.
1177 unsafe fn call_impl_do_call<T>(
1178 &self,
1179 store: &mut StoreContextMut<'_, T>,
1180 params: &[Val],
1181 results: &mut [Val],
1182 ) -> Result<()> {
1183 // Store the argument values into `values_vec`.
1184 let ty = self.load_ty(store.0);
1185 let values_vec_size = params.len().max(ty.results().len());
1186 let mut values_vec = store.0.take_wasm_val_raw_storage();
1187 debug_assert!(values_vec.is_empty());
1188 values_vec.resize_with(values_vec_size, || ValRaw::v128(0))?;
1189 for (arg, slot) in params.iter().cloned().zip(&mut values_vec) {
1190 *slot = arg.to_raw(&mut *store)?;
1191 }
1192
1193 unsafe {
1194 self.call_unchecked(
1195 &mut *store,
1196 core::ptr::slice_from_raw_parts_mut(values_vec.as_mut_ptr(), values_vec_size),
1197 )?;
1198 }
1199
1200 for ((i, slot), val) in results.iter_mut().enumerate().zip(&values_vec) {
1201 let ty = ty.results().nth(i).unwrap();
1202 *slot = unsafe { Val::from_raw(&mut *store, *val, ty) };
1203 }
1204 values_vec.truncate(0);
1205 store.0.save_wasm_val_raw_storage(values_vec);
1206 Ok(())
1207 }
1208
1209 #[inline]
1210 pub(crate) fn vm_func_ref(&self, store: &StoreOpaque) -> NonNull<VMFuncRef> {
1211 self.store.assert_belongs_to(store.id());
1212 self.unsafe_func_ref.as_non_null()
1213 }
1214
1215 pub(crate) fn vmimport(&self, store: &StoreOpaque) -> VMFunctionImport {
1216 // Safety: it should be fine to dereference the funcref pointer while we
1217 // borrow the store.
1218 let func_ref = unsafe { self.vm_func_ref(store).as_ref() };
1219
1220 // Note that this is a load-bearing `unwrap` here, but is never expected
1221 // to trip at runtime. The general problem is that host functions do not
1222 // have a `wasm_call` function so the `VMFuncRef` type has an optional
1223 // pointer there. This is only able to be filled out when a function is
1224 // "paired" with a module where trampolines are present to fill out
1225 // `wasm_call` pointers.
1226 //
1227 // This pairing of modules doesn't happen explicitly but is instead
1228 // managed lazily throughout Wasmtime. Specifically the way this works
1229 // is one of:
1230 //
1231 // * When a host function is created the store's list of modules are
1232 // searched for a wasm trampoline. If not found the `wasm_call` field
1233 // is left blank.
1234 //
1235 // * When a module instantiation happens, which uses this function, the
1236 // module will be used to fill any outstanding holes that it has
1237 // trampolines for.
1238 //
1239 // This means that by the time we get to this point any relevant holes
1240 // should be filled out. Thus if this panic actually triggers then it's
1241 // indicative of a missing `fill` call somewhere else.
1242 let func_import = func_ref.as_vm_function_import().unwrap();
1243
1244 func_import.clone()
1245 }
1246
1247 pub(crate) fn comes_from_same_store(&self, store: &StoreOpaque) -> bool {
1248 self.store == store.id()
1249 }
1250
1251 /// Attempts to extract a typed object from this `Func` through which the
1252 /// function can be called.
1253 ///
1254 /// This function serves as an alternative to [`Func::call`] and
1255 /// [`Func::call_async`]. This method performs a static type check (using
1256 /// the `Params` and `Results` type parameters on the underlying wasm
1257 /// function. If the type check passes then a `TypedFunc` object is returned,
1258 /// otherwise an error is returned describing the typecheck failure.
1259 ///
1260 /// The purpose of this relative to [`Func::call`] is that it's much more
1261 /// efficient when used to invoke WebAssembly functions. With the types
1262 /// statically known far less setup/teardown is required when invoking
1263 /// WebAssembly. If speed is desired then this function is recommended to be
1264 /// used instead of [`Func::call`] (which is more general, hence its
1265 /// slowdown).
1266 ///
1267 /// The `Params` type parameter is used to describe the parameters of the
1268 /// WebAssembly function. This can either be a single type (like `i32`), or
1269 /// a tuple of types representing the list of parameters (like `(i32, f32,
1270 /// f64)`). Additionally you can use `()` to represent that the function has
1271 /// no parameters.
1272 ///
1273 /// The `Results` type parameter is used to describe the results of the
1274 /// function. This behaves the same way as `Params`, but just for the
1275 /// results of the function.
1276 ///
1277 /// # Translating Between WebAssembly and Rust Types
1278 ///
1279 /// Translation between Rust types and WebAssembly types looks like:
1280 ///
1281 /// | WebAssembly | Rust |
1282 /// |-------------------------------------------|---------------------------------------|
1283 /// | `i32` | `i32` or `u32` |
1284 /// | `i64` | `i64` or `u64` |
1285 /// | `f32` | `f32` |
1286 /// | `f64` | `f64` |
1287 /// | `externref` aka `(ref null extern)` | `Option<Rooted<ExternRef>>` |
1288 /// | `(ref extern)` | `Rooted<ExternRef>` |
1289 /// | `nullexternref` aka `(ref null noextern)` | `Option<NoExtern>` |
1290 /// | `(ref noextern)` | `NoExtern` |
1291 /// | `anyref` aka `(ref null any)` | `Option<Rooted<AnyRef>>` |
1292 /// | `(ref any)` | `Rooted<AnyRef>` |
1293 /// | `eqref` aka `(ref null eq)` | `Option<Rooted<EqRef>>` |
1294 /// | `(ref eq)` | `Rooted<EqRef>` |
1295 /// | `i31ref` aka `(ref null i31)` | `Option<I31>` |
1296 /// | `(ref i31)` | `I31` |
1297 /// | `structref` aka `(ref null struct)` | `Option<Rooted<StructRef>>` |
1298 /// | `(ref struct)` | `Rooted<StructRef>` |
1299 /// | `arrayref` aka `(ref null array)` | `Option<Rooted<ArrayRef>>` |
1300 /// | `(ref array)` | `Rooted<ArrayRef>` |
1301 /// | `nullref` aka `(ref null none)` | `Option<NoneRef>` |
1302 /// | `(ref none)` | `NoneRef` |
1303 /// | `funcref` aka `(ref null func)` | `Option<Func>` |
1304 /// | `(ref func)` | `Func` |
1305 /// | `(ref null <func type index>)` | `Option<Func>` |
1306 /// | `(ref <func type index>)` | `Func` |
1307 /// | `nullfuncref` aka `(ref null nofunc)` | `Option<NoFunc>` |
1308 /// | `(ref nofunc)` | `NoFunc` |
1309 /// | `v128` | `V128` on `x86-64` and `aarch64` only |
1310 ///
1311 /// (Note that this mapping is the same as that of [`Func::wrap`], and that
1312 /// anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also appear).
1313 ///
1314 /// Note that once the [`TypedFunc`] return value is acquired you'll use either
1315 /// [`TypedFunc::call`] or [`TypedFunc::call_async`] as necessary to actually invoke
1316 /// the function. This method does not invoke any WebAssembly code, it
1317 /// simply performs a typecheck before returning the [`TypedFunc`] value.
1318 ///
1319 /// This method also has a convenience wrapper as
1320 /// [`Instance::get_typed_func`](crate::Instance::get_typed_func) to
1321 /// directly get a typed function value from an
1322 /// [`Instance`](crate::Instance).
1323 ///
1324 /// ## Subtyping
1325 ///
1326 /// For result types, you can always use a supertype of the WebAssembly
1327 /// function's actual declared result type. For example, if the WebAssembly
1328 /// function was declared with type `(func (result nullfuncref))` you could
1329 /// successfully call `f.typed::<(), Option<Func>>()` because `Option<Func>`
1330 /// corresponds to `funcref`, which is a supertype of `nullfuncref`.
1331 ///
1332 /// For parameter types, you can always use a subtype of the WebAssembly
1333 /// function's actual declared parameter type. For example, if the
1334 /// WebAssembly function was declared with type `(func (param (ref null
1335 /// func)))` you could successfully call `f.typed::<Func, ()>()` because
1336 /// `Func` corresponds to `(ref func)`, which is a subtype of `(ref null
1337 /// func)`.
1338 ///
1339 /// Additionally, for functions which take a reference to a concrete type as
1340 /// a parameter, you can also use the concrete type's supertype. Consider a
1341 /// WebAssembly function that takes a reference to a function with a
1342 /// concrete type: `(ref null <func type index>)`. In this scenario, there
1343 /// is no static `wasmtime::Foo` Rust type that corresponds to that
1344 /// particular Wasm-defined concrete reference type because Wasm modules are
1345 /// loaded dynamically at runtime. You *could* do `f.typed::<Option<NoFunc>,
1346 /// ()>()`, and while that is correctly typed and valid, it is often overly
1347 /// restrictive. The only value you could call the resulting typed function
1348 /// with is the null function reference, but we'd like to call it with
1349 /// non-null function references that happen to be of the correct
1350 /// type. Therefore, `f.typed<Option<Func>, ()>()` is also allowed in this
1351 /// case, even though `Option<Func>` represents `(ref null func)` which is
1352 /// the supertype, not subtype, of `(ref null <func type index>)`. This does
1353 /// imply some minimal dynamic type checks in this case, but it is supported
1354 /// for better ergonomics, to enable passing non-null references into the
1355 /// function.
1356 ///
1357 /// # Errors
1358 ///
1359 /// This function will return an error if `Params` or `Results` does not
1360 /// match the native type of this WebAssembly function.
1361 ///
1362 /// # Panics
1363 ///
1364 /// This method will panic if `store` does not own this function.
1365 ///
1366 /// # Examples
1367 ///
1368 /// An end-to-end example of calling a function which takes no parameters
1369 /// and has no results:
1370 ///
1371 /// ```
1372 /// # use wasmtime::*;
1373 /// # fn main() -> Result<()> {
1374 /// let engine = Engine::default();
1375 /// let mut store = Store::new(&engine, ());
1376 /// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?;
1377 /// let instance = Instance::new(&mut store, &module, &[])?;
1378 /// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function");
1379 ///
1380 /// // Note that this call can fail due to the typecheck not passing, but
1381 /// // in our case we statically know the module so we know this should
1382 /// // pass.
1383 /// let typed = foo.typed::<(), ()>(&store)?;
1384 ///
1385 /// // Note that this can fail if the wasm traps at runtime.
1386 /// typed.call(&mut store, ())?;
1387 /// # Ok(())
1388 /// # }
1389 /// ```
1390 ///
1391 /// You can also pass in multiple parameters and get a result back
1392 ///
1393 /// ```
1394 /// # use wasmtime::*;
1395 /// # fn foo(add: &Func, mut store: Store<()>) -> Result<()> {
1396 /// let typed = add.typed::<(i32, i64), f32>(&store)?;
1397 /// assert_eq!(typed.call(&mut store, (1, 2))?, 3.0);
1398 /// # Ok(())
1399 /// # }
1400 /// ```
1401 ///
1402 /// and similarly if a function has multiple results you can bind that too
1403 ///
1404 /// ```
1405 /// # use wasmtime::*;
1406 /// # fn foo(add_with_overflow: &Func, mut store: Store<()>) -> Result<()> {
1407 /// let typed = add_with_overflow.typed::<(u32, u32), (u32, i32)>(&store)?;
1408 /// let (result, overflow) = typed.call(&mut store, (u32::max_value(), 2))?;
1409 /// assert_eq!(result, 1);
1410 /// assert_eq!(overflow, 1);
1411 /// # Ok(())
1412 /// # }
1413 /// ```
1414 pub fn typed<Params, Results>(
1415 &self,
1416 store: impl AsContext,
1417 ) -> Result<TypedFunc<Params, Results>>
1418 where
1419 Params: WasmParams,
1420 Results: WasmResults,
1421 {
1422 // Type-check that the params/results are all valid
1423 let store = store.as_context().0;
1424 let ty = self.load_ty(store);
1425 Params::typecheck(store.engine(), ty.params(), TypeCheckPosition::Param)
1426 .context("type mismatch with parameters")?;
1427 Results::typecheck(store.engine(), ty.results(), TypeCheckPosition::Result)
1428 .context("type mismatch with results")?;
1429
1430 // and then we can construct the typed version of this function
1431 // (unsafely), which should be safe since we just did the type check above.
1432 unsafe { Ok(TypedFunc::_new_unchecked(store, *self)) }
1433 }
1434
1435 /// Get a stable hash key for this function.
1436 ///
1437 /// Even if the same underlying function is added to the `StoreData`
1438 /// multiple times and becomes multiple `wasmtime::Func`s, this hash key
1439 /// will be consistent across all of these functions.
1440 #[cfg_attr(
1441 not(test),
1442 expect(dead_code, reason = "Not used yet, but added for consistency")
1443 )]
1444 pub(crate) fn hash_key(&self, store: &mut StoreOpaque) -> impl core::hash::Hash + Eq + use<> {
1445 self.vm_func_ref(store).as_ptr().addr()
1446 }
1447}
1448
1449/// Prepares for entrance into WebAssembly.
1450///
1451/// This function will set up context such that `closure` is allowed to call a
1452/// raw trampoline or a raw WebAssembly function. This *must* be called to do
1453/// things like catch traps and set up GC properly.
1454///
1455/// The `closure` provided receives a default "caller" `VMContext` parameter it
1456/// can pass to the called wasm function, if desired.
1457pub(crate) fn invoke_wasm_and_catch_traps<T>(
1458 store: &mut StoreContextMut<'_, T>,
1459 closure: impl FnMut(NonNull<VMContext>, Option<InterpreterRef<'_>>) -> bool,
1460) -> Result<()> {
1461 // The `enter_wasm` call below will reset the store context's
1462 // `stack_chain` to a new `InitialStack`, pointing to the
1463 // stack-allocated `initial_stack_csi`.
1464 let mut initial_stack_csi = VMCommonStackInformation::running_default();
1465 // Stores some state of the runtime just before entering Wasm. Will be
1466 // restored upon exiting Wasm. Note that the `CallThreadState` that is
1467 // created by the `catch_traps` call below will store a pointer to this
1468 // stack-allocated `previous_runtime_state`.
1469 let mut previous_runtime_state = EntryStoreContext::enter_wasm(store, &mut initial_stack_csi);
1470
1471 if let Err(trap) = store.0.call_hook(CallHook::CallingWasm) {
1472 // `previous_runtime_state` implicitly dropped here
1473 return Err(trap);
1474 }
1475 let result = crate::runtime::vm::catch_traps(store, &mut previous_runtime_state, closure);
1476 #[cfg(feature = "component-model")]
1477 if result.is_err() {
1478 store.0.set_trapped();
1479 }
1480 core::mem::drop(previous_runtime_state);
1481 store.0.call_hook(CallHook::ReturningFromWasm)?;
1482 result
1483}
1484
1485/// This type helps managing the state of the runtime when entering and exiting
1486/// Wasm. To this end, it contains a subset of the data in `VMStoreContext`.
1487/// Upon entering Wasm, it updates various runtime fields and their
1488/// original values saved in this struct. Upon exiting Wasm, the previous values
1489/// are restored.
1490pub(crate) struct EntryStoreContext {
1491 /// If set, contains value of `stack_limit` field to restore in
1492 /// `VMStoreContext` when exiting Wasm.
1493 pub stack_limit: Option<usize>,
1494 pub last_wasm_exit_pc: usize,
1495 pub last_wasm_exit_trampoline_fp: usize,
1496 pub last_wasm_entry_fp: usize,
1497 pub last_wasm_entry_sp: usize,
1498 pub last_wasm_entry_trap_handler: usize,
1499 pub stack_chain: VMStackChain,
1500
1501 /// We need a pointer to the runtime limits, so we can update them from
1502 /// `drop`/`exit_wasm`.
1503 vm_store_context: *const VMStoreContext,
1504}
1505
1506impl EntryStoreContext {
1507 /// This function is called to update and save state when
1508 /// WebAssembly is entered within the `Store`.
1509 ///
1510 /// This updates various fields such as:
1511 ///
1512 /// * The stack limit. This is what ensures that we limit the stack space
1513 /// allocated by WebAssembly code and it's relative to the initial stack
1514 /// pointer that called into wasm.
1515 ///
1516 /// It also saves the different last_wasm_* values in the `VMStoreContext`.
1517 pub fn enter_wasm<T>(
1518 store: &mut StoreContextMut<'_, T>,
1519 initial_stack_information: *mut VMCommonStackInformation,
1520 ) -> Self {
1521 let stack_limit;
1522
1523 // If this is a recursive call, e.g. our stack limit is already set, then
1524 // we may be able to skip this function.
1525 //
1526 // For synchronous stores there's nothing else to do because all wasm calls
1527 // happen synchronously and on the same stack. This means that the previous
1528 // stack limit will suffice for the next recursive call.
1529 //
1530 // For asynchronous stores then each call happens on a separate native
1531 // stack. This means that the previous stack limit is no longer relevant
1532 // because we're on a separate stack.
1533 if unsafe { *store.0.vm_store_context().stack_limit.get() } != usize::MAX
1534 && !store.0.can_block()
1535 {
1536 stack_limit = None;
1537 }
1538 // Ignore this stack pointer business on miri since we can't execute wasm
1539 // anyway and the concept of a stack pointer on miri is a bit nebulous
1540 // regardless.
1541 else if cfg!(miri) {
1542 stack_limit = None;
1543 } else {
1544 // When Cranelift has support for the host then we might be running native
1545 // compiled code meaning we need to read the actual stack pointer. If
1546 // Cranelift can't be used though then we're guaranteed to be running pulley
1547 // in which case this stack pointer isn't actually used as Pulley has custom
1548 // mechanisms for stack overflow.
1549 #[cfg(has_host_compiler_backend)]
1550 let stack_pointer = crate::runtime::vm::get_stack_pointer();
1551 #[cfg(not(has_host_compiler_backend))]
1552 let stack_pointer = {
1553 use wasmtime_environ::TripleExt;
1554 debug_assert!(store.engine().target().is_pulley());
1555 usize::MAX
1556 };
1557
1558 // Determine the stack pointer where, after which, any wasm code will
1559 // immediately trap. This is checked on the entry to all wasm functions.
1560 //
1561 // Note that this isn't 100% precise. We are requested to give wasm
1562 // `max_wasm_stack` bytes, but what we're actually doing is giving wasm
1563 // probably a little less than `max_wasm_stack` because we're
1564 // calculating the limit relative to this function's approximate stack
1565 // pointer. Wasm will be executed on a frame beneath this one (or next
1566 // to it). In any case it's expected to be at most a few hundred bytes
1567 // of slop one way or another. When wasm is typically given a MB or so
1568 // (a million bytes) the slop shouldn't matter too much.
1569 //
1570 // After we've got the stack limit then we store it into the `stack_limit`
1571 // variable.
1572 //
1573 // Also note that `saturating_sub` is used here since if the user
1574 // said that the function gets nigh-infinite stack well then by
1575 // golly it'll get nigh-infinite stack in which case the limit is 0.
1576 let wasm_stack_limit =
1577 stack_pointer.saturating_sub(store.engine().config().max_wasm_stack);
1578 let prev_stack = unsafe {
1579 mem::replace(
1580 &mut *store.0.vm_store_context().stack_limit.get(),
1581 wasm_stack_limit,
1582 )
1583 };
1584 stack_limit = Some(prev_stack);
1585 }
1586
1587 unsafe {
1588 let vm_store_context = store.0.vm_store_context();
1589 let new_stack_chain = VMStackChain::InitialStack(initial_stack_information);
1590 *vm_store_context.stack_chain.get() = new_stack_chain;
1591
1592 Self {
1593 stack_limit,
1594 last_wasm_exit_pc: *(*vm_store_context).last_wasm_exit_pc.get(),
1595 last_wasm_exit_trampoline_fp: *(*vm_store_context)
1596 .last_wasm_exit_trampoline_fp
1597 .get(),
1598 last_wasm_entry_fp: *(*vm_store_context).last_wasm_entry_fp.get(),
1599 last_wasm_entry_sp: *(*vm_store_context).last_wasm_entry_sp.get(),
1600 last_wasm_entry_trap_handler: *(*vm_store_context)
1601 .last_wasm_entry_trap_handler
1602 .get(),
1603 stack_chain: (*(*vm_store_context).stack_chain.get()).clone(),
1604 vm_store_context,
1605 }
1606 }
1607 }
1608
1609 /// This function restores the values stored in this struct. We invoke this
1610 /// function through this type's `Drop` implementation. This ensures that we
1611 /// even restore the values if we unwind the stack (e.g., because we are
1612 /// panicking out of a Wasm execution).
1613 #[inline]
1614 fn exit_wasm(&mut self) {
1615 unsafe {
1616 if let Some(limit) = self.stack_limit {
1617 *(&*self.vm_store_context).stack_limit.get() = limit;
1618 }
1619
1620 *(*self.vm_store_context).last_wasm_exit_trampoline_fp.get() =
1621 self.last_wasm_exit_trampoline_fp;
1622 *(*self.vm_store_context).last_wasm_exit_pc.get() = self.last_wasm_exit_pc;
1623 *(*self.vm_store_context).last_wasm_entry_fp.get() = self.last_wasm_entry_fp;
1624 *(*self.vm_store_context).last_wasm_entry_sp.get() = self.last_wasm_entry_sp;
1625 *(*self.vm_store_context).last_wasm_entry_trap_handler.get() =
1626 self.last_wasm_entry_trap_handler;
1627 *(*self.vm_store_context).stack_chain.get() = self.stack_chain.clone();
1628 }
1629 }
1630}
1631
1632impl Drop for EntryStoreContext {
1633 #[inline]
1634 fn drop(&mut self) {
1635 self.exit_wasm();
1636 }
1637}
1638
1639/// A trait implemented for types which can be returned from closures passed to
1640/// [`Func::wrap`] and friends.
1641///
1642/// This trait should not be implemented by user types. This trait may change at
1643/// any time internally. The types which implement this trait, however, are
1644/// stable over time.
1645///
1646/// For more information see [`Func::wrap`]
1647pub unsafe trait WasmRet {
1648 // Same as `WasmTy::compatible_with_store`.
1649 #[doc(hidden)]
1650 fn compatible_with_store(&self, store: &StoreOpaque) -> bool;
1651
1652 /// Stores this return value into the `ptr` specified using the rooted
1653 /// `store`.
1654 ///
1655 /// Traps are communicated through the `Result<_>` return value.
1656 ///
1657 /// # Unsafety
1658 ///
1659 /// This method is unsafe as `ptr` must have the correct length to store
1660 /// this result. This property is only checked in debug mode, not in release
1661 /// mode.
1662 #[doc(hidden)]
1663 unsafe fn store(
1664 self,
1665 store: &mut AutoAssertNoGc<'_>,
1666 ptr: &mut [MaybeUninit<ValRaw>],
1667 ) -> Result<()>;
1668
1669 #[doc(hidden)]
1670 fn func_type(
1671 engine: &Engine,
1672 params: impl Iterator<Item = ValType>,
1673 ) -> Result<FuncType, OutOfMemory>;
1674 #[doc(hidden)]
1675 fn may_gc() -> bool;
1676
1677 // Utilities used to convert an instance of this type to a `Result`
1678 // explicitly, used when wrapping async functions which always bottom-out
1679 // in a function that returns a trap because futures can be cancelled.
1680 #[doc(hidden)]
1681 type Fallible: WasmRet;
1682 #[doc(hidden)]
1683 fn into_fallible(self) -> Self::Fallible;
1684 #[doc(hidden)]
1685 fn fallible_from_error(error: Error) -> Self::Fallible;
1686}
1687
1688unsafe impl<T> WasmRet for T
1689where
1690 T: WasmTy,
1691{
1692 type Fallible = Result<T>;
1693
1694 fn compatible_with_store(&self, store: &StoreOpaque) -> bool {
1695 <Self as WasmTy>::compatible_with_store(self, store)
1696 }
1697
1698 unsafe fn store(
1699 self,
1700 store: &mut AutoAssertNoGc<'_>,
1701 ptr: &mut [MaybeUninit<ValRaw>],
1702 ) -> Result<()> {
1703 debug_assert!(ptr.len() > 0);
1704 // SAFETY: the contract of this function/trait combo is such that `ptr`
1705 // is valid to store this type's value, thus this lookup should be safe.
1706 unsafe { <Self as WasmTy>::store(self, store, ptr.get_unchecked_mut(0)) }
1707 }
1708
1709 fn may_gc() -> bool {
1710 T::may_gc()
1711 }
1712
1713 fn func_type(
1714 engine: &Engine,
1715 params: impl Iterator<Item = ValType>,
1716 ) -> Result<FuncType, OutOfMemory> {
1717 FuncType::try_new(engine, params, Some(<Self as WasmTy>::valtype()))
1718 }
1719
1720 fn into_fallible(self) -> Result<T> {
1721 Ok(self)
1722 }
1723
1724 fn fallible_from_error(error: Error) -> Result<T> {
1725 Err(error)
1726 }
1727}
1728
1729unsafe impl<T> WasmRet for Result<T>
1730where
1731 T: WasmRet,
1732{
1733 type Fallible = Self;
1734
1735 fn compatible_with_store(&self, store: &StoreOpaque) -> bool {
1736 match self {
1737 Ok(x) => <T as WasmRet>::compatible_with_store(x, store),
1738 Err(_) => true,
1739 }
1740 }
1741
1742 unsafe fn store(
1743 self,
1744 store: &mut AutoAssertNoGc<'_>,
1745 ptr: &mut [MaybeUninit<ValRaw>],
1746 ) -> Result<()> {
1747 // SAFETY: the safety of calling this function is the same as calling
1748 // the inner `store`.
1749 unsafe { self.and_then(|val| val.store(store, ptr)) }
1750 }
1751
1752 fn may_gc() -> bool {
1753 T::may_gc()
1754 }
1755
1756 fn func_type(
1757 engine: &Engine,
1758 params: impl Iterator<Item = ValType>,
1759 ) -> Result<FuncType, OutOfMemory> {
1760 T::func_type(engine, params)
1761 }
1762
1763 fn into_fallible(self) -> Result<T> {
1764 self
1765 }
1766
1767 fn fallible_from_error(error: Error) -> Result<T> {
1768 Err(error)
1769 }
1770}
1771
1772macro_rules! impl_wasm_host_results {
1773 ($n:tt $($t:ident)*) => (
1774 #[allow(non_snake_case, reason = "macro-generated code")]
1775 unsafe impl<$($t),*> WasmRet for ($($t,)*)
1776 where
1777 $($t: WasmTy,)*
1778 {
1779 type Fallible = Result<Self>;
1780
1781 #[inline]
1782 fn compatible_with_store(&self, _store: &StoreOpaque) -> bool {
1783 let ($($t,)*) = self;
1784 $( $t.compatible_with_store(_store) && )* true
1785 }
1786
1787 #[inline]
1788 unsafe fn store(
1789 self,
1790 _store: &mut AutoAssertNoGc<'_>,
1791 _ptr: &mut [MaybeUninit<ValRaw>],
1792 ) -> Result<()> {
1793 let ($($t,)*) = self;
1794 let mut _cur = 0;
1795 $(
1796 debug_assert!(_cur < _ptr.len());
1797 // SAFETY: `store`'s unsafe contract is that `_ptr` is
1798 // appropriately sized and additionally safe to call `store`
1799 // for sub-types.
1800 unsafe {
1801 let val = _ptr.get_unchecked_mut(_cur);
1802 _cur += 1;
1803 WasmTy::store($t, _store, val)?;
1804 }
1805 )*
1806 Ok(())
1807 }
1808
1809 #[doc(hidden)]
1810 fn may_gc() -> bool {
1811 $( $t::may_gc() || )* false
1812 }
1813
1814 fn func_type(
1815 engine: &Engine,
1816 params: impl Iterator<Item = ValType>,
1817 ) -> Result<FuncType, OutOfMemory> {
1818 FuncType::try_new(
1819 engine,
1820 params,
1821 IntoIterator::into_iter([$($t::valtype(),)*]),
1822 )
1823 }
1824
1825 #[inline]
1826 fn into_fallible(self) -> Result<Self> {
1827 Ok(self)
1828 }
1829
1830 #[inline]
1831 fn fallible_from_error(error: Error) -> Result<Self> {
1832 Err(error)
1833 }
1834 }
1835 )
1836}
1837
1838for_each_function_signature!(impl_wasm_host_results);
1839
1840/// Internal trait implemented for all arguments that can be passed to
1841/// [`Func::wrap`] and [`Linker::func_wrap`](crate::Linker::func_wrap).
1842///
1843/// This trait should not be implemented by external users, it's only intended
1844/// as an implementation detail of this crate.
1845pub trait IntoFunc<T, Params, Results>: Send + Sync + 'static {
1846 /// Convert this function into a `VM{Array,Native}CallHostFuncContext` and
1847 /// internal `VMFuncRef`.
1848 #[doc(hidden)]
1849 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory>;
1850}
1851
1852macro_rules! impl_into_func {
1853 ($num:tt $arg:ident) => {
1854 // Implement for functions without a leading `Caller` parameter,
1855 // delegating to the implementation below which does have the leading
1856 // `Caller` parameter.
1857 #[expect(non_snake_case, reason = "macro-generated code")]
1858 impl<T, F, $arg, R> IntoFunc<T, $arg, R> for F
1859 where
1860 F: Fn($arg) -> R + Send + Sync + 'static,
1861 $arg: WasmTy,
1862 R: WasmRet,
1863 T: 'static,
1864 {
1865 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> {
1866 let f = move |_: Caller<'_, T>, $arg: $arg| {
1867 self($arg)
1868 };
1869
1870 f.into_func(engine)
1871 }
1872 }
1873
1874 #[expect(non_snake_case, reason = "macro-generated code")]
1875 impl<T, F, $arg, R> IntoFunc<T, (Caller<'_, T>, $arg), R> for F
1876 where
1877 F: Fn(Caller<'_, T>, $arg) -> R + Send + Sync + 'static,
1878 $arg: WasmTy,
1879 R: WasmRet,
1880 T: 'static,
1881 {
1882 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> {
1883 HostFunc::wrap(engine, move |caller: Caller<'_, T>, ($arg,)| {
1884 self(caller, $arg)
1885 })
1886 }
1887 }
1888 };
1889 ($num:tt $($args:ident)*) => {
1890 // Implement for functions without a leading `Caller` parameter,
1891 // delegating to the implementation below which does have the leading
1892 // `Caller` parameter.
1893 #[allow(non_snake_case, reason = "macro-generated code")]
1894 impl<T, F, $($args,)* R> IntoFunc<T, ($($args,)*), R> for F
1895 where
1896 F: Fn($($args),*) -> R + Send + Sync + 'static,
1897 $($args: WasmTy,)*
1898 R: WasmRet,
1899 T: 'static,
1900 {
1901 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> {
1902 let f = move |_: Caller<'_, T>, $($args:$args),*| {
1903 self($($args),*)
1904 };
1905
1906 f.into_func(engine)
1907 }
1908 }
1909
1910 #[allow(non_snake_case, reason = "macro-generated code")]
1911 impl<T, F, $($args,)* R> IntoFunc<T, (Caller<'_, T>, $($args,)*), R> for F
1912 where
1913 F: Fn(Caller<'_, T>, $($args),*) -> R + Send + Sync + 'static,
1914 $($args: WasmTy,)*
1915 R: WasmRet,
1916 T: 'static,
1917 {
1918 fn into_func(self, engine: &Engine) -> Result<HostFunc, OutOfMemory> {
1919 HostFunc::wrap(engine, move |caller: Caller<'_, T>, ( $( $args ),* )| {
1920 self(caller, $( $args ),* )
1921 })
1922 }
1923 }
1924 }
1925}
1926
1927for_each_function_signature!(impl_into_func);
1928
1929/// Trait implemented for various tuples made up of types which implement
1930/// [`WasmTy`] that can be passed to [`Func::wrap_async`].
1931pub unsafe trait WasmTyList {
1932 /// Get the value type that each Type in the list represents.
1933 fn valtypes() -> impl Iterator<Item = ValType>;
1934
1935 // Load a version of `Self` from the `values` provided.
1936 //
1937 // # Safety
1938 //
1939 // This function is unsafe as it's up to the caller to ensure that `values` are
1940 // valid for this given type.
1941 #[doc(hidden)]
1942 unsafe fn load(store: &mut AutoAssertNoGc<'_>, values: &mut [MaybeUninit<ValRaw>]) -> Self;
1943
1944 #[doc(hidden)]
1945 fn may_gc() -> bool;
1946}
1947
1948macro_rules! impl_wasm_ty_list {
1949 ($num:tt $($args:ident)*) => (
1950 #[allow(non_snake_case, reason = "macro-generated code")]
1951 unsafe impl<$($args),*> WasmTyList for ($($args,)*)
1952 where
1953 $($args: WasmTy,)*
1954 {
1955 fn valtypes() -> impl Iterator<Item = ValType> {
1956 IntoIterator::into_iter([$($args::valtype(),)*])
1957 }
1958
1959 unsafe fn load(_store: &mut AutoAssertNoGc<'_>, _values: &mut [MaybeUninit<ValRaw>]) -> Self {
1960 let mut _cur = 0;
1961 ($({
1962 debug_assert!(_cur < _values.len());
1963 // SAFETY: this function's own contract means that `_values`
1964 // is appropriately sized/typed for the internal loads.
1965 unsafe {
1966 let ptr = _values.get_unchecked(_cur).assume_init_ref();
1967 _cur += 1;
1968 $args::load(_store, ptr)
1969 }
1970 },)*)
1971 }
1972
1973 fn may_gc() -> bool {
1974 $( $args::may_gc() || )* false
1975 }
1976 }
1977 );
1978}
1979
1980for_each_function_signature!(impl_wasm_ty_list);
1981
1982/// A structure representing the caller's context when creating a function
1983/// via [`Func::wrap`].
1984///
1985/// This structure can be taken as the first parameter of a closure passed to
1986/// [`Func::wrap`] or other constructors, and serves two purposes:
1987///
1988/// * First consumers can use [`Caller<'_, T>`](crate::Caller) to get access to
1989/// [`StoreContextMut<'_, T>`](crate::StoreContextMut) and/or get access to
1990/// `T` itself. This means that the [`Caller`] type can serve as a proxy to
1991/// the original [`Store`](crate::Store) itself and is used to satisfy
1992/// [`AsContext`] and [`AsContextMut`] bounds.
1993///
1994/// * Second a [`Caller`] can be used as the name implies, learning about the
1995/// caller's context, namely it's exported memory and exported functions. This
1996/// allows functions which take pointers as arguments to easily read the
1997/// memory the pointers point into, or if a function is expected to call
1998/// malloc in the wasm module to reserve space for the output you can do that.
1999///
2000/// Host functions which want access to [`Store`](crate::Store)-level state are
2001/// recommended to use this type.
2002pub struct Caller<'a, T: 'static> {
2003 pub(crate) store: StoreContextMut<'a, T>,
2004 caller: Instance,
2005}
2006
2007impl<T> Caller<'_, T> {
2008 fn sub_caller(&mut self) -> Caller<'_, T> {
2009 Caller {
2010 store: self.store.as_context_mut(),
2011 caller: self.caller,
2012 }
2013 }
2014
2015 /// Looks up an export from the caller's module by the `name` given.
2016 ///
2017 /// This is a low-level function that's typically used to implement passing
2018 /// of pointers or indices between core Wasm instances, where the callee
2019 /// needs to consult the caller's exports to perform memory management and
2020 /// resolve the references.
2021 ///
2022 /// For comparison, in components, the component model handles translating
2023 /// arguments from one component instance to another and managing memory, so
2024 /// that callees don't need to be aware of their callers, which promotes
2025 /// virtualizability of APIs.
2026 ///
2027 /// # Return
2028 ///
2029 /// If an export with the `name` provided was found, then it is returned as an
2030 /// `Extern`. There are a number of situations, however, where the export may not
2031 /// be available:
2032 ///
2033 /// * The caller instance may not have an export named `name`
2034 /// * There may not be a caller available, for example if `Func` was called
2035 /// directly from host code.
2036 ///
2037 /// It's recommended to take care when calling this API and gracefully
2038 /// handling a `None` return value.
2039 pub fn get_export(&mut self, name: &str) -> Option<Extern> {
2040 // All instances created have a `host_state` with a pointer pointing
2041 // back to themselves. If this caller doesn't have that `host_state`
2042 // then it probably means it was a host-created object like `Func::new`
2043 // which doesn't have any exports we want to return anyway.
2044 self.caller.get_export(&mut self.store, name)
2045 }
2046
2047 /// Looks up an exported [`Extern`] value by a [`ModuleExport`] value.
2048 ///
2049 /// This is similar to [`Self::get_export`] but uses a [`ModuleExport`]
2050 /// value to avoid string lookups where possible. [`ModuleExport`]s can be
2051 /// obtained by calling [`Module::get_export_index`] on the [`Module`] that
2052 /// an instance was instantiated with.
2053 ///
2054 /// This method will search the module for an export with a matching entity index and return
2055 /// the value, if found.
2056 ///
2057 /// Returns `None` if there was no export with a matching entity index.
2058 ///
2059 /// [`Module::get_export_index`]: crate::Module::get_export_index
2060 /// [`Module`]: crate::Module
2061 ///
2062 /// # Panics
2063 ///
2064 /// Panics if `store` does not own this instance.
2065 ///
2066 /// # Usage
2067 /// ```
2068 /// use std::str;
2069 ///
2070 /// # use wasmtime::*;
2071 /// # fn main() -> Result<()> {
2072 /// # let mut store = Store::default();
2073 ///
2074 /// let module = Module::new(
2075 /// store.engine(),
2076 /// r#"
2077 /// (module
2078 /// (import "" "" (func $log_str (param i32 i32)))
2079 /// (func (export "foo")
2080 /// i32.const 4 ;; ptr
2081 /// i32.const 13 ;; len
2082 /// call $log_str)
2083 /// (memory (export "memory") 1)
2084 /// (data (i32.const 4) "Hello, world!"))
2085 /// "#,
2086 /// )?;
2087 ///
2088 /// let Some(module_export) = module.get_export_index("memory") else {
2089 /// bail!("failed to find `memory` export in module");
2090 /// };
2091 ///
2092 /// let log_str = Func::wrap(&mut store, move |mut caller: Caller<'_, ()>, ptr: i32, len: i32| {
2093 /// let mem = match caller.get_module_export(&module_export) {
2094 /// Some(Extern::Memory(mem)) => mem,
2095 /// _ => bail!("failed to find host memory"),
2096 /// };
2097 /// let data = mem.data(&caller)
2098 /// .get(ptr as u32 as usize..)
2099 /// .and_then(|arr| arr.get(..len as u32 as usize));
2100 /// let string = match data {
2101 /// Some(data) => match str::from_utf8(data) {
2102 /// Ok(s) => s,
2103 /// Err(_) => bail!("invalid utf-8"),
2104 /// },
2105 /// None => bail!("pointer/length out of bounds"),
2106 /// };
2107 /// assert_eq!(string, "Hello, world!");
2108 /// println!("{}", string);
2109 /// Ok(())
2110 /// });
2111 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?;
2112 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?;
2113 /// foo.call(&mut store, ())?;
2114 /// # Ok(())
2115 /// # }
2116 /// ```
2117 pub fn get_module_export(&mut self, export: &ModuleExport) -> Option<Extern> {
2118 self.caller.get_module_export(&mut self.store, export)
2119 }
2120
2121 /// Access the underlying data owned by this `Store`.
2122 ///
2123 /// Same as [`Store::data`](crate::Store::data)
2124 pub fn data(&self) -> &T {
2125 self.store.data()
2126 }
2127
2128 /// Access the underlying data owned by this `Store`.
2129 ///
2130 /// Same as [`Store::data_mut`](crate::Store::data_mut)
2131 pub fn data_mut(&mut self) -> &mut T {
2132 self.store.data_mut()
2133 }
2134
2135 /// Returns the underlying [`Engine`] this store is connected to.
2136 pub fn engine(&self) -> &Engine {
2137 self.store.engine()
2138 }
2139
2140 /// Perform garbage collection.
2141 ///
2142 /// Same as [`Store::gc`](crate::Store::gc).
2143 #[cfg(feature = "gc")]
2144 pub fn gc(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>) -> Result<()> {
2145 self.store.gc(why)
2146 }
2147
2148 /// Returns the current capacity of the GC heap in bytes.
2149 ///
2150 /// Same as [`Store::gc_heap_capacity`](crate::Store::gc_heap_capacity).
2151 #[cfg(feature = "gc")]
2152 pub fn gc_heap_capacity(&self) -> usize {
2153 self.store.0.gc_heap_capacity()
2154 }
2155
2156 /// Perform garbage collection asynchronously.
2157 ///
2158 /// Same as [`Store::gc_async`](crate::Store::gc_async).
2159 #[cfg(all(feature = "async", feature = "gc"))]
2160 pub async fn gc_async(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>)
2161 where
2162 T: Send + 'static,
2163 {
2164 self.store.gc_async(why).await;
2165 }
2166
2167 /// Returns the remaining fuel in the store.
2168 ///
2169 /// For more information see [`Store::get_fuel`](crate::Store::get_fuel)
2170 pub fn get_fuel(&self) -> Result<u64> {
2171 self.store.get_fuel()
2172 }
2173
2174 /// Set the amount of fuel in this store to be consumed when executing wasm code.
2175 ///
2176 /// For more information see [`Store::set_fuel`](crate::Store::set_fuel)
2177 pub fn set_fuel(&mut self, fuel: u64) -> Result<()> {
2178 self.store.set_fuel(fuel)
2179 }
2180
2181 /// Configures this `Store` to yield while executing futures every N units of fuel.
2182 ///
2183 /// For more information see
2184 /// [`Store::fuel_async_yield_interval`](crate::Store::fuel_async_yield_interval)
2185 #[cfg(feature = "async")]
2186 pub fn fuel_async_yield_interval(&mut self, interval: Option<u64>) -> Result<()> {
2187 self.store.fuel_async_yield_interval(interval)
2188 }
2189}
2190
2191impl<T: 'static> AsContext for Caller<'_, T> {
2192 type Data = T;
2193 fn as_context(&self) -> StoreContext<'_, T> {
2194 self.store.as_context()
2195 }
2196}
2197
2198impl<T: 'static> AsContextMut for Caller<'_, T> {
2199 fn as_context_mut(&mut self) -> StoreContextMut<'_, T> {
2200 self.store.as_context_mut()
2201 }
2202}
2203
2204impl<'a, T: 'static> From<Caller<'a, T>> for StoreContextMut<'a, T> {
2205 fn from(caller: Caller<'a, T>) -> Self {
2206 caller.store
2207 }
2208}
2209
2210/// Representation of a host-defined function.
2211///
2212/// This is used for `Func::new` but also for `Linker`-defined functions. For
2213/// `Func::new` this is stored within a `Store`, and for `Linker`-defined
2214/// functions they wrap this up in `Arc` to enable shared ownership of this
2215/// across many stores.
2216///
2217/// Technically this structure needs a `<T>` type parameter to connect to the
2218/// `Store<T>` itself, but that's an unsafe contract of using this for now
2219/// rather than part of the struct type (to avoid `Func<T>` in the API).
2220#[doc(hidden)]
2221pub struct HostFunc {
2222 ctx: StoreBox<VMArrayCallHostFuncContext>,
2223
2224 /// Whether or not this function was defined with an `async` host function,
2225 /// meaning that it is only invocable when wasm is itself on a fiber to
2226 /// support suspension on `Poll::Pending`.
2227 ///
2228 /// This is used to propagate to an `InstancePre` and then eventually into a
2229 /// `Store` as to whether the store requires async entrypoints.
2230 asyncness: Asyncness,
2231
2232 // Stored to unregister this function's signature with the engine when this
2233 // is dropped.
2234 engine: Engine,
2235}
2236
2237// State stored inside a `VMArrayCallHostFuncContext`.
2238struct HostFuncState<F> {
2239 // The actual host function.
2240 func: F,
2241
2242 // NB: We have to keep our `VMSharedTypeIndex` registered in the engine for
2243 // as long as this function exists.
2244 _ty: RegisteredType,
2245}
2246
2247impl core::fmt::Debug for HostFunc {
2248 fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
2249 f.debug_struct("HostFunc").finish_non_exhaustive()
2250 }
2251}
2252
2253impl HostFunc {
2254 /// Requires that the signature in `ctx` is already registered
2255 /// within `Engine`, which is done by [`Self::vmctx_sync`] and
2256 /// [`Self::vmctx_async`].
2257 ///
2258 /// This is an internal private constructor for this type intended to only
2259 /// be used by other constructors of this type below.
2260 fn new_raw(
2261 engine: &Engine,
2262 ctx: StoreBox<VMArrayCallHostFuncContext>,
2263 asyncness: Asyncness,
2264 ) -> Self {
2265 HostFunc {
2266 ctx,
2267 engine: engine.clone(),
2268 asyncness,
2269 }
2270 }
2271
2272 /// Constructor of a host function's `VMContext` for synchronous functions.
2273 ///
2274 /// This creates a `VMArrayCallHostFuncContext` which under the hood will
2275 /// be viewed as `VMContext` in the eventually created `VMFuncRef`.
2276 fn vmctx_sync<F, T>(
2277 engine: &Engine,
2278 ty: FuncType,
2279 func: F,
2280 ) -> Result<StoreBox<VMArrayCallHostFuncContext>, OutOfMemory>
2281 where
2282 F: Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + Send + Sync + 'static,
2283 T: 'static,
2284 {
2285 assert!(ty.comes_from_same_engine(engine));
2286
2287 unsafe {
2288 VMArrayCallHostFuncContext::new(
2289 Self::array_call_trampoline::<T, F>,
2290 ty.type_index(),
2291 try_new::<Box<_>>(HostFuncState {
2292 func,
2293 _ty: ty.into_registered_type(),
2294 })?,
2295 )
2296 }
2297 }
2298
2299 /// Constructor of a host function's `VMContext` for asynchronous functions.
2300 ///
2301 /// This creates a `VMArrayCallHostFuncContext` which under the hood will
2302 /// be viewed as `VMContext` in the eventually created `VMFuncRef`.
2303 ///
2304 /// Note that `ctx: U` is forwarded directly to `func`. This is subtly
2305 /// different than closing over data in `F` because the future returned by
2306 /// `F` can't refer to any data it closes over. The purpose of `U` is to
2307 /// enable the returned future to be able to close over data generally
2308 /// captured in the closures generated here.
2309 #[cfg(feature = "async")]
2310 fn vmctx_async<F, T, U>(
2311 engine: &Engine,
2312 ty: FuncType,
2313 ctx: U,
2314 func: F,
2315 ) -> Result<StoreBox<VMArrayCallHostFuncContext>, OutOfMemory>
2316 where
2317 F: for<'a> Fn(
2318 Caller<'a, T>,
2319 &'a mut [MaybeUninit<ValRaw>],
2320 &'a U,
2321 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a>
2322 + Send
2323 + Sync
2324 + 'static,
2325 T: 'static,
2326 U: Send + Sync + 'static,
2327 {
2328 // Eventually we want to remove `with_blocking` + `block_on` from
2329 // Wasmtime. For now this is the attempt to keep it as low-level as
2330 // possible.
2331 //
2332 // Generally it's a lie to run async things on top of sync things and
2333 // it's caused many headaches. For now it's the best that can be done.
2334 Self::vmctx_sync(engine, ty, move |Caller { store, caller }, args| {
2335 store.with_blocking(|store, cx| {
2336 cx.block_on(core::pin::Pin::from(func(
2337 Caller { store, caller },
2338 args,
2339 &ctx,
2340 )))
2341 })?
2342 })
2343 }
2344
2345 /// Entrypoint of WebAssembly back into the host.
2346 ///
2347 /// This is the standard wasmtime "array call signature" which then
2348 /// delegates internally to the host. This assumes that `callee_vmctx` is a
2349 /// `VMArrayCallHostFuncContext` which was built above with
2350 /// `HostFuncState<F>` internally. This internal function is then used to
2351 /// dispatch based on the arguments.
2352 ///
2353 /// Details handled by this wrapper are:
2354 ///
2355 /// * Host panics are handled (`enter_host_from_wasm`)
2356 /// * `F` is loaded from `callee_vmctx`
2357 /// * `Caller` is constructed to pass to `F`
2358 /// * A GC LIFO scope is maintained around the execution of `F`.
2359 /// * Call hooks for entering/leaving the host are maintained.
2360 unsafe extern "C" fn array_call_trampoline<T, F>(
2361 callee_vmctx: NonNull<VMOpaqueContext>,
2362 caller_vmctx: NonNull<VMContext>,
2363 args: NonNull<ValRaw>,
2364 args_len: usize,
2365 ) -> bool
2366 where
2367 F: Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + 'static,
2368 T: 'static,
2369 {
2370 let run = |store: &mut dyn crate::vm::VMStore, instance: InstanceId| {
2371 // SAFETY: correct usage of this trampoline requires correct
2372 // ascription of `T`, so it's the caller's responsibility to line
2373 // this up.
2374 let mut store = unsafe { store.unchecked_context_mut() };
2375
2376 // Handle the entry call hook, with a corresponding exit call hook
2377 // below.
2378 store.0.call_hook(CallHook::CallingHost)?;
2379
2380 // SAFETY: this function itself requires that the `vmctx` is
2381 // valid to use here.
2382 let state = unsafe {
2383 let vmctx = VMArrayCallHostFuncContext::from_opaque(callee_vmctx);
2384 vmctx.as_ref().host_state()
2385 };
2386
2387 // Double-check ourselves in debug mode, but we control the
2388 // `Any` here so an unsafe downcast should also work.
2389 //
2390 // SAFETY: this function is only usable with `F`.
2391 let state = unsafe {
2392 debug_assert!(state.is::<HostFuncState<F>>());
2393 &*(state as *const _ as *const HostFuncState<F>)
2394 };
2395
2396 let (gc_lifo_scope, ret) = {
2397 let gc_lifo_scope = store.0.gc_roots().enter_lifo_scope();
2398
2399 let mut args = NonNull::slice_from_raw_parts(args.cast(), args_len);
2400 // SAFETY: it's a contract of this function itself that the values
2401 // provided are valid to view as a slice.
2402 let args = unsafe { args.as_mut() };
2403
2404 let ret = (state.func)(
2405 Caller {
2406 caller: Instance::from_wasmtime(instance, store.0),
2407 store: store.as_context_mut(),
2408 },
2409 args,
2410 );
2411
2412 (gc_lifo_scope, ret)
2413 };
2414
2415 store.0.exit_gc_lifo_scope(gc_lifo_scope);
2416
2417 // Note that if this returns a trap then `ret` is discarded
2418 // entirely.
2419 store.0.call_hook(CallHook::ReturningFromHost)?;
2420
2421 ret
2422 };
2423
2424 // SAFETY: this is an entrypoint of wasm which requires correct type
2425 // ascription of `T` itself, meaning that this should be safe to call
2426 // both `enter_host_from_wasm` as well as `unchecked_context_mut`.
2427 unsafe { vm::Instance::enter_host_from_wasm(caller_vmctx, run) }
2428 }
2429 /// Analog of [`Func::new_unchecked`]
2430 ///
2431 /// # Panics
2432 ///
2433 /// Panics if the given function type is not associated with the given
2434 /// engine.
2435 ///
2436 /// # Safety
2437 ///
2438 /// The `func` provided must operate according to the `ty` provided to
2439 /// ensure it's reading the correctly-typed parameters and writing the
2440 /// correctly-typed results.
2441 pub unsafe fn new_unchecked<T>(
2442 engine: &Engine,
2443 ty: FuncType,
2444 func: impl Fn(Caller<'_, T>, &mut [MaybeUninit<ValRaw>]) -> Result<()> + Send + Sync + 'static,
2445 ) -> Result<Self, OutOfMemory>
2446 where
2447 T: 'static,
2448 {
2449 Ok(HostFunc::new_raw(
2450 engine,
2451 Self::vmctx_sync(engine, ty, func)?,
2452 Asyncness::No,
2453 ))
2454 }
2455
2456 /// Analog of [`Func::new`]
2457 ///
2458 /// # Panics
2459 ///
2460 /// Panics if the given function type is not associated with the given
2461 /// engine.
2462 pub fn new<T>(
2463 engine: &Engine,
2464 ty: FuncType,
2465 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static,
2466 ) -> Result<Self, OutOfMemory>
2467 where
2468 T: 'static,
2469 {
2470 // NB: this is "duplicated" below in `new_async`, so try to keep the
2471 // two in sync.
2472 Ok(HostFunc::new_raw(
2473 engine,
2474 Self::vmctx_sync(engine, ty.clone(), move |mut caller, values| {
2475 // SAFETY: Wasmtime in general provides the guarantee that
2476 // `values` matches `ty`, so this should be safe.
2477 let mut vec = unsafe { Self::load_untyped_params(caller.store.0, &ty, values) };
2478 let (params, results) = vec.split_at_mut(ty.params().len());
2479 func(caller.sub_caller(), params, results)?;
2480 Self::store_untyped_results(caller.store, &ty, vec, values)
2481 })?,
2482 Asyncness::No,
2483 ))
2484 }
2485
2486 /// Analog of [`Func::new_async`]
2487 ///
2488 /// # Panics
2489 ///
2490 /// Panics if the given function type is not associated with the given
2491 /// engine.
2492 #[cfg(feature = "async")]
2493 pub fn new_async<T, F>(engine: &Engine, ty: FuncType, func: F) -> Result<Self, OutOfMemory>
2494 where
2495 F: for<'a> Fn(
2496 Caller<'a, T>,
2497 &'a [Val],
2498 &'a mut [Val],
2499 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a>
2500 + Send
2501 + Sync
2502 + 'static,
2503 T: Send + 'static,
2504 {
2505 // NB: this is "duplicated" above in `new`, so try to keep the two in
2506 // sync.
2507 Ok(HostFunc::new_raw(
2508 engine,
2509 Self::vmctx_async(
2510 engine,
2511 ty.clone(),
2512 (ty, func),
2513 move |mut caller, values, (ty, func)| {
2514 Box::new(async move {
2515 // SAFETY: Wasmtime in general provides the guarantee that
2516 // `values` matches `ty`, so this should be safe.
2517 let mut vec =
2518 unsafe { Self::load_untyped_params(caller.store.0, &ty, values) };
2519 let (params, results) = vec.split_at_mut(ty.params().len());
2520 core::pin::Pin::from(func(caller.sub_caller(), params, results)).await?;
2521 Self::store_untyped_results(caller.store, &ty, vec, values)
2522 })
2523 },
2524 )?,
2525 Asyncness::Yes,
2526 ))
2527 }
2528
2529 /// Loads the the parameters of `ty` from `params` into a vector.
2530 ///
2531 /// This additionally pushes space onto the vector for all results to split
2532 /// the vector into params/results halves.
2533 ///
2534 /// # Safety
2535 ///
2536 /// Requires that `params` matches the parameters loaded by `P`.
2537 unsafe fn load_untyped_params(
2538 store: &mut StoreOpaque,
2539 ty: &FuncType,
2540 params: &mut [MaybeUninit<ValRaw>],
2541 ) -> Vec<Val> {
2542 let mut val_vec = store.take_hostcall_val_storage();
2543 debug_assert!(val_vec.is_empty());
2544 let nparams = ty.params().len();
2545 val_vec.reserve(nparams + ty.results().len());
2546 let mut store = AutoAssertNoGc::new(store);
2547 for (i, ty) in ty.params().enumerate() {
2548 val_vec.push(unsafe { Val::_from_raw(&mut store, params[i].assume_init(), &ty) })
2549 }
2550
2551 val_vec.extend((0..ty.results().len()).map(|_| Val::null_func_ref()));
2552 val_vec
2553 }
2554
2555 /// Stores the results, at the end of `args_then_results` according to `ty`,
2556 /// into `storage`.
2557 fn store_untyped_results<T>(
2558 mut store: StoreContextMut<'_, T>,
2559 ty: &FuncType,
2560 mut args_then_results: Vec<Val>,
2561 storage: &mut [MaybeUninit<ValRaw>],
2562 ) -> Result<()> {
2563 // Unlike our arguments we need to dynamically check that the return
2564 // values produced are correct. There could be a bug in `func` that
2565 // produces the wrong number, wrong types, or wrong stores of
2566 // values, and we need to catch that here.
2567 let results = &args_then_results[ty.params().len()..];
2568 for (i, (ret, ty)) in results.iter().zip(ty.results()).enumerate() {
2569 ret.ensure_matches_ty(store.0, &ty)
2570 .context("function attempted to return an incompatible value")?;
2571 storage[i].write(ret.to_raw(store.as_context_mut())?);
2572 }
2573
2574 // Restore our `val_vec` back into the store so it's usable for the next
2575 // hostcall to reuse our own storage.
2576 args_then_results.truncate(0);
2577 store.0.save_hostcall_val_storage(args_then_results);
2578 Ok(())
2579 }
2580
2581 /// Analog of [`Func::wrap`]
2582 pub fn wrap<T, F, P, R>(engine: &Engine, func: F) -> Result<Self, OutOfMemory>
2583 where
2584 F: Fn(Caller<'_, T>, P) -> R + Send + Sync + 'static,
2585 P: WasmTyList,
2586 R: WasmRet,
2587 T: 'static,
2588 {
2589 // NB: this entire function is "duplicated" below in `wrap_async`, so
2590 // try to keep the two in sync.
2591 let ty = R::func_type(engine, None::<ValType>.into_iter().chain(P::valtypes()))?;
2592
2593 let ctx = Self::vmctx_sync(engine, ty, move |mut caller, args| {
2594 // SAFETY: `args` matching `ty` is provided by `HostFunc` and
2595 // wasmtime's ambient correctness.
2596 let params = unsafe { Self::load_typed_params(caller.store.0, args) };
2597 let ret = func(caller.sub_caller(), params).into_fallible();
2598 // SAFETY: `args` matching `ty` is provided by `HostFunc` and
2599 // wasmtime's ambient correctness.
2600 unsafe { Self::store_typed_results(caller.store.0, ret, args) }
2601 })?;
2602 Ok(HostFunc::new_raw(engine, ctx, Asyncness::No))
2603 }
2604
2605 /// Analog of [`Func::wrap_async`]
2606 #[cfg(feature = "async")]
2607 pub fn wrap_async<T, F, P, R>(engine: &Engine, func: F) -> Result<Self, OutOfMemory>
2608 where
2609 F: for<'a> Fn(Caller<'a, T>, P) -> Box<dyn Future<Output = R> + Send + 'a>
2610 + Send
2611 + Sync
2612 + 'static,
2613 P: WasmTyList,
2614 R: WasmRet,
2615 T: Send + 'static,
2616 {
2617 // NB: this entire function is "duplicated" above in `wrap`, so try to
2618 // keep the two in sync.
2619 let ty = R::func_type(engine, None::<ValType>.into_iter().chain(P::valtypes()))?;
2620
2621 let ctx = Self::vmctx_async(engine, ty, func, move |mut caller, args, func| {
2622 Box::new(async move {
2623 // SAFETY: `args` matching `ty` is provided by `HostFunc` and
2624 // wasmtime's ambient correctness.
2625 let params = unsafe { Self::load_typed_params(caller.store.0, args) };
2626 let ret = core::pin::Pin::from(func(caller.sub_caller(), params)).await;
2627 // SAFETY: `args` matching `ty` is provided by `HostFunc` and
2628 // wasmtime's ambient correctness.
2629 unsafe { Self::store_typed_results(caller.store.0, ret.into_fallible(), args) }
2630 })
2631 })?;
2632 Ok(HostFunc::new_raw(engine, ctx, Asyncness::Yes))
2633 }
2634
2635 /// Loads the typed parameters from `params`
2636 ///
2637 /// # Safety
2638 ///
2639 /// Requires that `params` matches the parameters loaded by `P`.
2640 unsafe fn load_typed_params<P>(store: &mut StoreOpaque, params: &mut [MaybeUninit<ValRaw>]) -> P
2641 where
2642 P: WasmTyList,
2643 {
2644 let mut store = if P::may_gc() {
2645 AutoAssertNoGc::new(store)
2646 } else {
2647 unsafe { AutoAssertNoGc::disabled(store) }
2648 };
2649 // SAFETY: this function's own safety contract is the same as `P::load`.
2650 unsafe { P::load(&mut store, params) }
2651 }
2652
2653 /// Stores the results of `R` into the array provided.
2654 ///
2655 /// # Safety
2656 ///
2657 /// Requires that `ret` matches the result `storage` space. See `WasmRet`
2658 /// for more safety info.
2659 unsafe fn store_typed_results<R>(
2660 store: &mut StoreOpaque,
2661 ret: R,
2662 storage: &mut [MaybeUninit<ValRaw>],
2663 ) -> Result<()>
2664 where
2665 R: WasmRet,
2666 {
2667 ensure!(
2668 ret.compatible_with_store(store),
2669 "host function attempted to return cross-`Store` value to Wasm",
2670 );
2671
2672 let mut store = if R::may_gc() {
2673 AutoAssertNoGc::new(store)
2674 } else {
2675 unsafe { AutoAssertNoGc::disabled(store) }
2676 };
2677 // SAFETY: this safety contract is the same as this own function's
2678 // safety contract.
2679 unsafe {
2680 ret.store(&mut store, storage)?;
2681 }
2682 Ok(())
2683 }
2684
2685 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to
2686 /// it.
2687 ///
2688 /// # Unsafety
2689 ///
2690 /// Can only be inserted into stores with a matching `T` relative to when
2691 /// this `HostFunc` was first created.
2692 pub unsafe fn to_func(self: &Arc<Self>, store: &mut StoreOpaque) -> Result<Func, OutOfMemory> {
2693 self.validate_store(store);
2694 let (funcrefs, modules) = store.func_refs_and_modules();
2695 let funcref = funcrefs.push_arc_host(self.clone(), modules)?;
2696 // SAFETY: this funcref was just pushed within the store, so it's safe
2697 // to say this store owns it.
2698 Ok(unsafe { Func::from_vm_func_ref(store.id(), funcref) })
2699 }
2700
2701 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to
2702 /// it.
2703 ///
2704 /// This function is similar to, but not equivalent, to `HostFunc::to_func`.
2705 /// Notably this function requires that the `Arc<Self>` pointer is otherwise
2706 /// rooted within the `StoreOpaque` via another means. When in doubt use
2707 /// `to_func` above as it's safer.
2708 ///
2709 /// # Unsafety
2710 ///
2711 /// Can only be inserted into stores with a matching `T` relative to when
2712 /// this `HostFunc` was first created.
2713 ///
2714 /// Additionally the `&Arc<Self>` is not cloned in this function. Instead a
2715 /// raw pointer to `Self` is stored within the `Store` for this function.
2716 /// The caller must arrange for the `Arc<Self>` to be "rooted" in the store
2717 /// provided via another means, probably by pushing to
2718 /// `StoreOpaque::rooted_host_funcs`.
2719 ///
2720 /// Similarly, the caller must arrange for `rooted_func_ref` to be rooted in
2721 /// the same store and additionally be a valid pointer.
2722 pub unsafe fn to_func_store_rooted(
2723 self: &Arc<Self>,
2724 store: &mut StoreOpaque,
2725 rooted_func_ref: Option<NonNull<VMFuncRef>>,
2726 ) -> Func {
2727 self.validate_store(store);
2728
2729 match rooted_func_ref {
2730 Some(funcref) => {
2731 // SAFETY: it's a contract of this function itself that
2732 // `funcref` is safe to read.
2733 unsafe {
2734 debug_assert!(funcref.as_ref().wasm_call.is_some());
2735 }
2736 // SAFETY: it's a contract of this function that `funcref` is
2737 // owned by `store`.
2738 unsafe { Func::from_vm_func_ref(store.id(), funcref) }
2739 }
2740 None => {
2741 debug_assert!(self.func_ref().wasm_call.is_some());
2742
2743 // SAFETY: it's an unsafe contract of this function that we are
2744 // rooted within the store to say that the store owns a copy of
2745 // this funcref.
2746 unsafe { Func::from_vm_func_ref(store.id(), self.func_ref().into()) }
2747 }
2748 }
2749 }
2750
2751 /// Same as [`HostFunc::to_func`], different ownership.
2752 unsafe fn into_func(self, store: &mut StoreOpaque) -> Result<Func, OutOfMemory> {
2753 self.validate_store(store);
2754
2755 // This function could be called by a guest at any time, and it requires
2756 // fibers, so the store now required async entrypoints.
2757 store.set_async_required(self.asyncness);
2758
2759 let (funcrefs, modules) = store.func_refs_and_modules();
2760 let funcref = funcrefs.push_box_host(try_new::<Box<_>>(self)?, modules)?;
2761 // SAFETY: this funcref was just pushed within `store`, so it's safe to
2762 // say it's owned by the store's id.
2763 Ok(unsafe { Func::from_vm_func_ref(store.id(), funcref) })
2764 }
2765
2766 fn validate_store(&self, store: &mut StoreOpaque) {
2767 // This assert is required to ensure that we can indeed safely insert
2768 // `self` into the `store` provided, otherwise the type information we
2769 // have listed won't be correct. This is possible to hit with the public
2770 // API of Wasmtime, and should be documented in relevant functions.
2771 assert!(
2772 Engine::same(&self.engine, store.engine()),
2773 "cannot use a store with a different engine than a linker was created with",
2774 );
2775 }
2776
2777 pub(crate) fn sig_index(&self) -> VMSharedTypeIndex {
2778 self.func_ref().type_index
2779 }
2780
2781 pub(crate) fn func_ref(&self) -> &VMFuncRef {
2782 unsafe { self.ctx.get().as_ref().func_ref() }
2783 }
2784
2785 pub(crate) fn asyncness(&self) -> Asyncness {
2786 self.asyncness
2787 }
2788}
2789
2790#[cfg(test)]
2791mod tests {
2792 use super::*;
2793 use crate::{Module, Store};
2794
2795 #[test]
2796 #[cfg_attr(miri, ignore)]
2797 fn hash_key_is_stable_across_duplicate_store_data_entries() -> Result<()> {
2798 let mut store = Store::<()>::default();
2799 let module = Module::new(
2800 store.engine(),
2801 r#"
2802 (module
2803 (func (export "f")
2804 nop
2805 )
2806 )
2807 "#,
2808 )?;
2809 let instance = Instance::new(&mut store, &module, &[])?;
2810
2811 // Each time we `get_func`, we call `Func::from_wasmtime` which adds a
2812 // new entry to `StoreData`, so `f1` and `f2` will have different
2813 // indices into `StoreData`.
2814 let f1 = instance.get_func(&mut store, "f").unwrap();
2815 let f2 = instance.get_func(&mut store, "f").unwrap();
2816
2817 // But their hash keys are the same.
2818 assert!(
2819 f1.hash_key(&mut store.as_context_mut().0)
2820 == f2.hash_key(&mut store.as_context_mut().0)
2821 );
2822
2823 // But the hash keys are different from different funcs.
2824 let instance2 = Instance::new(&mut store, &module, &[])?;
2825 let f3 = instance2.get_func(&mut store, "f").unwrap();
2826 assert!(
2827 f1.hash_key(&mut store.as_context_mut().0)
2828 != f3.hash_key(&mut store.as_context_mut().0)
2829 );
2830
2831 Ok(())
2832 }
2833}