wasmtime/runtime/func.rs
1use crate::prelude::*;
2use crate::runtime::Uninhabited;
3use crate::runtime::vm::{
4 self, InterpreterRef, SendSyncPtr, StoreBox, VMArrayCallHostFuncContext,
5 VMCommonStackInformation, VMContext, VMFuncRef, VMFunctionImport, VMOpaqueContext,
6 VMStoreContext,
7};
8use crate::store::{AutoAssertNoGc, InstanceId, StoreId, StoreOpaque};
9use crate::type_registry::RegisteredType;
10use crate::{
11 AsContext, AsContextMut, CallHook, Engine, Extern, FuncType, Instance, ModuleExport, Ref,
12 StoreContext, StoreContextMut, Val, ValRaw, ValType,
13};
14use alloc::sync::Arc;
15use core::ffi::c_void;
16#[cfg(feature = "async")]
17use core::future::Future;
18use core::mem::{self, MaybeUninit};
19use core::ptr::NonNull;
20use wasmtime_environ::VMSharedTypeIndex;
21
22/// A reference to the abstract `nofunc` heap value.
23///
24/// The are no instances of `(ref nofunc)`: it is an uninhabited type.
25///
26/// There is precisely one instance of `(ref null nofunc)`, aka `nullfuncref`:
27/// the null reference.
28///
29/// This `NoFunc` Rust type's sole purpose is for use with [`Func::wrap`]- and
30/// [`Func::typed`]-style APIs for statically typing a function as taking or
31/// returning a `(ref null nofunc)` (aka `Option<NoFunc>`) which is always
32/// `None`.
33///
34/// # Example
35///
36/// ```
37/// # use wasmtime::*;
38/// # fn _foo() -> Result<()> {
39/// let mut config = Config::new();
40/// config.wasm_function_references(true);
41/// let engine = Engine::new(&config)?;
42///
43/// let module = Module::new(
44/// &engine,
45/// r#"
46/// (module
47/// (func (export "f") (param (ref null nofunc))
48/// ;; If the reference is null, return.
49/// local.get 0
50/// ref.is_null nofunc
51/// br_if 0
52///
53/// ;; If the reference was not null (which is impossible)
54/// ;; then raise a trap.
55/// unreachable
56/// )
57/// )
58/// "#,
59/// )?;
60///
61/// let mut store = Store::new(&engine, ());
62/// let instance = Instance::new(&mut store, &module, &[])?;
63/// let f = instance.get_func(&mut store, "f").unwrap();
64///
65/// // We can cast a `(ref null nofunc)`-taking function into a typed function that
66/// // takes an `Option<NoFunc>` via the `Func::typed` method.
67/// let f = f.typed::<Option<NoFunc>, ()>(&store)?;
68///
69/// // We can call the typed function, passing the null `nofunc` reference.
70/// let result = f.call(&mut store, NoFunc::null());
71///
72/// // The function should not have trapped, because the reference we gave it was
73/// // null (as it had to be, since `NoFunc` is uninhabited).
74/// assert!(result.is_ok());
75/// # Ok(())
76/// # }
77/// ```
78#[derive(Copy, Clone, Debug, PartialEq, Eq)]
79pub struct NoFunc {
80 _inner: Uninhabited,
81}
82
83impl NoFunc {
84 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference.
85 #[inline]
86 pub fn null() -> Option<NoFunc> {
87 None
88 }
89
90 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a
91 /// [`Ref`].
92 #[inline]
93 pub fn null_ref() -> Ref {
94 Ref::Func(None)
95 }
96
97 /// Get the null `(ref null nofunc)` (aka `nullfuncref`) reference as a
98 /// [`Val`].
99 #[inline]
100 pub fn null_val() -> Val {
101 Val::FuncRef(None)
102 }
103}
104
105/// A WebAssembly function which can be called.
106///
107/// This type typically represents an exported function from a WebAssembly
108/// module instance. In this case a [`Func`] belongs to an [`Instance`] and is
109/// loaded from there. A [`Func`] may also represent a host function as well in
110/// some cases, too.
111///
112/// Functions can be called in a few different ways, either synchronous or async
113/// and either typed or untyped (more on this below). Note that host functions
114/// are normally inserted directly into a [`Linker`](crate::Linker) rather than
115/// using this directly, but both options are available.
116///
117/// # `Func` and `async`
118///
119/// Functions from the perspective of WebAssembly are always synchronous. You
120/// might have an `async` function in Rust, however, which you'd like to make
121/// available from WebAssembly. Wasmtime supports asynchronously calling
122/// WebAssembly through native stack switching. You can get some more
123/// information about [asynchronous configs](crate::Config::async_support), but
124/// from the perspective of `Func` it's important to know that whether or not
125/// your [`Store`](crate::Store) is asynchronous will dictate whether you call
126/// functions through [`Func::call`] or [`Func::call_async`] (or the typed
127/// wrappers such as [`TypedFunc::call`] vs [`TypedFunc::call_async`]).
128///
129/// # To `Func::call` or to `Func::typed().call()`
130///
131/// There's a 2x2 matrix of methods to call [`Func`]. Invocations can either be
132/// asynchronous or synchronous. They can also be statically typed or not.
133/// Whether or not an invocation is asynchronous is indicated via the method
134/// being `async` and [`call_async`](Func::call_async) being the entry point.
135/// Otherwise for statically typed or not your options are:
136///
137/// * Dynamically typed - if you don't statically know the signature of the
138/// function that you're calling you'll be using [`Func::call`] or
139/// [`Func::call_async`]. These functions take a variable-length slice of
140/// "boxed" arguments in their [`Val`] representation. Additionally the
141/// results are returned as an owned slice of [`Val`]. These methods are not
142/// optimized due to the dynamic type checks that must occur, in addition to
143/// some dynamic allocations for where to put all the arguments. While this
144/// allows you to call all possible wasm function signatures, if you're
145/// looking for a speedier alternative you can also use...
146///
147/// * Statically typed - if you statically know the type signature of the wasm
148/// function you're calling, then you'll want to use the [`Func::typed`]
149/// method to acquire an instance of [`TypedFunc`]. This structure is static proof
150/// that the underlying wasm function has the ascripted type, and type
151/// validation is only done once up-front. The [`TypedFunc::call`] and
152/// [`TypedFunc::call_async`] methods are much more efficient than [`Func::call`]
153/// and [`Func::call_async`] because the type signature is statically known.
154/// This eschews runtime checks as much as possible to get into wasm as fast
155/// as possible.
156///
157/// # Examples
158///
159/// One way to get a `Func` is from an [`Instance`] after you've instantiated
160/// it:
161///
162/// ```
163/// # use wasmtime::*;
164/// # fn main() -> anyhow::Result<()> {
165/// let engine = Engine::default();
166/// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?;
167/// let mut store = Store::new(&engine, ());
168/// let instance = Instance::new(&mut store, &module, &[])?;
169/// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function");
170///
171/// // Work with `foo` as a `Func` at this point, such as calling it
172/// // dynamically...
173/// match foo.call(&mut store, &[], &mut []) {
174/// Ok(()) => { /* ... */ }
175/// Err(trap) => {
176/// panic!("execution of `foo` resulted in a wasm trap: {}", trap);
177/// }
178/// }
179/// foo.call(&mut store, &[], &mut [])?;
180///
181/// // ... or we can make a static assertion about its signature and call it.
182/// // Our first call here can fail if the signatures don't match, and then the
183/// // second call can fail if the function traps (like the `match` above).
184/// let foo = foo.typed::<(), ()>(&store)?;
185/// foo.call(&mut store, ())?;
186/// # Ok(())
187/// # }
188/// ```
189///
190/// You can also use the [`wrap` function](Func::wrap) to create a
191/// `Func`
192///
193/// ```
194/// # use wasmtime::*;
195/// # fn main() -> anyhow::Result<()> {
196/// let mut store = Store::<()>::default();
197///
198/// // Create a custom `Func` which can execute arbitrary code inside of the
199/// // closure.
200/// let add = Func::wrap(&mut store, |a: i32, b: i32| -> i32 { a + b });
201///
202/// // Next we can hook that up to a wasm module which uses it.
203/// let module = Module::new(
204/// store.engine(),
205/// r#"
206/// (module
207/// (import "" "" (func $add (param i32 i32) (result i32)))
208/// (func (export "call_add_twice") (result i32)
209/// i32.const 1
210/// i32.const 2
211/// call $add
212/// i32.const 3
213/// i32.const 4
214/// call $add
215/// i32.add))
216/// "#,
217/// )?;
218/// let instance = Instance::new(&mut store, &module, &[add.into()])?;
219/// let call_add_twice = instance.get_typed_func::<(), i32>(&mut store, "call_add_twice")?;
220///
221/// assert_eq!(call_add_twice.call(&mut store, ())?, 10);
222/// # Ok(())
223/// # }
224/// ```
225///
226/// Or you could also create an entirely dynamic `Func`!
227///
228/// ```
229/// # use wasmtime::*;
230/// # fn main() -> anyhow::Result<()> {
231/// let mut store = Store::<()>::default();
232///
233/// // Here we need to define the type signature of our `Double` function and
234/// // then wrap it up in a `Func`
235/// let double_type = wasmtime::FuncType::new(
236/// store.engine(),
237/// [wasmtime::ValType::I32].iter().cloned(),
238/// [wasmtime::ValType::I32].iter().cloned(),
239/// );
240/// let double = Func::new(&mut store, double_type, |_, params, results| {
241/// let mut value = params[0].unwrap_i32();
242/// value *= 2;
243/// results[0] = value.into();
244/// Ok(())
245/// });
246///
247/// let module = Module::new(
248/// store.engine(),
249/// r#"
250/// (module
251/// (import "" "" (func $double (param i32) (result i32)))
252/// (func $start
253/// i32.const 1
254/// call $double
255/// drop)
256/// (start $start))
257/// "#,
258/// )?;
259/// let instance = Instance::new(&mut store, &module, &[double.into()])?;
260/// // .. work with `instance` if necessary
261/// # Ok(())
262/// # }
263/// ```
264#[derive(Copy, Clone, Debug)]
265#[repr(C)] // here for the C API
266pub struct Func {
267 /// The store that the below pointer belongs to.
268 ///
269 /// It's only safe to look at the contents of the pointer below when the
270 /// `StoreOpaque` matching this id is in-scope.
271 store: StoreId,
272
273 /// The raw `VMFuncRef`, whose lifetime is bound to the store this func
274 /// belongs to.
275 ///
276 /// Note that this field has an `unsafe_*` prefix to discourage use of it.
277 /// This is only safe to read/use if `self.store` is validated to belong to
278 /// an ambiently provided `StoreOpaque` or similar. Use the
279 /// `self.func_ref()` method instead of this field to perform this check.
280 unsafe_func_ref: SendSyncPtr<VMFuncRef>,
281}
282
283// Double-check that the C representation in `extern.h` matches our in-Rust
284// representation here in terms of size/alignment/etc.
285const _: () = {
286 #[repr(C)]
287 struct C(u64, *mut u8);
288 assert!(core::mem::size_of::<C>() == core::mem::size_of::<Func>());
289 assert!(core::mem::align_of::<C>() == core::mem::align_of::<Func>());
290 assert!(core::mem::offset_of!(Func, store) == 0);
291};
292
293macro_rules! for_each_function_signature {
294 ($mac:ident) => {
295 $mac!(0);
296 $mac!(1 A1);
297 $mac!(2 A1 A2);
298 $mac!(3 A1 A2 A3);
299 $mac!(4 A1 A2 A3 A4);
300 $mac!(5 A1 A2 A3 A4 A5);
301 $mac!(6 A1 A2 A3 A4 A5 A6);
302 $mac!(7 A1 A2 A3 A4 A5 A6 A7);
303 $mac!(8 A1 A2 A3 A4 A5 A6 A7 A8);
304 $mac!(9 A1 A2 A3 A4 A5 A6 A7 A8 A9);
305 $mac!(10 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10);
306 $mac!(11 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11);
307 $mac!(12 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12);
308 $mac!(13 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13);
309 $mac!(14 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14);
310 $mac!(15 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15);
311 $mac!(16 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16);
312 $mac!(17 A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16 A17);
313 };
314}
315
316mod typed;
317use crate::runtime::vm::VMStackChain;
318pub use typed::*;
319
320impl Func {
321 /// Creates a new `Func` with the given arguments, typically to create a
322 /// host-defined function to pass as an import to a module.
323 ///
324 /// * `store` - the store in which to create this [`Func`], which will own
325 /// the return value.
326 ///
327 /// * `ty` - the signature of this function, used to indicate what the
328 /// inputs and outputs are.
329 ///
330 /// * `func` - the native code invoked whenever this `Func` will be called.
331 /// This closure is provided a [`Caller`] as its first argument to learn
332 /// information about the caller, and then it's passed a list of
333 /// parameters as a slice along with a mutable slice of where to write
334 /// results.
335 ///
336 /// Note that the implementation of `func` must adhere to the `ty` signature
337 /// given, error or traps may occur if it does not respect the `ty`
338 /// signature. For example if the function type declares that it returns one
339 /// i32 but the `func` closures does not write anything into the results
340 /// slice then a trap may be generated.
341 ///
342 /// Additionally note that this is quite a dynamic function since signatures
343 /// are not statically known. For a more performant and ergonomic `Func`
344 /// it's recommended to use [`Func::wrap`] if you can because with
345 /// statically known signatures Wasmtime can optimize the implementation
346 /// much more.
347 ///
348 /// For more information about `Send + Sync + 'static` requirements on the
349 /// `func`, see [`Func::wrap`](#why-send--sync--static).
350 ///
351 /// # Errors
352 ///
353 /// The host-provided function here returns a
354 /// [`Result<()>`](anyhow::Result). If the function returns `Ok(())` then
355 /// that indicates that the host function completed successfully and wrote
356 /// the result into the `&mut [Val]` argument.
357 ///
358 /// If the function returns `Err(e)`, however, then this is equivalent to
359 /// the host function triggering a trap for wasm. WebAssembly execution is
360 /// immediately halted and the original caller of [`Func::call`], for
361 /// example, will receive the error returned here (possibly with
362 /// [`WasmBacktrace`](crate::WasmBacktrace) context information attached).
363 ///
364 /// For more information about errors in Wasmtime see the [`Trap`]
365 /// documentation.
366 ///
367 /// [`Trap`]: crate::Trap
368 ///
369 /// # Panics
370 ///
371 /// Panics if the given function type is not associated with this store's
372 /// engine.
373 pub fn new<T: 'static>(
374 store: impl AsContextMut<Data = T>,
375 ty: FuncType,
376 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static,
377 ) -> Self {
378 assert!(ty.comes_from_same_engine(store.as_context().engine()));
379 let ty_clone = ty.clone();
380 unsafe {
381 Func::new_unchecked(store, ty, move |caller, values| {
382 Func::invoke_host_func_for_wasm(caller, &ty_clone, values, &func)
383 })
384 }
385 }
386
387 /// Creates a new [`Func`] with the given arguments, although has fewer
388 /// runtime checks than [`Func::new`].
389 ///
390 /// This function takes a callback of a different signature than
391 /// [`Func::new`], instead receiving a raw pointer with a list of [`ValRaw`]
392 /// structures. These values have no type information associated with them
393 /// so it's up to the caller to provide a function that will correctly
394 /// interpret the list of values as those coming from the `ty` specified.
395 ///
396 /// If you're calling this from Rust it's recommended to either instead use
397 /// [`Func::new`] or [`Func::wrap`]. The [`Func::wrap`] API, in particular,
398 /// is both safer and faster than this API.
399 ///
400 /// # Errors
401 ///
402 /// See [`Func::new`] for the behavior of returning an error from the host
403 /// function provided here.
404 ///
405 /// # Unsafety
406 ///
407 /// This function is not safe because it's not known at compile time that
408 /// the `func` provided correctly interprets the argument types provided to
409 /// it, or that the results it produces will be of the correct type.
410 ///
411 /// # Panics
412 ///
413 /// Panics if the given function type is not associated with this store's
414 /// engine.
415 pub unsafe fn new_unchecked<T: 'static>(
416 mut store: impl AsContextMut<Data = T>,
417 ty: FuncType,
418 func: impl Fn(Caller<'_, T>, &mut [ValRaw]) -> Result<()> + Send + Sync + 'static,
419 ) -> Self {
420 assert!(ty.comes_from_same_engine(store.as_context().engine()));
421 let store = store.as_context_mut().0;
422
423 // SAFETY: the contract required by `new_unchecked` is the same as the
424 // contract required by this function itself.
425 let host = unsafe { HostFunc::new_unchecked(store.engine(), ty, func) };
426
427 // SAFETY: the `T` used by `func` matches the `T` of the store we're
428 // inserting into via this function's type signature.
429 unsafe { host.into_func(store) }
430 }
431
432 /// Creates a new host-defined WebAssembly function which, when called,
433 /// will run the asynchronous computation defined by `func` to completion
434 /// and then return the result to WebAssembly.
435 ///
436 /// This function is the asynchronous analogue of [`Func::new`] and much of
437 /// that documentation applies to this as well. The key difference is that
438 /// `func` returns a future instead of simply a `Result`. Note that the
439 /// returned future can close over any of the arguments, but it cannot close
440 /// over the state of the closure itself. It's recommended to store any
441 /// necessary async state in the `T` of the [`Store<T>`](crate::Store) which
442 /// can be accessed through [`Caller::data`] or [`Caller::data_mut`].
443 ///
444 /// For more information on `Send + Sync + 'static`, see
445 /// [`Func::wrap`](#why-send--sync--static).
446 ///
447 /// # Panics
448 ///
449 /// This function will panic if `store` is not associated with an [async
450 /// config](crate::Config::async_support).
451 ///
452 /// Panics if the given function type is not associated with this store's
453 /// engine.
454 ///
455 /// # Errors
456 ///
457 /// See [`Func::new`] for the behavior of returning an error from the host
458 /// function provided here.
459 ///
460 /// # Examples
461 ///
462 /// ```
463 /// # use wasmtime::*;
464 /// # fn main() -> anyhow::Result<()> {
465 /// // Simulate some application-specific state as well as asynchronous
466 /// // functions to query that state.
467 /// struct MyDatabase {
468 /// // ...
469 /// }
470 ///
471 /// impl MyDatabase {
472 /// async fn get_row_count(&self) -> u32 {
473 /// // ...
474 /// # 100
475 /// }
476 /// }
477 ///
478 /// let my_database = MyDatabase {
479 /// // ...
480 /// };
481 ///
482 /// // Using `new_async` we can hook up into calling our async
483 /// // `get_row_count` function.
484 /// let engine = Engine::new(Config::new().async_support(true))?;
485 /// let mut store = Store::new(&engine, MyDatabase {
486 /// // ...
487 /// });
488 /// let get_row_count_type = wasmtime::FuncType::new(
489 /// &engine,
490 /// None,
491 /// Some(wasmtime::ValType::I32),
492 /// );
493 /// let get = Func::new_async(&mut store, get_row_count_type, |caller, _params, results| {
494 /// Box::new(async move {
495 /// let count = caller.data().get_row_count().await;
496 /// results[0] = Val::I32(count as i32);
497 /// Ok(())
498 /// })
499 /// });
500 /// // ...
501 /// # Ok(())
502 /// # }
503 /// ```
504 #[cfg(all(feature = "async", feature = "cranelift"))]
505 pub fn new_async<T, F>(store: impl AsContextMut<Data = T>, ty: FuncType, func: F) -> Func
506 where
507 F: for<'a> Fn(
508 Caller<'a, T>,
509 &'a [Val],
510 &'a mut [Val],
511 ) -> Box<dyn Future<Output = Result<()>> + Send + 'a>
512 + Send
513 + Sync
514 + 'static,
515 T: 'static,
516 {
517 assert!(
518 store.as_context().async_support(),
519 "cannot use `new_async` without enabling async support in the config"
520 );
521 assert!(ty.comes_from_same_engine(store.as_context().engine()));
522 return Func::new(
523 store,
524 ty,
525 move |Caller { store, caller }, params, results| {
526 store.with_blocking(|store, cx| {
527 cx.block_on(core::pin::Pin::from(func(
528 Caller { store, caller },
529 params,
530 results,
531 )))
532 })?
533 },
534 );
535 }
536
537 /// Creates a new `Func` from a store and a funcref within that store.
538 ///
539 /// # Safety
540 ///
541 /// The safety of this function requires that `func_ref` is a valid function
542 /// pointer owned by `store`.
543 pub(crate) unsafe fn from_vm_func_ref(store: StoreId, func_ref: NonNull<VMFuncRef>) -> Func {
544 // SAFETY: given the contract of this function it's safe to read the
545 // `type_index` field.
546 unsafe {
547 debug_assert!(func_ref.as_ref().type_index != VMSharedTypeIndex::default());
548 }
549 Func {
550 store,
551 unsafe_func_ref: func_ref.into(),
552 }
553 }
554
555 /// Creates a new `Func` from the given Rust closure.
556 ///
557 /// This function will create a new `Func` which, when called, will
558 /// execute the given Rust closure. Unlike [`Func::new`] the target
559 /// function being called is known statically so the type signature can
560 /// be inferred. Rust types will map to WebAssembly types as follows:
561 ///
562 /// | Rust Argument Type | WebAssembly Type |
563 /// |-----------------------------------|-------------------------------------------|
564 /// | `i32` | `i32` |
565 /// | `u32` | `i32` |
566 /// | `i64` | `i64` |
567 /// | `u64` | `i64` |
568 /// | `f32` | `f32` |
569 /// | `f64` | `f64` |
570 /// | `V128` on x86-64 and aarch64 only | `v128` |
571 /// | `Option<Func>` | `funcref` aka `(ref null func)` |
572 /// | `Func` | `(ref func)` |
573 /// | `Option<Nofunc>` | `nullfuncref` aka `(ref null nofunc)` |
574 /// | `NoFunc` | `(ref nofunc)` |
575 /// | `Option<Rooted<ExternRef>>` | `externref` aka `(ref null extern)` |
576 /// | `Rooted<ExternRef>` | `(ref extern)` |
577 /// | `Option<NoExtern>` | `nullexternref` aka `(ref null noextern)` |
578 /// | `NoExtern` | `(ref noextern)` |
579 /// | `Option<Rooted<AnyRef>>` | `anyref` aka `(ref null any)` |
580 /// | `Rooted<AnyRef>` | `(ref any)` |
581 /// | `Option<Rooted<EqRef>>` | `eqref` aka `(ref null eq)` |
582 /// | `Rooted<EqRef>` | `(ref eq)` |
583 /// | `Option<I31>` | `i31ref` aka `(ref null i31)` |
584 /// | `I31` | `(ref i31)` |
585 /// | `Option<Rooted<StructRef>>` | `(ref null struct)` |
586 /// | `Rooted<StructRef>` | `(ref struct)` |
587 /// | `Option<Rooted<ArrayRef>>` | `(ref null array)` |
588 /// | `Rooted<ArrayRef>` | `(ref array)` |
589 /// | `Option<NoneRef>` | `nullref` aka `(ref null none)` |
590 /// | `NoneRef` | `(ref none)` |
591 ///
592 /// Note that anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also
593 /// be used.
594 ///
595 /// Any of the Rust types can be returned from the closure as well, in
596 /// addition to some extra types
597 ///
598 /// | Rust Return Type | WebAssembly Return Type | Meaning |
599 /// |-------------------|-------------------------|-----------------------|
600 /// | `()` | nothing | no return value |
601 /// | `T` | `T` | a single return value |
602 /// | `(T1, T2, ...)` | `T1 T2 ...` | multiple returns |
603 ///
604 /// Note that all return types can also be wrapped in `Result<_>` to
605 /// indicate that the host function can generate a trap as well as possibly
606 /// returning a value.
607 ///
608 /// Finally you can also optionally take [`Caller`] as the first argument of
609 /// your closure. If inserted then you're able to inspect the caller's
610 /// state, for example the [`Memory`](crate::Memory) it has exported so you
611 /// can read what pointers point to.
612 ///
613 /// Note that when using this API, the intention is to create as thin of a
614 /// layer as possible for when WebAssembly calls the function provided. With
615 /// sufficient inlining and optimization the WebAssembly will call straight
616 /// into `func` provided, with no extra fluff entailed.
617 ///
618 /// # Why `Send + Sync + 'static`?
619 ///
620 /// All host functions defined in a [`Store`](crate::Store) (including
621 /// those from [`Func::new`] and other constructors) require that the
622 /// `func` provided is `Send + Sync + 'static`. Additionally host functions
623 /// always are `Fn` as opposed to `FnMut` or `FnOnce`. This can at-a-glance
624 /// feel restrictive since the closure cannot close over as many types as
625 /// before. The reason for this, though, is to ensure that
626 /// [`Store<T>`](crate::Store) can implement both the `Send` and `Sync`
627 /// traits.
628 ///
629 /// Fear not, however, because this isn't as restrictive as it seems! Host
630 /// functions are provided a [`Caller<'_, T>`](crate::Caller) argument which
631 /// allows access to the host-defined data within the
632 /// [`Store`](crate::Store). The `T` type is not required to be any of
633 /// `Send`, `Sync`, or `'static`! This means that you can store whatever
634 /// you'd like in `T` and have it accessible by all host functions.
635 /// Additionally mutable access to `T` is allowed through
636 /// [`Caller::data_mut`].
637 ///
638 /// Most host-defined [`Func`] values provide closures that end up not
639 /// actually closing over any values. These zero-sized types will use the
640 /// context from [`Caller`] for host-defined information.
641 ///
642 /// # Errors
643 ///
644 /// The closure provided here to `wrap` can optionally return a
645 /// [`Result<T>`](anyhow::Result). Returning `Ok(t)` represents the host
646 /// function successfully completing with the `t` result. Returning
647 /// `Err(e)`, however, is equivalent to raising a custom wasm trap.
648 /// Execution of WebAssembly does not resume and the stack is unwound to the
649 /// original caller of the function where the error is returned.
650 ///
651 /// For more information about errors in Wasmtime see the [`Trap`]
652 /// documentation.
653 ///
654 /// [`Trap`]: crate::Trap
655 ///
656 /// # Examples
657 ///
658 /// First up we can see how simple wasm imports can be implemented, such
659 /// as a function that adds its two arguments and returns the result.
660 ///
661 /// ```
662 /// # use wasmtime::*;
663 /// # fn main() -> anyhow::Result<()> {
664 /// # let mut store = Store::<()>::default();
665 /// let add = Func::wrap(&mut store, |a: i32, b: i32| a + b);
666 /// let module = Module::new(
667 /// store.engine(),
668 /// r#"
669 /// (module
670 /// (import "" "" (func $add (param i32 i32) (result i32)))
671 /// (func (export "foo") (param i32 i32) (result i32)
672 /// local.get 0
673 /// local.get 1
674 /// call $add))
675 /// "#,
676 /// )?;
677 /// let instance = Instance::new(&mut store, &module, &[add.into()])?;
678 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?;
679 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3);
680 /// # Ok(())
681 /// # }
682 /// ```
683 ///
684 /// We can also do the same thing, but generate a trap if the addition
685 /// overflows:
686 ///
687 /// ```
688 /// # use wasmtime::*;
689 /// # fn main() -> anyhow::Result<()> {
690 /// # let mut store = Store::<()>::default();
691 /// let add = Func::wrap(&mut store, |a: i32, b: i32| {
692 /// match a.checked_add(b) {
693 /// Some(i) => Ok(i),
694 /// None => anyhow::bail!("overflow"),
695 /// }
696 /// });
697 /// let module = Module::new(
698 /// store.engine(),
699 /// r#"
700 /// (module
701 /// (import "" "" (func $add (param i32 i32) (result i32)))
702 /// (func (export "foo") (param i32 i32) (result i32)
703 /// local.get 0
704 /// local.get 1
705 /// call $add))
706 /// "#,
707 /// )?;
708 /// let instance = Instance::new(&mut store, &module, &[add.into()])?;
709 /// let foo = instance.get_typed_func::<(i32, i32), i32>(&mut store, "foo")?;
710 /// assert_eq!(foo.call(&mut store, (1, 2))?, 3);
711 /// assert!(foo.call(&mut store, (i32::max_value(), 1)).is_err());
712 /// # Ok(())
713 /// # }
714 /// ```
715 ///
716 /// And don't forget all the wasm types are supported!
717 ///
718 /// ```
719 /// # use wasmtime::*;
720 /// # fn main() -> anyhow::Result<()> {
721 /// # let mut store = Store::<()>::default();
722 /// let debug = Func::wrap(&mut store, |a: i32, b: u32, c: f32, d: i64, e: u64, f: f64| {
723 ///
724 /// println!("a={}", a);
725 /// println!("b={}", b);
726 /// println!("c={}", c);
727 /// println!("d={}", d);
728 /// println!("e={}", e);
729 /// println!("f={}", f);
730 /// });
731 /// let module = Module::new(
732 /// store.engine(),
733 /// r#"
734 /// (module
735 /// (import "" "" (func $debug (param i32 i32 f32 i64 i64 f64)))
736 /// (func (export "foo")
737 /// i32.const -1
738 /// i32.const 1
739 /// f32.const 2
740 /// i64.const -3
741 /// i64.const 3
742 /// f64.const 4
743 /// call $debug))
744 /// "#,
745 /// )?;
746 /// let instance = Instance::new(&mut store, &module, &[debug.into()])?;
747 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?;
748 /// foo.call(&mut store, ())?;
749 /// # Ok(())
750 /// # }
751 /// ```
752 ///
753 /// Finally if you want to get really fancy you can also implement
754 /// imports that read/write wasm module's memory
755 ///
756 /// ```
757 /// use std::str;
758 ///
759 /// # use wasmtime::*;
760 /// # fn main() -> anyhow::Result<()> {
761 /// # let mut store = Store::default();
762 /// let log_str = Func::wrap(&mut store, |mut caller: Caller<'_, ()>, ptr: i32, len: i32| {
763 /// let mem = match caller.get_export("memory") {
764 /// Some(Extern::Memory(mem)) => mem,
765 /// _ => anyhow::bail!("failed to find host memory"),
766 /// };
767 /// let data = mem.data(&caller)
768 /// .get(ptr as u32 as usize..)
769 /// .and_then(|arr| arr.get(..len as u32 as usize));
770 /// let string = match data {
771 /// Some(data) => match str::from_utf8(data) {
772 /// Ok(s) => s,
773 /// Err(_) => anyhow::bail!("invalid utf-8"),
774 /// },
775 /// None => anyhow::bail!("pointer/length out of bounds"),
776 /// };
777 /// assert_eq!(string, "Hello, world!");
778 /// println!("{}", string);
779 /// Ok(())
780 /// });
781 /// let module = Module::new(
782 /// store.engine(),
783 /// r#"
784 /// (module
785 /// (import "" "" (func $log_str (param i32 i32)))
786 /// (func (export "foo")
787 /// i32.const 4 ;; ptr
788 /// i32.const 13 ;; len
789 /// call $log_str)
790 /// (memory (export "memory") 1)
791 /// (data (i32.const 4) "Hello, world!"))
792 /// "#,
793 /// )?;
794 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?;
795 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?;
796 /// foo.call(&mut store, ())?;
797 /// # Ok(())
798 /// # }
799 /// ```
800 pub fn wrap<T, Params, Results>(
801 mut store: impl AsContextMut<Data = T>,
802 func: impl IntoFunc<T, Params, Results>,
803 ) -> Func
804 where
805 T: 'static,
806 {
807 let store = store.as_context_mut().0;
808 let host = HostFunc::wrap(store.engine(), func);
809
810 // SAFETY: The `T` the closure takes is the same as the `T` of the store
811 // we're inserting into via the type signature above.
812 unsafe { host.into_func(store) }
813 }
814
815 #[cfg(feature = "async")]
816 fn wrap_inner<F, T, Params, Results>(mut store: impl AsContextMut<Data = T>, func: F) -> Func
817 where
818 F: Fn(Caller<'_, T>, Params) -> Results + Send + Sync + 'static,
819 Params: WasmTyList,
820 Results: WasmRet,
821 T: 'static,
822 {
823 let store = store.as_context_mut().0;
824 let host = HostFunc::wrap_inner(store.engine(), func);
825
826 // SAFETY: The `T` the closure takes is the same as the `T` of the store
827 // we're inserting into via the type signature above.
828 unsafe { host.into_func(store) }
829 }
830
831 /// Same as [`Func::wrap`], except the closure asynchronously produces the
832 /// result and the arguments are passed within a tuple. For more information
833 /// see the [`Func`] documentation.
834 ///
835 /// # Panics
836 ///
837 /// This function will panic if called with a non-asynchronous store.
838 #[cfg(feature = "async")]
839 pub fn wrap_async<T, F, P, R>(store: impl AsContextMut<Data = T>, func: F) -> Func
840 where
841 F: for<'a> Fn(Caller<'a, T>, P) -> Box<dyn Future<Output = R> + Send + 'a>
842 + Send
843 + Sync
844 + 'static,
845 P: WasmTyList,
846 R: WasmRet,
847 T: 'static,
848 {
849 assert!(
850 store.as_context().async_support(),
851 concat!("cannot use `wrap_async` without enabling async support on the config")
852 );
853 Func::wrap_inner(store, move |Caller { store, caller }, args| {
854 match store.block_on(|store| func(Caller { store, caller }, args).into()) {
855 Ok(ret) => ret.into_fallible(),
856 Err(e) => R::fallible_from_error(e),
857 }
858 })
859 }
860
861 /// Returns the underlying wasm type that this `Func` has.
862 ///
863 /// # Panics
864 ///
865 /// Panics if `store` does not own this function.
866 pub fn ty(&self, store: impl AsContext) -> FuncType {
867 self.load_ty(&store.as_context().0)
868 }
869
870 /// Forcibly loads the type of this function from the `Engine`.
871 ///
872 /// Note that this is a somewhat expensive method since it requires taking a
873 /// lock as well as cloning a type.
874 pub(crate) fn load_ty(&self, store: &StoreOpaque) -> FuncType {
875 FuncType::from_shared_type_index(store.engine(), self.type_index(store))
876 }
877
878 /// Does this function match the given type?
879 ///
880 /// That is, is this function's type a subtype of the given type?
881 ///
882 /// # Panics
883 ///
884 /// Panics if this function is not associated with the given store or if the
885 /// function type is not associated with the store's engine.
886 pub fn matches_ty(&self, store: impl AsContext, func_ty: &FuncType) -> bool {
887 self._matches_ty(store.as_context().0, func_ty)
888 }
889
890 pub(crate) fn _matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> bool {
891 let actual_ty = self.load_ty(store);
892 actual_ty.matches(func_ty)
893 }
894
895 pub(crate) fn ensure_matches_ty(&self, store: &StoreOpaque, func_ty: &FuncType) -> Result<()> {
896 if !self.comes_from_same_store(store) {
897 bail!("function used with wrong store");
898 }
899 if self._matches_ty(store, func_ty) {
900 Ok(())
901 } else {
902 let actual_ty = self.load_ty(store);
903 bail!("type mismatch: expected {func_ty}, found {actual_ty}")
904 }
905 }
906
907 pub(crate) fn type_index(&self, data: &StoreOpaque) -> VMSharedTypeIndex {
908 unsafe { self.vm_func_ref(data).as_ref().type_index }
909 }
910
911 /// Invokes this function with the `params` given and writes returned values
912 /// to `results`.
913 ///
914 /// The `params` here must match the type signature of this `Func`, or an
915 /// error will occur. Additionally `results` must have the same
916 /// length as the number of results for this function. Calling this function
917 /// will synchronously execute the WebAssembly function referenced to get
918 /// the results.
919 ///
920 /// This function will return `Ok(())` if execution completed without a trap
921 /// or error of any kind. In this situation the results will be written to
922 /// the provided `results` array.
923 ///
924 /// # Errors
925 ///
926 /// Any error which occurs throughout the execution of the function will be
927 /// returned as `Err(e)`. The [`Error`](anyhow::Error) type can be inspected
928 /// for the precise error cause such as:
929 ///
930 /// * [`Trap`] - indicates that a wasm trap happened and execution was
931 /// halted.
932 /// * [`WasmBacktrace`] - optionally included on errors for backtrace
933 /// information of the trap/error.
934 /// * Other string-based errors to indicate issues such as type errors with
935 /// `params`.
936 /// * Any host-originating error originally returned from a function defined
937 /// via [`Func::new`], for example.
938 ///
939 /// Errors typically indicate that execution of WebAssembly was halted
940 /// mid-way and did not complete after the error condition happened.
941 ///
942 /// [`Trap`]: crate::Trap
943 ///
944 /// # Panics
945 ///
946 /// This function will panic if called on a function belonging to an async
947 /// store. Asynchronous stores must always use `call_async`. Also panics if
948 /// `store` does not own this function.
949 ///
950 /// [`WasmBacktrace`]: crate::WasmBacktrace
951 pub fn call(
952 &self,
953 mut store: impl AsContextMut,
954 params: &[Val],
955 results: &mut [Val],
956 ) -> Result<()> {
957 assert!(
958 !store.as_context().async_support(),
959 "must use `call_async` when async support is enabled on the config",
960 );
961 let mut store = store.as_context_mut();
962
963 self.call_impl_check_args(&mut store, params, results)?;
964
965 unsafe { self.call_impl_do_call(&mut store, params, results) }
966 }
967
968 /// Invokes this function in an "unchecked" fashion, reading parameters and
969 /// writing results to `params_and_returns`.
970 ///
971 /// This function is the same as [`Func::call`] except that the arguments
972 /// and results both use a different representation. If possible it's
973 /// recommended to use [`Func::call`] if safety isn't necessary or to use
974 /// [`Func::typed`] in conjunction with [`TypedFunc::call`] since that's
975 /// both safer and faster than this method of invoking a function.
976 ///
977 /// Note that if this function takes `externref` arguments then it will
978 /// **not** automatically GC unlike the [`Func::call`] and
979 /// [`TypedFunc::call`] functions. This means that if this function is
980 /// invoked many times with new `ExternRef` values and no other GC happens
981 /// via any other means then no values will get collected.
982 ///
983 /// # Errors
984 ///
985 /// For more information about errors see the [`Func::call`] documentation.
986 ///
987 /// # Unsafety
988 ///
989 /// This function is unsafe because the `params_and_returns` argument is not
990 /// validated at all. It must uphold invariants such as:
991 ///
992 /// * It's a valid pointer to an array
993 /// * It has enough space to store all parameters
994 /// * It has enough space to store all results (not at the same time as
995 /// parameters)
996 /// * Parameters are initially written to the array and have the correct
997 /// types and such.
998 /// * Reference types like `externref` and `funcref` are valid at the
999 /// time of this call and for the `store` specified.
1000 ///
1001 /// These invariants are all upheld for you with [`Func::call`] and
1002 /// [`TypedFunc::call`].
1003 pub unsafe fn call_unchecked(
1004 &self,
1005 mut store: impl AsContextMut,
1006 params_and_returns: *mut [ValRaw],
1007 ) -> Result<()> {
1008 let mut store = store.as_context_mut();
1009 let func_ref = self.vm_func_ref(store.0);
1010 let params_and_returns = NonNull::new(params_and_returns).unwrap_or(NonNull::from(&mut []));
1011
1012 // SAFETY: the safety of this function call is the same as the contract
1013 // of this function.
1014 unsafe { Self::call_unchecked_raw(&mut store, func_ref, params_and_returns) }
1015 }
1016
1017 pub(crate) unsafe fn call_unchecked_raw<T>(
1018 store: &mut StoreContextMut<'_, T>,
1019 func_ref: NonNull<VMFuncRef>,
1020 params_and_returns: NonNull<[ValRaw]>,
1021 ) -> Result<()> {
1022 // SAFETY: the safety of this function call is the same as the contract
1023 // of this function.
1024 invoke_wasm_and_catch_traps(store, |caller, vm| unsafe {
1025 VMFuncRef::array_call(func_ref, vm, caller, params_and_returns)
1026 })
1027 }
1028
1029 /// Converts the raw representation of a `funcref` into an `Option<Func>`
1030 ///
1031 /// This is intended to be used in conjunction with [`Func::new_unchecked`],
1032 /// [`Func::call_unchecked`], and [`ValRaw`] with its `funcref` field. This
1033 /// is the dual of [`Func::to_raw`].
1034 ///
1035 /// # Unsafety
1036 ///
1037 /// This function is not safe because `raw` is not validated at all. The
1038 /// caller must guarantee that `raw` is owned by the `store` provided and is
1039 /// valid within the `store`.
1040 pub unsafe fn from_raw(mut store: impl AsContextMut, raw: *mut c_void) -> Option<Func> {
1041 // SAFETY: this function's own contract is that `raw` is owned by store
1042 // to make this safe.
1043 unsafe { Self::_from_raw(store.as_context_mut().0, raw) }
1044 }
1045
1046 /// Same as `from_raw`, but with the internal `StoreOpaque` type.
1047 pub(crate) unsafe fn _from_raw(store: &mut StoreOpaque, raw: *mut c_void) -> Option<Func> {
1048 // SAFETY: this function's own contract is that `raw` is owned by store
1049 // to make this safe.
1050 unsafe {
1051 Some(Func::from_vm_func_ref(
1052 store.id(),
1053 NonNull::new(raw.cast())?,
1054 ))
1055 }
1056 }
1057
1058 /// Extracts the raw value of this `Func`, which is owned by `store`.
1059 ///
1060 /// This function returns a value that's suitable for writing into the
1061 /// `funcref` field of the [`ValRaw`] structure.
1062 ///
1063 /// # Safety
1064 ///
1065 /// The returned value is only valid for as long as the store is alive.
1066 /// This value is safe to pass to [`Func::from_raw`] so long as the same
1067 /// `store` is provided.
1068 pub fn to_raw(&self, mut store: impl AsContextMut) -> *mut c_void {
1069 self.vm_func_ref(store.as_context_mut().0).as_ptr().cast()
1070 }
1071
1072 /// Invokes this function with the `params` given, returning the results
1073 /// asynchronously.
1074 ///
1075 /// This function is the same as [`Func::call`] except that it is
1076 /// asynchronous. This is only compatible with stores associated with an
1077 /// [asynchronous config](crate::Config::async_support).
1078 ///
1079 /// It's important to note that the execution of WebAssembly will happen
1080 /// synchronously in the `poll` method of the future returned from this
1081 /// function. Wasmtime does not manage its own thread pool or similar to
1082 /// execute WebAssembly in. Future `poll` methods are generally expected to
1083 /// resolve quickly, so it's recommended that you run or poll this future
1084 /// in a "blocking context".
1085 ///
1086 /// For more information see the documentation on [asynchronous
1087 /// configs](crate::Config::async_support).
1088 ///
1089 /// # Errors
1090 ///
1091 /// For more information on errors see the [`Func::call`] documentation.
1092 ///
1093 /// # Panics
1094 ///
1095 /// Panics if this is called on a function in a synchronous store. This
1096 /// only works with functions defined within an asynchronous store. Also
1097 /// panics if `store` does not own this function.
1098 #[cfg(feature = "async")]
1099 pub async fn call_async(
1100 &self,
1101 mut store: impl AsContextMut<Data: Send>,
1102 params: &[Val],
1103 results: &mut [Val],
1104 ) -> Result<()> {
1105 let mut store = store.as_context_mut();
1106 assert!(
1107 store.0.async_support(),
1108 "cannot use `call_async` without enabling async support in the config",
1109 );
1110
1111 self.call_impl_check_args(&mut store, params, results)?;
1112
1113 let result = store
1114 .on_fiber(|store| unsafe { self.call_impl_do_call(store, params, results) })
1115 .await??;
1116 Ok(result)
1117 }
1118
1119 /// Perform dynamic checks that the arguments given to us match
1120 /// the signature of this function and are appropriate to pass to this
1121 /// function.
1122 ///
1123 /// This involves checking to make sure we have the right number and types
1124 /// of arguments as well as making sure everything is from the same `Store`.
1125 ///
1126 /// This must be called just before `call_impl_do_call`.
1127 fn call_impl_check_args<T>(
1128 &self,
1129 store: &mut StoreContextMut<'_, T>,
1130 params: &[Val],
1131 results: &mut [Val],
1132 ) -> Result<()> {
1133 let ty = self.load_ty(store.0);
1134 if ty.params().len() != params.len() {
1135 bail!(
1136 "expected {} arguments, got {}",
1137 ty.params().len(),
1138 params.len()
1139 );
1140 }
1141 if ty.results().len() != results.len() {
1142 bail!(
1143 "expected {} results, got {}",
1144 ty.results().len(),
1145 results.len()
1146 );
1147 }
1148
1149 for (ty, arg) in ty.params().zip(params) {
1150 arg.ensure_matches_ty(store.0, &ty)
1151 .context("argument type mismatch")?;
1152 if !arg.comes_from_same_store(store.0) {
1153 bail!("cross-`Store` values are not currently supported");
1154 }
1155 }
1156
1157 Ok(())
1158 }
1159
1160 /// Do the actual call into Wasm.
1161 ///
1162 /// # Safety
1163 ///
1164 /// You must have type checked the arguments by calling
1165 /// `call_impl_check_args` immediately before calling this function. It is
1166 /// only safe to call this function if that one did not return an error.
1167 unsafe fn call_impl_do_call<T>(
1168 &self,
1169 store: &mut StoreContextMut<'_, T>,
1170 params: &[Val],
1171 results: &mut [Val],
1172 ) -> Result<()> {
1173 // Store the argument values into `values_vec`.
1174 let ty = self.load_ty(store.0);
1175 let values_vec_size = params.len().max(ty.results().len());
1176 let mut values_vec = store.0.take_wasm_val_raw_storage();
1177 debug_assert!(values_vec.is_empty());
1178 values_vec.resize_with(values_vec_size, || ValRaw::v128(0));
1179 for (arg, slot) in params.iter().cloned().zip(&mut values_vec) {
1180 *slot = arg.to_raw(&mut *store)?;
1181 }
1182
1183 unsafe {
1184 self.call_unchecked(
1185 &mut *store,
1186 core::ptr::slice_from_raw_parts_mut(values_vec.as_mut_ptr(), values_vec_size),
1187 )?;
1188 }
1189
1190 for ((i, slot), val) in results.iter_mut().enumerate().zip(&values_vec) {
1191 let ty = ty.results().nth(i).unwrap();
1192 *slot = unsafe { Val::from_raw(&mut *store, *val, ty) };
1193 }
1194 values_vec.truncate(0);
1195 store.0.save_wasm_val_raw_storage(values_vec);
1196 Ok(())
1197 }
1198
1199 #[inline]
1200 pub(crate) fn vm_func_ref(&self, store: &StoreOpaque) -> NonNull<VMFuncRef> {
1201 self.store.assert_belongs_to(store.id());
1202 self.unsafe_func_ref.as_non_null()
1203 }
1204
1205 pub(crate) fn vmimport(&self, store: &StoreOpaque) -> VMFunctionImport {
1206 unsafe {
1207 let f = self.vm_func_ref(store);
1208 VMFunctionImport {
1209 // Note that this is a load-bearing `unwrap` here, but is
1210 // never expected to trip at runtime. The general problem is
1211 // that host functions do not have a `wasm_call` function so
1212 // the `VMFuncRef` type has an optional pointer there. This is
1213 // only able to be filled out when a function is "paired" with
1214 // a module where trampolines are present to fill out
1215 // `wasm_call` pointers.
1216 //
1217 // This pairing of modules doesn't happen explicitly but is
1218 // instead managed lazily throughout Wasmtime. Specifically the
1219 // way this works is one of:
1220 //
1221 // * When a host function is created the store's list of
1222 // modules are searched for a wasm trampoline. If not found
1223 // the `wasm_call` field is left blank.
1224 //
1225 // * When a module instantiation happens, which uses this
1226 // function, the module will be used to fill any outstanding
1227 // holes that it has trampolines for.
1228 //
1229 // This means that by the time we get to this point any
1230 // relevant holes should be filled out. Thus if this panic
1231 // actually triggers then it's indicative of a missing `fill`
1232 // call somewhere else.
1233 wasm_call: f.as_ref().wasm_call.unwrap(),
1234 array_call: f.as_ref().array_call,
1235 vmctx: f.as_ref().vmctx,
1236 }
1237 }
1238 }
1239
1240 pub(crate) fn comes_from_same_store(&self, store: &StoreOpaque) -> bool {
1241 self.store == store.id()
1242 }
1243
1244 fn invoke_host_func_for_wasm<T>(
1245 mut caller: Caller<'_, T>,
1246 ty: &FuncType,
1247 values_vec: &mut [ValRaw],
1248 func: &dyn Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()>,
1249 ) -> Result<()> {
1250 // Translate the raw JIT arguments in `values_vec` into a `Val` which
1251 // we'll be passing as a slice. The storage for our slice-of-`Val` we'll
1252 // be taking from the `Store`. We preserve our slice back into the
1253 // `Store` after the hostcall, ideally amortizing the cost of allocating
1254 // the storage across wasm->host calls.
1255 //
1256 // Note that we have a dynamic guarantee that `values_vec` is the
1257 // appropriate length to both read all arguments from as well as store
1258 // all results into.
1259 let mut val_vec = caller.store.0.take_hostcall_val_storage();
1260 debug_assert!(val_vec.is_empty());
1261 let nparams = ty.params().len();
1262 val_vec.reserve(nparams + ty.results().len());
1263 for (i, ty) in ty.params().enumerate() {
1264 val_vec.push(unsafe { Val::from_raw(&mut caller.store, values_vec[i], ty) })
1265 }
1266
1267 val_vec.extend((0..ty.results().len()).map(|_| Val::null_func_ref()));
1268 let (params, results) = val_vec.split_at_mut(nparams);
1269 func(caller.sub_caller(), params, results)?;
1270
1271 // Unlike our arguments we need to dynamically check that the return
1272 // values produced are correct. There could be a bug in `func` that
1273 // produces the wrong number, wrong types, or wrong stores of
1274 // values, and we need to catch that here.
1275 for (i, (ret, ty)) in results.iter().zip(ty.results()).enumerate() {
1276 ret.ensure_matches_ty(caller.store.0, &ty)
1277 .context("function attempted to return an incompatible value")?;
1278 values_vec[i] = ret.to_raw(&mut caller.store)?;
1279 }
1280
1281 // Restore our `val_vec` back into the store so it's usable for the next
1282 // hostcall to reuse our own storage.
1283 val_vec.truncate(0);
1284 caller.store.0.save_hostcall_val_storage(val_vec);
1285 Ok(())
1286 }
1287
1288 /// Attempts to extract a typed object from this `Func` through which the
1289 /// function can be called.
1290 ///
1291 /// This function serves as an alternative to [`Func::call`] and
1292 /// [`Func::call_async`]. This method performs a static type check (using
1293 /// the `Params` and `Results` type parameters on the underlying wasm
1294 /// function. If the type check passes then a `TypedFunc` object is returned,
1295 /// otherwise an error is returned describing the typecheck failure.
1296 ///
1297 /// The purpose of this relative to [`Func::call`] is that it's much more
1298 /// efficient when used to invoke WebAssembly functions. With the types
1299 /// statically known far less setup/teardown is required when invoking
1300 /// WebAssembly. If speed is desired then this function is recommended to be
1301 /// used instead of [`Func::call`] (which is more general, hence its
1302 /// slowdown).
1303 ///
1304 /// The `Params` type parameter is used to describe the parameters of the
1305 /// WebAssembly function. This can either be a single type (like `i32`), or
1306 /// a tuple of types representing the list of parameters (like `(i32, f32,
1307 /// f64)`). Additionally you can use `()` to represent that the function has
1308 /// no parameters.
1309 ///
1310 /// The `Results` type parameter is used to describe the results of the
1311 /// function. This behaves the same way as `Params`, but just for the
1312 /// results of the function.
1313 ///
1314 /// # Translating Between WebAssembly and Rust Types
1315 ///
1316 /// Translation between Rust types and WebAssembly types looks like:
1317 ///
1318 /// | WebAssembly | Rust |
1319 /// |-------------------------------------------|---------------------------------------|
1320 /// | `i32` | `i32` or `u32` |
1321 /// | `i64` | `i64` or `u64` |
1322 /// | `f32` | `f32` |
1323 /// | `f64` | `f64` |
1324 /// | `externref` aka `(ref null extern)` | `Option<Rooted<ExternRef>>` |
1325 /// | `(ref extern)` | `Rooted<ExternRef>` |
1326 /// | `nullexternref` aka `(ref null noextern)` | `Option<NoExtern>` |
1327 /// | `(ref noextern)` | `NoExtern` |
1328 /// | `anyref` aka `(ref null any)` | `Option<Rooted<AnyRef>>` |
1329 /// | `(ref any)` | `Rooted<AnyRef>` |
1330 /// | `eqref` aka `(ref null eq)` | `Option<Rooted<EqRef>>` |
1331 /// | `(ref eq)` | `Rooted<EqRef>` |
1332 /// | `i31ref` aka `(ref null i31)` | `Option<I31>` |
1333 /// | `(ref i31)` | `I31` |
1334 /// | `structref` aka `(ref null struct)` | `Option<Rooted<StructRef>>` |
1335 /// | `(ref struct)` | `Rooted<StructRef>` |
1336 /// | `arrayref` aka `(ref null array)` | `Option<Rooted<ArrayRef>>` |
1337 /// | `(ref array)` | `Rooted<ArrayRef>` |
1338 /// | `nullref` aka `(ref null none)` | `Option<NoneRef>` |
1339 /// | `(ref none)` | `NoneRef` |
1340 /// | `funcref` aka `(ref null func)` | `Option<Func>` |
1341 /// | `(ref func)` | `Func` |
1342 /// | `(ref null <func type index>)` | `Option<Func>` |
1343 /// | `(ref <func type index>)` | `Func` |
1344 /// | `nullfuncref` aka `(ref null nofunc)` | `Option<NoFunc>` |
1345 /// | `(ref nofunc)` | `NoFunc` |
1346 /// | `v128` | `V128` on `x86-64` and `aarch64` only |
1347 ///
1348 /// (Note that this mapping is the same as that of [`Func::wrap`], and that
1349 /// anywhere a `Rooted<T>` appears, a `OwnedRooted<T>` may also appear).
1350 ///
1351 /// Note that once the [`TypedFunc`] return value is acquired you'll use either
1352 /// [`TypedFunc::call`] or [`TypedFunc::call_async`] as necessary to actually invoke
1353 /// the function. This method does not invoke any WebAssembly code, it
1354 /// simply performs a typecheck before returning the [`TypedFunc`] value.
1355 ///
1356 /// This method also has a convenience wrapper as
1357 /// [`Instance::get_typed_func`](crate::Instance::get_typed_func) to
1358 /// directly get a typed function value from an
1359 /// [`Instance`](crate::Instance).
1360 ///
1361 /// ## Subtyping
1362 ///
1363 /// For result types, you can always use a supertype of the WebAssembly
1364 /// function's actual declared result type. For example, if the WebAssembly
1365 /// function was declared with type `(func (result nullfuncref))` you could
1366 /// successfully call `f.typed::<(), Option<Func>>()` because `Option<Func>`
1367 /// corresponds to `funcref`, which is a supertype of `nullfuncref`.
1368 ///
1369 /// For parameter types, you can always use a subtype of the WebAssembly
1370 /// function's actual declared parameter type. For example, if the
1371 /// WebAssembly function was declared with type `(func (param (ref null
1372 /// func)))` you could successfully call `f.typed::<Func, ()>()` because
1373 /// `Func` corresponds to `(ref func)`, which is a subtype of `(ref null
1374 /// func)`.
1375 ///
1376 /// Additionally, for functions which take a reference to a concrete type as
1377 /// a parameter, you can also use the concrete type's supertype. Consider a
1378 /// WebAssembly function that takes a reference to a function with a
1379 /// concrete type: `(ref null <func type index>)`. In this scenario, there
1380 /// is no static `wasmtime::Foo` Rust type that corresponds to that
1381 /// particular Wasm-defined concrete reference type because Wasm modules are
1382 /// loaded dynamically at runtime. You *could* do `f.typed::<Option<NoFunc>,
1383 /// ()>()`, and while that is correctly typed and valid, it is often overly
1384 /// restrictive. The only value you could call the resulting typed function
1385 /// with is the null function reference, but we'd like to call it with
1386 /// non-null function references that happen to be of the correct
1387 /// type. Therefore, `f.typed<Option<Func>, ()>()` is also allowed in this
1388 /// case, even though `Option<Func>` represents `(ref null func)` which is
1389 /// the supertype, not subtype, of `(ref null <func type index>)`. This does
1390 /// imply some minimal dynamic type checks in this case, but it is supported
1391 /// for better ergonomics, to enable passing non-null references into the
1392 /// function.
1393 ///
1394 /// # Errors
1395 ///
1396 /// This function will return an error if `Params` or `Results` does not
1397 /// match the native type of this WebAssembly function.
1398 ///
1399 /// # Panics
1400 ///
1401 /// This method will panic if `store` does not own this function.
1402 ///
1403 /// # Examples
1404 ///
1405 /// An end-to-end example of calling a function which takes no parameters
1406 /// and has no results:
1407 ///
1408 /// ```
1409 /// # use wasmtime::*;
1410 /// # fn main() -> anyhow::Result<()> {
1411 /// let engine = Engine::default();
1412 /// let mut store = Store::new(&engine, ());
1413 /// let module = Module::new(&engine, r#"(module (func (export "foo")))"#)?;
1414 /// let instance = Instance::new(&mut store, &module, &[])?;
1415 /// let foo = instance.get_func(&mut store, "foo").expect("export wasn't a function");
1416 ///
1417 /// // Note that this call can fail due to the typecheck not passing, but
1418 /// // in our case we statically know the module so we know this should
1419 /// // pass.
1420 /// let typed = foo.typed::<(), ()>(&store)?;
1421 ///
1422 /// // Note that this can fail if the wasm traps at runtime.
1423 /// typed.call(&mut store, ())?;
1424 /// # Ok(())
1425 /// # }
1426 /// ```
1427 ///
1428 /// You can also pass in multiple parameters and get a result back
1429 ///
1430 /// ```
1431 /// # use wasmtime::*;
1432 /// # fn foo(add: &Func, mut store: Store<()>) -> anyhow::Result<()> {
1433 /// let typed = add.typed::<(i32, i64), f32>(&store)?;
1434 /// assert_eq!(typed.call(&mut store, (1, 2))?, 3.0);
1435 /// # Ok(())
1436 /// # }
1437 /// ```
1438 ///
1439 /// and similarly if a function has multiple results you can bind that too
1440 ///
1441 /// ```
1442 /// # use wasmtime::*;
1443 /// # fn foo(add_with_overflow: &Func, mut store: Store<()>) -> anyhow::Result<()> {
1444 /// let typed = add_with_overflow.typed::<(u32, u32), (u32, i32)>(&store)?;
1445 /// let (result, overflow) = typed.call(&mut store, (u32::max_value(), 2))?;
1446 /// assert_eq!(result, 1);
1447 /// assert_eq!(overflow, 1);
1448 /// # Ok(())
1449 /// # }
1450 /// ```
1451 pub fn typed<Params, Results>(
1452 &self,
1453 store: impl AsContext,
1454 ) -> Result<TypedFunc<Params, Results>>
1455 where
1456 Params: WasmParams,
1457 Results: WasmResults,
1458 {
1459 // Type-check that the params/results are all valid
1460 let store = store.as_context().0;
1461 let ty = self.load_ty(store);
1462 Params::typecheck(store.engine(), ty.params(), TypeCheckPosition::Param)
1463 .context("type mismatch with parameters")?;
1464 Results::typecheck(store.engine(), ty.results(), TypeCheckPosition::Result)
1465 .context("type mismatch with results")?;
1466
1467 // and then we can construct the typed version of this function
1468 // (unsafely), which should be safe since we just did the type check above.
1469 unsafe { Ok(TypedFunc::_new_unchecked(store, *self)) }
1470 }
1471
1472 /// Get a stable hash key for this function.
1473 ///
1474 /// Even if the same underlying function is added to the `StoreData`
1475 /// multiple times and becomes multiple `wasmtime::Func`s, this hash key
1476 /// will be consistent across all of these functions.
1477 #[cfg_attr(
1478 not(test),
1479 expect(dead_code, reason = "Not used yet, but added for consistency")
1480 )]
1481 pub(crate) fn hash_key(&self, store: &mut StoreOpaque) -> impl core::hash::Hash + Eq + use<> {
1482 self.vm_func_ref(store).as_ptr().addr()
1483 }
1484}
1485
1486/// Prepares for entrance into WebAssembly.
1487///
1488/// This function will set up context such that `closure` is allowed to call a
1489/// raw trampoline or a raw WebAssembly function. This *must* be called to do
1490/// things like catch traps and set up GC properly.
1491///
1492/// The `closure` provided receives a default "caller" `VMContext` parameter it
1493/// can pass to the called wasm function, if desired.
1494pub(crate) fn invoke_wasm_and_catch_traps<T>(
1495 store: &mut StoreContextMut<'_, T>,
1496 closure: impl FnMut(NonNull<VMContext>, Option<InterpreterRef<'_>>) -> bool,
1497) -> Result<()> {
1498 // The `enter_wasm` call below will reset the store context's
1499 // `stack_chain` to a new `InitialStack`, pointing to the
1500 // stack-allocated `initial_stack_csi`.
1501 let mut initial_stack_csi = VMCommonStackInformation::running_default();
1502 // Stores some state of the runtime just before entering Wasm. Will be
1503 // restored upon exiting Wasm. Note that the `CallThreadState` that is
1504 // created by the `catch_traps` call below will store a pointer to this
1505 // stack-allocated `previous_runtime_state`.
1506 let mut previous_runtime_state = EntryStoreContext::enter_wasm(store, &mut initial_stack_csi);
1507
1508 if let Err(trap) = store.0.call_hook(CallHook::CallingWasm) {
1509 // `previous_runtime_state` implicitly dropped here
1510 return Err(trap);
1511 }
1512 let result = crate::runtime::vm::catch_traps(store, &mut previous_runtime_state, closure);
1513 core::mem::drop(previous_runtime_state);
1514 store.0.call_hook(CallHook::ReturningFromWasm)?;
1515 result
1516}
1517
1518/// This type helps managing the state of the runtime when entering and exiting
1519/// Wasm. To this end, it contains a subset of the data in `VMStoreContext`.
1520/// Upon entering Wasm, it updates various runtime fields and their
1521/// original values saved in this struct. Upon exiting Wasm, the previous values
1522/// are restored.
1523pub(crate) struct EntryStoreContext {
1524 /// If set, contains value of `stack_limit` field to restore in
1525 /// `VMStoreContext` when exiting Wasm.
1526 pub stack_limit: Option<usize>,
1527 pub last_wasm_exit_pc: usize,
1528 pub last_wasm_exit_trampoline_fp: usize,
1529 pub last_wasm_entry_fp: usize,
1530 pub last_wasm_entry_sp: usize,
1531 pub last_wasm_entry_trap_handler: usize,
1532 pub stack_chain: VMStackChain,
1533
1534 /// We need a pointer to the runtime limits, so we can update them from
1535 /// `drop`/`exit_wasm`.
1536 vm_store_context: *const VMStoreContext,
1537}
1538
1539impl EntryStoreContext {
1540 /// This function is called to update and save state when
1541 /// WebAssembly is entered within the `Store`.
1542 ///
1543 /// This updates various fields such as:
1544 ///
1545 /// * The stack limit. This is what ensures that we limit the stack space
1546 /// allocated by WebAssembly code and it's relative to the initial stack
1547 /// pointer that called into wasm.
1548 ///
1549 /// It also saves the different last_wasm_* values in the `VMStoreContext`.
1550 pub fn enter_wasm<T>(
1551 store: &mut StoreContextMut<'_, T>,
1552 initial_stack_information: *mut VMCommonStackInformation,
1553 ) -> Self {
1554 let stack_limit;
1555
1556 // If this is a recursive call, e.g. our stack limit is already set, then
1557 // we may be able to skip this function.
1558 //
1559 // For synchronous stores there's nothing else to do because all wasm calls
1560 // happen synchronously and on the same stack. This means that the previous
1561 // stack limit will suffice for the next recursive call.
1562 //
1563 // For asynchronous stores then each call happens on a separate native
1564 // stack. This means that the previous stack limit is no longer relevant
1565 // because we're on a separate stack.
1566 if unsafe { *store.0.vm_store_context().stack_limit.get() } != usize::MAX
1567 && !store.0.async_support()
1568 {
1569 stack_limit = None;
1570 }
1571 // Ignore this stack pointer business on miri since we can't execute wasm
1572 // anyway and the concept of a stack pointer on miri is a bit nebulous
1573 // regardless.
1574 else if cfg!(miri) {
1575 stack_limit = None;
1576 } else {
1577 // When Cranelift has support for the host then we might be running native
1578 // compiled code meaning we need to read the actual stack pointer. If
1579 // Cranelift can't be used though then we're guaranteed to be running pulley
1580 // in which case this stack pointer isn't actually used as Pulley has custom
1581 // mechanisms for stack overflow.
1582 #[cfg(has_host_compiler_backend)]
1583 let stack_pointer = crate::runtime::vm::get_stack_pointer();
1584 #[cfg(not(has_host_compiler_backend))]
1585 let stack_pointer = {
1586 use wasmtime_environ::TripleExt;
1587 debug_assert!(store.engine().target().is_pulley());
1588 usize::MAX
1589 };
1590
1591 // Determine the stack pointer where, after which, any wasm code will
1592 // immediately trap. This is checked on the entry to all wasm functions.
1593 //
1594 // Note that this isn't 100% precise. We are requested to give wasm
1595 // `max_wasm_stack` bytes, but what we're actually doing is giving wasm
1596 // probably a little less than `max_wasm_stack` because we're
1597 // calculating the limit relative to this function's approximate stack
1598 // pointer. Wasm will be executed on a frame beneath this one (or next
1599 // to it). In any case it's expected to be at most a few hundred bytes
1600 // of slop one way or another. When wasm is typically given a MB or so
1601 // (a million bytes) the slop shouldn't matter too much.
1602 //
1603 // After we've got the stack limit then we store it into the `stack_limit`
1604 // variable.
1605 let wasm_stack_limit = stack_pointer
1606 .checked_sub(store.engine().config().max_wasm_stack)
1607 .unwrap();
1608 let prev_stack = unsafe {
1609 mem::replace(
1610 &mut *store.0.vm_store_context().stack_limit.get(),
1611 wasm_stack_limit,
1612 )
1613 };
1614 stack_limit = Some(prev_stack);
1615 }
1616
1617 unsafe {
1618 let vm_store_context = store.0.vm_store_context();
1619 let new_stack_chain = VMStackChain::InitialStack(initial_stack_information);
1620 *vm_store_context.stack_chain.get() = new_stack_chain;
1621
1622 Self {
1623 stack_limit,
1624 last_wasm_exit_pc: *(*vm_store_context).last_wasm_exit_pc.get(),
1625 last_wasm_exit_trampoline_fp: *(*vm_store_context)
1626 .last_wasm_exit_trampoline_fp
1627 .get(),
1628 last_wasm_entry_fp: *(*vm_store_context).last_wasm_entry_fp.get(),
1629 last_wasm_entry_sp: *(*vm_store_context).last_wasm_entry_sp.get(),
1630 last_wasm_entry_trap_handler: *(*vm_store_context)
1631 .last_wasm_entry_trap_handler
1632 .get(),
1633 stack_chain: (*(*vm_store_context).stack_chain.get()).clone(),
1634 vm_store_context,
1635 }
1636 }
1637 }
1638
1639 /// This function restores the values stored in this struct. We invoke this
1640 /// function through this type's `Drop` implementation. This ensures that we
1641 /// even restore the values if we unwind the stack (e.g., because we are
1642 /// panicking out of a Wasm execution).
1643 #[inline]
1644 fn exit_wasm(&mut self) {
1645 unsafe {
1646 if let Some(limit) = self.stack_limit {
1647 *(&*self.vm_store_context).stack_limit.get() = limit;
1648 }
1649
1650 *(*self.vm_store_context).last_wasm_exit_trampoline_fp.get() =
1651 self.last_wasm_exit_trampoline_fp;
1652 *(*self.vm_store_context).last_wasm_exit_pc.get() = self.last_wasm_exit_pc;
1653 *(*self.vm_store_context).last_wasm_entry_fp.get() = self.last_wasm_entry_fp;
1654 *(*self.vm_store_context).last_wasm_entry_sp.get() = self.last_wasm_entry_sp;
1655 *(*self.vm_store_context).last_wasm_entry_trap_handler.get() =
1656 self.last_wasm_entry_trap_handler;
1657 *(*self.vm_store_context).stack_chain.get() = self.stack_chain.clone();
1658 }
1659 }
1660}
1661
1662impl Drop for EntryStoreContext {
1663 #[inline]
1664 fn drop(&mut self) {
1665 self.exit_wasm();
1666 }
1667}
1668
1669/// A trait implemented for types which can be returned from closures passed to
1670/// [`Func::wrap`] and friends.
1671///
1672/// This trait should not be implemented by user types. This trait may change at
1673/// any time internally. The types which implement this trait, however, are
1674/// stable over time.
1675///
1676/// For more information see [`Func::wrap`]
1677pub unsafe trait WasmRet {
1678 // Same as `WasmTy::compatible_with_store`.
1679 #[doc(hidden)]
1680 fn compatible_with_store(&self, store: &StoreOpaque) -> bool;
1681
1682 /// Stores this return value into the `ptr` specified using the rooted
1683 /// `store`.
1684 ///
1685 /// Traps are communicated through the `Result<_>` return value.
1686 ///
1687 /// # Unsafety
1688 ///
1689 /// This method is unsafe as `ptr` must have the correct length to store
1690 /// this result. This property is only checked in debug mode, not in release
1691 /// mode.
1692 #[doc(hidden)]
1693 unsafe fn store(
1694 self,
1695 store: &mut AutoAssertNoGc<'_>,
1696 ptr: &mut [MaybeUninit<ValRaw>],
1697 ) -> Result<()>;
1698
1699 #[doc(hidden)]
1700 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType;
1701 #[doc(hidden)]
1702 fn may_gc() -> bool;
1703
1704 // Utilities used to convert an instance of this type to a `Result`
1705 // explicitly, used when wrapping async functions which always bottom-out
1706 // in a function that returns a trap because futures can be cancelled.
1707 #[doc(hidden)]
1708 type Fallible: WasmRet;
1709 #[doc(hidden)]
1710 fn into_fallible(self) -> Self::Fallible;
1711 #[doc(hidden)]
1712 fn fallible_from_error(error: Error) -> Self::Fallible;
1713}
1714
1715unsafe impl<T> WasmRet for T
1716where
1717 T: WasmTy,
1718{
1719 type Fallible = Result<T>;
1720
1721 fn compatible_with_store(&self, store: &StoreOpaque) -> bool {
1722 <Self as WasmTy>::compatible_with_store(self, store)
1723 }
1724
1725 unsafe fn store(
1726 self,
1727 store: &mut AutoAssertNoGc<'_>,
1728 ptr: &mut [MaybeUninit<ValRaw>],
1729 ) -> Result<()> {
1730 debug_assert!(ptr.len() > 0);
1731 // SAFETY: the contract of this function/trait combo is such that `ptr`
1732 // is valid to store this type's value, thus this lookup should be safe.
1733 unsafe { <Self as WasmTy>::store(self, store, ptr.get_unchecked_mut(0)) }
1734 }
1735
1736 fn may_gc() -> bool {
1737 T::may_gc()
1738 }
1739
1740 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType {
1741 FuncType::new(engine, params, Some(<Self as WasmTy>::valtype()))
1742 }
1743
1744 fn into_fallible(self) -> Result<T> {
1745 Ok(self)
1746 }
1747
1748 fn fallible_from_error(error: Error) -> Result<T> {
1749 Err(error)
1750 }
1751}
1752
1753unsafe impl<T> WasmRet for Result<T>
1754where
1755 T: WasmRet,
1756{
1757 type Fallible = Self;
1758
1759 fn compatible_with_store(&self, store: &StoreOpaque) -> bool {
1760 match self {
1761 Ok(x) => <T as WasmRet>::compatible_with_store(x, store),
1762 Err(_) => true,
1763 }
1764 }
1765
1766 unsafe fn store(
1767 self,
1768 store: &mut AutoAssertNoGc<'_>,
1769 ptr: &mut [MaybeUninit<ValRaw>],
1770 ) -> Result<()> {
1771 // SAFETY: the safety of calling this function is the same as calling
1772 // the inner `store`.
1773 unsafe { self.and_then(|val| val.store(store, ptr)) }
1774 }
1775
1776 fn may_gc() -> bool {
1777 T::may_gc()
1778 }
1779
1780 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType {
1781 T::func_type(engine, params)
1782 }
1783
1784 fn into_fallible(self) -> Result<T> {
1785 self
1786 }
1787
1788 fn fallible_from_error(error: Error) -> Result<T> {
1789 Err(error)
1790 }
1791}
1792
1793macro_rules! impl_wasm_host_results {
1794 ($n:tt $($t:ident)*) => (
1795 #[allow(non_snake_case, reason = "macro-generated code")]
1796 unsafe impl<$($t),*> WasmRet for ($($t,)*)
1797 where
1798 $($t: WasmTy,)*
1799 {
1800 type Fallible = Result<Self>;
1801
1802 #[inline]
1803 fn compatible_with_store(&self, _store: &StoreOpaque) -> bool {
1804 let ($($t,)*) = self;
1805 $( $t.compatible_with_store(_store) && )* true
1806 }
1807
1808 #[inline]
1809 unsafe fn store(
1810 self,
1811 _store: &mut AutoAssertNoGc<'_>,
1812 _ptr: &mut [MaybeUninit<ValRaw>],
1813 ) -> Result<()> {
1814 let ($($t,)*) = self;
1815 let mut _cur = 0;
1816 $(
1817 debug_assert!(_cur < _ptr.len());
1818 // SAFETY: `store`'s unsafe contract is that `_ptr` is
1819 // appropriately sized and additionally safe to call `store`
1820 // for sub-types.
1821 unsafe {
1822 let val = _ptr.get_unchecked_mut(_cur);
1823 _cur += 1;
1824 WasmTy::store($t, _store, val)?;
1825 }
1826 )*
1827 Ok(())
1828 }
1829
1830 #[doc(hidden)]
1831 fn may_gc() -> bool {
1832 $( $t::may_gc() || )* false
1833 }
1834
1835 fn func_type(engine: &Engine, params: impl Iterator<Item = ValType>) -> FuncType {
1836 FuncType::new(
1837 engine,
1838 params,
1839 IntoIterator::into_iter([$($t::valtype(),)*]),
1840 )
1841 }
1842
1843 #[inline]
1844 fn into_fallible(self) -> Result<Self> {
1845 Ok(self)
1846 }
1847
1848 #[inline]
1849 fn fallible_from_error(error: Error) -> Result<Self> {
1850 Err(error)
1851 }
1852 }
1853 )
1854}
1855
1856for_each_function_signature!(impl_wasm_host_results);
1857
1858/// Internal trait implemented for all arguments that can be passed to
1859/// [`Func::wrap`] and [`Linker::func_wrap`](crate::Linker::func_wrap).
1860///
1861/// This trait should not be implemented by external users, it's only intended
1862/// as an implementation detail of this crate.
1863pub trait IntoFunc<T, Params, Results>: Send + Sync + 'static {
1864 /// Convert this function into a `VM{Array,Native}CallHostFuncContext` and
1865 /// internal `VMFuncRef`.
1866 #[doc(hidden)]
1867 fn into_func(self, engine: &Engine) -> HostContext;
1868}
1869
1870macro_rules! impl_into_func {
1871 ($num:tt $arg:ident) => {
1872 // Implement for functions without a leading `&Caller` parameter,
1873 // delegating to the implementation below which does have the leading
1874 // `Caller` parameter.
1875 #[expect(non_snake_case, reason = "macro-generated code")]
1876 impl<T, F, $arg, R> IntoFunc<T, $arg, R> for F
1877 where
1878 F: Fn($arg) -> R + Send + Sync + 'static,
1879 $arg: WasmTy,
1880 R: WasmRet,
1881 T: 'static,
1882 {
1883 fn into_func(self, engine: &Engine) -> HostContext {
1884 let f = move |_: Caller<'_, T>, $arg: $arg| {
1885 self($arg)
1886 };
1887
1888 f.into_func(engine)
1889 }
1890 }
1891
1892 #[expect(non_snake_case, reason = "macro-generated code")]
1893 impl<T, F, $arg, R> IntoFunc<T, (Caller<'_, T>, $arg), R> for F
1894 where
1895 F: Fn(Caller<'_, T>, $arg) -> R + Send + Sync + 'static,
1896 $arg: WasmTy,
1897 R: WasmRet,
1898 T: 'static,
1899 {
1900 fn into_func(self, engine: &Engine) -> HostContext {
1901 HostContext::from_closure(engine, move |caller: Caller<'_, T>, ($arg,)| {
1902 self(caller, $arg)
1903 })
1904 }
1905 }
1906 };
1907 ($num:tt $($args:ident)*) => {
1908 // Implement for functions without a leading `&Caller` parameter,
1909 // delegating to the implementation below which does have the leading
1910 // `Caller` parameter.
1911 #[allow(non_snake_case, reason = "macro-generated code")]
1912 impl<T, F, $($args,)* R> IntoFunc<T, ($($args,)*), R> for F
1913 where
1914 F: Fn($($args),*) -> R + Send + Sync + 'static,
1915 $($args: WasmTy,)*
1916 R: WasmRet,
1917 T: 'static,
1918 {
1919 fn into_func(self, engine: &Engine) -> HostContext {
1920 let f = move |_: Caller<'_, T>, $($args:$args),*| {
1921 self($($args),*)
1922 };
1923
1924 f.into_func(engine)
1925 }
1926 }
1927
1928 #[allow(non_snake_case, reason = "macro-generated code")]
1929 impl<T, F, $($args,)* R> IntoFunc<T, (Caller<'_, T>, $($args,)*), R> for F
1930 where
1931 F: Fn(Caller<'_, T>, $($args),*) -> R + Send + Sync + 'static,
1932 $($args: WasmTy,)*
1933 R: WasmRet,
1934 T: 'static,
1935 {
1936 fn into_func(self, engine: &Engine) -> HostContext {
1937 HostContext::from_closure(engine, move |caller: Caller<'_, T>, ( $( $args ),* )| {
1938 self(caller, $( $args ),* )
1939 })
1940 }
1941 }
1942 }
1943}
1944
1945for_each_function_signature!(impl_into_func);
1946
1947/// Trait implemented for various tuples made up of types which implement
1948/// [`WasmTy`] that can be passed to [`Func::wrap_inner`] and
1949/// [`HostContext::from_closure`].
1950pub unsafe trait WasmTyList {
1951 /// Get the value type that each Type in the list represents.
1952 fn valtypes() -> impl Iterator<Item = ValType>;
1953
1954 // Load a version of `Self` from the `values` provided.
1955 //
1956 // # Safety
1957 //
1958 // This function is unsafe as it's up to the caller to ensure that `values` are
1959 // valid for this given type.
1960 #[doc(hidden)]
1961 unsafe fn load(store: &mut AutoAssertNoGc<'_>, values: &mut [MaybeUninit<ValRaw>]) -> Self;
1962
1963 #[doc(hidden)]
1964 fn may_gc() -> bool;
1965}
1966
1967macro_rules! impl_wasm_ty_list {
1968 ($num:tt $($args:ident)*) => (
1969 #[allow(non_snake_case, reason = "macro-generated code")]
1970 unsafe impl<$($args),*> WasmTyList for ($($args,)*)
1971 where
1972 $($args: WasmTy,)*
1973 {
1974 fn valtypes() -> impl Iterator<Item = ValType> {
1975 IntoIterator::into_iter([$($args::valtype(),)*])
1976 }
1977
1978 unsafe fn load(_store: &mut AutoAssertNoGc<'_>, _values: &mut [MaybeUninit<ValRaw>]) -> Self {
1979 let mut _cur = 0;
1980 ($({
1981 debug_assert!(_cur < _values.len());
1982 // SAFETY: this function's own contract means that `_values`
1983 // is appropriately sized/typed for the internal loads.
1984 unsafe {
1985 let ptr = _values.get_unchecked(_cur).assume_init_ref();
1986 _cur += 1;
1987 $args::load(_store, ptr)
1988 }
1989 },)*)
1990 }
1991
1992 fn may_gc() -> bool {
1993 $( $args::may_gc() || )* false
1994 }
1995 }
1996 );
1997}
1998
1999for_each_function_signature!(impl_wasm_ty_list);
2000
2001/// A structure representing the caller's context when creating a function
2002/// via [`Func::wrap`].
2003///
2004/// This structure can be taken as the first parameter of a closure passed to
2005/// [`Func::wrap`] or other constructors, and serves two purposes:
2006///
2007/// * First consumers can use [`Caller<'_, T>`](crate::Caller) to get access to
2008/// [`StoreContextMut<'_, T>`](crate::StoreContextMut) and/or get access to
2009/// `T` itself. This means that the [`Caller`] type can serve as a proxy to
2010/// the original [`Store`](crate::Store) itself and is used to satisfy
2011/// [`AsContext`] and [`AsContextMut`] bounds.
2012///
2013/// * Second a [`Caller`] can be used as the name implies, learning about the
2014/// caller's context, namely it's exported memory and exported functions. This
2015/// allows functions which take pointers as arguments to easily read the
2016/// memory the pointers point into, or if a function is expected to call
2017/// malloc in the wasm module to reserve space for the output you can do that.
2018///
2019/// Host functions which want access to [`Store`](crate::Store)-level state are
2020/// recommended to use this type.
2021pub struct Caller<'a, T: 'static> {
2022 pub(crate) store: StoreContextMut<'a, T>,
2023 caller: Instance,
2024}
2025
2026impl<T> Caller<'_, T> {
2027 #[cfg(feature = "async")]
2028 pub(crate) fn new(store: StoreContextMut<'_, T>, caller: Instance) -> Caller<'_, T> {
2029 Caller { store, caller }
2030 }
2031
2032 #[cfg(feature = "async")]
2033 pub(crate) fn caller(&self) -> Instance {
2034 self.caller
2035 }
2036
2037 /// Executes `f` with an appropriate `Caller`.
2038 ///
2039 /// This is the entrypoint for host functions in core wasm. The `store` and
2040 /// `instance` are created from `Instance::enter_host_from_wasm` and this
2041 /// will further invoke the host function that `f` refers to.
2042 fn with<F, R>(mut store: StoreContextMut<T>, caller: InstanceId, f: F) -> R
2043 where
2044 F: FnOnce(Caller<'_, T>) -> R,
2045 {
2046 let caller = Instance::from_wasmtime(caller, store.0);
2047
2048 let (gc_lifo_scope, ret) = {
2049 let gc_lifo_scope = store.0.gc_roots().enter_lifo_scope();
2050
2051 let ret = f(Caller {
2052 store: store.as_context_mut(),
2053 caller,
2054 });
2055
2056 (gc_lifo_scope, ret)
2057 };
2058
2059 store.0.exit_gc_lifo_scope(gc_lifo_scope);
2060
2061 ret
2062 }
2063
2064 fn sub_caller(&mut self) -> Caller<'_, T> {
2065 Caller {
2066 store: self.store.as_context_mut(),
2067 caller: self.caller,
2068 }
2069 }
2070
2071 /// Looks up an export from the caller's module by the `name` given.
2072 ///
2073 /// This is a low-level function that's typically used to implement passing
2074 /// of pointers or indices between core Wasm instances, where the callee
2075 /// needs to consult the caller's exports to perform memory management and
2076 /// resolve the references.
2077 ///
2078 /// For comparison, in components, the component model handles translating
2079 /// arguments from one component instance to another and managing memory, so
2080 /// that callees don't need to be aware of their callers, which promotes
2081 /// virtualizability of APIs.
2082 ///
2083 /// # Return
2084 ///
2085 /// If an export with the `name` provided was found, then it is returned as an
2086 /// `Extern`. There are a number of situations, however, where the export may not
2087 /// be available:
2088 ///
2089 /// * The caller instance may not have an export named `name`
2090 /// * There may not be a caller available, for example if `Func` was called
2091 /// directly from host code.
2092 ///
2093 /// It's recommended to take care when calling this API and gracefully
2094 /// handling a `None` return value.
2095 pub fn get_export(&mut self, name: &str) -> Option<Extern> {
2096 // All instances created have a `host_state` with a pointer pointing
2097 // back to themselves. If this caller doesn't have that `host_state`
2098 // then it probably means it was a host-created object like `Func::new`
2099 // which doesn't have any exports we want to return anyway.
2100 self.caller.get_export(&mut self.store, name)
2101 }
2102
2103 /// Looks up an exported [`Extern`] value by a [`ModuleExport`] value.
2104 ///
2105 /// This is similar to [`Self::get_export`] but uses a [`ModuleExport`] value to avoid
2106 /// string lookups where possible. [`ModuleExport`]s can be obtained by calling
2107 /// [`Module::get_export_index`] on the [`Module`] that an instance was instantiated with.
2108 ///
2109 /// This method will search the module for an export with a matching entity index and return
2110 /// the value, if found.
2111 ///
2112 /// Returns `None` if there was no export with a matching entity index.
2113 /// # Panics
2114 ///
2115 /// Panics if `store` does not own this instance.
2116 ///
2117 /// # Usage
2118 /// ```
2119 /// use std::str;
2120 ///
2121 /// # use wasmtime::*;
2122 /// # fn main() -> anyhow::Result<()> {
2123 /// # let mut store = Store::default();
2124 ///
2125 /// let module = Module::new(
2126 /// store.engine(),
2127 /// r#"
2128 /// (module
2129 /// (import "" "" (func $log_str (param i32 i32)))
2130 /// (func (export "foo")
2131 /// i32.const 4 ;; ptr
2132 /// i32.const 13 ;; len
2133 /// call $log_str)
2134 /// (memory (export "memory") 1)
2135 /// (data (i32.const 4) "Hello, world!"))
2136 /// "#,
2137 /// )?;
2138 ///
2139 /// let Some(module_export) = module.get_export_index("memory") else {
2140 /// anyhow::bail!("failed to find `memory` export in module");
2141 /// };
2142 ///
2143 /// let log_str = Func::wrap(&mut store, move |mut caller: Caller<'_, ()>, ptr: i32, len: i32| {
2144 /// let mem = match caller.get_module_export(&module_export) {
2145 /// Some(Extern::Memory(mem)) => mem,
2146 /// _ => anyhow::bail!("failed to find host memory"),
2147 /// };
2148 /// let data = mem.data(&caller)
2149 /// .get(ptr as u32 as usize..)
2150 /// .and_then(|arr| arr.get(..len as u32 as usize));
2151 /// let string = match data {
2152 /// Some(data) => match str::from_utf8(data) {
2153 /// Ok(s) => s,
2154 /// Err(_) => anyhow::bail!("invalid utf-8"),
2155 /// },
2156 /// None => anyhow::bail!("pointer/length out of bounds"),
2157 /// };
2158 /// assert_eq!(string, "Hello, world!");
2159 /// println!("{}", string);
2160 /// Ok(())
2161 /// });
2162 /// let instance = Instance::new(&mut store, &module, &[log_str.into()])?;
2163 /// let foo = instance.get_typed_func::<(), ()>(&mut store, "foo")?;
2164 /// foo.call(&mut store, ())?;
2165 /// # Ok(())
2166 /// # }
2167 /// ```
2168 pub fn get_module_export(&mut self, export: &ModuleExport) -> Option<Extern> {
2169 self.caller.get_module_export(&mut self.store, export)
2170 }
2171
2172 /// Access the underlying data owned by this `Store`.
2173 ///
2174 /// Same as [`Store::data`](crate::Store::data)
2175 pub fn data(&self) -> &T {
2176 self.store.data()
2177 }
2178
2179 /// Access the underlying data owned by this `Store`.
2180 ///
2181 /// Same as [`Store::data_mut`](crate::Store::data_mut)
2182 pub fn data_mut(&mut self) -> &mut T {
2183 self.store.data_mut()
2184 }
2185
2186 /// Returns the underlying [`Engine`] this store is connected to.
2187 pub fn engine(&self) -> &Engine {
2188 self.store.engine()
2189 }
2190
2191 /// Perform garbage collection.
2192 ///
2193 /// Same as [`Store::gc`](crate::Store::gc).
2194 #[cfg(feature = "gc")]
2195 pub fn gc(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>) {
2196 self.store.gc(why);
2197 }
2198
2199 /// Perform garbage collection asynchronously.
2200 ///
2201 /// Same as [`Store::gc_async`](crate::Store::gc_async).
2202 #[cfg(all(feature = "async", feature = "gc"))]
2203 pub async fn gc_async(&mut self, why: Option<&crate::GcHeapOutOfMemory<()>>)
2204 where
2205 T: Send + 'static,
2206 {
2207 self.store.gc_async(why).await;
2208 }
2209
2210 /// Returns the remaining fuel in the store.
2211 ///
2212 /// For more information see [`Store::get_fuel`](crate::Store::get_fuel)
2213 pub fn get_fuel(&self) -> Result<u64> {
2214 self.store.get_fuel()
2215 }
2216
2217 /// Set the amount of fuel in this store to be consumed when executing wasm code.
2218 ///
2219 /// For more information see [`Store::set_fuel`](crate::Store::set_fuel)
2220 pub fn set_fuel(&mut self, fuel: u64) -> Result<()> {
2221 self.store.set_fuel(fuel)
2222 }
2223
2224 /// Configures this `Store` to yield while executing futures every N units of fuel.
2225 ///
2226 /// For more information see
2227 /// [`Store::fuel_async_yield_interval`](crate::Store::fuel_async_yield_interval)
2228 pub fn fuel_async_yield_interval(&mut self, interval: Option<u64>) -> Result<()> {
2229 self.store.fuel_async_yield_interval(interval)
2230 }
2231}
2232
2233impl<T: 'static> AsContext for Caller<'_, T> {
2234 type Data = T;
2235 fn as_context(&self) -> StoreContext<'_, T> {
2236 self.store.as_context()
2237 }
2238}
2239
2240impl<T: 'static> AsContextMut for Caller<'_, T> {
2241 fn as_context_mut(&mut self) -> StoreContextMut<'_, T> {
2242 self.store.as_context_mut()
2243 }
2244}
2245
2246// State stored inside a `VMArrayCallHostFuncContext`.
2247struct HostFuncState<F> {
2248 // The actual host function.
2249 func: F,
2250
2251 // NB: We have to keep our `VMSharedTypeIndex` registered in the engine for
2252 // as long as this function exists.
2253 _ty: RegisteredType,
2254}
2255
2256#[doc(hidden)]
2257pub enum HostContext {
2258 Array(StoreBox<VMArrayCallHostFuncContext>),
2259}
2260
2261impl From<StoreBox<VMArrayCallHostFuncContext>> for HostContext {
2262 fn from(ctx: StoreBox<VMArrayCallHostFuncContext>) -> Self {
2263 HostContext::Array(ctx)
2264 }
2265}
2266
2267impl HostContext {
2268 fn from_closure<F, T, P, R>(engine: &Engine, func: F) -> Self
2269 where
2270 F: Fn(Caller<'_, T>, P) -> R + Send + Sync + 'static,
2271 P: WasmTyList,
2272 R: WasmRet,
2273 T: 'static,
2274 {
2275 let ty = R::func_type(engine, None::<ValType>.into_iter().chain(P::valtypes()));
2276 let type_index = ty.type_index();
2277
2278 let array_call = Self::array_call_trampoline::<T, F, P, R>;
2279
2280 let ctx = unsafe {
2281 VMArrayCallHostFuncContext::new(
2282 array_call,
2283 type_index,
2284 Box::new(HostFuncState {
2285 func,
2286 _ty: ty.into_registered_type(),
2287 }),
2288 )
2289 };
2290
2291 ctx.into()
2292 }
2293
2294 /// Raw entry trampoline for wasm for typed functions.
2295 ///
2296 /// # Safety
2297 ///
2298 /// The `callee_vmctx`, `caller_vmctx`, and `args` values must basically be
2299 /// "all valid" in the sense that they're from the same store, appropriately
2300 /// sized, appropriate to dereference, etc. This requires that `T` matches
2301 /// the type of the store that the vmctx values point to. The `F` parameter
2302 /// must match the state in `callee_vmctx`. The `P` and `R` type parameters
2303 /// must accurately describe the params/results store in `args`.
2304 unsafe extern "C" fn array_call_trampoline<T, F, P, R>(
2305 callee_vmctx: NonNull<VMOpaqueContext>,
2306 caller_vmctx: NonNull<VMContext>,
2307 args: NonNull<ValRaw>,
2308 args_len: usize,
2309 ) -> bool
2310 where
2311 F: Fn(Caller<'_, T>, P) -> R + 'static,
2312 P: WasmTyList,
2313 R: WasmRet,
2314 T: 'static,
2315 {
2316 // Note that this function is intentionally scoped into a
2317 // separate closure to fit everything inside `enter_host_from_wasm`
2318 // below.
2319 let run = move |mut caller: Caller<'_, T>| {
2320 let mut args =
2321 NonNull::slice_from_raw_parts(args.cast::<MaybeUninit<ValRaw>>(), args_len);
2322 // SAFETY: it's a safety contract of this function itself that
2323 // `callee_vmctx` is safe to read.
2324 let state = unsafe {
2325 let vmctx = VMArrayCallHostFuncContext::from_opaque(callee_vmctx);
2326 vmctx.as_ref().host_state()
2327 };
2328
2329 // Double-check ourselves in debug mode, but we control
2330 // the `Any` here so an unsafe downcast should also
2331 // work.
2332 //
2333 // SAFETY: all typed host functions use `HostFuncState<F>` as their
2334 // state so this should be safe to effectively do an unchecked
2335 // downcast.
2336 let state = unsafe {
2337 debug_assert!(state.is::<HostFuncState<F>>());
2338 &*(state as *const _ as *const HostFuncState<F>)
2339 };
2340 let func = &state.func;
2341
2342 let ret = 'ret: {
2343 if let Err(trap) = caller.store.0.call_hook(CallHook::CallingHost) {
2344 break 'ret R::fallible_from_error(trap);
2345 }
2346
2347 let mut store = if P::may_gc() {
2348 AutoAssertNoGc::new(caller.store.0)
2349 } else {
2350 unsafe { AutoAssertNoGc::disabled(caller.store.0) }
2351 };
2352 // SAFETY: this function requires `args` to be valid and the
2353 // `WasmTyList` trait means that everything should be correctly
2354 // ascribed/typed, making this valid to load from.
2355 let params = unsafe { P::load(&mut store, args.as_mut()) };
2356 let _ = &mut store;
2357 drop(store);
2358
2359 let r = func(caller.sub_caller(), params);
2360
2361 if let Err(trap) = caller.store.0.call_hook(CallHook::ReturningFromHost) {
2362 break 'ret R::fallible_from_error(trap);
2363 }
2364 r.into_fallible()
2365 };
2366
2367 if !ret.compatible_with_store(caller.store.0) {
2368 bail!("host function attempted to return cross-`Store` value to Wasm")
2369 } else {
2370 let mut store = if R::may_gc() {
2371 AutoAssertNoGc::new(caller.store.0)
2372 } else {
2373 unsafe { AutoAssertNoGc::disabled(caller.store.0) }
2374 };
2375 // SAFETY: this function requires that `args` is safe for this
2376 // type signature, and the guarantees of `WasmRet` means that
2377 // everything should be typed appropriately.
2378 let ret = unsafe { ret.store(&mut store, args.as_mut())? };
2379 Ok(ret)
2380 }
2381 };
2382
2383 // With nothing else on the stack move `run` into this
2384 // closure and then run it as part of `Caller::with`.
2385 //
2386 // SAFETY: this is an entrypoint of wasm which requires correct type
2387 // ascription of `T` itself, meaning that this should be safe to call
2388 // both `enter_host_from_wasm` as well as `unchecked_context_mut`.
2389 unsafe {
2390 vm::Instance::enter_host_from_wasm(caller_vmctx, |store, instance| {
2391 let store = store.unchecked_context_mut();
2392 Caller::with(store, instance, run)
2393 })
2394 }
2395 }
2396}
2397
2398/// Representation of a host-defined function.
2399///
2400/// This is used for `Func::new` but also for `Linker`-defined functions. For
2401/// `Func::new` this is stored within a `Store`, and for `Linker`-defined
2402/// functions they wrap this up in `Arc` to enable shared ownership of this
2403/// across many stores.
2404///
2405/// Technically this structure needs a `<T>` type parameter to connect to the
2406/// `Store<T>` itself, but that's an unsafe contract of using this for now
2407/// rather than part of the struct type (to avoid `Func<T>` in the API).
2408pub(crate) struct HostFunc {
2409 ctx: HostContext,
2410
2411 // Stored to unregister this function's signature with the engine when this
2412 // is dropped.
2413 engine: Engine,
2414}
2415
2416impl core::fmt::Debug for HostFunc {
2417 fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
2418 f.debug_struct("HostFunc").finish_non_exhaustive()
2419 }
2420}
2421
2422impl HostFunc {
2423 /// Analog of [`Func::new`]
2424 ///
2425 /// # Panics
2426 ///
2427 /// Panics if the given function type is not associated with the given
2428 /// engine.
2429 pub fn new<T>(
2430 engine: &Engine,
2431 ty: FuncType,
2432 func: impl Fn(Caller<'_, T>, &[Val], &mut [Val]) -> Result<()> + Send + Sync + 'static,
2433 ) -> Self
2434 where
2435 T: 'static,
2436 {
2437 assert!(ty.comes_from_same_engine(engine));
2438 let ty_clone = ty.clone();
2439 unsafe {
2440 HostFunc::new_unchecked(engine, ty, move |caller, values| {
2441 Func::invoke_host_func_for_wasm(caller, &ty_clone, values, &func)
2442 })
2443 }
2444 }
2445
2446 /// Analog of [`Func::new_unchecked`]
2447 ///
2448 /// # Panics
2449 ///
2450 /// Panics if the given function type is not associated with the given
2451 /// engine.
2452 ///
2453 /// # Safety
2454 ///
2455 /// The `func` provided must operate according to the `ty` provided to
2456 /// ensure it's reading the correctly-typed parameters and writing the
2457 /// correctly-typed results.
2458 pub unsafe fn new_unchecked<T>(
2459 engine: &Engine,
2460 ty: FuncType,
2461 func: impl Fn(Caller<'_, T>, &mut [ValRaw]) -> Result<()> + Send + Sync + 'static,
2462 ) -> Self
2463 where
2464 T: 'static,
2465 {
2466 assert!(ty.comes_from_same_engine(engine));
2467 let ctx = crate::trampoline::create_array_call_function(
2468 &ty,
2469 move |store, instance, values: &mut [ValRaw]| {
2470 // SAFETY: the later usage of `{,in}to_func` will connect `T` to
2471 // an actual store's `T` to ensure it's the same. This means
2472 // that the store this is invoked with always has `T` as a type
2473 // parameter which should make this cast safe.
2474 let store = unsafe { store.unchecked_context_mut::<T>() };
2475 Caller::with(store, instance, |mut caller| {
2476 caller.store.0.call_hook(CallHook::CallingHost)?;
2477 let result = func(caller.sub_caller(), values)?;
2478 caller.store.0.call_hook(CallHook::ReturningFromHost)?;
2479 Ok(result)
2480 })
2481 },
2482 )
2483 .expect("failed to create function");
2484 HostFunc::_new(engine, ctx.into())
2485 }
2486
2487 /// Analog of [`Func::wrap_inner`]
2488 #[cfg(any(feature = "component-model", feature = "async"))]
2489 pub fn wrap_inner<F, T, Params, Results>(engine: &Engine, func: F) -> Self
2490 where
2491 F: Fn(Caller<'_, T>, Params) -> Results + Send + Sync + 'static,
2492 Params: WasmTyList,
2493 Results: WasmRet,
2494 T: 'static,
2495 {
2496 let ctx = HostContext::from_closure(engine, func);
2497 HostFunc::_new(engine, ctx)
2498 }
2499
2500 /// Analog of [`Func::wrap`]
2501 pub fn wrap<T, Params, Results>(
2502 engine: &Engine,
2503 func: impl IntoFunc<T, Params, Results>,
2504 ) -> Self
2505 where
2506 T: 'static,
2507 {
2508 let ctx = func.into_func(engine);
2509 HostFunc::_new(engine, ctx)
2510 }
2511
2512 /// Requires that this function's signature is already registered within
2513 /// `Engine`. This happens automatically during the above two constructors.
2514 fn _new(engine: &Engine, ctx: HostContext) -> Self {
2515 HostFunc {
2516 ctx,
2517 engine: engine.clone(),
2518 }
2519 }
2520
2521 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to
2522 /// it.
2523 ///
2524 /// # Unsafety
2525 ///
2526 /// Can only be inserted into stores with a matching `T` relative to when
2527 /// this `HostFunc` was first created.
2528 pub unsafe fn to_func(self: &Arc<Self>, store: &mut StoreOpaque) -> Func {
2529 self.validate_store(store);
2530 let (funcrefs, modules) = store.func_refs_and_modules();
2531 let funcref = funcrefs.push_arc_host(self.clone(), modules);
2532 // SAFETY: this funcref was just pushed within the store, so it's safe
2533 // to say this store owns it.
2534 unsafe { Func::from_vm_func_ref(store.id(), funcref) }
2535 }
2536
2537 /// Inserts this `HostFunc` into a `Store`, returning the `Func` pointing to
2538 /// it.
2539 ///
2540 /// This function is similar to, but not equivalent, to `HostFunc::to_func`.
2541 /// Notably this function requires that the `Arc<Self>` pointer is otherwise
2542 /// rooted within the `StoreOpaque` via another means. When in doubt use
2543 /// `to_func` above as it's safer.
2544 ///
2545 /// # Unsafety
2546 ///
2547 /// Can only be inserted into stores with a matching `T` relative to when
2548 /// this `HostFunc` was first created.
2549 ///
2550 /// Additionally the `&Arc<Self>` is not cloned in this function. Instead a
2551 /// raw pointer to `Self` is stored within the `Store` for this function.
2552 /// The caller must arrange for the `Arc<Self>` to be "rooted" in the store
2553 /// provided via another means, probably by pushing to
2554 /// `StoreOpaque::rooted_host_funcs`.
2555 ///
2556 /// Similarly, the caller must arrange for `rooted_func_ref` to be rooted in
2557 /// the same store and additionally be a valid pointer.
2558 pub unsafe fn to_func_store_rooted(
2559 self: &Arc<Self>,
2560 store: &mut StoreOpaque,
2561 rooted_func_ref: Option<NonNull<VMFuncRef>>,
2562 ) -> Func {
2563 self.validate_store(store);
2564
2565 match rooted_func_ref {
2566 Some(funcref) => {
2567 // SAFETY: it's a contract of this function itself that
2568 // `funcref` is safe to read.
2569 unsafe {
2570 debug_assert!(funcref.as_ref().wasm_call.is_some());
2571 }
2572 // SAFETY: it's a contract of this function that `funcref` is
2573 // owned by `store`.
2574 unsafe { Func::from_vm_func_ref(store.id(), funcref) }
2575 }
2576 None => {
2577 debug_assert!(self.func_ref().wasm_call.is_some());
2578
2579 // SAFETY: it's an unsafe contract of this function that we are
2580 // rooted within the store to say that the store owns a copy of
2581 // this funcref.
2582 unsafe { Func::from_vm_func_ref(store.id(), self.func_ref().into()) }
2583 }
2584 }
2585 }
2586
2587 /// Same as [`HostFunc::to_func`], different ownership.
2588 unsafe fn into_func(self, store: &mut StoreOpaque) -> Func {
2589 self.validate_store(store);
2590 let (funcrefs, modules) = store.func_refs_and_modules();
2591 let funcref = funcrefs.push_box_host(Box::new(self), modules);
2592 // SAFETY: this funcref was just pushed within `store`, so it's safe to
2593 // say it's owned by the store's id.
2594 unsafe { Func::from_vm_func_ref(store.id(), funcref) }
2595 }
2596
2597 fn validate_store(&self, store: &mut StoreOpaque) {
2598 // This assert is required to ensure that we can indeed safely insert
2599 // `self` into the `store` provided, otherwise the type information we
2600 // have listed won't be correct. This is possible to hit with the public
2601 // API of Wasmtime, and should be documented in relevant functions.
2602 assert!(
2603 Engine::same(&self.engine, store.engine()),
2604 "cannot use a store with a different engine than a linker was created with",
2605 );
2606 }
2607
2608 pub(crate) fn sig_index(&self) -> VMSharedTypeIndex {
2609 self.func_ref().type_index
2610 }
2611
2612 pub(crate) fn func_ref(&self) -> &VMFuncRef {
2613 match &self.ctx {
2614 HostContext::Array(ctx) => unsafe { ctx.get().as_ref().func_ref() },
2615 }
2616 }
2617
2618 pub(crate) fn host_ctx(&self) -> &HostContext {
2619 &self.ctx
2620 }
2621}
2622
2623#[cfg(test)]
2624mod tests {
2625 use super::*;
2626 use crate::{Module, Store};
2627
2628 #[test]
2629 #[cfg_attr(miri, ignore)]
2630 fn hash_key_is_stable_across_duplicate_store_data_entries() -> Result<()> {
2631 let mut store = Store::<()>::default();
2632 let module = Module::new(
2633 store.engine(),
2634 r#"
2635 (module
2636 (func (export "f")
2637 nop
2638 )
2639 )
2640 "#,
2641 )?;
2642 let instance = Instance::new(&mut store, &module, &[])?;
2643
2644 // Each time we `get_func`, we call `Func::from_wasmtime` which adds a
2645 // new entry to `StoreData`, so `f1` and `f2` will have different
2646 // indices into `StoreData`.
2647 let f1 = instance.get_func(&mut store, "f").unwrap();
2648 let f2 = instance.get_func(&mut store, "f").unwrap();
2649
2650 // But their hash keys are the same.
2651 assert!(
2652 f1.hash_key(&mut store.as_context_mut().0)
2653 == f2.hash_key(&mut store.as_context_mut().0)
2654 );
2655
2656 // But the hash keys are different from different funcs.
2657 let instance2 = Instance::new(&mut store, &module, &[])?;
2658 let f3 = instance2.get_func(&mut store, "f").unwrap();
2659 assert!(
2660 f1.hash_key(&mut store.as_context_mut().0)
2661 != f3.hash_key(&mut store.as_context_mut().0)
2662 );
2663
2664 Ok(())
2665 }
2666}