Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rust: support memory manipulation #609

Merged
merged 1 commit into from
Feb 12, 2021
Merged

rust: support memory manipulation #609

merged 1 commit into from
Feb 12, 2021

Conversation

axic
Copy link
Member

@axic axic commented Oct 15, 2020

No description provided.

@codecov
Copy link

codecov bot commented Oct 15, 2020
edited
Loading

Codecov Report

Merging #609 (4684eb1) into master (c37b101) will increase coverage by 0.03%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #609      +/-   ##
==========================================
+ Coverage   99.32%   99.35%   +0.03%     
==========================================
  Files          72       73       +1     
  Lines       10691    11388     +697     
==========================================
+ Hits        10619    11315     +696     
- Misses         72       73       +1
Flag Coverage Δ
rust 99.85% <100.00%> (?)
spectests 90.84% <ø> (ø)
unittests 99.32% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
bindings/rust/src/lib.rs 99.85% <100.00%> (ø)

@axic axic force-pushed the rust branch 4 times, most recently from e1b3750 to 3934809 Compare October 27, 2020 15:57
@axic axic force-pushed the rust branch 4 times, most recently from 1377814 to ca8ecb2 Compare November 6, 2020 23:07
axic
axic commented Nov 6, 2020
View reviewed changes
bindings/rust/src/lib.rs Outdated Show resolved Hide resolved
@axic axic force-pushed the rust branch 6 times, most recently from e45448f to 4eb205c Compare November 18, 2020 19:11
Base automatically changed from rust to master November 19, 2020 19:20
chfast
chfast reviewed Dec 10, 2020
View reviewed changes
Copy link
Collaborator

@chfast chfast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copying memory back and forth does not look like good idea. Rust should some kind of mutable slice allowing free access to wasm memory (read/write).

bindings/rust/src/lib.rs Outdated Show resolved Hide resolved
@axic
Copy link
Member Author

axic commented Dec 29, 2020
edited
Loading

Copying memory back and forth does not look like good idea. Rust should some kind of mutable slice allowing free access to wasm memory (read/write).

This PR does mutable slicing.

Right. We can definitely have a separate function exposing the underlying memory as an unsafe API, but this is the safe API. It is modelled after other Rust VMs.

@axic axic force-pushed the rust-memory branch 2 times, most recently from 1a2d6d3 to ae1fa64 Compare January 29, 2021 13:07
@chfast
Copy link
Collaborator

chfast commented Feb 1, 2021

Right. We can definitely have a separate function exposing the underlying memory as an unsafe API, but this is the safe API. It is modelled after other Rust VMs.

Why exposing the underlying memory is unsafe?

@axic axic force-pushed the rust-memory branch 2 times, most recently from f9e523c to e0952b3 Compare February 4, 2021 10:47
@axic axic mentioned this pull request Feb 4, 2021
Open
16 tasks
@axic
Copy link
Member Author

axic commented Feb 4, 2021

Right. We can definitely have a separate function exposing the underlying memory as an unsafe API, but this is the safe API. It is modelled after other Rust VMs.

Why exposing the underlying memory is unsafe?

Exposing a slice obtained via std::slice::from_raw_parts (i.e. the underlying C++ allocated memory) is considered unsafe as ownership is not managed by Rust.

@axic axic requested a review from gumb0 February 9, 2021 11:24
@axic axic requested a review from gumb0 February 9, 2021 18:39
gumb0
gumb0 reviewed Feb 9, 2021
View reviewed changes
bindings/rust/src/lib.rs Outdated Show resolved Hide resolved
@gumb0
Copy link
Collaborator

gumb0 commented Feb 9, 2021

Looks good, but still not sure what's best to allow for slice ranges #609 (comment)

@axic
Copy link
Member Author

axic commented Feb 9, 2021
edited
Loading

Squashed and added #609 (comment) as a second commit. We can decide this tomorrow.

@axic axic requested a review from gumb0 February 9, 2021 20:40
gumb0
gumb0 reviewed Feb 10, 2021
View reviewed changes
bindings/rust/src/lib.rs Outdated
let offset = offset as usize;
let memory_size = self.memory_size();
// Empty slices are allowed, but ensure both starting and ending offsets are valid.
if memory_size == 0 || offset > memory_size || (offset + size) > memory_size {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

offset > memory_size condition is redundant then, when it is true (offset + size) > memory_size will always be true.

Suggested change
if memory_size == 0 || offset > memory_size || (offset + size) > memory_size {
if memory_size == 0 || (offset + size) > memory_size {

Also for the case of (memory 0) it would be perhaps logical to allow (0, 0) slice, then the condition should make an error only the absence of memory

Suggested change
if memory_size == 0 || offset > memory_size || (offset + size) > memory_size {
if !sys::fizzy_module_has_memory(self.get_module()) || (offset + size) > memory_size {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

offset > memory_size condition is redundant then, when it is true (offset + size) > memory_size will always be true.

Was a bad attempt for overflow check. Decided to just use offset.checked_add(size).is_none() for overflow check.

@axic axic requested a review from gumb0 February 11, 2021 19:34
axic
axic commented Feb 11, 2021
View reviewed changes
bindings/rust/src/lib.rs Outdated
) -> Result<core::ops::Range<usize>, ()> {
// This should be safe given usize::BITS >= u32::BITS, see https://doc.rust-lang.org/std/primitive.usize.html.
let offset = offset as usize;
let has_memory = unsafe { sys::fizzy_module_has_memory(self.get_module()) };
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually with solution in #728, I would cache this in the Instance { has_memory: bool }.

chfast
chfast approved these changes Feb 12, 2021
View reviewed changes
Copy link
Collaborator

@chfast chfast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be for now, but I see some design issues with it.

  1. The fizzy_get_instance_memory_size is called twice.
  2. You almost always wants memory size and pointer in the same time. C should return both in single call.

bindings/rust/src/lib.rs Outdated Show resolved Hide resolved
chfast
chfast reviewed Feb 12, 2021
View reviewed changes
bindings/rust/src/lib.rs Outdated Show resolved Hide resolved
@axic axic requested review from gumb0 and chfast February 12, 2021 15:21
@axic
rust: support memory
4684eb1 
Introduce unsafe API to acquire memory slices and a safe API to set/get memory.
@axic axic merged commit a58c3df into master Feb 12, 2021
@axic axic deleted the rust-memory branch February 12, 2021 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gumb0 gumb0 gumb0 approved these changes

@chfast chfast chfast approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@axic @chfast @gumb0