When truncating floating point values to integer values, we need to
avoid undefined behavior if the argument does not fit into the target
type which is currently impossible using casts of primitive types.
Hence, this reimplements those conversions using arbitrary precision
integers and rationals from the num crate.
* Remove hashbrown and use BTree{Map,Set} from the alloc crate
wasmi-validation must handle untrusted input and hence we switch from
Hash{Set,Map} (whether std's or hashbrown's) to BTree{Set,Map} to avoid
algorithmic complexity attacks while retaining no_std support.
Closes#183
* Improve memory locality of checking for duplicate exports
Using a sorted slice gives us the same O(N log N) worst case execution
time as using a BTreeMap, but using a single allocation as with HashMap,
so that we should see better memory locality and hence better constant
factors when checking for duplicate exports.
* Add some docs.
* return_type isn't failable
* Add comment about safety of top_label
* Attempt number 10
* Rework.
Now we will a compiler which wraps and uses info from a evaluation simulator.
* Get rid of outcome
* Introduce StartedWith
* Actually use started_with.
* Mirror label_stack.
* Avoid using frame_type.
* Finally get rid from frame_type.
* Extract compilation
* Refactoring cleaning
* Validation separated from compilation.
* Move sink to FunctionReader
* Rename to compiler.
* fmt
* Move push_label under validation context.
* Add Validation traits
* Express the compiler using validation trait
* Move code under prepare
* Comments.
* WIP
* The great move of validation
* Make validation compile
* Make it compile.
* Format it.
* Fix warnings.
* Clean.
* Make it work under no_std
* Move deny_floating_point to wasmi
* Rename validate_module2 → validate_module
* Make validation tests work
* Make wasmi compilation tests work
* Renamings.
* Get rid of memory_units dependency in validation
* Rename.
* Clean.
* Estimate capacity.
* fmt.
* Clean and detail End opcode.
* Add comment about top_label safety
* Remove another TODO
* Comment access to require_target
* Remove redundant PartialEq
* Print value that can't be coerced to u32
* s/with_instruction_capacity/with_capacity
* fmt.
* fmt
* Proofs
* Add better proof
* Get rid of unreachable in StackValueType
* Propagate error if frame stack overflown on create
* use checked sub instead of -
* Keep::count
* doc(host) Fix the `Externals` example
The example is missing two things:
* `index` is computed but not used,
* `check_signature` is never used.
This patch tries to fix that.
* doc(host) Fix `check_signature` example
This also allows `Instruction` to be `Copy`, which massively speeds
up `<Instructions as Clone>::clone` since it can now just `memcpy`
the bytes using SIMD instead of having to switch on every single
element. I haven't looked at the disassembly of `InstructionIter::next`
yet, it could be that there are even more improvements yet to be gained
from either:
* Only doing work on `BrTable` (this might already be the case depending
on the whims of the optimiser)
* Using `unsafe` to make it a noop (we really don't want to do this,
obviously, since it means that `Instructions` has to be immovable)
* add default-enabled std feature
* use parity-wasm/std feature only if std is enabled
* drop dependency on std::io
* use hashmap_core instead of std::collections::HashMap
* disable std::error in no_std
* core and alloc all the things
* mention no_std in readme
* add no_std feature and use hashmap_core only on no_std
* rename the no_std feature to core
* drop dependency on byteorder/std
* simplify float impl macro
* remove some trailing whitespace
* use libm for float math in no_std
* add note about no_std panics of libm to readme
* Embed nan-preserving-float crate.
* Add no_std check to the Travis CI config
* add missing dev-dependency
* Hide Instructions implementation behind an iterator
* Hide instruction encoding behind isa::Instructions::push()
* Consistently use u32 for program counter storage
* Refer to instructions by position rather than index
* Move call_stack to Interpreter struct
* Accept func and args when creating the Interpreter
* Create a RunState to indicate whether the current interpreter is recoverable
* Add functionality to resume execution in Interpreter level
* Implement resumable execution in func
* Expose FuncInvocation and ResumableError
* Fix missing docs for FuncInvocation
* Add test for resumable invoke and move external parameter passing to start/resume_invocation
* Add comments why assert is always true
* Add note why value stack is always empty after execution
* Use as_func
* Document `resume_execution` on conditions for `is_resumable` and `resumable_value_type`
* Document conditions where NotResumable and AlreadyStarted error is returned
* Warn user that invoke_resumable is experimental
* Define Instruction Set.
* WIP
* WIP 2
* Tests
* Working
* Bunch of other tests.
* WIP
* WIP
* Use Vec instead of VecDeque.
* Calibrate the limits.
* Clean
* Clean
* Another round of cleaning.
* Ignore traces.
* Optimize value stack
* Optimize a bit more.
* Cache memory index.
* Inline always instruction dispatch function.
* Comments.
* Clean
* Clean
* Use vector to keep unresolved references.
* Estimate resulting size.
* do refactoring
* Validate the locals count in the begging
* Introduce Keep and DropKeep structs in isa
* Rename/Split Validator into Reader
* Document stack layout
* Remove println!
* Fix typo.
* Use .last / .last_mut in stack
* Update docs for BrTable.
* Review fixes.
* Merge.
* Add an assert that stack is empty after the exec
Casts have arithmetic semantics, and under some build configurations
Rust will panic when encountering an arithmetic overflow.
Use a transmute instead since it's what we mean.
The previous code worked, but still I added a test for good measure.
* Refactor TryInto → FromRuntimeValue.
Replace `TryInto<T, E>` with `FromRuntimeValue`.
The main difference is that `FromRuntimeValue` is implemented for the concrete type of the value we create, rather than on `RuntimeValue`. This makes more sense to me and seems more clear.
The `try_into` method is now implemented on `RuntimeValue` itself.
And finally, `FromRuntimeValue` has been made public.
* Impl AsRef<[RuntimeValue]> for RuntimeArgs
This impl can be used as an escape hatch if the user wants to use the inner slice.
* Little doc fixes for RuntimeArgs.