Add a check to command modules to ensure that they're only started once.#329
Merged
sunfishcode merged 2 commits intomainfrom Oct 14, 2022
Merged
Add a check to command modules to ensure that they're only started once.#329sunfishcode merged 2 commits intomainfrom
sunfishcode merged 2 commits intomainfrom
Conversation
sbc100
reviewed
Sep 30, 2022
libc-bottom-half/crt/crt1-command.c
Outdated
|
|
||
| // Commands should only be called once per instance. This simple check ensures | ||
| // that the `_start` function isn't started more than once. `address_space(1)` | ||
| // tells clang to put this variable in a wasm global. |
Member
There was a problem hiding this comment.
Does that actually work? It seems a little risky to depend on this now. Why not just is a simple static?
Member
Author
There was a problem hiding this comment.
No big reason; and depending on it breaks LLVM 11, which we still support for now, so I'll switch to a static.
libc-bottom-half/crt/crt1-command.c
Outdated
| if (started != 0) { | ||
| __builtin_trap(); | ||
| } | ||
| started = 0; |
Member
There was a problem hiding this comment.
Seems like it would be good place for #ifndef NDEBUG but we don't have a debug version of libc yet IIUC
Member
Author
There was a problem hiding this comment.
I care about code size, but this is just a few bytes. And this hazard comes up in both component use cases and JS embedding use cases, where creating an instance is separated from running the command and there's no other way to prevent the command from being run multiple times, causing UB.
Wasm command modules should only be called once per instance, because the programming model doesn't leave linear memory in a reusable state when the program exits. As use cases arise for loading wasm modules in environments that want to treat them like reactors, add a safety check to ensure that command modules are used according to their expectations.
sunfishcode
force-pushed
the
sunfishcode/command-called-once
branch
from
8f56960 to
2323070
Compare
sbc100
approved these changes
Sep 30, 2022
libc-bottom-half/crt/crt1-command.c
Outdated
| if (started != 0) { | ||
| __builtin_trap(); | ||
| } | ||
| started = 0; |
Member
Author
|
Oops; fixed. |
john-sharratt
pushed a commit
to john-sharratt/wasix-libc
that referenced
this pull request
Mar 6, 2023
…ce. (WebAssembly#329) * Add a check to command modules to ensure that they're only started once. Wasm command modules should only be called once per instance, because the programming model doesn't leave linear memory in a reusable state when the program exits. As use cases arise for loading wasm modules in environments that want to treat them like reactors, add a safety check to ensure that command modules are used according to their expectations.
john-sharratt
pushed a commit
to john-sharratt/wasix-libc
that referenced
this pull request
Mar 6, 2023
…nce (WebAssembly#388) Calling _initialize multiple times is undefined behavior, since the ctors are not guaranteed to be idempotent. We should have this safety check which is similar to WebAssembly#329.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Wasm command modules should only be called once per instance, because the programming model doesn't leave linear memory in a reusable state when the program exits. As use cases arise for loading wasm modules in environments that want to treat them like reactors, add a safety check to ensure that command modules are used according to their expectations.