fix: check filetype in path_open

[rvolosatovs]

Using the directory open flag to determine whether the entity being opened is a directory or a file is undefined behavior, since that means that the only way to acquire a usable directory is to specify the flag.

Instead of relying on the open flag value to determine the filetype, issue get_path_filestat first to determine it and then perform appropriate operation depending on the value.

Note that this also slightly changes the behavior, where create open flag is not dropped anymore, but rather passed through to the open_dir call.

@pchickey seems to be the last person making any significant changes in this method, so assigning him for review

[github-actions]

Subscribe to Label Action

cc @kubkon

Details

This issue or pull request has been labeled: "wasi"

Thus the following users have been cc'd because of the following labels:

• kubkon: wasi

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

[npmccallum]

@pchickey @sunfishcode We are blocked on this and would appreciate a prompt review. Thanks!

[rvolosatovs]

I've rebased the PR on latest main and added a commit, which extends the existing readdir test case and can be used to reproduce the error on latest main fe33e29

This is the failure on latest main (fe33e29 main with the testing commit applied):

Error: error while testing Wasm module 'fd_readdir'

Caused by:
    wasm trap: wasm `unreachable` instruction executed
    wasm backtrace:
        0: 0x928b - <unknown>!__rust_start_panic
        1: 0x91d2 - <unknown>!rust_panic
        2: 0x91a1 - <unknown>!std::panicking::rust_panic_with_hook::hc938c0552bc648ce
        3: 0x8383 - <unknown>!std::panicking::begin_panic_handler::{{closure}}::h4d01c9a24b253a57
        4: 0x82b0 - <unknown>!std::sys_common::backtrace::__rust_end_short_backtrace::hfd66980d7bb1538d
        5: 0x8a43 - <unknown>!rust_begin_unwind
        6: 0xe71c - <unknown>!core::panicking::panic_fmt::h8d02db942d8b9e8f
        7: 0xfee7 - <unknown>!core::result::unwrap_failed::h806695779fe36d9c
        8: 0x1fa7 - <unknown>!fd_readdir::assert_empty_dir::h0e0aed0574ce8ed0
        9: 0x28e3 - <unknown>!fd_readdir::main::h341e702fce5fa376
       10:  0xa24 - <unknown>!std::sys_common::backtrace::__rust_begin_short_backtrace::h9de52a2ebd9540fa
       11: 0x1a6e - <unknown>!std::rt::lang_start::{{closure}}::h74c1c1c4b8e1fa2a
       12: 0x5f8f - <unknown>!std::rt::lang_start_internal::h5e0caf35c22fb11b
       13: 0x3653 - <unknown>!__original_main
       14:  0x56d - <unknown>!_start
       15: 0x1367f - <unknown>!_start.command_export
    note: using the `WASMTIME_BACKTRACE_DETAILS=1` environment variable to may show more debugging information
    
test wasi_cap_std_sync::fd_readdir ... FAILED

[rvolosatovs]

Ideally, I would want to fail here if error is not not found, but that would require either cloning the error (to be able to propagate it if it does not match) and then converting it into a types::Errno or downcasting the error, which would require matching on all possible error types, which seems like the wrong thing to do as well.
Is there a reasonable way to do that? I'm looking for Error::not_found(&self) -> bool
Discard the error instead and preserve the original behavior.

[pchickey]

I think it is reasonable to downcast_ref and match for an ErrorKind::Noent, and if that fails downcast to a std::io::Error with the appropriate check there as well. This is a big janky, and I think if I had to redesign wasi-common I probably wouldn't use a fully dynamic error type and instead make enum Error { Std(std::io::Error), Wasi(ErrorKind) } or something like that, but its been a while since I had this system in my head so I'm not sure why I didn't do that in the first place.

[pchickey]

This is a pretty subtle one that clearly I never thought of. Looks good, aside from the question about the not found error. Lets get in some solution to that and then we can land this.

[pchickey]

I think it is reasonable to downcast_ref and match for an ErrorKind::Noent, and if that fails downcast to a std::io::Error with the appropriate check there as well. This is a big janky, and I think if I had to redesign wasi-common I probably wouldn't use a fully dynamic error type and instead make enum Error { Std(std::io::Error), Wasi(ErrorKind) } or something like that, but its been a while since I had this system in my head so I'm not sure why I didn't do that in the first place.

[npmccallum]

@pchickey I disagree strongly that downcasting should ever be used in wasi-common. In our wasi implementation, we are regularly working around downcasting just to make things work. Adopting downcasting in the first place was a huge mistake.

[sunfishcode]

I am concerned about this get_path_filestat, because it does a second path lookup. There's a window for a race condition here, where a directory could be replaced by something which is not a directory. I don't yet have a clear view of the consequences of the open succeeding on an unexpected type, so this is something I want to investigate more.

I wonder if it would be possible to instead do something like:

• Attempt to open with open_dir; if that works, create a DirEntry entry.
• If that fails with Notdir, open it with regular open.
  Would that work?

I know that this is redundant on POSIX hosts, and possibly we could optimize things even more there, but this code is currently written to support Windows also.

[sunfishcode]

I now have an implementation of this here: #4967

It uses the same testcase as this PR, so it fixes the same bug, but does so in a way that doesn't require doing a stat followed by a separate open. There's more room for improvement beyond that, but hopefully that's a good step.

[pchickey]

@npmccallum OK, send a PR to fix it then

[npmccallum]

@pchickey I discussed this and other issues with @sunfishcode and he recommended that I not try to patch the existing implementation and wait until preview2. Should I file an issue requesting the removal of downcasting under preview2?