Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wasmtime: Check stack limits only on exit from wasm #9093

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

jameysharp
Copy link
Contributor

Currently, we do an explicit check for stack overflow on entry to every WebAssembly function. But that costs some time, and is a significant performance hit for very short functions.

This commit instead switches Wasmtime to relying on guard pages at the end of the stack to catch stack overflow, so the MMU does this check for "free". This means we may allow deeper recursion in guest code than we did before.

To make this work, we need Wasmtime's signal handlers to recognize when a guest memory fault is in a stack guard page and report the appropriate stack-overflow trap code.

Note that we can't turn host-code signals into guest traps, so the signal handlers have to verify that the signal occurred in guest code.

When the guest calls host code (explicitly due to calling an imported host function, or implicitly due to a libcall inserted by Wasmtime or Cranelift), we also need to ensure that there is enough stack space available for the host code to not hit the guard pages. We do that by checking the stack limit that the embedder provided in the trampolines where we exit wasm.


I've been laid off from Fastly so I won't be pursuing this further, but I feel good about the work I put into it so far and want to leave it here in case anyone else wants to pick it up.

@github-actions github-actions bot added the wasmtime:api Related to the API of the `wasmtime` crate itself label Aug 8, 2024
jameysharp and others added 4 commits December 13, 2024 12:40
Nothing uses this yet but I want to get collection of this register
right on our many supported platforms before introducing the changes
that need it.
Currently, we do an explicit check for stack overflow on entry to every
WebAssembly function. But that costs some time, and is a significant
performance hit for very short functions.

This commit instead switches Wasmtime to relying on guard pages at the
end of the stack to catch stack overflow, so the MMU does this check for
"free". This means we may allow deeper recursion in guest code than we
did before.

To make this work, we need Wasmtime's signal handlers to recognize when
a guest memory fault is in a stack guard page and report the appropriate
stack-overflow trap code.

Note that we can't turn host-code signals into guest traps, so the
signal handlers have to verify that the signal occurred in guest code.

When the guest calls host code (explicitly due to calling an imported
host function, or implicitly due to a libcall inserted by Wasmtime or
Cranelift), we also need to ensure that there is enough stack space
available for the host code to not hit the guard pages. We do that by
checking the stack limit that the embedder provided in the trampolines
where we exit wasm.
@sunfishcode
Copy link
Member

I've now rebased this and ported it to main. There some test failures at the moment.

thread 'stack_overflow::host_always_has_some_stack' has overflowed its stack
fatal runtime error: stack overflow

which I'm looking into.

@github-actions github-actions bot added the pulley Issues related to the Pulley interpreter label Dec 13, 2024
Copy link

Subscribe to Label Action

cc @fitzgen

This issue or pull request has been labeled: "pulley", "wasmtime:api"

Thus the following users have been cc'd because of the following labels:

  • fitzgen: pulley

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pulley Issues related to the Pulley interpreter wasmtime:api Related to the API of the `wasmtime` crate itself
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants