Fix/improve validation of components with tags #2114
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit fixes an issue where the `Tag` kind of core item was allowed to "leak through" validation of components without the exceptions proposal active. Additionally creating a core instance with a tag was consulting the wrong index space and needed fixing too. The end result is that the `exceptions` proposal is now required for tags to appear within components. This so far has been glossed over because any valid component would require a core module with a tag and those are properly gated, but it's possible to construct an invalid component with a tag "kind" within it which doesn't actually have any tags. By forgetting to gate on the exception-handling proposal it was leaking this "kind" to callers which weren't necessarily prepared for it. Finally this also fixes a panic in the text format for components where named tags still had an `unimplemented!()` for when they were being registered.
|
Thanks to @0xalpharush for identifying this in Wasmtime which led to this bugfix here |
alexcrichton
added a commit
to alexcrichton/wasmtime
that referenced
this pull request
Mar 26, 2025
This commit resolves a few panics in Wasmtime's compilation of components with respect to tags and the exception-handling wasm proposal. Despite exception-handling not being enabled in Wasmtime at this time these panics were still reachable due to an issue in wasm-tools's validation not being exhaustive enough for this proposal feature combination: bytecodealliance/wasm-tools#2114. This is not full support for exceptions since it can't be tested yet, but this should be enough to ensure that the validator will get far enough to flag components as otherwise invalid due to using tags that can't be present (as core wasm tags can't be present in core modules right now, the `EXCEPTIONS` feature is always disabled).
alexcrichton
commented
Mar 26, 2025
| @@ -0,0 +1,18 @@ | |||
| ;; RUN: wast --features=-exceptions % | |||
There was a problem hiding this comment.
All of our existing *.wast tests also do --assert default with --snapshot ..., but personally I find it kind of a pain to set that all up and manage it, so my thinking is that it's reasonable to have one-off tests like this which just run the directives themselves.
github-merge-queue bot
pushed a commit
to bytecodealliance/wasmtime
that referenced
this pull request
Mar 26, 2025
This commit resolves a few panics in Wasmtime's compilation of components with respect to tags and the exception-handling wasm proposal. Despite exception-handling not being enabled in Wasmtime at this time these panics were still reachable due to an issue in wasm-tools's validation not being exhaustive enough for this proposal feature combination: bytecodealliance/wasm-tools#2114. This is not full support for exceptions since it can't be tested yet, but this should be enough to ensure that the validator will get far enough to flag components as otherwise invalid due to using tags that can't be present (as core wasm tags can't be present in core modules right now, the `EXCEPTIONS` feature is always disabled).
fitzgen
approved these changes
Mar 26, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit fixes an issue where the
Tagkind of core item was allowed to "leak through" validation of components without the exceptions proposal active. Additionally creating a core instance with a tag was consulting the wrong index space and needed fixing too. The end result is that theexceptionsproposal is now required for tags to appear within components.This so far has been glossed over because any valid component would require a core module with a tag and those are properly gated, but it's possible to construct an invalid component with a tag "kind" within it which doesn't actually have any tags. By forgetting to gate on the exception-handling proposal it was leaking this "kind" to callers which weren't necessarily prepared for it.
Finally this also fixes a panic in the text format for components where named tags still had an
unimplemented!()for when they were being registered.