wasmer 3.2.0-alpha.1

use crate::js::externals::memory::MemoryBuffer;
use crate::js::RuntimeError;
use crate::js::{Memory32, Memory64, MemoryView, WasmPtr};
use std::{
    convert::TryInto,
    fmt,
    marker::PhantomData,
    mem::{self, MaybeUninit},
    ops::Range,
    slice,
    string::FromUtf8Error,
};
use thiserror::Error;
use wasmer_types::{MemorySize, ValueType};

/// Error for invalid [`Memory`] access.
#[derive(Clone, Copy, Debug, Error)]
#[non_exhaustive]
pub enum MemoryAccessError {
    /// Memory access is outside heap bounds.
    #[error("memory access out of bounds")]
    HeapOutOfBounds,
    /// Address calculation overflow.
    #[error("address calculation overflow")]
    Overflow,
    /// String is not valid UTF-8.
    #[error("string is not valid utf-8")]
    NonUtf8String,
}

impl From<MemoryAccessError> for RuntimeError {
    fn from(err: MemoryAccessError) -> Self {
        RuntimeError::new(err.to_string())
    }
}
impl From<FromUtf8Error> for MemoryAccessError {
    fn from(_err: FromUtf8Error) -> Self {
        MemoryAccessError::NonUtf8String
    }
}

/// Reference to a value in Wasm memory.
///
/// The type of the value must satisfy the requirements of the `ValueType`
/// trait which guarantees that reading and writing such a value to untrusted
/// memory is safe.
///
/// The address is not required to be aligned: unaligned accesses are fully
/// supported.
///
/// This wrapper safely handles concurrent modifications of the data by another
/// thread.
#[derive(Clone, Copy)]
pub struct WasmRef<'a, T: ValueType> {
    buffer: MemoryBuffer<'a>,
    offset: u64,
    marker: PhantomData<*mut T>,
}

impl<'a, T: ValueType> WasmRef<'a, T> {
    /// Creates a new `WasmRef` at the given offset in a memory.
    #[inline]
    pub fn new(view: &'a MemoryView, offset: u64) -> Self {
        Self {
            buffer: view.buffer(),
            offset,
            marker: PhantomData,
        }
    }

    /// Get the offset into Wasm linear memory for this `WasmRef`.
    #[inline]
    pub fn offset(self) -> u64 {
        self.offset
    }

    /// Get a `WasmPtr` for this `WasmRef`.
    #[inline]
    pub fn as_ptr32(self) -> WasmPtr<T, Memory32> {
        WasmPtr::new(self.offset as u32)
    }

    /// Get a 64-bit `WasmPtr` for this `WasmRef`.
    #[inline]
    pub fn as_ptr64(self) -> WasmPtr<T, Memory64> {
        WasmPtr::new(self.offset)
    }

    /// Get a `WasmPtr` fror this `WasmRef`.
    #[inline]
    pub fn as_ptr<M: MemorySize>(self) -> WasmPtr<T, M> {
        let offset: M::Offset = self
            .offset
            .try_into()
            .map_err(|_| "invalid offset into memory")
            .unwrap();
        WasmPtr::<T, M>::new(offset)
    }

    /// Reads the location pointed to by this `WasmRef`.
    #[inline]
    pub fn read(self) -> Result<T, MemoryAccessError> {
        let mut out = MaybeUninit::uninit();
        let buf =
            unsafe { slice::from_raw_parts_mut(out.as_mut_ptr() as *mut u8, mem::size_of::<T>()) };
        self.buffer.read(self.offset, buf)?;
        Ok(unsafe { out.assume_init() })
    }

    /// Writes to the location pointed to by this `WasmRef`.
    #[inline]
    pub fn write(self, val: T) -> Result<(), MemoryAccessError> {
        let mut data = MaybeUninit::new(val);
        let data = unsafe {
            slice::from_raw_parts_mut(
                data.as_mut_ptr() as *mut MaybeUninit<u8>,
                mem::size_of::<T>(),
            )
        };
        val.zero_padding_bytes(data);
        let data = unsafe { slice::from_raw_parts(data.as_ptr() as *const _, data.len()) };
        self.buffer.write(self.offset, data)
    }
}

impl<'a, T: ValueType> fmt::Debug for WasmRef<'a, T> {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        write!(
            f,
            "WasmRef(offset: {}, pointer: {:#x})",
            self.offset, self.offset
        )
    }
}

/// Reference to an array of values in Wasm memory.
///
/// The type of the value must satisfy the requirements of the `ValueType`
/// trait which guarantees that reading and writing such a value to untrusted
/// memory is safe.
///
/// The address is not required to be aligned: unaligned accesses are fully
/// supported.
///
/// This wrapper safely handles concurrent modifications of the data by another
/// thread.
#[derive(Clone, Copy)]
pub struct WasmSlice<'a, T: ValueType> {
    buffer: MemoryBuffer<'a>,
    offset: u64,
    len: u64,
    marker: PhantomData<*mut T>,
}

impl<'a, T: ValueType> WasmSlice<'a, T> {
    /// Creates a new `WasmSlice` starting at the given offset in memory and
    /// with the given number of elements.
    ///
    /// Returns a `MemoryAccessError` if the slice length overflows.
    #[inline]
    pub fn new(memory: &'a MemoryView, offset: u64, len: u64) -> Result<Self, MemoryAccessError> {
        let total_len = len
            .checked_mul(mem::size_of::<T>() as u64)
            .ok_or(MemoryAccessError::Overflow)?;
        offset
            .checked_add(total_len)
            .ok_or(MemoryAccessError::Overflow)?;
        Ok(Self {
            buffer: memory.buffer(),
            offset,
            len,
            marker: PhantomData,
        })
    }

    /// Get the offset into Wasm linear memory for this `WasmSlice`.
    #[inline]
    pub fn offset(self) -> u64 {
        self.offset
    }

    /// Get a 32-bit `WasmPtr` for this `WasmRef`.
    #[inline]
    pub fn as_ptr32(self) -> WasmPtr<T, Memory32> {
        WasmPtr::new(self.offset as u32)
    }

    /// Get a 64-bit `WasmPtr` for this `WasmRef`.
    #[inline]
    pub fn as_ptr64(self) -> WasmPtr<T, Memory64> {
        WasmPtr::new(self.offset)
    }

    /// Get the number of elements in this slice.
    #[inline]
    pub fn len(self) -> u64 {
        self.len
    }

    /// Return if the slice is empty.
    #[inline]
    pub fn is_empty(&self) -> bool {
        self.len == 0
    }

    /// Get a `WasmRef` to an element in the slice.
    #[inline]
    pub fn index(self, idx: u64) -> WasmRef<'a, T> {
        if idx >= self.len {
            panic!("WasmSlice out of bounds");
        }
        let offset = self.offset + idx * mem::size_of::<T>() as u64;
        WasmRef {
            buffer: self.buffer,
            offset,
            marker: PhantomData,
        }
    }

    /// Get a `WasmSlice` for a subslice of this slice.
    #[inline]
    pub fn subslice(self, range: Range<u64>) -> WasmSlice<'a, T> {
        if range.start > range.end || range.end > self.len {
            panic!("WasmSlice out of bounds");
        }
        let offset = self.offset + range.start * mem::size_of::<T>() as u64;
        Self {
            buffer: self.buffer,
            offset,
            len: range.end - range.start,
            marker: PhantomData,
        }
    }

    /// Get an iterator over the elements in this slice.
    #[inline]
    pub fn iter(self) -> WasmSliceIter<'a, T> {
        WasmSliceIter { slice: self }
    }

    /// Reads an element of this slice.
    #[inline]
    pub fn read(self, idx: u64) -> Result<T, MemoryAccessError> {
        self.index(idx).read()
    }

    /// Writes to an element of this slice.
    #[inline]
    pub fn write(self, idx: u64, val: T) -> Result<(), MemoryAccessError> {
        self.index(idx).write(val)
    }

    /// Reads the entire slice into the given buffer.
    ///
    /// The length of the buffer must match the length of the slice.
    #[inline]
    pub fn read_slice(self, buf: &mut [T]) -> Result<(), MemoryAccessError> {
        assert_eq!(
            buf.len() as u64,
            self.len,
            "slice length doesn't match WasmSlice length"
        );
        let bytes = unsafe {
            slice::from_raw_parts_mut(
                buf.as_mut_ptr() as *mut MaybeUninit<u8>,
                buf.len() * mem::size_of::<T>(),
            )
        };
        self.buffer.read_uninit(self.offset, bytes)?;
        Ok(())
    }

    /// Reads the entire slice into the given uninitialized buffer.
    ///
    /// The length of the buffer must match the length of the slice.
    ///
    /// This method returns an initialized view of the buffer.
    #[inline]
    pub fn read_slice_uninit(
        self,
        buf: &mut [MaybeUninit<T>],
    ) -> Result<&mut [T], MemoryAccessError> {
        assert_eq!(
            buf.len() as u64,
            self.len,
            "slice length doesn't match WasmSlice length"
        );
        let bytes = unsafe {
            slice::from_raw_parts_mut(
                buf.as_mut_ptr() as *mut MaybeUninit<u8>,
                buf.len() * mem::size_of::<T>(),
            )
        };
        self.buffer.read_uninit(self.offset, bytes)?;
        Ok(unsafe { slice::from_raw_parts_mut(buf.as_mut_ptr() as *mut T, buf.len()) })
    }

    /// Write the given slice into this `WasmSlice`.
    ///
    /// The length of the slice must match the length of the `WasmSlice`.
    #[inline]
    pub fn write_slice(self, data: &[T]) -> Result<(), MemoryAccessError> {
        assert_eq!(
            data.len() as u64,
            self.len,
            "slice length doesn't match WasmSlice length"
        );
        let bytes = unsafe {
            slice::from_raw_parts(data.as_ptr() as *const u8, data.len() * mem::size_of::<T>())
        };
        self.buffer.write(self.offset, bytes)
    }

    /// Reads this `WasmSlice` into a `Vec`.
    #[inline]
    pub fn read_to_vec(self) -> Result<Vec<T>, MemoryAccessError> {
        let len = self.len.try_into().expect("WasmSlice length overflow");
        let mut vec = Vec::with_capacity(len);
        let bytes = unsafe {
            slice::from_raw_parts_mut(
                vec.as_mut_ptr() as *mut MaybeUninit<u8>,
                len * mem::size_of::<T>(),
            )
        };
        self.buffer.read_uninit(self.offset, bytes)?;
        unsafe {
            vec.set_len(len);
        }
        Ok(vec)
    }

    /// Reads this `WasmSlice` into a `BytesMut`
    #[inline]
    pub fn read_to_bytes(self) -> Result<bytes::BytesMut, MemoryAccessError> {
        let len = self.len.try_into().expect("WasmSlice length overflow");
        let mut ret = bytes::BytesMut::with_capacity(len);
        let bytes = unsafe {
            slice::from_raw_parts_mut(
                ret.as_mut_ptr() as *mut MaybeUninit<u8>,
                len * mem::size_of::<T>(),
            )
        };
        self.buffer.read_uninit(self.offset, bytes)?;
        unsafe {
            ret.set_len(len);
        }
        Ok(ret)
    }
}

impl<'a, T: ValueType> fmt::Debug for WasmSlice<'a, T> {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        write!(
            f,
            "WasmSlice(offset: {}, len: {}, pointer: {:#x})",
            self.offset, self.len, self.offset
        )
    }
}

/// Iterator over the elements of a `WasmSlice`.
pub struct WasmSliceIter<'a, T: ValueType> {
    slice: WasmSlice<'a, T>,
}

impl<'a, T: ValueType> Iterator for WasmSliceIter<'a, T> {
    type Item = WasmRef<'a, T>;

    fn next(&mut self) -> Option<Self::Item> {
        if self.slice.len() != 0 {
            let elem = self.slice.index(0);
            self.slice = self.slice.subslice(1..self.slice.len());
            Some(elem)
        } else {
            None
        }
    }

    fn size_hint(&self) -> (usize, Option<usize>) {
        (0..self.slice.len()).size_hint()
    }
}

impl<'a, T: ValueType> DoubleEndedIterator for WasmSliceIter<'a, T> {
    fn next_back(&mut self) -> Option<Self::Item> {
        if self.slice.len() != 0 {
            let elem = self.slice.index(self.slice.len() - 1);
            self.slice = self.slice.subslice(0..self.slice.len() - 1);
            Some(elem)
        } else {
            None
        }
    }
}

impl<'a, T: ValueType> ExactSizeIterator for WasmSliceIter<'a, T> {}