1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
use std::{marker::PhantomData, mem::MaybeUninit, ops::Range, slice};
use wasm_bindgen::JsCast;
use wasmer_types::{Bytes, Pages};
use crate::{AsStoreRef, MemoryAccessError};
use super::{Memory, MemoryBuffer};
/// A WebAssembly `memory` view.
///
/// A memory view is used to read and write to the linear memory.
///
/// After a memory is grown a view must not be used anymore. Views are
/// created using the Memory.grow() method.
#[derive(Debug)]
pub struct MemoryView<'a> {
view: js_sys::Uint8Array,
size: u64,
marker: PhantomData<&'a Memory>,
}
impl<'a> MemoryView<'a> {
pub(crate) fn new(memory: &Memory, _store: &'a (impl AsStoreRef + ?Sized)) -> Self {
Self::new_raw(&memory.handle.memory)
}
pub(crate) fn new_raw(memory: &js_sys::WebAssembly::Memory) -> Self {
let buffer = memory.buffer();
// This also works for SharedArrayBuffer.
let size = buffer
.unchecked_ref::<js_sys::ArrayBuffer>()
.byte_length()
.into();
let view = js_sys::Uint8Array::new(&buffer);
Self {
view,
size,
marker: PhantomData,
}
}
/// Returns the pointer to the raw bytes of the `Memory`.
#[doc(hidden)]
pub fn data_ptr(&self) -> *mut u8 {
unimplemented!("direct data pointer access is not possible in JavaScript");
}
/// Returns the size (in bytes) of the `Memory`.
pub fn data_size(&self) -> u64 {
self.size
}
// TODO: do we want a proper implementation here instead?
/// Retrieve a slice of the memory contents.
///
/// # Safety
///
/// Until the returned slice is dropped, it is undefined behaviour to
/// modify the memory contents in any way including by calling a wasm
/// function that writes to the memory or by resizing the memory.
#[doc(hidden)]
pub unsafe fn data_unchecked(&self) -> &[u8] {
unimplemented!("direct data pointer access is not possible in JavaScript");
}
// TODO: do we want a proper implementation here instead?
/// Retrieve a mutable slice of the memory contents.
///
/// # Safety
///
/// This method provides interior mutability without an UnsafeCell. Until
/// the returned value is dropped, it is undefined behaviour to read or
/// write to the pointed-to memory in any way except through this slice,
/// including by calling a wasm function that reads the memory contents or
/// by resizing this Memory.
#[allow(clippy::mut_from_ref)]
#[doc(hidden)]
pub unsafe fn data_unchecked_mut(&self) -> &mut [u8] {
unimplemented!("direct data pointer access is not possible in JavaScript");
}
/// Returns the size (in [`Pages`]) of the `Memory`.
///
/// # Example
///
/// ```
/// # use wasmer::{Memory, MemoryType, Pages, Store, Type, Value};
/// # let mut store = Store::default();
/// #
/// let m = Memory::new(& mut store, MemoryType::new(1, None, false)).unwrap();
///
/// assert_eq!(m.size(&store), Pages(1));
/// ```
pub fn size(&self) -> Pages {
Bytes(self.size as usize).try_into().unwrap()
}
#[inline]
pub(crate) fn buffer(&self) -> MemoryBuffer<'a> {
MemoryBuffer {
base: &self.view as *const _ as *mut _,
marker: PhantomData,
}
}
/// Safely reads bytes from the memory at the given offset.
///
/// The full buffer will be filled, otherwise a `MemoryAccessError` is returned
/// to indicate an out-of-bounds access.
///
/// This method is guaranteed to be safe (from the host side) in the face of
/// concurrent writes.
pub fn read(&self, offset: u64, data: &mut [u8]) -> Result<(), MemoryAccessError> {
let view = &self.view;
let offset: u32 = offset.try_into().map_err(|_| MemoryAccessError::Overflow)?;
let len: u32 = data
.len()
.try_into()
.map_err(|_| MemoryAccessError::Overflow)?;
let end = offset.checked_add(len).ok_or(MemoryAccessError::Overflow)?;
if end > view.length() {
tracing::warn!(
"attempted to read ({} bytes) beyond the bounds of the memory view ({} > {})",
len,
end,
view.length()
);
Err(MemoryAccessError::HeapOutOfBounds)?;
}
view.subarray(offset, end).copy_to(data);
Ok(())
}
/// Safely reads a single byte from memory at the given offset
///
/// This method is guaranteed to be safe (from the host side) in the face of
/// concurrent writes.
pub fn read_u8(&self, offset: u64) -> Result<u8, MemoryAccessError> {
let view = &self.view;
let offset: u32 = offset.try_into().map_err(|_| MemoryAccessError::Overflow)?;
if offset >= view.length() {
tracing::warn!(
"attempted to read beyond the bounds of the memory view ({} >= {})",
offset,
view.length()
);
Err(MemoryAccessError::HeapOutOfBounds)?;
}
Ok(view.get_index(offset))
}
/// Safely reads bytes from the memory at the given offset.
///
/// This method is similar to `read` but allows reading into an
/// uninitialized buffer. An initialized view of the buffer is returned.
///
/// The full buffer will be filled, otherwise a `MemoryAccessError` is returned
/// to indicate an out-of-bounds access.
///
/// This method is guaranteed to be safe (from the host side) in the face of
/// concurrent writes.
pub fn read_uninit<'b>(
&self,
offset: u64,
buf: &'b mut [MaybeUninit<u8>],
) -> Result<&'b mut [u8], MemoryAccessError> {
let view = &self.view;
let offset: u32 = offset.try_into().map_err(|_| MemoryAccessError::Overflow)?;
let len: u32 = buf
.len()
.try_into()
.map_err(|_| MemoryAccessError::Overflow)?;
let end = offset.checked_add(len).ok_or(MemoryAccessError::Overflow)?;
if end > view.length() {
tracing::warn!(
"attempted to read ({} bytes) beyond the bounds of the memory view ({} > {})",
len,
end,
view.length()
);
Err(MemoryAccessError::HeapOutOfBounds)?;
}
// Zero-initialize the buffer to avoid undefined behavior with
// uninitialized data.
for elem in buf.iter_mut() {
*elem = MaybeUninit::new(0);
}
let buf = unsafe { slice::from_raw_parts_mut(buf.as_mut_ptr() as *mut u8, buf.len()) };
view.subarray(offset, end).copy_to(buf);
Ok(buf)
}
/// Safely writes bytes to the memory at the given offset.
///
/// If the write exceeds the bounds of the memory then a `MemoryAccessError` is
/// returned.
///
/// This method is guaranteed to be safe (from the host side) in the face of
/// concurrent reads/writes.
pub fn write(&self, offset: u64, data: &[u8]) -> Result<(), MemoryAccessError> {
let offset: u32 = offset.try_into().map_err(|_| MemoryAccessError::Overflow)?;
let len: u32 = data
.len()
.try_into()
.map_err(|_| MemoryAccessError::Overflow)?;
let view = &self.view;
let end = offset.checked_add(len).ok_or(MemoryAccessError::Overflow)?;
if end > view.length() {
tracing::warn!(
"attempted to write ({} bytes) beyond the bounds of the memory view ({} > {})",
len,
end,
view.length()
);
Err(MemoryAccessError::HeapOutOfBounds)?;
}
view.subarray(offset, end).copy_from(data);
Ok(())
}
/// Safely reads a single byte from memory at the given offset
///
/// This method is guaranteed to be safe (from the host side) in the face of
/// concurrent writes.
pub fn write_u8(&self, offset: u64, val: u8) -> Result<(), MemoryAccessError> {
let view = &self.view;
let offset: u32 = offset.try_into().map_err(|_| MemoryAccessError::Overflow)?;
if offset >= view.length() {
tracing::warn!(
"attempted to write beyond the bounds of the memory view ({} >= {})",
offset,
view.length()
);
Err(MemoryAccessError::HeapOutOfBounds)?;
}
view.set_index(offset, val);
Ok(())
}
/// Copies the memory and returns it as a vector of bytes
#[allow(unused)]
pub fn copy_to_vec(&self) -> Result<Vec<u8>, MemoryAccessError> {
self.copy_range_to_vec(0..self.data_size())
}
/// Copies a range of the memory and returns it as a vector of bytes
#[allow(unused)]
pub fn copy_range_to_vec(&self, range: Range<u64>) -> Result<Vec<u8>, MemoryAccessError> {
let mut new_memory = Vec::new();
let mut offset = range.start;
let end = range.end.min(self.data_size());
let mut chunk = [0u8; 40960];
while offset < end {
let remaining = end - offset;
let sublen = remaining.min(chunk.len() as u64) as usize;
self.read(offset, &mut chunk[..sublen])?;
new_memory.extend_from_slice(&chunk[..sublen]);
offset += sublen as u64;
}
Ok(new_memory)
}
/// Copies the memory to another new memory object
pub fn copy_to_memory(&self, amount: u64, new_memory: &Self) -> Result<(), MemoryAccessError> {
let mut offset = 0;
let mut chunk = [0u8; 40960];
while offset < amount {
let remaining = amount - offset;
let sublen = remaining.min(chunk.len() as u64) as usize;
self.read(offset, &mut chunk[..sublen])?;
new_memory.write(offset, &chunk[..sublen])?;
offset += sublen as u64;
}
Ok(())
}
}