1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
use crate::HostError;
use alloc::{boxed::Box, string::String};
use core::fmt::{self, Display};
#[cfg(feature = "std")]
use std::error::Error as StdError;
/// Error type which can be returned by Wasm code or by the host environment.
///
/// Under some conditions, Wasm execution may produce a [`Trap`],
/// which immediately aborts execution.
/// Traps cannot be handled by WebAssembly code, but are reported to the
/// host embedder.
#[derive(Debug)]
pub struct Trap {
/// The cloneable reason of a [`Trap`].
reason: Box<TrapReason>,
}
#[test]
fn trap_size() {
assert_eq!(
core::mem::size_of::<Trap>(),
core::mem::size_of::<*const ()>()
);
}
/// The reason of a [`Trap`].
#[derive(Debug)]
enum TrapReason {
/// Traps during Wasm execution.
InstructionTrap(TrapCode),
/// An `i32` exit status code.
///
/// # Note
///
/// This is useful for some WASI functions.
I32Exit(i32),
/// An error described by a display message.
Message(Box<str>),
/// Traps and errors during host execution.
Host(Box<dyn HostError>),
}
impl TrapReason {
/// Returns the classic `i32` exit program code of a `Trap` if any.
///
/// Otherwise returns `None`.
pub fn i32_exit_status(&self) -> Option<i32> {
if let Self::I32Exit(status) = self {
return Some(*status);
}
None
}
/// Returns a shared reference to the [`HostError`] if any.
#[inline]
pub fn as_host(&self) -> Option<&dyn HostError> {
if let Self::Host(host_error) = self {
return Some(&**host_error);
}
None
}
/// Returns an exclusive reference to the [`HostError`] if any.
#[inline]
pub fn as_host_mut(&mut self) -> Option<&mut dyn HostError> {
if let Self::Host(host_error) = self {
return Some(&mut **host_error);
}
None
}
/// Consumes `self` to return the [`HostError`] if any.
#[inline]
pub fn into_host(self) -> Option<Box<dyn HostError>> {
if let Self::Host(host_error) = self {
return Some(host_error);
}
None
}
/// Returns the [`TrapCode`] traps originating from Wasm execution.
#[inline]
pub fn trap_code(&self) -> Option<TrapCode> {
if let Self::InstructionTrap(trap_code) = self {
return Some(*trap_code);
}
None
}
}
impl Trap {
/// Create a new [`Trap`] from the [`TrapReason`].
fn with_reason(reason: TrapReason) -> Self {
Self {
reason: Box::new(reason),
}
}
/// Creates a new [`Trap`] described by a `message`.
#[cold] // traps are exceptional, this helps move handling off the main path
pub fn new<T>(message: T) -> Self
where
T: Into<String>,
{
Self::with_reason(TrapReason::Message(message.into().into_boxed_str()))
}
/// Downcasts the [`Trap`] into the `T: HostError` if possible.
///
/// Returns `None` otherwise.
#[inline]
pub fn downcast_ref<T>(&self) -> Option<&T>
where
T: HostError,
{
self.reason
.as_host()
.and_then(<dyn HostError + 'static>::downcast_ref)
}
/// Downcasts the [`Trap`] into the `T: HostError` if possible.
///
/// Returns `None` otherwise.
#[inline]
pub fn downcast_mut<T>(&mut self) -> Option<&mut T>
where
T: HostError,
{
self.reason
.as_host_mut()
.and_then(<dyn HostError + 'static>::downcast_mut)
}
/// Consumes `self` to downcast the [`Trap`] into the `T: HostError` if possible.
///
/// Returns `None` otherwise.
#[inline]
pub fn downcast<T>(self) -> Option<T>
where
T: HostError,
{
self.reason
.into_host()
.and_then(|error| error.downcast().ok())
.map(|boxed| *boxed)
}
/// Creates a new `Trap` representing an explicit program exit with a classic `i32`
/// exit status value.
#[cold] // see Trap::new
pub fn i32_exit(status: i32) -> Self {
Self::with_reason(TrapReason::I32Exit(status))
}
/// Returns the classic `i32` exit program code of a `Trap` if any.
///
/// Otherwise returns `None`.
#[inline]
pub fn i32_exit_status(&self) -> Option<i32> {
self.reason.i32_exit_status()
}
/// Returns the [`TrapCode`] traps originating from Wasm execution.
#[inline]
pub fn trap_code(&self) -> Option<TrapCode> {
self.reason.trap_code()
}
}
impl From<TrapCode> for Trap {
#[cold] // see Trap::new
fn from(error: TrapCode) -> Self {
Self::with_reason(TrapReason::InstructionTrap(error))
}
}
impl<E> From<E> for Trap
where
E: HostError,
{
#[inline]
#[cold] // see Trap::new
fn from(host_error: E) -> Self {
Self::with_reason(TrapReason::Host(Box::new(host_error)))
}
}
impl Display for TrapReason {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self {
Self::InstructionTrap(trap_code) => Display::fmt(trap_code, f),
Self::I32Exit(status) => write!(f, "Exited with i32 exit status {status}"),
Self::Message(message) => write!(f, "{message}"),
Self::Host(host_error) => Display::fmt(host_error, f),
}
}
}
impl Display for Trap {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
<TrapReason as Display>::fmt(&self.reason, f)
}
}
#[cfg(feature = "std")]
impl StdError for Trap {
fn description(&self) -> &str {
self.trap_code().map_or("", |code| code.trap_message())
}
}
/// An invalid [`TrapCode`] integer value.
#[derive(Debug, Copy, Clone)]
pub struct InvalidTrapCode;
macro_rules! generate_trap_code {
(
$( $(#[$attr:meta])* $ident:ident = $discr:literal ),* $(,)?
) => {
/// Error type which can be thrown by wasm code or by host environment.
///
/// See [`Trap`] for details.
///
/// [`Trap`]: struct.Trap.html
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
#[repr(u8)]
pub enum TrapCode {
$(
$( #[$attr] )*
$ident = $discr
),*
}
impl From<TrapCode> for u8 {
fn from(trap_code: TrapCode) -> Self {
trap_code as _
}
}
impl TryFrom<u8> for TrapCode {
type Error = InvalidTrapCode;
fn try_from(value: u8) -> Result<Self, Self::Error> {
match value {
$( $discr => Ok(TrapCode::$ident), )*
_ => Err(InvalidTrapCode),
}
}
}
#[test]
fn trap_code_conversion() {
$(
assert_eq!(
TrapCode::try_from(TrapCode::$ident as u8).unwrap(),
TrapCode::$ident,
);
)*
assert!(TrapCode::try_from(u8::MAX).is_err());
}
};
}
generate_trap_code! {
// Note: we deliberately do _not_ assign the zero value so that it can be used as success state
// in `Result<(), TrapCode>` or `Control<(), TrapCode>` as the compiler can then generate
// slightly better code.
/// Wasm code executed `unreachable` opcode.
///
/// This indicates that unreachable Wasm code was actually reached.
/// This opcode have a similar purpose as `ud2` in x86.
UnreachableCodeReached = 1,
/// Attempt to load or store at the address which
/// lies outside of bounds of the memory.
///
/// Since addresses are interpreted as unsigned integers, out of bounds access
/// can't happen with negative addresses (i.e. they will always wrap).
MemoryOutOfBounds = 2,
/// Attempt to access table element at index which
/// lies outside of bounds.
///
/// This typically can happen when `call_indirect` is executed
/// with index that lies out of bounds.
///
/// Since indexes are interpreted as unsigned integers, out of bounds access
/// can't happen with negative indexes (i.e. they will always wrap).
TableOutOfBounds = 3,
/// Indicates that a `call_indirect` instruction called a function at
/// an uninitialized (i.e. `null`) table index.
IndirectCallToNull = 4,
/// Attempt to divide by zero.
///
/// This trap typically can happen if `div` or `rem` is executed with
/// zero as divider.
IntegerDivisionByZero = 5,
/// An integer arithmetic operation caused an overflow.
///
/// This can happen when trying to do signed division (or get the remainder)
/// -2<sup>N-1</sup> over -1. This is because the result +2<sup>N-1</sup>
/// isn't representable as a N-bit signed integer.
IntegerOverflow = 6,
/// Attempted to make an invalid conversion to an integer type.
///
/// This can for example happen when trying to truncate NaNs,
/// infinity, or value for which the result is out of range into an integer.
BadConversionToInteger = 7,
/// Stack overflow.
///
/// This is likely caused by some infinite or very deep recursion.
/// Extensive inlining might also be the cause of stack overflow.
StackOverflow = 8,
/// Attempt to invoke a function with mismatching signature.
///
/// This can happen with indirect calls as they always
/// specify the expected signature of function. If an indirect call is executed
/// with an index that points to a function with signature different of what is
/// expected by this indirect call, this trap is raised.
BadSignature = 9,
/// This trap is raised when a WebAssembly execution ran out of fuel.
///
/// The Wasmi execution engine can be configured to instrument its
/// internal bytecode so that fuel is consumed for each executed instruction.
/// This is useful to deterministically halt or yield a WebAssembly execution.
OutOfFuel = 10,
/// This trap is raised when a growth operation was attempted and an
/// installed `wasmi::ResourceLimiter` returned `Err(...)` from the
/// associated `table_growing` or `memory_growing` method, indicating a
/// desire on the part of the embedder to trap the interpreter rather than
/// merely fail the growth operation.
GrowthOperationLimited = 11,
/// This trap is raised when a WebAssembly operation demanded a memory
/// allocation and the host system could not supply the requested amount.
OutOfSystemMemory = 12,
}
impl TrapCode {
/// Returns the trap message as specified by the WebAssembly specification.
///
/// # Note
///
/// This API is primarily useful for the Wasm spec testsuite but might have
/// other uses since it avoid heap memory allocation in certain cases.
pub fn trap_message(&self) -> &'static str {
match self {
Self::UnreachableCodeReached => "wasm `unreachable` instruction executed",
Self::MemoryOutOfBounds => "out of bounds memory access",
Self::TableOutOfBounds => "undefined element: out of bounds table access",
Self::IndirectCallToNull => "uninitialized element 2", // TODO: fixme, remove the trailing " 2" again
Self::IntegerDivisionByZero => "integer divide by zero",
Self::IntegerOverflow => "integer overflow",
Self::BadConversionToInteger => "invalid conversion to integer",
Self::StackOverflow => "call stack exhausted",
Self::BadSignature => "indirect call type mismatch",
Self::OutOfFuel => "all fuel consumed by WebAssembly",
Self::GrowthOperationLimited => "growth operation limited",
Self::OutOfSystemMemory => "out of system memory",
}
}
}
impl Display for TrapCode {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{}", self.trap_message())
}
}