palladium_plugin/

wasm.rs

//! WASM plugin traits for compiling, instantiating, and calling WASM modules.
//!
//! These traits abstract over a concrete WASM runtime (e.g. `wasmtime`) so
//! the plugin host can work with any backend.  The `pd-wasm-wasmtime` crate
//! provides the production implementation via `WasmtimeHost`.
//!
//! # Design notes
//!
//! * [`WasmImports`] closures have `+ Send + Sync + 'static` bounds so they
//!   can be registered as wasmtime host functions, which require `Send + Sync`.
//!   `WasmActor` (Phase 5.6) uses `Arc<Mutex<…>>` for the outbox buffer.
//! * [`WasmModule`] exposes `as_any()` so the concrete `WasmHost` can downcast
//!   the `Box<dyn WasmModule>` it created back to its own type without a
//!   separate runtime registry.

use std::any::Any;
use std::fmt;

// ── WasmError ─────────────────────────────────────────────────────────────────

/// Errors that can occur during WASM module compilation, instantiation, or
/// execution.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum WasmError {
    /// The WASM bytes failed to compile (parse, validate, or codegen error).
    Compile(String),
    /// The module could not be instantiated (e.g., missing import, link error).
    Instantiation(String),
    /// A host function call failed at runtime.
    Call(String),
    /// Reading from or writing to WASM linear memory failed (bounds check).
    MemoryAccess,
    /// The WASM module consumed all available fuel and was stopped.
    FuelExhausted,
    /// The WASM module trapped (unreachable, integer divide-by-zero, etc.).
    Trap(String),
}

impl fmt::Display for WasmError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::Compile(s) => write!(f, "WASM compile error: {s}"),
            Self::Instantiation(s) => write!(f, "WASM instantiation error: {s}"),
            Self::Call(s) => write!(f, "WASM call error: {s}"),
            Self::MemoryAccess => write!(f, "WASM memory access out of bounds"),
            Self::FuelExhausted => write!(f, "WASM fuel budget exhausted"),
            Self::Trap(s) => write!(f, "WASM trap: {s}"),
        }
    }
}

impl std::error::Error for WasmError {}

// ── WasmVal ───────────────────────────────────────────────────────────────────

/// A WASM numeric value, used for function call arguments and return values.
///
/// `F32` and `F64` are stored as their bit representations (`u32` and `u64`)
/// so that `WasmVal` can derive `Eq` and remain free of IEEE754 float
/// comparison edge cases.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum WasmVal {
    I32(i32),
    I64(i64),
    /// IEEE 754 single-precision bits.
    F32(u32),
    /// IEEE 754 double-precision bits.
    F64(u64),
}

// ── WasmImports ───────────────────────────────────────────────────────────────

/// Host function callbacks injected into a WASM module at instantiation.
///
/// These correspond to the `pd_*` imports that a plugin WASM module may call.
/// The closures receive raw pointers into a buffer that was read from WASM
/// linear memory immediately before the call; the pointers are valid for the
/// duration of the call only.
///
/// The `+ Send + Sync + 'static` bounds are required because wasmtime host
/// functions must be thread-safe. Use [`Default`] to obtain no-op stubs.
pub struct WasmImports {
    /// Send a message to another actor.
    ///
    /// Arguments: `(envelope_ptr, envelope_len, payload_ptr, payload_len)`.
    /// Returns 0 on success, negative on error.
    pub pd_send: Box<dyn Fn(*const u8, u32, *const u8, u32) -> i32 + Send + Sync + 'static>,

    /// Return the current engine time in microseconds.
    pub pd_now_micros: Box<dyn Fn() -> u64 + Send + Sync + 'static>,

    /// Emit a log message.
    ///
    /// Arguments: `(level, msg_ptr, msg_len)`.
    pub pd_log: Box<dyn Fn(i32, *const u8, u32) + Send + Sync + 'static>,
}

impl Default for WasmImports {
    /// No-op stubs — suitable for tests that don't exercise host imports.
    fn default() -> Self {
        Self {
            pd_send: Box::new(|_, _, _, _| 0),
            pd_now_micros: Box::new(|| 0),
            pd_log: Box::new(|_, _, _| {}),
        }
    }
}

// ── WasmModule ────────────────────────────────────────────────────────────────

/// A compiled (but not yet instantiated) WASM module.
///
/// Created by [`WasmHost::compile`]. Implementors must also expose `as_any()`
/// so the host can downcast `&dyn WasmModule` back to its concrete type during
/// [`WasmHost::instantiate`].
///
/// `Send + Sync` are required so compiled modules can be wrapped in `Arc` and
/// shared across actor factory closures (which must be `Send + Sync + 'static`).
pub trait WasmModule: Send + Sync + 'static {
    /// Names of all exports declared by the module.
    fn exports(&self) -> Vec<String>;

    /// Downcast support — implementations should return `self`.
    fn as_any(&self) -> &dyn Any;
}

// ── WasmInstance ──────────────────────────────────────────────────────────────

/// A fully instantiated WASM module, ready to execute exported functions.
///
/// Created by [`WasmHost::instantiate`].
pub trait WasmInstance: 'static {
    /// Call an exported function by name.
    ///
    /// Returns `Err(WasmError::FuelExhausted)` if the module ran out of fuel,
    /// `Err(WasmError::Trap(…))` for other traps, and
    /// `Err(WasmError::Call(…))` for missing exports or type errors.
    fn call(&mut self, func: &str, args: &[WasmVal]) -> Result<Vec<WasmVal>, WasmError>;

    /// Read `len` bytes from WASM linear memory at `offset`.
    ///
    /// Returns `Err(WasmError::MemoryAccess)` on bounds violation.
    fn memory_read(&self, offset: u32, len: u32) -> Result<Vec<u8>, WasmError>;

    /// Write `data` into WASM linear memory starting at `offset`.
    ///
    /// Returns `Err(WasmError::MemoryAccess)` on bounds violation.
    fn memory_write(&mut self, offset: u32, data: &[u8]) -> Result<(), WasmError>;

    /// Set the fuel budget for subsequent calls.
    ///
    /// Has no effect if the runtime was not configured with fuel consumption
    /// enabled; in that case returns `Ok(())` silently.
    fn set_fuel(&mut self, fuel: u64) -> Result<(), WasmError>;

    /// Return the number of fuel units consumed so far by this instance.
    ///
    /// Returns `None` if the runtime was not configured with fuel tracking.
    fn fuel_consumed(&self) -> Option<u64>;
}

// ── WasmHost ──────────────────────────────────────────────────────────────────

/// Factory for compiling and instantiating WASM modules.
///
/// Implementors wrap a concrete WASM runtime (e.g. `WasmtimeHost`).
/// `Send + Sync + 'static` because a single host may be shared across
/// multiple threads (e.g., multiple engine cores each loading their own
/// plugin actors from the same compiled module).
pub trait WasmHost: Send + Sync + 'static {
    /// Compile `wasm` bytes into a reusable module.
    fn compile(&self, wasm: &[u8]) -> Result<Box<dyn WasmModule>, WasmError>;

    /// Instantiate a previously compiled module, registering `imports` as
    /// host functions.
    fn instantiate(
        &self,
        module: &dyn WasmModule,
        imports: WasmImports,
    ) -> Result<Box<dyn WasmInstance>, WasmError>;
}