Conversation
Codecov Report
@@ Coverage Diff @@
## master #609 +/- ##
==========================================
+ Coverage 99.32% 99.35% +0.03%
==========================================
Files 72 73 +1
Lines 10691 11388 +697
==========================================
+ Hits 10619 11315 +696
- Misses 72 73 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
|
axic
force-pushed
the
rust
branch
4 times, most recently
from
e1b3750 to
3934809
Compare
axic
force-pushed
the
rust
branch
4 times, most recently
from
1377814 to
ca8ecb2
Compare
axic
force-pushed
the
rust
branch
6 times, most recently
from
e45448f to
4eb205c
Compare
chfast
left a comment
chfast
left a comment
There was a problem hiding this comment.
Copying memory back and forth does not look like good idea. Rust should some kind of mutable slice allowing free access to wasm memory (read/write).
Right. We can definitely have a separate function exposing the underlying memory as an unsafe API, but this is the safe API. It is modelled after other Rust VMs. |
axic
force-pushed
the
rust-memory
branch
2 times, most recently
from
1a2d6d3 to
ae1fa64
Compare
Why exposing the underlying memory is unsafe? |
axic
force-pushed
the
rust-memory
branch
2 times, most recently
from
f9e523c to
e0952b3
Compare
Exposing a slice obtained via |
|
Tests for |
|
Looks good, but still not sure what's best to allow for slice ranges #609 (comment) |
|
Squashed and added #609 (comment) as a second commit. We can decide this tomorrow. |
bindings/rust/src/lib.rs
Outdated
| let offset = offset as usize; | ||
| let memory_size = self.memory_size(); | ||
| // Empty slices are allowed, but ensure both starting and ending offsets are valid. | ||
| if memory_size == 0 || offset > memory_size || (offset + size) > memory_size { |
There was a problem hiding this comment.
offset > memory_size condition is redundant then, when it is true (offset + size) > memory_size will always be true.
| if memory_size == 0 || offset > memory_size || (offset + size) > memory_size { | |
| if memory_size == 0 || (offset + size) > memory_size { |
Also for the case of (memory 0) it would be perhaps logical to allow (0, 0) slice, then the condition should make an error only the absence of memory
| if memory_size == 0 || offset > memory_size || (offset + size) > memory_size { | |
| if !sys::fizzy_module_has_memory(self.get_module()) || (offset + size) > memory_size { |
There was a problem hiding this comment.
offset > memory_size condition is redundant then, when it is true (offset + size) > memory_size will always be true.
Was a bad attempt for overflow check. Decided to just use offset.checked_add(size).is_none() for overflow check.
bindings/rust/src/lib.rs
Outdated
| ) -> Result<core::ops::Range<usize>, ()> { | ||
| // This should be safe given usize::BITS >= u32::BITS, see https://doc.rust-lang.org/std/primitive.usize.html. | ||
| let offset = offset as usize; | ||
| let has_memory = unsafe { sys::fizzy_module_has_memory(self.get_module()) }; |
There was a problem hiding this comment.
Actually with solution in #728, I would cache this in the Instance { has_memory: bool }.
chfast
left a comment
chfast
left a comment
There was a problem hiding this comment.
Can be for now, but I see some design issues with it.
- The
fizzy_get_instance_memory_sizeis called twice. - You almost always wants memory size and pointer in the same time. C should return both in single call.
Introduce unsafe API to acquire memory slices and a safe API to set/get memory.
3 participants
No description provided.