Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lifetime of wasm_memory_data pointer #105

Open
sunfishcode opened this issue Sep 17, 2019 · 1 comment
Open

Lifetime of wasm_memory_data pointer #105

sunfishcode opened this issue Sep 17, 2019 · 1 comment

Comments

@sunfishcode
Copy link
Member

The wasm_memory_data function:

wasm-c-api/include/wasm.h

Line 465 in 7865f7d

byte_t* wasm_memory_data(wasm_memory_t*);

returns a pointer to the linear memory. However, if a memory.grow or wasm_memory_grow occurs while this pointer remains live, it could cause this pointer to dangle.

Would it be reasonable to add functions such as wasm_memory_load and wasm_memory_store to the API? There would be some parallels to wasm_table_get and wasm_table_set.

Separately, there's the question of whether you'd further want to remote wasm_memory_data altogether. On one hand, you can't eliminate all possibility of undefined behavior when using the C API, but on the other, this is a case where there is a non-obvious corner case which likely to be rare in practice, but not impossible.
@sunfishcode sunfishcode mentioned this issue Sep 18, 2019
Merged
@rossberg
Copy link
Member

Yes, this API is somewhat dangerous. The pointer is not valid when reused across arbitrary Wasm execution (or API calls to grow) -- if there was documentation, it should say so in big letters. :) Currently the API does not support shared memories, so it should always be safe to acquire the pointer and then use/dereference it directly. For shared memories, this could indeed create a race with a concurrent grow. I'm inclined to say that it is the client's responsibility to synchronise such grows properly, as they'll probably have to synchronise all accesses to shared memory anyway.

These are all the same problems and considerations as for the JS API, except that in JS an unexpected grow will simply neuter the associated typed array and cause unaware accesses to cause an exception. As usual, C's reaction to that is a bit more fatal, but the problem seems exactly the same.

There is a lot of third-party API that a host might want to make available to Wasm that expects a (in or out) pointer to some array. Without being able to hand out pointers (in)to the Wasm memory, that would always require copying. For the Web we decided that's prohibitive.

Yet we could still add various API for accessing the memory object more safely. The same discussion has occurred for the JS API (adding accessors to WA.Memory), I recall, but hasn't led to any concrete proposal. The problem is that it would probably have to be a lot of API surface -- analogues to all the memory, bulk memory, atomic instructions? And it doesn't solve the problem of proper synchronisation per se. Would it buy enough to be worth its weight?

@sunfishcode sunfishcode mentioned this issue Mar 27, 2020
Open
@cfallin cfallin mentioned this issue Jan 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rossberg @sunfishcode