"Downgrade" threads support to tier 2, disable fuzzing (#12036)

* "Downgrade" threads support to tier 2, disable fuzzing

This commit is borne out of a fuzz bug that was opened recently. The
fuzz bug specifically has to do with fallout from #12022, specifically
`SharedMemory` being used to allocated instead of `Memory`. In this
situation the resource limiter is no longer consulted meaning that
shared memories bypass this and aren't caught by OOM checks. This is
currently by design because `SharedMemory` instances don't know which
resource limiter to hook into per-store.

More generally though the implementation of wasm threads, while workable
in Wasmtime, has a number of known relatively large deficiencies. These
were not resolved prior to ungating the wasm proposal (that's on me) but
nevertheless the quality of implementation is not quite up to "tier 1
par" with the rest of what Wasmtime offers. Given this the threads
proposal is now downgraded to tier 2. To help minimize the impact of
this the wasm proposal is left enabled-by-default, but creation of a
`SharedMemory` in the Rust API requires opting-in via a new
`Config::shared_memory` method.

This commit shuffles around some documentation of wasm proposals to
split it into tier 1/2/3 instead of on/off-by-default and then adds a
column for whether the proposal is on-by-default.

* clangformat

* Fix tests

* Add tests for failed creation

Fix an issue where defined shared memories weren't gated

* Sync disabled threads stub

* Fix another test

prtest:full

* Fix fuzzing tests

* Fix dwarf tests

Author: alexcrichton

crates/c-api/include/wasmtime/config.h

@@ -147,13 +147,18 @@ WASMTIME_CONFIG_PROP(void, max_wasm_stack, size_t)
  * \brief Configures whether the WebAssembly threading proposal is enabled.
  *
  * This setting is `false` by default.
- *
- * Note that threads are largely unimplemented in Wasmtime at this time.
  */
 WASMTIME_CONFIG_PROP(void, wasm_threads, bool)
 
 #endif // WASMTIME_FEATURE_THREADS
 
+/**
+ * \brief Configures whether shared memories can be created.
+ *
+ * This setting is `false` by default.
+ */
+WASMTIME_CONFIG_PROP(void, shared_memory, bool)
+
 /**
  * \brief Configures whether the WebAssembly tail call proposal is enabled.
  *

crates/c-api/include/wasmtime/config.hh

@@ -289,6 +289,13 @@ class Config {
   }
 #endif // WASMTIME_FEATURE_THREADS
 
+  /// \brief Configures whether wasm shared memories can be created.
+  ///
+  /// https://docs.wasmtime.dev/api/wasmtime/struct.Config.html#method.shared_memory
+  void shared_memory(bool enable) {
+    wasmtime_config_shared_memory_set(ptr.get(), enable);
+  }
+
   /// \brief Configures whether the WebAssembly tail call proposal is enabled
   ///
   /// https://docs.wasmtime.dev/api/wasmtime/struct.Config.html#method.wasm_tail_call

crates/c-api/src/config.rs

@@ -79,6 +79,11 @@ pub extern "C" fn wasmtime_config_wasm_threads_set(c: &mut wasm_config_t, enable
     c.config.wasm_threads(enable);
 }
 
+#[unsafe(no_mangle)]
+pub extern "C" fn wasmtime_config_shared_memory_set(c: &mut wasm_config_t, enable: bool) {
+    c.config.shared_memory(enable);
+}
+
 #[unsafe(no_mangle)]
 pub extern "C" fn wasmtime_config_wasm_tail_call_set(c: &mut wasm_config_t, enable: bool) {
     c.config.wasm_tail_call(enable);

crates/cli-flags/src/lib.rs

@@ -369,6 +369,8 @@ wasmtime_option_group! {
         pub tail_call: Option<bool>,
         /// Configure support for the threads proposal.
         pub threads: Option<bool>,
+        /// Configure the ability to create a `shared` memory.
+        pub shared_memory: Option<bool>,
         /// Configure support for the shared-everything-threads proposal.
         pub shared_everything_threads: Option<bool>,
         /// Configure support for the memory64 proposal.
@@ -1004,6 +1006,10 @@ impl CommonOptions {
             config.gc_support(enable);
         }
 
+        if let Some(enable) = self.wasm.shared_memory {
+            config.shared_memory(enable);
+        }
+
         Ok(config)
     }
 

crates/fuzzing/src/generators/config.rs

@@ -308,6 +308,7 @@ impl Config {
             Some(self.module_config.config.shared_everything_threads_enabled);
         cfg.wasm.wide_arithmetic = Some(self.module_config.config.wide_arithmetic_enabled);
         cfg.wasm.exceptions = Some(self.module_config.config.exceptions_enabled);
+        cfg.wasm.shared_memory = Some(self.module_config.shared_memory);
         if !self.module_config.config.simd_enabled {
             cfg.wasm.relaxed_simd = Some(false);
         }

crates/fuzzing/src/generators/module.rs

@@ -23,6 +23,7 @@ pub struct ModuleConfig {
     pub component_model_error_context: bool,
     pub component_model_gc: bool,
     pub legacy_exceptions: bool,
+    pub shared_memory: bool,
 }
 
 impl<'a> Arbitrary<'a> for ModuleConfig {
@@ -53,7 +54,11 @@ impl<'a> Arbitrary<'a> for ModuleConfig {
         config.custom_page_sizes_enabled = u.arbitrary()?;
         config.wide_arithmetic_enabled = u.arbitrary()?;
         config.memory64_enabled = u.ratio(1, 20)?;
-        config.threads_enabled = u.ratio(1, 20)?;
+        // Fuzzing threads is an open question. Even without actual parallel
+        // threads `SharedMemory` still poses a problem where it isn't hooked
+        // into resource limits the same way `Memory` is. Overall not clear what
+        // to do so it's disabled for now.
+        config.threads_enabled = false;
         // Allow multi-memory but make it unlikely
         if u.ratio(1, 20)? {
             config.max_memories = config.max_memories.max(2);
@@ -75,6 +80,7 @@ impl<'a> Arbitrary<'a> for ModuleConfig {
             component_model_error_context: false,
             component_model_gc: false,
             legacy_exceptions: false,
+            shared_memory: false,
             function_references_enabled: config.gc_enabled,
             config,
         })

crates/fuzzing/src/oracles.rs

@@ -709,6 +709,7 @@ pub fn wast_test(u: &mut arbitrary::Unstructured<'_>) -> arbitrary::Result<()> {
     crate::init_fuzzing();
 
     let mut fuzz_config: generators::Config = u.arbitrary()?;
+    fuzz_config.module_config.shared_memory = true;
     let test: generators::WastTest = u.arbitrary()?;
 
     let test = &test.test;
@@ -1310,7 +1311,6 @@ mod tests {
             | WasmFeatures::SIMD
             | WasmFeatures::MULTI_MEMORY
             | WasmFeatures::RELAXED_SIMD
-            | WasmFeatures::THREADS
             | WasmFeatures::TAIL_CALL
             | WasmFeatures::WIDE_ARITHMETIC
             | WasmFeatures::MEMORY64

crates/wasmtime/src/config.rs

@@ -164,6 +164,7 @@ pub struct Config {
     pub(crate) macos_use_mach_ports: bool,
     pub(crate) detect_host_feature: Option<fn(&str) -> Option<bool>>,
     pub(crate) x86_float_abi_ok: Option<bool>,
+    pub(crate) shared_memory: bool,
 }
 
 /// User-provided configuration for the compiler.
@@ -273,6 +274,7 @@ impl Config {
             #[cfg(not(feature = "std"))]
             detect_host_feature: None,
             x86_float_abi_ok: None,
+            shared_memory: false,
         };
         #[cfg(any(feature = "cranelift", feature = "winch"))]
         {
@@ -2885,6 +2887,27 @@ impl Config {
         self.x86_float_abi_ok = Some(enable);
         self
     }
+
+    /// Enable or disable the ability to create a
+    /// [`SharedMemory`](crate::SharedMemory).
+    ///
+    /// The WebAssembly threads proposal, configured by [`Config::wasm_threads`]
+    /// is on-by-default but there are enough deficiencies in Wasmtime's
+    /// implementation and API integration that creation of a shared memory is
+    /// disabled by default. This cofiguration knob can be used to enable this.
+    ///
+    /// When enabling this method be aware that wasm threads are, at this time,
+    /// a [tier 2
+    /// feature](https://docs.wasmtime.dev/stability-tiers.html#tier-2) in
+    /// Wasmtime meaning that it will not receive security updates or fixes to
+    /// historical releases. Additionally security CVEs will not be issued for
+    /// bugs in the implementation.
+    ///
+    /// This option is `false` by default.
+    pub fn shared_memory(&mut self, enable: bool) -> &mut Self {
+        self.shared_memory = enable;
+        self
+    }
 }
 
 impl Default for Config {

crates/wasmtime/src/runtime/memory.rs

@@ -777,8 +777,9 @@ pub unsafe trait MemoryCreator: Send + Sync {
 /// used concurrently by multiple agents. Because these agents may execute in
 /// different threads, [`SharedMemory`] must be thread-safe.
 ///
-/// When the threads proposal is enabled, there are multiple ways to construct
-/// shared memory:
+/// When the [threads proposal is enabled](crate::Config::wasm_threads) and the
+/// [the creation of shared memories is enabled](crate::Config::shared_memory),
+/// there are multiple ways to construct shared memory:
 ///  1. for imported shared memory, e.g., `(import "env" "memory" (memory 1 1
 ///     shared))`, the user must supply a [`SharedMemory`] with the
 ///     externally-created memory as an import to the instance--e.g.,
@@ -797,6 +798,7 @@ pub unsafe trait MemoryCreator: Send + Sync {
 /// # fn main() -> anyhow::Result<()> {
 /// let mut config = Config::new();
 /// config.wasm_threads(true);
+/// config.shared_memory(true);
 /// # if Engine::new(&config).is_err() { return Ok(()); }
 /// let engine = Engine::new(&config)?;
 /// let mut store = Store::new(&engine, ());
@@ -825,9 +827,8 @@ impl SharedMemory {
         }
         debug_assert!(ty.maximum().is_some());
 
-        let tunables = engine.tunables();
         let ty = ty.wasmtime_memory();
-        let memory = crate::runtime::vm::SharedMemory::new(ty, tunables)?;
+        let memory = crate::runtime::vm::SharedMemory::new(engine, ty)?;
 
         Ok(Self {
             vm: memory,

crates/wasmtime/src/runtime/vm/instance/allocator/on_demand.rs

@@ -129,7 +129,7 @@ unsafe impl InstanceAllocator for OnDemandInstanceAllocator {
         let allocation_index = MemoryAllocationIndex::default();
         let memory = Memory::new_dynamic(
             ty,
-            request.store.engine().tunables(),
+            request.store.engine(),
             creator,
             image,
             request.limiter.as_deref_mut(),