Move exception lock to ModuleInstance data.#4772
Merged
lum1n0us merged 3 commits intobytecodealliance:mainfrom Mar 16, 2026
Merged
Move exception lock to ModuleInstance data.#4772lum1n0us merged 3 commits intobytecodealliance:mainfrom
lum1n0us merged 3 commits intobytecodealliance:mainfrom
Conversation
vchigrin
requested review from
TianlongLiang,
loganek,
lum1n0us,
no1wudi and
yamt
as code owners
lum1n0us
added
the
bug-fix
lum1n0us
added
the
breaking-change
lum1n0us
requested changes
Feb 3, 2026
Contributor
lum1n0us
left a comment
lum1n0us
left a comment
There was a problem hiding this comment.
-
The PR has affected the layout of
WASMModuleInstanceExtra, which will change keyoffsetofvalues in AOT files. Therefore, it requires a newAOT_CURRENT_VERSIONin core/config.h. -
Obviously, there is a failed CI that should be fixed.
vchigrin
force-pushed
the
fine-grained-lock
branch
3 times, most recently
from
eca416a to
3bc7eb7
Compare
Contributor
Author
|
Thank you so much! Fixed both issues, all CI checks are green now. |
lum1n0us
reviewed
Mar 9, 2026
vchigrin
force-pushed
the
fine-grained-lock
branch
2 times, most recently
from
906cf84 to
93af779
Compare
This lock acquired on each native function call. This cause performance impact on programs, containing many native function calls, and running in multithreaded environment.
vchigrin
force-pushed
the
fine-grained-lock
branch
from
93af779 to
2e07a8c
Compare
vchigrin
force-pushed
the
fine-grained-lock
branch
from
2e07a8c to
bdd43c7
Compare
lum1n0us
approved these changes
Mar 12, 2026
Contributor
Author
|
Thank you so much for review.
Of course, you, as code owner, know better all nuances. I just write to ensure that we'll not force our users re-compile all their AOT programs without need. |
Contributor
|
The basic relationship is that PR#4400 was likely overlooked. Currently, the entire review system relies on manual review. Perhaps we could consider introducing other tools to assist. |
lum1n0us
added a commit
that referenced
this pull request
Mar 17, 2026
* fix: improve test case handling in test_wamr.sh (#4708) Correct the error introduced by de4b950. * wamr/arm: Add CFI directives to Thumb VFP assembly for better debugging (#4697) Add Call Frame Information (CFI) directives to invokeNative_thumb_vfp.s to improve stack unwinding and debugging capabilities on ARM platforms. This enables better backtrace generation and crash analysis. Changes include: - Add .cfi_startproc/.cfi_endproc directives for proper frame tracking - Add .cfi_def_cfa_offset and .cfi_def_cfa to track stack pointer changes - Add .cfi_offset directives to track saved register locations - Convert local labels to use .L prefix following assembly conventions These CFI directives allow debuggers and exception handlers to properly unwind the stack through native function calls, improving the debugging experience for WAMR applications on ARM targets. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * build(deps): Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4711) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump actions/checkout from 3 to 5 (#4710) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump github/codeql-action from 3.29.1 to 4.31.3 (#4709) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.1 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.29.1...v4.31.3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Adding additional text around the resr requirement for code contributions to make supplying a test mandatory, except in exceptional situations. (#4713) * Merge commit from fork * Merge commit from fork * fix: remove SIMD prefix handling from interpreter and update opcode definitions * test: add case for classic interpreter handling of unsupported SIMD opcodes * Fast-interp should report unsupported opcode (#4723) when meeting simd opcode on non-posix platforms * refactor: Improve debug experience with CFI directives and proper label naming in Thumb invokeNative (#4719) This change enhances debugging support and improves assembly code quality: 1. Add CFI (Call Frame Information) directives (.cfi_startproc, .cfi_def_cfa_offset, .cfi_offset, .cfi_endproc) to provide proper call frame information for debuggers 2. Improve label naming by using dot-prefixed conventions (.Lreturn, .Lcall_func, etc.) following assembly best practices These improvements enhance debugging capabilities and code maintainability while preserving functionality. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * chore: update NuttX version to 12.11 in CI workflows (#4720) The NuttX project released version 12.11 with improvements and bug fixes. Updating the CI workflows to use the latest stable version ensures that WAMR testing and compilation verification runs against the most current NuttX release. Updated 4 repository references total across 2 workflow files to point to the new release branch. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * ci: add raspberrypi-pico-2 to nuttx build matrix (#4721) Add Raspberry Pi Pico 2 (Cortex-M33) board configuration to the NuttX CI build matrix to ensure WAMR compatibility testing covers the Cortex-M33 platform. The board configuration path "boards/arm/rp23xx/raspberrypi-pico-2/configs/nsh" is inserted after the cortex-m7 configuration to maintain logical architecture ordering. * add a set of apis to configure wasi via InstantiationArgs2 (#4707) * track if WASIArguments is configured by user i plan to use this to decide which wasi arguments (the one from module or the one from InstantiationArgs2) to use. * add WASIArguments to InstantiationArgs2 * use wasi configuration from InstantiationArgs2 if any fallback to the via-module configuration for now. * add a few api to configure wasi via InstantiationArgs2 * configure wasi via InstantiationArgs2 for platforms using libc_wasi.c * rt-thread: migrate to libc_wasi_set_init_args * common/libc_wasi.c: retire libc_wasi_init * fix build without wasi * Namespace generated headers with zephyr/ (#4670) * Namespace generated headers with zephyr/ --------- Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * build(deps): Bump github/codeql-action from 4.31.3 to 4.31.5 (#4727) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.3...v4.31.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add support for esp32s2 target to idf_component.yml (#4728) * build(deps): Bump actions/checkout from 5 to 6 (#4726) Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove local fuzzing server (#4729) The local fuzzing server is a feature that has not been used for a long time and is currently unmaintained. Temporarily remove it from the codebase, and restore it when needed. * Update link to WASI Proposals.md (#4734) * fix double promotion warning (#4731) * chore: narrow CI workflow trigger scope for Zephyr compilation Optimize GitHub Actions workflow execution by limiting triggers to only changes in the compilation_on_zephyr.yml workflow file itself, reducing unnecessary workflow runs when other .github files are modified. * Update pull_request trigger paths to target specific workflow file * Update push trigger paths to target specific workflow file * Eliminates redundant CI runs for documentation and script changes * build: disable CONFIG_RP23XX_UF2_BINARY in NuttX CI Disable UF2 binary support for RP23XX boards in the compilation workflow to resolve build issues and maintain consistency with RP2040 board configuration. * Added kconfig-tweak --disable CONFIG_RP23XX_UF2_BINARY * Follows existing pattern for RP2040 boards * Ensures successful compilation for rp23xx target * Add missing functions from thumb arch (#4718) Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * ci: update nuttx and nuttx-apps commits to fix CI build (#4736) Update NuttX and nuttx-apps repository references from release tags to specific commit hashes to resolve CI build failures. * Updated nuttx from releases/12.11 to 09a71ec7c16c43398d5acbdcbeee7b08736c3170 * Updated nuttx-apps from releases/12.11 to 6bd593459c4af3cef325c3d22bccd5537a8ed755 * Preserved xtensa-specific commit logic in spec_test_on_nuttx.yml * Applied changes to both compilation and spec test workflows Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * fix: enhance test case execution handling in test_wamr.sh (#4712) * feat: add support for checking unsupported build configurations (#4690) * feat: add support for checking unsupported build configurations * docs: improve clarity and formatting in build_wamr.md * feat: add check for unsupported SHARED_HEAP + FAST_JIT configuration and update documentation warning * feat: disable default SIMD setting for 64-bit platform in CMake configuration * feat: update Android and macOS workflows to handle SIMD support in classic interp mode * feat: update SGX compilation workflow to handle unsupported FAST_JIT and classic interp mode without SIMD support * feat: enhance check for unsupported CLASSIC_INTERP configurations * feat: disable fast interpreter for shared heap tests and update unsupported features test library * feat: enhance unsupported combination checks and update build configurations for JIT and SIMD * In regression tests, use llvm-jit and fast-jit to replace multi-tier-jit + running mode. Multi-tier-jit contains both fast-jit and llvm-jit. Fast-jit doesn't support SIMD, but llvm-jit does. So, should multi-tier-jit support SIMD? My answer is NO. - The regular form of multi-tier-jit uses fast-jit as tier1 and llvm-jit as tier2. Therefore, if fast-jit doesn't support SIMD, the entire multi-tier doesn't support SIMD either. - `--fast-jit` and `--llvm-jit` of multi-tier-jit should adhere to the global limitations of multi-tier-jit. * Explicitly specify SIMD, MULTI_MODULE, and their unsupported running modes. - SIMD and Ref. types are enabled by default on linux and darwin. So remove duplicate feature testing from CI - Apply new configuration for wasm-c-api compilation commands * build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#4738) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v5.0.1...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump github/codeql-action from 4.31.5 to 4.31.6 (#4739) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.5...v4.31.6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump actions/checkout from 6.0.0 to 6.0.1 (#4747) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v6...v6.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump github/codeql-action from 4.31.6 to 4.31.7 (#4746) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.6 to 4.31.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.6...v4.31.7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * enable WAMR_BUILD_MULTI_MODULE to apply all wasm-vm unit tests (#4745) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * Add a runtime API for reset shared heap(chain) (#4740) * add new runtime api for reset shared heap(chain) * add new unit test case * build(deps): Bump github/codeql-action from 4.31.7 to 4.31.8 (#4757) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.7 to 4.31.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.7...v4.31.8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump actions/cache from 4 to 5 (#4755) Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4756) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add more unit test cases for interpreter (#4716) Co-authored-by: ai-assistant * feat: add documentation for the shared heap feature in WAMR (#4751) * Ensure --addr-pool mask accepts numbers only (#4619) * Ensure --addr-pool mask accepts numbers only * Add mask validation * Replace mask assignment position * Use a thread-safe function and free allocated memory Co-authored-by: liang.he <liang.he@intel.com> * Fix nightly workflow matrix include duplication (#4761) * build(deps): Bump github/codeql-action from 4.31.8 to 4.31.9 (#4767) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.8 to 4.31.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.8...v4.31.9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Upgrade macos runner of CIs to 15 (#4770) * fix: update macOS workflow configurations to use macos-15 and macos-15-intel * fix: remove unsupported build options for macOS workflows * Implicitly disable the SIMD flag for classic-interp and fast-jit (#4768) * aot: avoid forcing mmap low addresses on NuttX (#4776) Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * fix: update CODEOWNERS to refine reviewer assignments (#4754) * update wasm-tool smith generation parameters for improved testing (#4779) * fix: Wrong compiler parameter on MSVC (#4778) * fix: Wrong compiler parameter on MSVC * refactor: Move gcc flags to common build script. * refactor: Add both C/CXX flags * update Dockerfile and devcontainer configuration (#4773) The goal is to keep the devcontainer image minimal and its build time as fast as possible. - Remove all rarely used tools. - Change the base image to the latest template. - Synchronize the WASI-SDK and WABT versions with those used by the CI. Add libzstd for LLVM linking * Improve tiered support system and compilation flags introduction. (#4750) * docs: update tiered support documentation with detailed tier definitions and feature classifications and improved compilation flags and links for clarity * update tiered support documentation to clarify feature support levels and enhance readability - Revised descriptions for Tier A to specify that features have been used in products. - Reformatted notes on testing, maintenance, and support definitions for better clarity. - Added a new section for privileged features with detailed explanations. - Updated tables for Tier A, Tier B, and Tier C to include additional targets and compilation flags. * fix: clear exec_env_tls when destroying exec_env (#4774) * fix: clear exec_env_tls when destroying exec_env When an exec_env is destroyed, check if it matches the current thread's exec_env_tls and clear it to avoid dangling pointer issues. Without this fix, in daemon-style execution where the same thread runs multiple WASM modules sequentially (like Cloudflare Workers), the exec_env_tls can point to freed memory after an exec_env is destroyed, causing crashes on subsequent executions when the signal handler tries to access it. This is critical for AOT mode with hardware bounds checking enabled, where signal handlers rely on exec_env_tls to handle SIGSEGV properly. * test(exec_env): add reproducer for exec_env_tls dangling pointer bug Add test case that reproduces the bug where exec_env_tls is not cleared on early return paths in invoke_native_with_hw_bound_check. The test triggers native stack overflow check failure, which causes wasm_runtime_call_wasm to return early after setting exec_env_tls but without clearing it. This leaves exec_env_tls pointing to a destroyed exec_env, causing subsequent calls to fail with "invalid exec env". Test confirms the fix in wasm_exec_env_destroy correctly clears exec_env_tls when destroying the exec_env it points to. * fix(runtime): clear exec_env_tls on early return from stack overflow check Move the fix to clear exec_env_tls at the source - in the early return path of invoke_native_with_hw_bound_check when native stack overflow check fails. * fix(aot): reserve x18 register on macOS ARM64 (#4775) * fix(aot): reserve x18 register on macOS ARM64 Apple reserves CPU register x18 for TLS on ARM64. When generating AOT code for aarch64 on macOS, LLVM may use x18, causing crashes when the AOT code runs on macOS ARM64 (M1/M2/M3). This patch: 1. Detects darwin/macho ABI and sets correct vendor string 2. Detects darwin/apple in default triple for platform detection 3. Adds +reserve-x18 to LLVM target features for aarch64 on macOS The fix only applies when compiling on macOS ARM64 hosts, ensuring generated AOT code is compatible with Apple's platform requirements. * test(aot): add x18 register reservation test for macOS ARM64 Add a standalone test to verify that the +reserve-x18 LLVM flag is correctly applied when compiling AOT for macOS ARM64. On macOS ARM64, x18 is reserved by Apple for TLS (Thread Local Storage). Without the +reserve-x18 flag, LLVM may generate code that uses x18, causing random SIGSEGV crashes (~80% crash rate in testing). The test: - Creates a WASM module with 24 local variables to stress register allocation - Compiles to AOT with -O3 optimization (which would use x18 without the fix) - Runs 1000 iterations to verify no crashes occur - Only runs on macOS ARM64 (skipped on other platforms) Test results: - Without fix: 82/100 crash rate - With fix: 0/100 crash rate (1000 iterations verified) * fix: correct boundary check in dynamic_offset check (#4788) correct boundary check in check_dynamic_offset_pop when dynamic_offset is 0. When dynamic_offset = 0, check_dynamic_offset_pop will always return true, which may wrongly update dynamic_offset. also include a typo fix in SET_OPERAND_REF Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * Add bh_strtok_r function (#4790) * Fix alignment calculation for large offsets (#4791) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * build(deps): Bump github/codeql-action from 4.31.9 to 4.31.10 (#4794) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.9 to 4.31.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.9...v4.31.10) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix potential memory leak when discarding FreeMachineFunction (#4796) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * fix: disable unsigned integer overflow sanitization (#4785) * fix: disable unsigned integer overflow sanitization in build configurations FYI: from https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html `-fsanitize=unsigned-integer-overflow`: Unsigned integer overflow, where the result of an unsigned integer computation cannot be represented in its type. Unlike signed integer overflow, this is not undefined behavior, but it is often unintentional. This sanitizer does not check for lossy implicit conversions performed before such a computation. It brings a more common question: which is better, pre-additional-check or post-additional-check to fix a potential unsigned integer overflow? A pre-additional-check involves using a check to prevent integer overflow from the very beginning. A post-additional-check involves using a check after addition to see if there is an overflow. In this project, post-additional-checking is widely used. let's follow the routine. for performance sensitive logic, use __builtin_add_overflow etc. provide something like https://github.com/yamt/toywasm/blob/9a5622791e99395e26e6e96cef830af3d91a1685/lib/platform.h#L176-L191 and encourage the use of them. ref. #4549 (comment) * fix: ensure proper definition checks for build options in CMakeLists of wasm-mutator * optimize how to involve sanitizer flags * fix: update LLVM branch and refine sanitizer flags in CMake configurations * fix: add requests package to development requirements * [devcontainer] install ocmal stuff (#4798) For gc proposal spec test * Fix memory leak in GC when rootset enumeration fails (#4793) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * Fix memcpy overlap issue in RECOVER_BR_INFO for i64/v128 copy (#4797) When copying single i64 or V128 values in RECOVER_BR_INFO, source and destination memory regions may overlap, causing memcpy-param-overlap errors Use temporary variables to separate read and write operations, preventing the overlap issue. This fix references the approach used in the other path (when arity != 1), which calls copy_stack_values, that function explicitly handles memcpy overlap. Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * language-bindings/go: upgrade yaml.v3 (#4799) Upgrade github.com/stretchr/testify from v1.7.0 to v1.11.1, and upgrade gopkg.in/yaml.v3 to v3.0.1 This fixes CVE-2022-28948 in yaml v3.0.0 Signed-off-by: Haitao Huang <haitaohuang@microsoft.com> * fix code and comment typo (#4802) * Correct some error handling path in libc_emcc (#4803) * build(deps): Bump github/codeql-action from 4.31.10 to 4.31.11 (#4810) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.10 to 4.31.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.10...v4.31.11) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump actions/checkout from 6.0.1 to 6.0.2 (#4809) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v6.0.1...v6.0.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gc: complete common heap type coverage in wasm_is_refheaptype_common() (#4801) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * refactor: update clang-tidy configuration for improved checks and error handling (#4811) * Collective fix (#4808) * fix a bug in zephyr platform file api * fix a bug in bh queue * fix a bug in shared heap malloc when it's memory64 * fix some typo in wamrc (#4807) * build(deps): Bump github/codeql-action from 4.31.11 to 4.32.0 (#4823) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.11 to 4.32.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.31.11...v4.32.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: allow .clang-tidy and fix exception type in guidelines check (#4818) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * Fix a compilation error about calling os_atomic_cmpxchg (#4822) ``` /workspaces/wasm-micro-runtime/core/iwasm/aot/aot_runtime.c:4701:30: error: expected expression return os_atomic_cmpxchg(_Atomic(void *)ptr, &old_val, new_val); ^ /workspaces/wasm-micro-runtime/core/shared/utils/../platform/include/platform_api_extension.h:135:27: note: expanded from macro 'os_atomic_cmpxchg' ``` * disable the misc-no-recursion checker (#4821) * Fixed build of Go language bindings (#4825) * Reduce warnings relevant to Zephyr platform (#4658) This PR is intended to remove following warnings, when build in Zephyr application: wasm-micro-runtime/core/shared/platform/zephyr/platform_internal.h:293: warning: "CLOCK_MONOTONIC" redefined 293 | #define CLOCK_MONOTONIC 4 wasm-micro-runtime/core/shared/platform/zephyr/zephyr_file.c: In function 'zephyr_fs_alloc_obj': wasm-micro-runtime/core/shared/platform/zephyr/zephyr_file.c:123:25: warning: implicit declaration of function 'bh_strdup' [-Wimplicit-function-declaration] 123 | ptr->path = bh_strdup(path); | ^~~~~~~~~ wasm-micro-runtime/core/shared/platform/zephyr/zephyr_file.c:123:23: warning: assignment to 'char *' from 'int' makes pointer from integer without a cast [-Wint-conversion] 123 | ptr->path = bh_strdup(path); | ^ wasm-micro-runtime/core/shared/platform/zephyr/zephyr_file.c: In function 'os_renameat': wasm-micro-runtime/core/shared/platform/zephyr/zephyr_file.c:853:35: warning: initialization of 'char *' from 'int' makes pointer from integer without a cast [-Wint-conversion] 853 | char *new_path_copy = bh_strdup(new_path); | ^~~~~~~~~ [45/462] Building C object CMakeFiles/app.dir/wasm-micro-runtime/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c.obj wasm-micro-runtime/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c: In function 'wasmtime_ssp_poll_oneoff': wasm-micro-runtime/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c:2216:42: warning: initialization of 'os_file_handle' {aka 'struct zephyr_handle *'} from 'int' makes pointer from integer without a cast [-Wint-conversion] 2216 | os_file_handle tfd = fos[i]->file_handle->fd; | ^~~ wasm-micro-runtime/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c:2222:31: warning: initialization of 'int' from 'os_file_handle' {aka 'struct zephyr_handle *'} makes integer from pointer without a cast [-Wint-conversion] 2222 | .fd = tfd, | ^~~ wasm-micro-runtime/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c:2222:31: note: (near initialization for '(anonymous).fd') --------- Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * Fix compilation error when MSVC is not set to C11 standard (#4588) * Fix compilation error when MSVC is not set to C11 standard * align quick_aot_entry invoke_* signatures with call sites (#4829) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * build(deps): Bump github/codeql-action from 4.32.0 to 4.32.2 (#4831) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.32.0...v4.32.2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix off-by-one in AOT func_index bounds checks (#4836) The AOT relocation loader validates func_index using: (func_index = (uint32)atoi(p)) > module->func_count Since func_ptrs is an array of func_count elements (indices 0 to func_count-1), func_index == func_count is out of bounds. The check must use >= instead of > to reject this boundary case. Fix all 4 affected locations in aot_loader.c. * Improve shared_heap test cases. (#4834) Aligned allocation size can be significantly greater than the original size, and page size varies across platforms. > macOS on M1 (Apple Silicon) uses a memory page size of 16,384 bytes (16 KB). > This differs from the traditional 4 KB page size used on Intel Macs and many > other ARM64 systems, and is designed to improve performance by reducing page > table overhead and allowing for better cache utilization. * build(deps): Bump github/codeql-action from 4.32.2 to 4.32.3 (#4838) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.2 to 4.32.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.32.2...v4.32.3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix typo in README from WARM to WAMR (#4843) Guessing this was supposed to WAMR not WARM * build(deps): Bump github/codeql-action from 4.32.3 to 4.32.4 (#4840) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.3 to 4.32.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.32.3...v4.32.4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Improve zephyr's networking code (#4839) * fix: zephyr sockets: fix get/set sockopt usages. In multiple places, setsockopt is used when getsockopt shall be used, and vice-versa. Additionally, pointer isn't checked correctly in two places, this commit fixes those as well. Per man(7), most socket-level options utilize an int argument for optval. Use those for ttl. Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * feat: zephyr sockets: implement missing networking functions Some of the optvals are implemented by zephyr, some are missing. Call the appropriate function and let set the retval based on that. Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * fix: WASM_API_EXTERN should get visibility("default") on gcc and clang (#4851) This allows the wasm_c_api to work in shared libraries on non-Windows platforms. * Fix sock_connect using wrong rights constant (#4849) wasi_ssp_sock_connect checks __WASI_RIGHT_SOCK_BIND instead of __WASI_RIGHT_SOCK_CONNECT when validating file descriptor rights. This was a copy-paste error from wasi_ssp_sock_bind. As a result, connect operations check the wrong capability. * windows: fix vectored exception handler lifecycle for repeated thread env init/destroy (#4842) * Fix Windows VEH registration/removal lifecycle * Remove redundant OS_THREAD_MUTEX_INITIALIZER guards Since the code is already inside #ifdef BH_PLATFORM_WINDOWS, the macro is always defined. Use NULL directly for clarity. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#4859) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump github/codeql-action from 4.32.4 to 4.32.5 (#4858) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.4 to 4.32.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.32.4...v4.32.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add bounds checking for output tensor buffer in wasi-nn llama.cpp (#4847) * Add bounds checking for output tensor buffer in wasi-nn llama.cpp The get_output function copies LLM output into output_tensor->buf without checking against output_tensor->size, allowing writes past the buffer when the model generates output longer than the caller-provided buffer. Add size checks for both the metadata path and the token output loop. Instead of silently truncating output when the buffer is too small, return the too_large error with a diagnostic message. This makes the behavior consistent with the OpenVINO backend's get_output and allows callers to distinguish between successful completion and insufficient buffer size. * Fix a compilation error by clang-17 (#4812) * Fix a compilation error by clang-17 ``` variable-sized object may not be initialized ``` clang-17 is the default version on MacOS Tahoe(26.2) on AppleM1 * fix: update shared_heap_test to use os_getpagesize for memory size calculations (#4852) * workaround: prevent usage of anyref in struct fields and array elements (#4819) Disable corresponding cases in spec test * Fix off-by-one in aot_alloc_tiny_frame overflow check (#4845) * Fix off-by-one in aot_alloc_tiny_frame overflow check The boundary check in aot_alloc_tiny_frame only verifies that new_frame itself doesn't exceed top_boundary, but doesn't account for the sizeof(AOTTinyFrame) bytes that are about to be written. When new_frame equals top_boundary exactly, the check passes but the subsequent write to new_frame->func_index goes past the boundary. This matches the correct pattern used in aot_alloc_frame (line 4086) which includes the frame size. * clean(zephyr): reduce warnings on zephyr platform (#4860) * clean(warnings): fix [-Wsign-compare] in zephyr_file buf_len is a long unsigned int, while bytes_* can be negative due to error values. We don't need to check bytes_* for negative value, as it was done during read/write op. * clean(warnings): fix "MIN" redefined warning Some platforms, like Zephyr, already define MIN and definition in WAMR cause `warning: "MIN" redefined` warning. Check if it was defined before, and do not redefine it. Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * fix(ems): avoid abort in gc_migrate when heap metadata is corrupted (#4862) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> * Refactoring enclave sample (#4828) * refactor(ci): production-ready SGX install script with logging and idempotency - Add comprehensive logging infrastructure to /tmp/install_sgx.log - Implement idempotency checks for SGX packages and SDK - Modularize into functions: platform_detect, install_packages, validate_installation, cleanup - Add strict error handling with set -euo pipefail and error traps - Replace FIXME with proper environment sourcing documentation - Add dynamic platform detection for Ubuntu 20+/Debian 11/12 - Ensure minimal console output (final status only) with all details in log - Verify all acceptance scenarios pass with comprehensive testing * Refactoring enclave-sample aligning sgx BKM. - Buffer interface redesign to separate input and output - prevent untrusted pointer - add module and instance handle release functions for better resource management * fuzz: remove unnecessary internal headers from wasm_mutator_fuzz (#4865) Remove `wasm_runtime_common.h` and `bh_read_file.h` includes from the wasm_mutator_fuzz harness. All runtime APIs used by this fuzzer (wasm_runtime_init, wasm_runtime_load, wasm_runtime_instantiate, wasm_runtime_call_wasm_a, wasm_runtime_get_export_count, etc.) are declared in the public `wasm_export.h` header. - `wasm_runtime_common.h` (core/iwasm/common/) is an internal implementation header not intended for external use. - `bh_read_file.h` (core/shared/utils/uncommon/) is an internal utility header whose functions are never called in this fuzzer. Verified that the modified harness compiles and runs correctly for all three build targets (classic-interp, fast-interp, llvm-jit) with identical code coverage. * Fix missing IS_INVALID_TAGINDEX check in RETHROW handler (#4837) * Fix RETHROW handler missing IS_INVALID_TAGINDEX check Add validation for exception_tag_index in the RETHROW opcode handler to prevent out-of-bounds access to module->module->tags[] when the tag index is INVALID_TAGINDEX (0xFFFFFFFF). This matches the existing check in the THROW handler. When CATCH_ALL catches a cross-module exception with an unknown tag, it pushes INVALID_TAGINDEX onto the stack. Without this check, a subsequent RETHROW would access tags[0xFFFFFFFF]. * Fix incorrect code section byte counts in exception handling test The hand-crafted WASM binary in load_module_with_exception_handling had an off-by-one in the code section: body size was declared as 7 but the actual body (local count + try/catch_all/end/end) is only 6 bytes. This caused the WASM loader to fail with "unexpected end" when it tried to read past the available bytes. Fix the body size from 7 to 6 and the code section size from 9 to 8. * Fix relocation addend sign extension on 32-bit platforms (#4846) * Fix relocation addend sign extension on 32-bit platforms When loading relocations on 32-bit platforms, the addend is read as uint32 and zero-extended to uint64, which corrupts negative addends. For example, -4 (0xFFFFFFFC) becomes 4294967292 instead of remaining -4. Use int32 with sign extension to int64, matching the Windows code path which already handles this correctly. * Fix mismatch of enum sizes between WASM and host (#4676) - refactor(wasi_types): deprecate enums in platform_wasi_types.h. - Use macros instead. Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> Signed-off-by: Dan Kouba <dan@atym.io> * build(deps): Bump github/codeql-action from 4.32.5 to 4.32.6 (#4868) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.5 to 4.32.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.32.5...v4.32.6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fuzzing: reject non-wasm files quickly and execute aot after compilation (#4780) * fix: disable unsigned integer overflow sanitization in build configurations FYI: from https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html `-fsanitize=unsigned-integer-overflow`: Unsigned integer overflow, where the result of an unsigned integer computation cannot be represented in its type. Unlike signed integer overflow, this is not undefined behavior, but it is often unintentional. This sanitizer does not check for lossy implicit conversions performed before such a computation. It brings a more common question: which is better, pre-additional-check or post-additional-check to fix a potential unsigned integer overflow? A pre-additional-check involves using a check to prevent integer overflow from the very beginning. A post-additional-check involves using a check after addition to see if there is an overflow. In this project, post-additional-checking is widely used. let's follow the routine. for performance sensitive logic, use __builtin_add_overflow etc. provide something like https://github.com/yamt/toywasm/blob/9a5622791e99395e26e6e96cef830af3d91a1685/lib/platform.h#L176-L191 and encourage the use of them. ref. #4549 (comment) * fix: update AOT compiler configuration and enhance error handling in fuzz tests * Fix: initialize record_frame in aot_copy_callstack (#4861) * Fix: Fix null pointer dereference in wasm_c_api.c (#4863) * Enable Unit test on Mac(m1) (#4841) - detecting host arch. and platform instead of hard-coding - fix few compilation errors because of stricter rules involve by appleclang - refactor: modernize wasm-apps CMakeLists.txt to target-specific options and install commands - refactor: modernize memory64 CMakeLists.txt to target-specific options and install commands - Update running-modes CMakeLists.txt: enable AOT and INTERP; JIT/FAST_JIT gating for x86_64. Fix typo in JIT section. - fix: replace deprecated get_binary_path function with get_test_binary_dir for improved portability - fix: adjust size_level test cases for aarch64 architecture compatibility * Move exception lock to ModuleInstance data. (#4772) * Move exception lock to ModuleInstance data. This lock acquired on each native function call. This cause performance impact on programs, containing many native function calls, and running in multithreaded environment. Update AOT_CURRENT_VERSION constant. * fix: use copy of input for wasm_runtime_load to fix overwrites-const-input in fuzz (#4869) Signed-off-by: zhenweijin <zhenwei.jin@intel.com> --------- Signed-off-by: Huang Qi <huangqi3@xiaomi.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> Signed-off-by: zhenweijin <zhenwei.jin@intel.com> Signed-off-by: Haitao Huang <haitaohuang@microsoft.com> Signed-off-by: Dan Kouba <dan@atym.io> Co-authored-by: liang.he <liang.he@intel.com> Co-authored-by: Huang Qi <huangqi3@xiaomi.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Woods <6069113+woodsmc@users.noreply.github.com> Co-authored-by: Zhenwei Jin <109658203+kylo5aby@users.noreply.github.com> Co-authored-by: YAMAMOTO Takashi <yamamoto@midokura.com> Co-authored-by: Krisztian <34309983+kr-t@users.noreply.github.com> Co-authored-by: Kakhaber <kaxabernet@gmail.com> Co-authored-by: Yosh <2467194+yoshuawuyts@users.noreply.github.com> Co-authored-by: TianlongLiang <111852609+TianlongLiang@users.noreply.github.com> Co-authored-by: linear0211 <144136043+linear0211@users.noreply.github.com> Co-authored-by: 石博文 <sbw@sbw.so> Co-authored-by: Steven <25894545+teamchong@users.noreply.github.com> Co-authored-by: Haitao Huang <4699115+haitaohuang@users.noreply.github.com> Co-authored-by: Alex <ph1048@gmail.com> Co-authored-by: vkensou <boyplaydota@hotmail.com> Co-authored-by: Yi Liu <yi@quantstamp.com> Co-authored-by: Robert Ismo <robertismo@protonmail.com> Co-authored-by: Taylor C. Richberger <taylor.richberger@procern.com> Co-authored-by: kogum4 <112237015+kogum4@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Ze Sheng <108382772+OwenSanzas@users.noreply.github.com> Co-authored-by: Dan Kouba <dan@atym.io> Co-authored-by: Vyacheslav Chigrin <vyacheslav.chigrin@yandex.ru>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This lock acquired on each native function call. This cause performance impact on programs, containing many native function calls, and running in multithreaded environment.