You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hyperpolymath/typed-wasm has filed proposal 0002 — the access-site carrier section (typedwasm.access-sites) that completes L2 enforcement on emitted wasm by mapping i32.load offset=N back to (region_id, field_id).
This is the companion to proposal 0001 (which affinescript already reviewed in #402). 0002 is the spec response to typed-wasm#78 (access-site carrier gap discovered during 0001's codec work).
Per 0002's §Coordination with downstream producers (line 252) and §Acceptance criteria (line 384), this proposal requires explicit review-and-sign-off from affinescript maintainers before promotion from [draft] to [accepted].
What we're asking
Please review the proposal as it relates to affinescript's wasm emitter (lib/codegen.ml + lib/tw_*.ml). The proposal proposes Encoding B (LEB128 per field) at v1, with per-instruction (func_idx, byte_offset, region_id, field_id) records emitted after any optimisation passes.
Specifically, please assess:
Post-optimisation emission constraint. AffineScript's codegen (lib/codegen.ml) currently emits typedwasm.ownership at codegen.ml:2778. Does affinescript run wasm-opt / binaryen as part of its build pipeline today? If not, this is trivially satisfied; if yes, the access-site carrier needs a hook between optimisation and final emission.
byte_offset stability. Encoding B records byte_offset of each typed access within the function body. Are affinescript's offsets stable at section-build time, or is there a rewrite stage post-build that would invalidate them?
Typed-vs-arbitrary load distinction. The proposal defines typed accesses as loads/stores emitted as part of typed region access (not arbitrary memory ops). Does affinescript's codegen distinguish typed-region loads from arbitrary memory loads at emission, or is this a new producer-side instrumentation task?
Encoding cost. Per the prototype measurement in typed-wasm#78's second comment, Encoding B is ~5 B/access (~43% overhead vs the bare i32.load). Acceptable for affinescript-emitted modules?
verify_region_binding interaction. Acceptance criterion 4 lands the verify_region_binding pass (omitted from typed-wasm PR fix(build): format js/dune #77 pending this proposal). Does affinescript need any change to how it currently emits typedwasm.ownership to accommodate the L2 round-trip, or is the change wholly on the typed-wasm verifier side?
Process
This is the paired-review pattern that worked for proposal 0001 (this repo's #402 + ephapax#165). Same shape:
File this issue + the ephapax sibling.
Maintainers post a structured review comment ("covered / gap / not-emitted-yet" per question).
When both producers greenlight, proposal 0002 promotes [draft] → [accepted] and the codec + verifier work in typed-wasm proceeds.
Context
hyperpolymath/typed-wasm has filed proposal 0002 — the access-site carrier section (
typedwasm.access-sites) that completes L2 enforcement on emitted wasm by mappingi32.load offset=Nback to(region_id, field_id).This is the companion to proposal 0001 (which affinescript already reviewed in #402). 0002 is the spec response to typed-wasm#78 (access-site carrier gap discovered during 0001's codec work).
Per 0002's §Coordination with downstream producers (line 252) and §Acceptance criteria (line 384), this proposal requires explicit review-and-sign-off from affinescript maintainers before promotion from
[draft]to[accepted].What we're asking
Please review the proposal as it relates to affinescript's wasm emitter (
lib/codegen.ml+lib/tw_*.ml). The proposal proposes Encoding B (LEB128 per field) at v1, with per-instruction(func_idx, byte_offset, region_id, field_id)records emitted after any optimisation passes.Specifically, please assess:
Post-optimisation emission constraint. AffineScript's codegen (
lib/codegen.ml) currently emitstypedwasm.ownershipatcodegen.ml:2778. Does affinescript run wasm-opt / binaryen as part of its build pipeline today? If not, this is trivially satisfied; if yes, the access-site carrier needs a hook between optimisation and final emission.byte_offset stability. Encoding B records
byte_offsetof each typed access within the function body. Are affinescript's offsets stable at section-build time, or is there a rewrite stage post-build that would invalidate them?Typed-vs-arbitrary load distinction. The proposal defines typed accesses as loads/stores emitted as part of typed region access (not arbitrary memory ops). Does affinescript's codegen distinguish typed-region loads from arbitrary memory loads at emission, or is this a new producer-side instrumentation task?
Encoding cost. Per the prototype measurement in typed-wasm#78's second comment, Encoding B is ~5 B/access (~43% overhead vs the bare
i32.load). Acceptable for affinescript-emitted modules?Carrier-codec sharing. Note: the planned affinescript#444
Tw_section.{Encode,Decode}refactor would let the access-site carrier slot in cleanly alongsidetypedwasm.ownershipand (eventually)typedwasm.regions. Worth landing tw: extract Tw_section.encode — deduplicate build_section before proposal 0001 lands two more sections #444 before this proposal's codegen work begins.verify_region_bindinginteraction. Acceptance criterion 4 lands theverify_region_bindingpass (omitted from typed-wasm PR fix(build): format js/dune #77 pending this proposal). Does affinescript need any change to how it currently emitstypedwasm.ownershipto accommodate the L2 round-trip, or is the change wholly on the typed-wasm verifier side?Process
This is the paired-review pattern that worked for proposal 0001 (this repo's #402 + ephapax#165). Same shape:
[draft]→[accepted]and the codec + verifier work in typed-wasm proceeds.References
Tw_section.{Encode,Decode}refactor — prep-work that simplifies ci: Bump actions/github-script from 7.0.1 to 8.0.0 #5 above)