Fixed length list support #1992
Conversation
cpetig
force-pushed
the
fixed-length-list
branch
from
a0c1bc4 to
e5a20d0
Compare
|
Fixed size lists became a separate type because they have a different ABI representation and map to different Rust/C types. |
There was a problem hiding this comment.
Thanks for this! In addition to the comments below, mind adding some more tests? For example:
- WIth a feature gate there should be a test that using this type is invalid without the feature gate (e.g.
tests/local/missing-features) - Tests for the
*.watsyntax intests/local/component-model/*. This also tests round-trip parsing and such - Tests for
list<ty, 10000000000000000>(something out of the 64-bit range but still looks integer-like)
Also with the new support in wit-smith (thanks!) mind running the fuzzer for a few minutes locally to ensure it doesn't turn up anything? (FUZZER=roundtrip_wit cargo +nightly fuzz run -s none run -j30)
| @@ -1134,6 +1136,9 @@ impl ComponentDefinedType { | |||
| lowered_types, | |||
| ), | |||
| Self::List(_) => lowered_types.push(ValType::I32) && lowered_types.push(ValType::I32), | |||
| Self::FixedSizeList(ty, length) => { | |||
| (0..*length).all(|_n| ty.push_wasm_types(types, lowered_types)) | |||
There was a problem hiding this comment.
To reference a comment from above, this is where I'd be worried that if an arbitrary length was allowed (e.g. u32::MAX) then a tiny component could take a very long time here in validation which we try to avoid. (e.g. it's an DoS attack vector)
There was a problem hiding this comment.
I hesitated about limits because I also have support for efficient storage of AI tensors or image data in mind, but of course with these you want the outermost list a normal list to avoid expanding all elements on the stack.
On the other hand if you nest fixed width lists of a maximum size of 1000 you can still deflate bomb types here, perhaps a global fuel like argument/result limit makes sense.
There was a problem hiding this comment.
That makes sense to me yeah. My basic worry is loops like this (there's a few throughout this PR) which run a risk of taking time proportional to N which is not a property validation/processing otherwise has at this time. I think a larger limit like 128k or something may be ok (probably coupled with fuel) but I suspect we probably shouldn't allow u32::MAX regardless
crates/wit-parser/src/ast/resolve.rs
Outdated
| @@ -91,7 +91,7 @@ enum Key { | |||
| Flags(Vec<String>), | |||
| Tuple(Vec<Type>), | |||
| Enum(Vec<String>), | |||
| List(Type), | |||
| List(Type, Option<usize>), | |||
There was a problem hiding this comment.
Similar to other changes, mind splitting this to its own FixedSizeList?
|
Also, as a possible bikeshed, which you can take or leave, in Rust at least there's the term "slice" which is |
cpetig
force-pushed
the
fixed-length-list
branch
from
9e70cde to
8d2eded
Compare
|
@alexcrichton do you prefer me to resolve the ones I implemented or do you want to check first? I will implement wat roundtrip tests later today (I didn't find them although I did one manually) and think about limiting on-stack elements. |
It found something ;-) |
The default Validator used for the component encoder has this feature disabled (as it is correctly disabled by default), I don't see an easy way to only activate it for the WIT fuzzing, is there a secret environment variable? |
Thank you for your in-depth review!
I tried but wasn't able to figure out the right way to set up this test: https://github.com/bytecodealliance/wasm-tools/pull/1992/files#diff-1532b9f29c0a59c8d44ce87b39476ec5242d1b2a2329e0b72bf7b2f23c2ae485R24-R38 |
Feel free to do so yourself, I'll give the code a once-over anyway once it's ready too.
For this I'd recommend in the various locations validation is performed for tests/etc to just enable the new feature unconditionally. Adding for example
Ah yeah it's a lexical error right in |
Implement fixed length list support as defined in WebAssembly/component-model#384