compilation on macos / build_samples_wasm_c_api ($CLASSIC_INTERP_BUILD_OPTIONS, macos-13, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-20/wasi-sdk-20.0-macos.tar.gz) (push) Has been cancelled
compilation on macos / build_samples_wasm_c_api ($FAST_INTERP_BUILD_OPTIONS, macos-13, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-20/wasi-sdk-20.0-macos.tar.gz) (push) Has been cancelled
compilation on macos / build_samples_others (${{ needs.build_llvm_libraries_on_arm_macos.outputs.cache_key }}, macos-14, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-s… (push) Has been cancelled
compilation on macos / build_samples_others (${{ needs.build_llvm_libraries_on_intel_macos.outputs.cache_key }}, macos-13, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi… (push) Has been cancelled
- fix: when load aot init expr,no type_idx set. (#4094)
- Cmake improvements (#4076)
- fix(aot_emit_aot_file): prevent buffer emission for zero byte_count (#4095)
- fix(unit-test): libc_builtin_test issues (#4073)
- feat: add support for EXTERNREF value type and enable AOT validator in fuzz tests (#4083)
- [gc] Subtyping fix (#4075)
- Add a conditional check for the macro __STDC_VERSION__ (#4080)
- Unit test:type matching issue and code redundancy (#4079)
- build(deps): Bump github/codeql-action from 3.28.8 to 3.28.9 (#4074)
- fix(aot): ensure value_cmp does not exceed br_count in branch table compilation (#4065)
- In wasm32, fix potential conversion overflow when enlarging 65536 pages (#4064)
- [fuzzing] execute every exported function (#3959)
- Update memory allocation functions to use allocator user data (#4043)
- Show wasm proposals status during compilation and execution (#3989)
- add a validator for aot module (#3995)
- Use wasm32-wasip1 instead of wasm32-wasi target for rust code (#4057)
- Update Rust target from 'wasm32-wasi' to 'wasm32-wasip1' in CI (#4050)
- Fix wasm loader check data segment count (#4039)
- Synchronize the GC spec tests to the commit from December 9. 2024. (#4022)
- Refine getting const offsets in wasm loader of fast-interp (#4012)
- fixes for compiling on windows (#4026)
- .github: Add shared lib builds (#3975)
- Refine read leb int wasm loader of fast interpreter (#4017)
- build(deps): Bump github/codeql-action from 3.28.0 to 3.28.1 (#4020)
- build(deps): Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#4021)
- Enable shrunk memory by default and add related configurations (#4008)
- Add documentation regarding security issues and the status of Wasm proposals (#3972)
- Improve stack consistency by ensuring sufficient space for dummy offsets (#4011)
- Check whether related table has funcref elem in opcode call_indirect (#3999)
- [fuzzing] Use software bound-check during fuzzing (#4003)
- Add an example of how to embed WAMR in Zephyr user mode (#3998)
- Fix table index calculations in wasm_loader and wasm_mini_loader (#4004)
- Ensure __heap_base and __data_end global indices are validated against import count (#3996)
- Error message improvement (#4000)
- Handle a new scenario where an item is both exported and imported. (#3984)
- Optimize memory initialization handling in AOT loader (#3983)
- build(deps): Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#3981)
- build(deps): Bump github/codeql-action from 3.27.9 to 3.28.0 (#3982)
- Add Tianlong into code owners (#3970)
- Set thread information earlier in exec_env creation (#3967)
- top-level cmake: link llvm libraries to our shared library (#3973)
- add reference type support by default for darwin to support WASI-SDK-25 (#3978)
- CMakeLists.txt: Do not require C++ (#3956)
- [fuzzing] Enable instantiation (#3958)
- use a random secret key (#3971)
- top-level cmakefile: fix macOS build (#3968)
- Only access Zephyr thread stats info when it's available (#3962)
- build(deps): Bump github/codeql-action from 3.27.6 to 3.27.9 (#3960)
- wasm_export.h: Use "default" visibility for gcc and clang (#3957)
- set alignment 4 when loading multi return value (#3955)
- Fix aot table instantiate (#3946)
- Consume the placeholders that were put when emitting table info (#3940)
- Refactor SConscript and add file checks in iwasm.c (#3945)
- Improvements for platform thread APIs on Windows and Zephyr (#3941)
- Fix incorrect assignment in win_file.c (#3939)
- don't return an uninitialized trap if argv_to_results fails (#3935)
- support WASM_FUNCREF return type in argv_to_results (#3936)
- add thread cpu time for zephyr (#3937)
- build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#3931)
- Update README.md to clarify Windows toolchain support and ESP-IDF reference (#3917)
- Enable ref types by default (#3894)
- Fix loader small bug (#3928)
- add testcases for shared heap and fix POP_MEM_OFFSET of memory64 (#3916)
- Use plain assignment rather than bh_memcpy_s (#3924)
- Fix WASI Path Mapping Processing (#3923)
- Drop declarative elements on module instantiation (#3922)
- Check possible integer overflow in aot memory boundary check (#3920)
- Fix CI wamr-ide error (#3913)
- Support external toolchain on Windows for aot compiler (#3911)
- build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#3912)
- Correct the table index calculation in aot_instantiation (#3903)
- Fix a leak in wasm_loader_emit_br_info (#3900)
- GlobalValueSet was moved to IRPartitionLayer recently, but we have a local definition anyway (#3899)
- build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#3902)
- Fix linked global initialization in multimodule (#3905)
- Wasm loader enhancement: check code size in code entry (#3892)
- Refactor AOT loader to support compatible versions (#3891)
- Fix out of bounds issue in is_native_addr_in_shared_heap function (#3886)
- Fix mmap flags for AOT loader on non-Linux SGX platforms (#3890)
- Bump AOT_CURRENT_VERSION for WAMR 2.x (gc, memory64) (#3880)
- Refine looking up aot function with index (#3882)
- build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#3888)
- fix(ios): Remove `float-abi` flag (#3889)
- Fix out of bounds issues after memory.grow on non-aot non-threads builds (#3872)
- Exclude fuzz test python and npm packages in scoreboard scan (#3871)
Author: Chris Woods <6069113+woodsmc@users.noreply.github.com>
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Author: Dylan Johnston <18252447+dpjohnst@users.noreply.github.com>
Author: edoardo <48774736+xdoardo@users.noreply.github.com>
Author: eric <chenliuyang_1989@163.com>
Author: Fadumina Barre <bafadumi@amazon.com>
Author: Huang Qi <huangqi3@xiaomi.com>
Author: James Ring <sjr@jdns.org>
Author: Jérôme Vouillon <jerome.vouillon@gmail.com>
Author: kk <zhkag@foxmail.com>
Author: liang.he@intel.com <liang.he@intel.com>
Author: liang.he <liang.he@intel.com>
Author: Maks Litskevich <makslit@amazon.com>
Author: Marcin Kolny <mkolny@amazon.com>
Author: peter-tatrai <peter.tatrai.ext@siemens.com>
Author: TianlongLiang <111852609+TianlongLiang@users.noreply.github.com>
Author: Tomáš Malý <malytomas@users.noreply.github.com>
Author: Viacheslav Palchikov <palchikov@gmail.com>
Author: WenLY1 <130950131+WenLY1@users.noreply.github.com>
Author: Wenyong Huang <wenyong.huang@intel.com>
Author: Xavier Del Campo <90845888+midokura-xavi92@users.noreply.github.com>
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Author: yangkun27 <yangkun27@xiaomi.com>
compilation on macos / build_samples_wasm_c_api ($CLASSIC_INTERP_BUILD_OPTIONS, macos-13, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-20/wasi-sdk-20.0-macos.tar.gz) (push) Has been cancelled
compilation on macos / build_samples_wasm_c_api ($FAST_INTERP_BUILD_OPTIONS, macos-13, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-20/wasi-sdk-20.0-macos.tar.gz) (push) Has been cancelled
compilation on macos / build_samples_others (${{ needs.build_llvm_libraries_on_arm_macos.outputs.cache_key }}, macos-14, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-s… (push) Has been cancelled
compilation on macos / build_samples_others (${{ needs.build_llvm_libraries_on_intel_macos.outputs.cache_key }}, macos-13, https://github.com/WebAssembly/wabt/releases/download/1.0.31/wabt-1.0.31-macos-12.tar.gz, https://github.com/WebAssembly/wasi-sdk/releases/download/wasi… (push) Has been cancelled
APIs to create and import WASMMemoryInstance for Interp
- add a demo (sample/linking/raw) for APIs test
- new APIs for instances of spawned threads to build imports list from parents'
Implement the GC (Garbage Collection) feature for interpreter mode,
AOT mode and LLVM-JIT mode, and support most features of the latest
spec proposal, and also enable the stringref feature.
Use `cmake -DWAMR_BUILD_GC=1/0` to enable/disable the feature,
and `wamrc --enable-gc` to generate the AOT file with GC supported.
And update the AOT file version from 2 to 3 since there are many AOT
ABI breaks, including the changes of AOT file format, the changes of
AOT module/memory instance layouts, the AOT runtime APIs for the
AOT code to invoke and so on.
With this approach we can omit using memset() for the newly allocated memory
therefore the physical pages are not being used unless touched by the program.
This also simplifies the implementation.
Compilation error was reported when `cmake -DWAMR_BUILD_LIBC_WASI=0`
on linux-sgx platform:
```
core/shared/platform/linux-sgx/sgx_socket.c:8:10:
fatal error: libc_errno.h: No such file or directory
8 | #include "libc_errno.h"
| ^~~~~~~~~~~~~~
```
After fixing, both `cmake -DWAMR_BUILD_LIBC_WASI=1` and
`WAMR_BUILD_LIBC_WASI=0` work good.
Add an extra argument `os_file_handle file` for `os_mmap` to support
mapping file from a file fd, and remove `os_get_invalid_handle` from
`posix_file.c` and `win_file.c`, instead, add it in the `platform_internal.h`
files to remove the dependency on libc-wasi.
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
Support collecting code coverage with wamr-test-suites script by using
lcov and genhtml tools, eg.:
cd tests/wamr-test-suites
./test_wamr.sh -s spec -b -P -C
The default code coverage and html files are generated at:
tests/wamr-test-suites/workspace/wamr.lcov
tests/wamr-test-suites/workspace/wamr-lcov.zip
And update wamr-test-suites scripts to support testing GC spec cases to
avoid frequent synchronization conflicts between branch main and dev/gc.
Current SGX lib-rats wasm module hash is stored in a global buffer,
which may be overwritten if there are multiple wasm module loadings.
We move the module hash into the enclave module to resolve the issue.
And rename the SGX_IPFS macro/variable in Makefile and Enclave.edl to
make the code more consistent.
And refine the sgx-ra sample document.
Enlarge the default wasm operand stack size to 64KB since the original default
size 16KB is a little small, and the operand stack overflow exception is often
thrown when running wasm apps.
The current implementation of remote attestation does not take into
account the integrity of the wasm module. The SHA256 of the wasm
module has been put into user_data to generate the quote, and more
parameters are exposed for further verification.
Use the cmake variable `WAMR_BUILD_GLOBAL_HEAP_POOL` and
`WAMR_BUILD_GLOBAL_HEAP_SIZE` to enable/disable the global heap pool
and set its size. And set the default global heap size in core/config.h and
the cmake files.
As a result, the developers who build iwasm can easily enable/disable the
global heap pool and change its size regardless of the iwasm implementation,
without manually finding and patching the right location for that value.
This PR integrates an Intel SGX feature called Intel Protection File System Library (IPFS)
into the runtime to create, operate and delete files inside the enclave, while guaranteeing
the confidentiality and integrity of the data persisted. IPFS can be referred to here:
https://www.intel.com/content/www/us/en/developer/articles/technical/overview-of-intel-protected-file-system-library-using-software-guard-extensions.html
Introduce a cmake variable `WAMR_BUILD_SGX_IPFS`, when enabled, the files interaction
API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation
has been written with light changes to sgx platform layer, so all the security aspects
WAMR relies on are conserved.
In addition to this integration, the following changes have been made:
- The CI workflow has been adapted to test the compilation of the runtime and sample
with the flag `WAMR_BUILD_SGX_IPFS` set to true
- Introduction of a new sample that demonstrates the interaction of the files (called `file`),
- Documentation of this new feature
Use the semantic versioning (https://semver.org) to replace the current date
versioning system, which is more general and is requested by some developers,
e.g. issue #1357.
There are three parts in the new version string:
- major. Any incompatible modification on ABIs and APIs will lead to an increment
in the value of major, which mainly includes: AOT calling conventions, AOT file
format, wasm_export.h, wasm_c_api.h, and so on.
- minor. It represents new features, including MVP/POST-MVP features, libraries,
WAMR private ones, and so one.
- patch. It represents patches.
The new version will start from 1.0.0. Update the help info and version showing for
iwasm and wamrc.
Upgrade `cmake_minimum_required` from `(VERSION 2.8)` to `(VERSION 2.9)` to
yield the warning:
"Compatibility with CMake < 2.8.12 will be removed from a future version of CMake"
Add "-Wno-unused" for CMAKE_CXX_FLAGS to yield the compilation warnings
when build LLVM JIT.
Fix the link error when code coverage is enabled.
Let iwasm return non-zero value when running failed
so that the caller (e.g. test framework) can check the
running status according to the return value.
Import WAMR Fast JIT which is a lightweight JIT with quick startup, small footprint,
relatively good performance (~40% to ~50% of LLVM JIT) and good portability.
Platforms supported: Linux, MacOS and Linux SGX.
Arch supported: x86-64.
When WAMR_BUILD_TARGET isn't set, choosing right target is decided
by checking `CMAKE_SIZEOF_VOID_P` variable. However, choosing `X86_32`
target is not doing specifically checking size of void pointer. It is kind
a fallback target for others.
This patch explicitly checks the size of void pointer before setting the target
to `X86_32` to fix the issue.
Implement Berkeley Socket API for Intel SGX
- bring Berkeley socket API in Intel SGX enclaves,
- adapt the documentation of the socket API to mention Intel SGX enclaves,
- adapt _iwasm_ in the mini-product _linux-sgx_ to support the same option as the one for _linux_,
- tested on the socket sample as provided by WAMR (the TCP client/server).
Refine is_xip_file check, when e_type isn't E_TYPE_XIP, just return false
and no need to go through all the other sections of the AOT file.
Refine pointer range check, convert pointer to uintptr_t type before
comparison to yield possible sanitizer pointer overflow error.
Auto detect whether file is XIP file before loading module in posix like and
linux-sgx platforms, and if yes, mmap executable memory automatically to
run the XIP file.
Add document about XIP feature.
Enable test spec cases with XIP feature.
fix the warnings as below:
App/App.cpp: In function ‘int wamr_pal_init(const wamr_pal_attr*)’:
App/App.cpp:759:1: warning: control reaches end of non-void function [-Wreturn-type]
759 | }
| ^
In file included from /usr/include/string.h:495,
from App/App.cpp:9:
In function ‘char* strncpy(char*, const char*, size_t)’,
inlined from ‘int enclave_init(sgx_enclave_id_t*)’ at App/App.cpp:104:16:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:34: warning: ‘char* __builtin___strncpy_chk(char*, const char*, long unsigned int, long unsigned int)’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
App/App.cpp: In function ‘int enclave_init(sgx_enclave_id_t*)’:
App/App.cpp:102:16: note: length computed here
102 | (strlen(home_dir) + strlen("/") + sizeof(TOKEN_FILENAME) + 1) <= MAX_PATH) {
| ~~~~~~^~~~~~~~~~
Signed-off-by: LiFeng <lifeng68@huawei.com>
The global doc/linux_sgx.md needs to explicitly describe the methods to
build a debug enclave and hardware running mode. Because using debug key
to signing enclave image rather than production key is still not trivial
in reality.
For the adaption of Inclavare Containers part, add a prolog and give
more details in order to enhance the readability.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
This commit mainly simplifies the description about building a
debug and hw mode enclave.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Co-authored-by: root <root@rs1g04412.et2sqa>
* Implement the PAL interface for rune
Work in progress
Signed-off-by: Le Yao <le.yao@intel.com>
* Support PAL for one runtime with multi-instances
Load runtime into enclave and run multi-instances
Signed-off-by: Le Yao <le.yao@intel.com>
* Diasble AOT in SGX build by default, as it requires SGX SDKv2.8 or later.
* Update bh_platform.c
Co-authored-by: daomingq <daomingq@users.noreply.github.com>
Co-authored-by: wenyongh <wenyong.huang@intel.com>
