mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-07-11 06:53:16 +00:00

History

liang.he 3ce549948d Merge main to dev zephyr (#4384 ) * Optimize memory initialization handling in AOT loader (#3983) Save memory if the file buffer is always exist before exit. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * Break aot_create_comp_data into small functions Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * Handle a new scenario where an item is both exported and imported. (#3984) * Error message improvement (#4000) Improve error message in the scenario where the runtime was built with ref types disabled but the module uses reference types feature. * Ensure __heap_base and __data_end global indices are validated against import count (#3996) * Fix table index calculations in wasm_loader and wasm_mini_loader (#4004) * Add an example of how to embed WAMR in Zephyr user mode (#3998) * [fuzzing] Use software bound-check during fuzzing (#4003) * Update CMakeLists.txt of fuzzing - enable software bound-check - enable wasi - disable libc builtin and multiple modules * Fix off-by-one error in result offset calculation for function calls * Check whether related table has funcref elem in opcode call_indirect (#3999) * check whether table has funcref elem in call_indirect * check whether table has funcref elem in call_indirect when gc is enabled * Improve stack consistency by ensuring sufficient space for dummy offsets (#4011) One more corner case: if the `frame_offset` increases and becomes equal to the `frame_offset_boundary` after the last assignment within the for loop. * Add documentation regarding security issues and the status of Wasm proposals (#3972) Add documentation regarding security issues and the status of Wasm proposals. * Enable shrunk memory by default and add related configurations (#4008) - Enable shrunk memory by default and add related configurations - Improve error messages for memory access alignment checks - Add documentation for WAMR shrunk memory build option - Update NuttX workflow to disable shrunk memory build option * build(deps): Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#4021) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump github/codeql-action from 3.28.0 to 3.28.1 (#4020) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.0 to 3.28.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.0...v3.28.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Refine read leb int wasm loader of fast interpreter (#4017) * .github: Add shared lib builds (#3975) So far, no workflows would attempt to build the shared version of the iwasm library (namely, vmlib). Note that, as opposed to GC_EH_BUILD_OPTIONS and DEFAULT_BUILD_OPTIONS, the actual default options defined by the build system are assumed, for the sake of simplicity and avoiding repeated code. * fixes for compiling on windows (#4026) * Refine getting const offsets in wasm loader of fast-interp (#4012) - Refine const offsets in loader for fast-interp - handle const cell num overflow - Use const array, remove list * Synchronize the GC spec tests to the commit from December 9. 2024. (#4022) - Synchronize the GC spec tests to the commit from December 9. 2024. - Revise the error messages to be consistent with the spec test cases. - bypass gc spec test on the nuttx platform as a workaround * Fix wasm loader check data segment count (#4039) correctly report error when datacount section has non-zero data segment count while the data section is not present * Update Rust target from 'wasm32-wasi' to 'wasm32-wasip1' in CI (#4050) - update Rust target from 'wasm32-wasi' to 'wasm32-wasip1' in ci * build(deps): Bump github/codeql-action from 3.28.1 to 3.28.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.1 to 3.28.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.1...v3.28.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): Bump github/codeql-action from 3.28.5 to 3.28.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.5 to 3.28.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.5...v3.28.8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Use wasm32-wasip1 instead of wasm32-wasi target for rust code (#4057) Rust compiler previously deprecated, and now removed the wasm32-wasi target and replaced it with wasm32-wasip1. This change updates all the occurrences of wasm32-wasi in the context of Rust compilation. covers the wasi-nn/test. * add a validator for aot module (#3995) - Add AOT module validation to ensure memory constraints are met - Enable AOT validator in build configuration and update related source files * Show wasm proposals status during compilation and execution (#3989) - add default build configuration options and enhance message output for WAMR features - Add Wasm proposal status printing functionality * initial * Add versioning support and update CMake configuration * Add versioning information for libraries and executables across multiple platforms * Refactor versioning documentation and adopt semantic versioning guidelines * Remove deprecated version.h file and update versioning documentation * Add version.h and update versioning documentation for embedded platforms * Add workflow to confirm version.h is in sync and integrate it into Android compilation workflow * Cleanup check_version_h workflow by removing unnecessary outputs and permissions * Update memory allocation functions to use allocator user data (#4043) * [fuzzing] execute every exported function (#3959) - Enhance wasm mutator fuzz tests by adding export function execution and random value generation - Use --fuel to limit loop size - Use predefined values and enhance argument logging in execution * In wasm32, fix potential conversion overflow when enlarging 65536 pages (#4064) fix enlarge 65536 pages conversion overflow in wasm32 * fix(aot): ensure value_cmp does not exceed br_count in branch table compilation (#4065) * build(deps): Bump github/codeql-action from 3.28.8 to 3.28.9 (#4074) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.8 to 3.28.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.8...v3.28.9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Unit test:type matching issue and code redundancy (#4079) * Add a conditional check for the macro __STDC_VERSION__ (#4080) * build_llvm.py: Allow to build xtensa target on non-xtensa host Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * [gc] Subtyping fix (#4075) * fix(build_llvm.py): clean up whitespace and formatting in build script Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * feat: add support for EXTERNREF value type and enable AOT validator in fuzz tests (#4083) * fix(unit-test): libc_builtin_test issues (#4073) - uninitialized buffer pointers (crashes) - match integer constant size with printf specifier Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> * fix(build_llvm_libraries.yml): Correct script path for build_llvm.py Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * fix(aot_emit_aot_file): prevent buffer emission for zero byte_count (#4095) if using a debug building of wamrc to run spec test. there will be: core/iwasm/compilation/aot_emit_aot_file.c:1794:13: runtime error: null pointer passed as argument 2, which is declared to never be null * Cmake improvements (#4076) - Utilizes the standard CMake variable BUILD_SHARED_LIBS to simplify the CMake configuration. - Allows the use of a single library definition for both static and shared library cases, improving maintainability and readability of the CMake configuration. - Install vmlib public header files - Installs the public header files for the vmlib target to the include/iwasm directory. - Install cmake package - Adds the necessary CMake configuration files (iwasmConfig.cmake and iwasmConfigVersion.cmake). - Configures the installation of these files to the appropriate directory (lib/cmake/iwasm). - Ensures compatibility with the same major version. - Improve windows product-mini CMakeLists.txt - Fix missing symbols when linking windows product-mini with shared vmlib - Improve Darwin product-mini CMakeLists.txt --------- Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> * fix: when load aot init expr,no type_idx set. (#4094) Fix an assertion from gc_object.c line 91 `bh_assert(rtt_type->type_flag == WASM_TYPE_STRUCT;` * prevent data overflow on 32 bit platform for memory.grow * cr suggestions * cr suggestions * format * cr suggestions * feat: use C linkage in aot_comp_option.h for C++ embeding (#4106) Co-authored-by: xiangjia.xj <xiangjia.xj@alibaba-inc.com> * build(deps): Bump actions/upload-artifact from 4.6.0 to 4.6.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): Bump github/codeql-action from 3.28.9 to 3.28.10 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.9 to 3.28.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.9...v3.28.10) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Apply suggestions from code review remove confusing comments. * build(deps): Bump ossf/scorecard-action from 2.4.0 to 2.4.1 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`62b2cac7ed...f49aabe0b5`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: add dispose of the debug information builder when destroying compilation context (#4105) Co-authored-by: xiangjia.xj <xiangjia.xj@alibaba-inc.com> * wasm_loader allocates more spaces for elements (#4099) - allocate memory for array initialization based on length - update reference type mapping for struct initialization * log warning instaed of assertion (#4119) * fix: fix load aarch64 aot failed (#4114) Co-authored-by: xiangjia.xj <xiangjia.xj@alibaba-inc.com> * fix: correct typos and improve comments across multiple files by codespell (#4116) Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * avoid Windows perform newline translation (#4128) * Iterate callstack API * wamr bool type * clang-format * meaning of the return bool type in the callback * keep devs notes out of public API * format * support standard frames as well * format * Calculate func_index instead of adding an extra field to wasm frame * ignore frames with no function * update typo in the comment * update signature * add correct frame size for aot standard frames * standard frame is not supported when GC is enabled * Copy read only API behind a flag instead of using user defined callback * Cleaning up * remove unnecessary includes * formatting * define if not defined * formatting * address comments * formatting * remove spare diff line * address comments * clang format * spare line * spare lines * last fixes * identation * fix bug for return value when skip_n is passed * build(deps): Bump github/codeql-action from 3.28.10 to 3.28.11 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.10 to 3.28.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.10...v3.28.11) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Expose WAMR_BUILD_GC_HEAP_SIZE_DEFAULT as a CMake option This is wired through to the GC_HEAP_SIZE_DEFAULT constant. Also honor this value when configuring the engine with the wasm_c_api. * Address code review feedback * Move the default heap size initialization * Restore the doc heading. * Fix iwasm build error when WAMR_BUILD_WASI_NN enabled A recent change on ./product-mini/platforms/linux/CMakeLists.txt renamed libiwasm to vmlib, but wasi-nn.cmake still wants to link libiwasm.so. Replace libiwasm with vmlib in wasi-nn.cmake to resolve iwasm build error when WAMR_BUILD_WASI_NN enabled. * include bh_platform.h (#4135) This should guarantee that the various macros required by wasm_proposal.c are defined even if the build system does not supply them to the compiler command. * Merge dev/simd for fast-interp (#4131) * Implement the first few SIMD opcodes for fast interpreter (v128.const, v128.any_true) (#3818) Tested on the following code: ``` (module (import "wasi_snapshot_preview1" "proc_exit" (func $proc_exit (param i32))) (memory (export "memory") 1) ;; WASI entry point (func $main (export "_start") v128.const i8x16 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 v128.any_true if unreachable end v128.const i8x16 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 v128.any_true i32.const 0 i32.eq if unreachable end i32.const 0 call $proc_exit ) ) ``` * implement POP_V128() This is to simplify the simd implementation for fast interpreter * Add all SIMD operations into wasm_interp_fast switch * Add V128 comparison operations Tested using ``` (module (import "wasi_snapshot_preview1" "proc_exit" (func $proc_exit (param i32))) (memory (export "memory") 1) (func $assert_true (param v128) local.get 0 v128.any_true i32.eqz if unreachable end ) (func $main (export "_start") ;; Test v128.not v128.const i8x16 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 v128.not v128.const i8x16 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 i8x16.eq call $assert_true ;; Test v128.and v128.const i8x16 255 255 255 255 0 0 0 0 255 255 255 255 0 0 0 0 v128.const i8x16 255 255 0 0 255 255 0 0 255 255 0 0 255 255 0 0 v128.and v128.const i8x16 255 255 0 0 0 0 0 0 255 255 0 0 0 0 0 0 i8x16.eq call $assert_true ;; Test v128.andnot v128.const i8x16 255 255 255 255 0 0 0 0 255 255 255 255 0 0 0 0 v128.const i8x16 255 255 0 0 255 255 0 0 255 255 0 0 255 255 0 0 v128.andnot v128.const i8x16 0 0 255 255 0 0 0 0 0 0 255 255 0 0 0 0 i8x16.eq call $assert_true ;; Test v128.or v128.const i8x16 255 255 0 0 0 0 255 255 255 255 0 0 0 0 255 0 v128.const i8x16 0 0 255 255 255 255 0 0 0 0 255 255 255 255 0 0 v128.or v128.const i8x16 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 0 i8x16.eq call $assert_true ;; Test v128.xor v128.const i8x16 255 255 0 0 255 255 0 0 255 255 0 0 255 255 0 0 v128.const i8x16 255 255 255 255 0 0 0 0 255 255 255 255 0 0 0 0 v128.xor v128.const i8x16 0 0 255 255 255 255 0 0 0 0 255 255 255 255 0 0 i8x16.eq call $assert_true i32.const 0 call $proc_exit ) ) ``` * Add first NEON SIMD opcode implementations to fast interpreter (#3859) Add some implementations of SIMD opcodes using NEON instructions. Tested using: ```wast (module (import "wasi_snapshot_preview1" "proc_exit" (func $proc_exit (param i32))) (memory (export "memory") 1) (func $assert_true (param v128) local.get 0 v128.any_true i32.eqz if unreachable end ) (func $main (export "_start") i32.const 0 i32.const 32 memory.grow drop i32.const 0 v128.const i8x16 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 v128.store i32.const 0 v128.load v128.const i8x16 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 i8x16.eq call $assert_true i32.const 16 v128.const i8x16 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 v128.store i32.const 16 v128.load v128.const i8x16 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 i8x16.eq call $assert_true i32.const 0 v128.load v128.const i8x16 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 i8x16.eq call $assert_true drop i32.const 0 i32.const 1 memory.grow drop i32.const 0 i64.const 0x7F80FF017E02FE80 i64.store i32.const 0 v128.load8x8_s v128.const i16x8 127 -128 -1 1 126 2 -2 -128 i16x8.eq call $assert_true i32.const 0 i64.const 0x80FE027E01FF807F i64.store i32.const 0 v128.load8x8_u v128.const i16x8 128 254 2 126 1 255 128 127 i16x8.eq call $assert_true i32.const 0 i64.const 0x8000FFFE7FFF0001 i64.store i32.const 0 v128.load16x4_s v128.const i32x4 -32768 -2 32767 1 i32x4.eq call $assert_true i32.const 0 i64.const 0x8000FFFE7FFF0001 i64.store i32.const 0 v128.load16x4_u v128.const i32x4 32768 65534 32767 1 i32x4.eq call $assert_true i32.const 0 i64.const 0x8000000000000001 i64.store i32.const 0 v128.load32x2_s v128.const i64x2 -2147483648 1 i64x2.eq call $assert_true i32.const 0 i64.const 0x8000000000000001 i64.store i32.const 0 v128.load32x2_u v128.const i64x2 2147483648 1 i64x2.eq call $assert_true call $proc_exit ) ) ``` * Emit imm for lane extract and replace (#3906) * Fix replacement value not being correct (#3919) * Implement load lanes opcodes for wasm (#3942) * Implement final SIMD opcodes: store lane (#4001) * Fix load/store (#4054) * Correctly use unsigned functions (#4055) * implement local and function calls for v128 in the fast interpreter * Fix splat opcodes, add V128 handling in preserve_referenced_local and reserve_block_ret * Fix incorrect memory overflow values + SIMD ifdefs * Fix load/load_splat macros * correct endif wasm loader * Update core/iwasm/interpreter/wasm_opcode.h * Fix spec tests when WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS is 0 * Resolve merge conflicts arising from main -> dev/simd_for_interp and implement fast interpreter const offset loader support for V128 * Enable SIMDe tests on CI * Document WAMR_BUILD_LIB_SIMDE --------- Co-authored-by: James Marsh <mrshnja@amazon.co.uk> Co-authored-by: jammar1 <108334558+jammar1@users.noreply.github.com> Co-authored-by: Maks Litskevich <makslit@amazon.com> Co-authored-by: Marcin Kolny <marcin.kolny@gmail.com> Co-authored-by: Wenyong Huang <wenyong.huang@intel.com> * Fix build issues when compiling WAMRC as a cross-compiler (#4112) * Use CMAKE_INSTALL_BINDIR for wamrc installation * Fix wamrc build failure for 32bit non-x86 targets * Handle PIC flags by cmake in wamrc * Use dummy AOT reloc functions when building wamrc AOT reloc functions are used only when loading AOT WebAssembly modules on target, not during AOT compilation. Original code led to build issues when building wamrc as cross-compiler, using arm header on x86 build. * Add option to turn off SIMD support in wamrc * fix(runtest.py): A workaround to bypass errors that occur when deleting temporary files (#4093) - Replace sys.exit with exceptions for better error handling in test assertions - Update exception handling in compile_wast_to_wasm to catch all exceptions - Improve error messages and logging - Use `--ignore-whitespace` option for git apply in spec_test function - Use raw string notation for regex patterns. The "SyntaxWarning: invalid escape sequence" in Python The warning has been upgraded to SyntaxWarning since Python 3.12, and it is expected to become a SyntaxError in future versions. - Add early return for non-loadable AOT compilation to prevent unnecessary assertions - Redirect stderr to stdout in test_case for unified output - Update `create_tmpfiles()` to improve clarity and handling of temporary files * build(deps): Bump esbuild, @vitejs/plugin-react and vite (#4149) Bumps [esbuild](https://github.com/evanw/esbuild) to 0.25.1 and updates ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). These dependencies need to be updated together. Updates `esbuild` from 0.14.54 to 0.25.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2022.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.14.54...v0.25.1) Updates `@vitejs/plugin-react` from 2.0.1 to 4.3.4 - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/v4.3.4/packages/plugin-react) Updates `vite` from 3.0.9 to 6.2.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.2/packages/vite) --- updated-dependencies: - dependency-name: esbuild dependency-type: indirect - dependency-name: "@vitejs/plugin-react" dependency-type: direct:development - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update NuttX and NuttX Apps references to releases/12.9 in workflow f… (#4148) * Update NuttX and NuttX Apps references to releases/12.9 in workflow files * Remove Kconfig modification step for NuttX in spec test workflow * platform/nuttx: Flush icache/dcache properly (#4147) Enhance the os_dcache_flush and os_icache_flush functions to ensure proper cache invalidation, improving memory management efficiency. * Added cache invalidation for data cache * Implemented cache invalidation for instruction cache Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * build(deps): Bump github/codeql-action from 3.28.11 to 3.28.12 (#4160) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.11 to 3.28.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.11...v3.28.12) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#4159) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...v4.6.2) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * test: temporarily skip 'skip-stack-guard-page' test case until issue is resolved * nuttx: remove the up_x API for kernel build (#4154) Signed-off-by: buxiasen <buxiasen@xiaomi.com> Co-authored-by: buxiasen <buxiasen@xiaomi.com> * docs: Update build instructions suggestions for using Valgrind (#4164) * build(deps): Bump github/codeql-action from 3.28.12 to 3.28.13 (#4170) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.12 to 3.28.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.12...v3.28.13) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dwarf_extractor.cpp: use macro control to be compatible with lower version toolchain (#4169) * Update cmake min to 3.14 (#4175) 3.14 is used and tested by linux mini-product to fix ``` CMake Error at CMakeLists.txt:4 (cmake_minimum_required): Compatibility with CMake < 3.5 has been removed from CMake. Update the VERSION argument <min> value. Or, use the <min>...<max> syntax to tell CMake that the project requires at least <min> but has been updated to work with policies introduced by <max> or earlier. Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway. ``` * fix format specifier warning on 32bit builds (#4177) * Remove indirect-load for constants on Xtensa Target to improve performance (#4162) * Remove indirect-load for constants on Xtensa Target to improve performance * Remove const intrinsics flags for xtensa instead of adding too much #ifdef * Add AOT_INTRINSIC_FLAG_F32_CONST for xtensa frontend, because espressif xtensa llvm backend does not support float-point immediate for now --------- Co-authored-by: zhanheng1 <Zhanheng.Qin@sony.com> * cmake: Enhance target selection for ARM architectures with FPU (#4185) Improve the target selection logic for ARM architectures in the NuttX platform configuration. * Added support for FPU detection in THUMB and ARM targets * Ensured correct target is set based on architecture and configuration options Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * build(deps): Bump github/codeql-action from 3.28.13 to 3.28.14 (#4184) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.13 to 3.28.14. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.13...v3.28.14) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * aot: add new u64 intrinsics (#4168) * Refactor Dockerfile and update .dockerignore for wasi-nn tests; adjust map-dir parameters in smoke test script (#4158) * Add import memory/table flag assert check for miniloader (#4179) * Fix few integer overflowing (#4161) - fix(interpreter): correct offset calculations in wasm_loader_get_const_offset function - fix(mem-alloc): update offset calculation in gc_migrate for memory migration - add pointer-overflow sanitizer * prevent frame_offset underflow in wasm_loader (#4165) * improve variable naming and code clarity in SIMD operations (#4157) Fix compilation warning about shadow, like ```sh declaration of ‘val’ shadows a previous local [-Wshadow] ``` * fix: Remove unused variables in SIMD_v128_const case (#4197) Fix compiler warnings about unused variables `high` and `low` in the `SIMD_v128_const` case. These variables are only needed inside the `WASM_ENABLE_FAST_INTERP != 0` conditional block, but were incorrectly declared outside of it, causing unused variable warnings. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * build(deps): Bump github/codeql-action from 3.28.14 to 3.28.15 (#4198) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.14 to 3.28.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.14...v3.28.15) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix false native stack overflow detections with HW_BOUND_CHECK (#4196) In call_wasm_with_hw_bound_check/call_native_with_hw_bound_check, ensure to set up the stack boundary (wasm_exec_env_set_thread_info) before checking the overflow. It seems that the problem was introduced by: https://github.com/bytecodealliance/wasm-micro-runtime/pull/2940 * Keep fix the CMake compatibility issue (#4180) ``` CMake Error at CMakeLists.txt:4 (cmake_minimum_required): Compatibility with CMake < 3.5 has been removed from CMake. Update the VERSION argument <min> value. Or, use the <min>...<max> syntax to tell CMake that the project requires at least <min> but has been updated to work with policies introduced by <max> or earlier. Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway. ``` * Fix the error of AOT mode on the "i386-windows-msvc" platform (#4183) * Fix errors on the "i386-windows-msvc" platform * Refactor symbol name handling for AOT COFF32 binary format * Fix preprocessor directive placement for Windows compatibility in aot_reloc_x86_32.c --------- Co-authored-by: liang.he@intel.com <liang.he@intel.com> * debug-engine: fix a few type mismatches (#4189) - use strict prototypes complained by GCC `-Wstrict-prototypes` - use `int` instead of `int32` Note: on some targets, int32_t is a long. for example, GCC shipped with the recent ESP-IDF has such a configuration. - https://github.com/apache/nuttx/issues/15755#issuecomment-2635652808 - https://github.com/apache/nuttx/pull/16022 - https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/5.0/gcc.html#espressif-toolchain-changes * Replace CMAKE_CURRENT_FUNCTION_LIST_DIR (#4200) `CMAKE_CURRENT_FUNCTION_LIST_DIR` is added in version 3.17 and currently most of `cmake_minimum_required()` with 3.14. Refer to https://cmake.org/cmake/help/latest/variable/CMAKE_CURRENT_FUNCTION_LIST_DIR.html * Raise CI runner to ubuntu 22.04 (#4191) update workflows and scripts for Ubuntu 22.04 compatibility. It includes - install Intel SGX SDK 2.25 - use a reusable action to install sgx required - keep improve error handling in AOT compilation process in runtest.py add a workaround to fix receiving a shutdown signal problem. Refers to https://github.com/actions/runner-images/issues/6680 and https://github.com/actions/runner-images/discussions/7188 * Remove the dlen to optimize it. (#4193) There are two reasons for this optimization: - The value of dlen can equal 0x1_0000_0000, even in wasm32 mode, because it is derived from (4G-0). This results in a truncation when it is passed to b_memmove_s(). Consequently, s1max becomes 0 and n is greater than s1max. To correct this, a longer type is required. - The dlen is only used to check if there is enough space in b_memmove_s(). However, from a different angle, after confirming that both src+len and dst+len are within the memory range, we can be assured and there is no need for this explicit check. * Add missing casts and improve error handling in performance map functions (#4202) Wrong type of arguments to formatting function. * Raise wasi-sdk to 25 and wabt to 1.0.37 (#4187) Raise wasi-sdk to 25 and wabt to 1.0.37. It includes - Refactor CI workflow to install WASI-SDK and WABT from a composite action - Use ExternalProject to bring wasm-apps for few samples. file/ wasi-threads/ - Refactor sample build and test steps in SGX compilation workflow for improved clarity and efficiency (workaround) Add CMake support for EMSCRIPTEN and WAMRC, update module paths * fix potential memory leak (#4205) * Add missing V128 handling in WASM_OP_BR, reported in #4173 * Update unit test cases (#4214) * Update gc unit test cases * Update aot stack frame unit test cases * fix print_help when libc wasi is enabled (#4218) * LLVM: don't verify instcombine fixpoint (#4219) LLVM 18 and later, instcombine perfoms only one iteration. it performs extra "verify fixpoint" operation when instcombine is specified in certain ways, including how we do so here. a problem is that the verification raises a fatal error when it finds we didn't reach a fixpoint: LLVM ERROR: Instruction Combining did not reach a fixpoint after 1 iterations while it should be rare, it's quite normal not to reach a fixpoint. this commit fixes the issue by simply disabing the verification. cf. `41895843b5` * LLVMCreateTargetMachineWithOpts: disable large data (#4220) for x86-64, llvm 17 and later sometimes uses "l" prefix for data sections. cf. `43249378da` because our aot file emitter/loader doesn't support such sections, it ends up with load-time errors solving symbols like ".lrodata". this commit fixes it by avoid placing data in the large data sections. references: https://groups.google.com/g/x86-64-abi/c/jnQdJeabxiU `1feb00a28c` * wamrc: add --disable-llvm-jump-tables option (#4224) while ideally a user should not need to care this kind of optimization details, in reality i guess it's sometimes useful. both of clang and GCC expose a similar option. (-fno-jump-tables) * feat(fuzz): add a new fuzzing target about aot compiler (#4121) support llvm-jit running mode as another fuzzing target * bypass vptr santizier (#4231) LLVM, by default, disables the use of C++'s built-in Run-Time Type Information. This decision is primarily driven by concerns about code size and efficiency. But '-fsanitize=vptr' not allowed with '-fno-rtti'. * use a selected llvm libs list to replace the full list (#4232) * set default value of `WAMR_BUILD_REF_TYPES` to 1 in standalone cases (#4227) - set default value of WAMR_BUILD_REF_TYPES to 1 in CMakeLists.txt * teach aot emitter/loader about .srodata and .srodata.cst* sections (#4240) LLVM 19 and later started to use srodata ("small read only data") sections for RISCV. cf. https://github.com/llvm/llvm-project/pull/82214 this commit makes our aot emitter/loader deal with those sections. an alternative would be to disable small data sections completely by setting the "SmallDataLimit" module attribute to zero. however, i feel this commit is more straightforward and consisitent as we are already dealing with sdata sections. * run_clang_format_diff: mention homebrew for clang-format installation (#4237) * platform/nuttx: Fix dcache operation in os_dcache_flush (#4225) Replace up_invalidate_dcache_all() with up_flush_dcache_all() in os_dcache_flush() to properly flush the data cache instead of just invalidating it. This ensures that any modified data in the cache is written back to memory before execution. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> * Use --target to pass a triple in wamrc (#4199) Provide a triple string in the format of <arch>-<vendor>-<os>-<abi> via --target. * fix return types of our 64-bit clz/ctz/popcount intrinsics (#4238) the corresponding LLVM intrinsics' return types are same as their first argument. eg. i64 for llvm.cttz.i64. cf. https://llvm.org/docs/LangRef.html#llvm-cttz-intrinsic this commit changes the return types of our versions of the intrinsics to match llvm versions as our aot compiler, specifically __call_llvm_intrinsic, assumes. strictly speaking, this is a potential AOT ABI change. however, I suppose it isn't a problem for many of 64-bit ABIs out there, where (lower half of) a 64-bit register is used to return a 32-bit value anyway. (for such ABIs, this commit would fix the upper 32-bit value of the register.) * build(deps): Bump github/codeql-action from 3.28.15 to 3.28.17 (#4243) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.15 to 3.28.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.15...v3.28.17) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * samples/wasm-c-api: skip aot compilation unless necessary (#4239) * riscv: avoid llvm.cttz.i32/i64 for xip (#4248) LLVM 16 and later expands cttz intrinsic to a table lookup, which involves some relocations. (unless ZBB is available, in which case the native instructions are preferred over the table-based lowering.) cf. https://reviews.llvm.org/D128911 * Add overflow check for preserved local offset in preserve_referenced_local (#4211) * aot_resolve_object_relocation_group: adapt to LLVM 16 (#4250) cf. https://reviews.llvm.org/D123264 * samples/wasm-c-api: remove unused valgrind detection (#4249) - it's unused - valgrind is basically a linux-only software. it isn't a good idea to make it a hard requirement. if we want to use valgrind, it's better to introduce a separate option to control it. * More detail to python setup, and fixed small typo (#4247) * initialize WASI stdio handles to invalid for better error handling (#4092) * initialize WASI stdio handles to invalid for better error handling * implement os_invalid_raw_handle function for consistent invalid handle representation * Modifying build flags to ensure libiwasm.so is built (#4255) * JIT: don't join worker threads twice (#4252) in case of WASM_ENABLE_LAZY_JIT==0, compile_jit_functions should have already joined these threads. joining them again here is an undefined behavior. * aot_resolve_object_relocation_group: adapt to LLVM 19 (#4254) cf. https://github.com/llvm/llvm-project/pull/95031 https://github.com/llvm/llvm-project/pull/89693 * Stop pretending to support extended-const proposal (#4258) As far as I know, we don't implement the proposal at all. ``` spacetanuki% wasm2wat --enable-all data.28.wasm (module (memory (;0;) 1) (data (;0;) (i32.const 42 i32.const 0 i32.sub) "")) spacetanuki% toywasm --load data.28.wasm spacetanuki% ~/git/wasm-micro-runtime/product-mini/platforms/darwin/b.classic/iwasm data.28.wasm WASM module load failed: illegal opcode or constant expression required or type mismatch spacetanuki% ``` data.28.wasm in the above example is a binary version of: `8d4f6aa2b0/test/core/data.wast (L184-L187)` * Improve readlinkat_dup() to handle symlink size correctly (#4229) * In readlinkat_dup(), use fstatat() to estimate size first. * Reduce additional space in samples/file * build-scripts/build_llvm.py: bump to llvm 18 (#4259) * build-scripts/build_llvm.py: bump to llvm 18 cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4210 why not 20? because, as of writing this, 19 is the latest released version for the xtensa fork of llvm: https://github.com/espressif/llvm-project why not 19? because of a bug in the xtensa fork of llvm: https://github.com/espressif/llvm-project/issues/112 while we can use different versions for different targets, it's nicer to use the same version everywhere when possible. * spec-test-script/runtest.py: --size-level=0 for x86-64 with the recent version of LLVM, wamrc --size-level=1 often generates R_X86_64_32S relocations which fail on load with the infamous error: "relocation truncated to fit R_X86_64_32S failed" it seems that these relocations are often for jump tables. this commit workarounds it with --size-level=0. an alternative is to disable jump tables. (although it seems that jump tables are not the only source of these relocations.) cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/3035 it might be better to do this in wamrc itself. however, currently target info is not available there in case of native compilation. related: https://github.com/bytecodealliance/wasm-micro-runtime/issues/3356 * wamr-compiler: size_level=0 for sgx mode cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/3035 * fix: improve error handling of snprintf() in send_thread_stop_status() (#4234) Prevent `MAX_PACKET_SIZE - len` from overflowing. * Don't call os_thread_get_stack_boundary unless we actually use it (#4264) Previously, if the user sets their own stack boundary, we still compute the thread stack boundary (which is expensive), then immediately discard the result. This change makes the expensive call only if we need it for sure. * CI: make macos' build_samples_wasm_c_api similar to ubuntu (#4253) * avoid access null pointer (#4262) * disable compiler to prevent get_current_target() crash (#4251) * product-mini/platforms/windows: set C++17 explicitly (#4269) The recent LLVM uses std::optional, which is C++17. * fix buf checking in load_table_section (#4276) Signed-off-by: Su Yihan <yihan.su@intel.com> * Refactor fast-interpreter SIMD compilation flags (#4261) - enable SIMD flag by default unless hardware limitation - use SIMDE flag to control fast-interpreter behavior * Bypass wamr_ide-related components from the release process. (#4268) Mostly because of some observations: - There is no actual usage reported. - Both ide-ext and ide-docker-image have not been maintained for quite a while. - At the very least, there is no need to recompile it every time when there are no modifications. * Set CMAKE_OSX_SYSROOT when building lldb (#4274) CMake 4 no longer sets the CMAKE_OSX_SYSROOT variable by default, causing the lldb build to fail after all GitHub-hosted runners have been upgraded to CMake 4. As a workaround, the variable is set using CMake command line options. There is a PR to fix this issue in the llvm-project: https://github.com/llvm/llvm-project/pull/138020. We might want to remove this workaround after that PR has been merged. * Check for WASM_ENABLE_SIMDE in a couple more places (#4266) For WAMR users who don't use cmake, it's possible that WASM_ENABLE_SIMD is set when WASM_ENABLE_SIMDE isn't. This was causing build failures. * Add error handling for sgx ci (#4222) > Process completed with exit code 143. It will attempt to run spec test scripts three times if they end with code 143. It is a known issue with GitHub-hosted runners. Usually, increasing the swap file can help avoid it. However, sometimes error 143 still occurs. To prevent confusion, let's capture error 143 and allow the CI to pass. * Add select 128 (#4236) Add select 128 * Merge commit from fork * Update version to 2.3.0 (#4171) - Update version to 2.3.0 - Update RELEASE_NOTES.md. Remove commits that forget to squash when PRs were merged, and some updates on commit messages --------- Co-authored-by: James Marsh <mrshnja@amazon.co.uk> Co-authored-by: liang.he@intel.com <liang.he@intel.com> Co-authored-by: TianlongLiang <111852609+TianlongLiang@users.noreply.github.com> * Fix SIMD load lane to avoid incompatible pointer types (#4278) * Fixed unit tests on X86_32 (#4279) * fix unit tests on x86_32 * enbale wasm-c-api unit test on X86_32 * enable aot-stack-frame unit test on X86_32 * add ci: unit tests on X86_32 * feat(yml): Add ESP32-P4 and ESP32-C5 support (#4270) - Add ESP32-P4 and ESP32-C5 support - Support for compiler options of different floating-point types in various RISC-V chips * build(deps): Bump github/codeql-action from 3.28.17 to 3.28.18 (#4285) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.17 to 3.28.18. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.17...v3.28.18) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Improve Embedding WAMR guideline (#4263) (#4284) * Fix CMakeList example by adding -lm * Add bh_read_file inclusion to CMakeList * replace non-existing read_binary_to_buffer() to existing bh_read_file_to_buffer() * add #include initialization Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> * add a sample to use cmake package (#4291) - add a sample to use cmake package * feat: Add instruction metering for interpreter (#4122) - add instruction metering support with execution limit - initialize instruction execution limit in exec_env - docs: add instruction metering section to build_wamr documentation * Fix Compiler Error C2491 (#4286) > Data, static data members, and functions can be declared as `dllimports` but not defined as `dllimports`. https://learn.microsoft.com/en-us/cpp/error-messages/compiler-errors-1/compiler-error-c2491?view=msvc-170 * Revert the location to install public headers (#4295) This partly reverts "Cmake improvements". (https://github.com/bytecodealliance/wasm-micro-runtime/pull/4076) Recently we changed the location to install public headers. For example, Old: include/wasm_export.h New: include/iwasm/wasm_export.h For cmake-based user applications using find_package(iwasm), the cmake package, namely target_include_directories(INSTALL_INTERFACE), is expected to add necessary compiler options like -isystem automatically. (See samples/printversion for an example of such user applications.) However, in reality, not every user application uses cmake. This commit reverts the location to install public headers for now, to avoid breakage for non-cmake user applications. In case we want to re-apply the location change in future, we should better communicate to the users. (eg. document migration proceduces in release notes.) Fixes: https://github.com/bytecodealliance/wasm-micro-runtime/issues/4290 References: https://cmake.org/cmake/help/latest/prop_tgt/INTERFACE_INCLUDE_DIRECTORIES.html * Enhance type checking for function types in loader and improve error handling (#4294) Especially when GC is enabled, a valid item of `module->types` needs additional checks before casting to WASMFuncType. Also, avoid overflowing if reftype_map_count is 0. Additionally, correctly set IN_OSS_FUZZ based on CFLAGS_ENV for sanitizer configuration. Update ASan and UBSan messages for clarity in non-oss-fuzz environments. * Dockerfile.vx-delegate build error fix (#4273) - specify tensorflow version & bugfix * Enable runtime API exposure for MSVC builds (#4287) * updating WASI stdio handle initialization and build options for UVWASI (#4260) * Bump version to 2.3.1 and update release notes (#4303) * Fix a linking error caused by commit #3580d1 (#4311) > Fix a release-blocking issue --- Like: ``` vmlib.lib(blocking_op.obj) : error LNK2019: unresolved external symbol __imp_wasm_runtime_begin_blocking_op referenced in function blocking_op_close [D:\a\wasm-micro-runtime\wasm-micro-runtime\wamr-compiler\build\wamrc.vcxproj] vmlib.lib(blocking_op.obj) : error LNK2019: unresolved external symbol __imp_wasm_runtime_end_blocking_op referenced in function blocking_op_close [D:\a\wasm-micro-runtime\wasm-micro-runtime\wamr-compiler\build\wamrc.vcxproj] ``` * add load_by_name in wasi-nn (#4298) * build(deps): Bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#4315) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`f49aabe0b5...05b42c6244`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump uvwasi to latest commit #392e1f1 (#4312) * wasi_nn_openvino.c: fix a few printf formats (#4310) * wasi-nn: remove "backends" argument from detect_and_load_backend() (#4309) it seems meaningless and quite confusing to access a table with two aliases ("lookup" and "backends") within a function. no functional changes are intended. * fix wasi-nn abi definitions (#4307) sync with a more appropriate version of the definitions. as we use the "wasi_ephemeral_nn", which is p1-based, it seems more appropriate to use definitions from witx, not wit. it's a bit unfortunate p2-based wasi-nn made gratuitous changes like this from p1. note: this is an ABI change. * wasi-nn: fix shared library filenames for macOS (#4306) tested with openvino * wasi_nn_openvino.c: make this buildable (#4305) * handle nullable heap reference types in import section (#4302) * wasi-nn: protect the backend lookup table with a lock (#4319) this would avoid potential issues when multiple instances happen to make an attempt to load a backend at the same time. Fixes: https://github.com/bytecodealliance/wasm-micro-runtime/issues/4314 * wasi_nn.h: add import_name attribute (#4328) this would fix undefined symbol errors by making it clear these functions are imported. references: `e2c698c7e8/llvm/lib/MC/WasmObjectWriter.cpp (L1798-L1799)` `e2c698c7e8/llvm/lib/Object/WasmObjectFile.cpp (L749-L752)` `e2c698c7e8/lld/wasm/Symbols.cpp (L203)` `e2c698c7e8/lld/wasm/Relocations.cpp (L36-L40)` * wasi-nn: remove unused wasi_nn_dump_tensor_dimension prototype (#4325) * Add wamrc compilation into Windows CI workflow (#4327) +formatting * Update binary compression steps to follow symlinks for actual files (#4321) By default, zip follows symbolic links and includes the actual files or directories they point to in the archive. * Update Dockerfile for Zephyr SDK and Zephyr-project versioning (#4335) Use a minimum manifest to reduce time consumption * Collective fix: fix some typos (#4337) * wasi-nn: move some host-only things out of wasi_nn_types.h (#4334) cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4324 * wasi-nn: fix the size of tensor->type (#4333) * this enum is (@witx tag u8) in witx * it seems that some wasm modules actually use non-zero padding and cause errors * it's a bad practice to use C enum for ABI description anyway * remove temporary wasi-libc build steps from CI workflows (#4343) Ref: https://github.com/bytecodealliance/wasm-micro-runtime/pull/2465 * wasi_nn.h: make this compatible with wasi_ephemeral_nn (#4330) - wasi_nn.h: make this compatible with wasi_ephemeral_nn cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4323 - fix WASM_ENABLE_WASI_EPHEMERAL_NN build this structure is used by host logic as well. ideally definitions for wasm and host should be separated. until it happens, check __wasm__ to avoid the breakage. * wasi-nn: do not assign wasi_nn_ctx->backend multiple times (#4329) * build(deps): Bump github/codeql-action from 3.28.18 to 3.28.19 (#4346) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.18 to 3.28.19. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.18...v3.28.19) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * wasi_socket_ext.c: avoid tls to make this library-friendly (#4338) * Enable aot memory64 sw bounds checks by default (#4350) - enable aot memory64 sw bounds checks by default * build(deps): Bump requests from 2.32.3 to 2.32.4 in /build-scripts (#4349) Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * wasi_nn_types.h: remove a seemingly stale comment (#4348) * add heap-type check for GC when ref.null (#4300) - According to [Link 1](https://webassembly.github.io/gc/core/valid/instructions.html#xref-syntax-instructions-syntax-instr-ref-mathsf-ref-null-mathit-ht), we must ensure that the heap type is valid when ref.null. - According to [Link 2](https://webassembly.github.io/gc/core/valid/types.html#heap-types), a heap type is considered valid if it is either a concrete heap type or an abstract heap type. However, in this function, the check for abstract heap types (absheaptype) was clearly missing, so this condition needs to be added explicitly in the if statement. - When GC is disabled, no change is needed. - When GC is enabled, heap types in WAMR are LEB-encoded values ([Link 3](https://webassembly.github.io/gc/core/appendix/index-types.html)). Therefore, we must use read_leb_int32 to parse the heap type correctly. And we can compute the original type1 using type1 = (uint8)((int32)0x80 + heap_type);. * wamr-wasi-extensions: add a cmake package to provide our wasi extension (#4344) * wasi_ephemeral_nn.h: add a convenience wrapper header * wamr-wasi-extensions: add a cmake package to provide our wasi extension the sample app was tested with: * wasmtime * iwasm with https://github.com/bytecodealliance/wasm-micro-runtime/pull/4308 currently only contains wasi-nn. maybe it makes sense to add lib-socket things as well. cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4288 * wasi_nn_openvino.c: remove the tensor layout adjustment logic (#4308) the logic in question seems like an attempt to work around some application bugs. my wild guess is that it was for classification-example. cf. https://github.com/bytecodealliance/wasmtime/issues/10867 * Update type validation in load_table_import() and load_table() (#4296) Prevent from value type. https://webassembly.github.io/spec/core/valid/types.html#table-types https://webassembly.github.io/gc/core/syntax/types.html#reference-types * Follow #4268 to deprecate wamr_ide-related components (#4341) refer to: Bypass wamr_ide-related components from the release process. (#4268) * clean up incompatible running mode checks in test script and ci (#4342) Rearrange the content of do_execute_in_running_mode() in alphabetical order. Add an incompatible check for x86_32. Now, all belows will be bypassed: - jit, fast-jit, multi-tier-jit - memory64 - multi-memory - simd * Update WABT downloads URL (#4357) Plus, skip unsupported running mode instead quit during wamr compiler test * Modify AOT static PGO to conform to llvm-18 and add a CI job to test static PGO on the coremark benchmark (#4345) * static PGO compatible with llvm18 and add CI job to test static PGO on coremark benchmark * update comments and warning info, bitmaps section in llvm profdata shouldn't be used in PGO * Collective fix for typos and minor bugs (#4369) * wasi-nn: fix backend leak on multiple loads (#4366) cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4340 * build(deps): Bump github/codeql-action from 3.28.19 to 3.29.0 (#4371) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.19 to 3.29.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.19...v3.29.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add validation for array type in load_init_expr(GC only) (#4370) * wasi_nn_openvino.c: remove broken xml check (#4365) `xml.buf[xml.size]` check is broken because it accesses past the end of the buffer. anyway, openvino doesn't seem to care the NUL termination. * wamr-wasi-extensions: add lib-socket things (#4360) * improve installation steps for wasi-sdk and wabt on Windows (#4359) * wasi_ephemeral_nn.h: prefix identfiers to avoid too generic names (#4358) * wasi_nn_openvino.c: add a missing buffer overflow check in get_output (#4353) cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4351 * send an empty/error reply from server (#4362) Signed-off-by: Su Yihan <yihan.su@intel.com> * wasi_nn_openvino.c: remove pre/postprocessing and layout assumptions (#4361) as wasi-nn doesn't have these concepts, the best we can do without risking breaking certain applications here is to pass through tensors as they are. this matches wasmtime's behavior. tested with: * wasmtime classification-example (with this change, this example fails on tensor size mismatch instead of implicitly resizing it.) * license-plate-recognition-barrier-0007, a converted version with non-fp32 output. [1] (with this change, this model outputs integers as expected.) [1] `cd7ebe313b/models/public/license-plate-recognition-barrier-0007` * add nn-cli example (#4373) an example application with flexible cli options which aims to allow us to perform any wasi-nn operations. eg. ``` --load-graph=file=fixture/model.xml,file=fixture/model.bin,id=graph --init-execution-context=graph-id=graph,id=ctx --set-input=file=fixture/tensor.bgr,context-id=ctx,dim=1,dim=3,dim=224,dim=224 --compute=context-id=ctx --get-output=context-id=ctx,file=output.bin ``` * wasi-nn: apply the shared library hack to darwin as well (#4374) copied from the linux version. i'm a bit skeptical with this workaround though. it might be simpler to prohibit the use of wamr api in these shared libraries. after all, what these libraries do is nothing specific to wasm. * wasi-nn: don't try to deinit uninitialized backend (#4375) cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4339 * core/iwasm/libraries/wasi-nn/test/build.sh: add a tip for intel mac (#4389) i keep forgetting this and had to re-investigate it at least twice. hopefully this can be helpful for others too. * wasi_nn_tensorflowlite.cpp: reject non-fp32 input earlier (#4388) this backend assumes fp32 here and there. it's safer to reject unexpected inputs explicitly. * Fix several issues related to night-run CI and test scripts. (#4385) - remove duplicated options - fix test script - change ci to use binary * core/iwasm/libraries/wasi-nn/test: use the correct version of keras (#4383) --------- Signed-off-by: Huang Qi <huangqi3@xiaomi.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> Signed-off-by: buxiasen <buxiasen@xiaomi.com> Signed-off-by: Su Yihan <yihan.su@intel.com> Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> Co-authored-by: Huang Qi <huangqi3@xiaomi.com> Co-authored-by: Marcin Kolny <mkolny@amazon.com> Co-authored-by: TianlongLiang <111852609+TianlongLiang@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wenyong Huang <wenyong.huang@intel.com> Co-authored-by: Xavier Del Campo <90845888+midokura-xavi92@users.noreply.github.com> Co-authored-by: Tomáš Malý <malytomas@users.noreply.github.com> Co-authored-by: Viacheslav Palchikov <palchikov@gmail.com> Co-authored-by: yangkun27 <yangkun27@xiaomi.com> Co-authored-by: Jérôme Vouillon <jerome.vouillon@gmail.com> Co-authored-by: peter-tatrai <peter.tatrai.ext@siemens.com> Co-authored-by: eric <chenliuyang_1989@163.com> Co-authored-by: TL <tianlong.liang@intel.com> Co-authored-by: jia xiang <58927968+Jiax-cn@users.noreply.github.com> Co-authored-by: xiangjia.xj <xiangjia.xj@alibaba-inc.com> Co-authored-by: Georgii Rylov <godjan@amazon.co.uk> Co-authored-by: Jesse Wilson <jwilson@squareup.com> Co-authored-by: Zhen Kong <zhkon@microsoft.com> Co-authored-by: James Ring <sjr@jdns.org> Co-authored-by: James Marsh <mrshnja@amazon.co.uk> Co-authored-by: jammar1 <108334558+jammar1@users.noreply.github.com> Co-authored-by: Maks Litskevich <makslit@amazon.com> Co-authored-by: Marcin Kolny <marcin.kolny@gmail.com> Co-authored-by: buxiasen <buxiasen@xiaomi.com> Co-authored-by: dongsheng28849455 <68947925+dongsheng28849455@users.noreply.github.com> Co-authored-by: zhanheng1 <Zhanheng.Qin@sony.com> Co-authored-by: Raul Hernandez <raul.hernandez@spaceface.dev> Co-authored-by: YAMAMOTO Takashi <yamamoto@midokura.com> Co-authored-by: a seven <w4454962@users.noreply.github.com> Co-authored-by: Zhenwei Jin <109658203+kylo5aby@users.noreply.github.com> Co-authored-by: Liu Jia <jia3.liu@intel.com> Co-authored-by: Chris Woods <6069113+woodsmc@users.noreply.github.com> Co-authored-by: Su Yihan <yihan.su@intel.com> Co-authored-by: ChenWen <63690793+cwespressif@users.noreply.github.com> Co-authored-by: Krisztian <34309983+kr-t@users.noreply.github.com> Co-authored-by: Alix ANNERAUD <alix@anneraud.fr> Co-authored-by: hongxia <103626902+HongxiaWangSSSS@users.noreply.github.com>		2025-06-20 09:52:46 +08:00
..
non-sgx-verify	Merge main to dev zephyr (#4384 )	2025-06-20 09:52:46 +08:00
wasm-app	Merge main to dev zephyr (#4384 )	2025-06-20 09:52:46 +08:00
CMakeLists.txt	Merge main to dev zephyr (#4384 )	2025-06-20 09:52:46 +08:00
README.md	Clarify how to verify SGX evidence without an Intel SGX-enabled platform (#3158 )	2024-02-17 18:44:22 +08:00

README.md

"sgx-ra" sample introduction

This sample demonstrates how to execute Remote Attestation on SGX with librats and run it with iwasm. It can only build on SGX supported processors, please check it.

Preparation

SGX-RA requires to have installed:

the WASI-SDK, located in /opt/wasi-sdk

Intel SGX dependencies

Before starting, we need to download and install SGX SDK and SGX DCAP Library referring to this guide.

The following commands are an example of the SGX environment installation on Ubuntu 20.04.

# Set your platform, you can get the platforms list on
# https://download.01.org/intel-sgx/latest/linux-latest/distro
$ cd $HOME
$ OS_PLATFORM=ubuntu20.04
$ OS_CODE_NAME=`lsb_release -sc`
$ SGX_PLATFORM=$OS_PLATFORM-server
$ SGX_RELEASE_VERSION=1.17
$ SGX_DRIVER_VERSION=1.41
$ SGX_SDK_VERSION=2.20.100.4

# install the dependencies
$ sudo apt-get update
$ sudo apt-get install -y build-essential ocaml automake autoconf libtool wget python3 libssl-dev dkms zip cmake
$ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1

# install SGX Driver
$ wget https://download.01.org/intel-sgx/sgx-dcap/$SGX_RELEASE_VERSION/linux/distro/$SGX_PLATFORM/sgx_linux_x64_driver_$SGX_DRIVER_VERSION.bin
$ chmod +x sgx_linux_x64_driver_$SGX_DRIVER_VERSION.bin
$ sudo ./sgx_linux_x64_driver_$SGX_DRIVER_VERSION.bin

# install SGX SDK
$ wget https://download.01.org/intel-sgx/sgx-dcap/$SGX_RELEASE_VERSION/linux/distro/$SGX_PLATFORM/sgx_linux_x64_sdk_$SGX_SDK_VERSION.bin
$ chmod +x sgx_linux_x64_sdk_$SGX_SDK_VERSION.bin
$ sudo ./sgx_linux_x64_sdk_$SGX_SDK_VERSION.bin --prefix /opt/intel

# install SGX DCAP Library
$ echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $OS_CODE_NAME main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list
$ wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add
$ sudo apt-get update
$ sudo apt-get install -y libsgx-epid libsgx-quote-ex libsgx-dcap-ql libsgx-enclave-common-dev libsgx-dcap-ql-dev libsgx-dcap-default-qpl-dev libsgx-dcap-quote-verify-dev

# install SGX SSL Library
$ git clone https://github.com/intel/linux-sgx.git
$ cd linux-sgx && make preparation
$ sudo cp external/toolset/$OS_PLATFORM/* /usr/local/bin
$ # Verify that the paths are correctly set
$ which ar as ld objcopy objdump ranlib
$ cd ../
$ git clone https://github.com/intel/intel-sgx-ssl.git
$ wget https://www.openssl.org/source/openssl-1.1.1v.tar.gz -O intel-sgx-ssl/openssl_source/openssl-1.1.1v.tar.gz
$ cd intel-sgx-ssl/Linux
$ source /opt/intel/sgxsdk/environment
$ make all
$ sudo make install

You can optionally grant users to communicate with the SDK platform using the following command. Otherwise, enclaves must be launched with root privileges.

sudo usermod -a -G sgx_prv <username>

Intel Provisioning Certification Service (Intel PCS)

Intel DCAP connects to Intel PCS to download the attestation collateral for SGX-enabled machines. Intel provides a quick install guide to set up a simplified environment. This section summarizes the commands to issue for setting up a working environment on Ubuntu 20.04.

Intel SGX DCAP requires a complimentary subscription to the Intel PCS. To subscribe to the service, browse the Intel SGX Software Services page. A the end of the subscription process, save the primary and the secondary keys.

Set up the Intel Provisioning Certification Caching Service (Intel PCCS)

Intel PCCS is a caching mechanism for attestation collateral, preventing continuously communicating with Intel PCS during attestation. Intel provides an implementation of the cache mechanism.

The following commands set up Intel PCCS.

# install Node.js
$ sudo apt install -y curl cracklib-runtime
$ curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs
# install PCCS software
$ sudo apt-get install -y sgx-dcap-pccs

The installation will run the PCCS setup script, asking you several questions.

Do you want to configure PCCS now? (Y/N)

Answer "Y" to this question.

Set HTTPS listening port [8081] (1024-65535)

Accept the default listening port of 8081.

Set the PCCS service to accept local connections only? [Y] (Y/N)

Answer "N" to this question. We want the PCCS service to accept connections from other systems.

Set your Intel PCS API key (Press ENTER to skip)

Enter either your primary or secondary key retrieved from the previous subsection. If you already subscribed, you can retrieve them here.

Choose caching fill method : [LAZY] (LAZY/OFFLINE/REQ)

Answer "REQ" to this question. This places the caching service in the "on request" mode, which means it will fetch the attestation collateral for hosts as provisioning requests are received.

Set PCCS server administrator password:
Re-enter administrator password:
Set PCCS server user password:
Re-enter user password:

Enter two passwords for the PCCS server.

Do you want to generate insecure HTTPS key and cert for PCCS service? [Y] (Y/N)

Answer "Y" to this question.

Provisioning the current system's Intel SGX collateral into the PCCS

Now that the PCCS is up and running, it's time to provision an Intel SGX-enabled platform. We use the tool PCKIDRetrievalTool to get the attestation collateral of the current machine.

$ sudo apt-get install -y sgx-pck-id-retrieval-tool

Adapt the configuration file of PCKIDRetrievalTool located in /opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf and make the following changes:

Change the PCCS_URL to match your caching service's location.
Uncomment the user_token parameter, and set it to the user password you created when configuring the PCCS.
Set the proxy_type to fit your environment (most likely, this will be direct)
Ensure USE_SECURE_CERT is set to FALSE since we're using a self-signed certificate for testing purposes.

Save your changes and run the provisioning tool.

$ sudo PCKIDRetrievalTool
Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.17.100.4

Registration status has been set to completed status.
the data has been sent to cache server successfully and pckid_retrieval.csv has been generated successfully!

You may get some warnings during this execution of the tool. A correct insertion into the cache server usually means the retrieval of the attestation collateral worked. Execute the following command to verify the collateral could be stored in your instance of Intel PCCS:

curl -k https://localhost:8081/sgx/certification/v3/qe/identity

This should print a JSON value with the attestation collateral.

Runtime configuration

Edit the configuration file, /etc/sgx_default_qcnl.conf, and make the following changes:

Set the PCCS_URL parameter to the location of our PCCS server.
Set USE_SECURE_CERT to FALSE since we're using a self-signed certificate for testing purposes.

This system is now ready to run Intel SGX workloads with generate evidence for remote attestation.

Build and executing the sample

$ mkdir build && cd build
$ cmake ..
$ make
$ # run the sample
$ ./iwasm wasm-app/test.wasm

The sample will print the evidence in JSON and the message: Evidence is trusted.

In case of validation issues expressed as a value of 0xeXXX, the corresponding error reason is explained in this header file.

Validate quotes on non-SGX platforms

Quotes created on an Intel SGX platform can also be verified on systems that do not support SGX (e.g., a different CPU architecture). This scenario typically arises when deploying trusted applications in a cloud environment, which provides confidential computing.

For that purpose, we are required to install a subset of Intel SGX libraries to support quote validation. The steps below highlight how to set up such an environment.

Intel SGX dependencies

$ OS_CODE_NAME=`lsb_release -sc`
# install SGX DCAP Library
$ echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $OS_CODE_NAME main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list
$ wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add
$ sudo apt-get update
$ sudo apt-get install -y libsgx-quote-ex libsgx-dcap-ql libsgx-dcap-quote-verify libsgx-dcap-default-qpl

Set up the Intel Provisioning Certification Caching Service (Intel PCCS)

Follow the steps described in the section Set up the Intel Provisioning Certification Caching Service (Intel PCCS).

Runtime configuration

Follow the steps described in the section Runtime configuration.

Provisioning all the Intel SGX collateral into the PCCS

We must finally fetch and configure the SGX collaterals into the PCCS for all the SGX-enabled CPUs.

# Set up the Intel PCCS administration tool
$ git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git
$ cd SGXDataCenterAttestationPrimitives/tools/PccsAdminTool
$ sudo apt-get install -y python3 python3-pip
$ pip3 install -r requirements.txt

# Configuring the Intel PCCS. Input the PCS/PCCS password as requested.
# 1. Get registration data from PCCS service
./pccsadmin.py get
# 2. Fetch platform collateral data from Intel PCS based on the registration data
./pccsadmin.py fetch
# 3. Put platform collateral data or appraisal policy files to PCCS cache db
./pccsadmin.py put
# 4. Request PCCS to refresh certificates or collateral in cache database
./pccsadmin.py refresh

Validation of the quotes

The Wasm application can then be modified to validate precomputed quotes using the exposed function librats_verify.

Alternatively, the underlying library librats may be directly used if the non-SGX platforms do not execute WebAssembly code (without WAMR). Examples are provided in the directory non-sgx-verify/.

Claims validation

Once the runtime has validated the signature of the quote, the application must also check the other claims embedded in the quote to ensure they match their expected value.

The documentation Data Center Attestation Primitives: Library API describes in Section 3.8 Enclave Identity Checking defines the claims for the user to check. Here is a summary of them:

Enclave Identity Checking: either check the hash MRENCLAVE (the enclave identity) or MRSIGNER and the product id (the software provider identity).
Verify Attributes: production enclaves should not have the Debug flag set to 1.
Verify SSA Frame extended feature set
Verify the ISV_SVN level of the enclave: whenever there is a security update to an enclave, the ISV_SVN value should be increased to reflect the higher security level.
Verify that the ReportData contains the expected value: This can be used to provide specific data from the enclave or it can be used to hold a hash of a larger block of data which is provided with the quote. Note that the verification of the quote signature confirms the integrity of the report data (and the rest of the REPORT body).

README.md

"sgx-ra" sample introduction

Preparation

Intel SGX dependencies

Intel Provisioning Certification Service (Intel PCS)

Subscribe to Intel PCS Web services

Set up the Intel Provisioning Certification Caching Service (Intel PCCS)

Provisioning the current system's Intel SGX collateral into the PCCS

Runtime configuration

Build and executing the sample

Validate quotes on non-SGX platforms

Intel SGX dependencies

Set up the Intel Provisioning Certification Caching Service (Intel PCCS)

Runtime configuration

Provisioning all the Intel SGX collateral into the PCCS

Validation of the quotes

Claims validation

Further readings