-
Added
install_lucet_signal_handler()
andremove_lucet_signal_handler()
, along withInstance::ensure_signal_handler_installed()
andInstance::ensure_sigstack_installed()
options to control the automatic installation and removal of signal handlers and alternate signal stacks. The default behaviors have not changed. -
Added
Instance::run_start()
to the public API, which runs the Wasm start function if it is present in that instance's Wasm module. It does nothing if there is no start function.Creating or resetting an instance no longer implicitly runs the start function. Embedders must ensure that
run_start()
is called before calling any other exported functions.Instance::run()
will now returnErr(Error::InstanceNeedsStart)
if the start function is present but hasn't been run since the instance was created or reset. -
Encoded the Wasm start function in Lucet module metadata, rather than as a specially-named symbol in the shared object. This reduces contention from
dlsym
operations when multiple threads run Lucet instances concurrently. -
Upgraded the
libloading
dependency, allowing for more specific error messages from dynamic loading operations. -
Corrected a race condition where a
KillSwitch
fired while lucet-runtime is handling a guest fault could result in a SIGALRM or panic in the Lucet embedder. -
Converted the
&mut Vmctx
argument to hostcalls into&Vmctx
. Additionally, allVmctx
methods now take&self
, where some methods such asyield
previously took&mut self
. These methods still require that no other outstanding borrows (such as the heap view) are held across them, but that property is checked dynamically rather than at compile time. -
Added the field
hostcall_reservation
toLimits
to specify an amount of stack space Lucet will ensure is available when making a hostcall.hostcall_reservation
defaults to 32KiB. If there is less than the configured amount of stack space when making a hostcall, the instance will fault in the same way as any other guest-code stack overflow. -
Added
terminate_on_heap_oom
as an option for instances. This causes instances to terminate with an OOM-specific termination value rather than returning-1
when amemory.grow
instruction fails. -
Lucet will no longer try to translate
wiggle::Trap
to primitives forlucet_hostcall_terminate!
. Instead, the underlyingwiggle::Trap
is passed directly to the embedder.
-
Added metadata to compiled modules that record whether instruction counting instrumentation is present.
-
Made
lucetc
more flexible in its interpretation of theLD
environment variable. It now accepts a space-separated set of tokens; the first token specifies the program to invoke, and the remaining tokens specifying arguments to be passed to that program. Thanks, @froydnj! -
Added public
LucetcOpt
methods to configure thecanonicalize_nans
setting. Thanks, @roman-kashitsyn! -
Fixed
lucet-runtime
's use of CPUID to not look for extended features unless required by the module being loaded, avoiding a failure on older CPUs where that CPUID leaf is not present. Thanks, @shravanrn!
-
Added
free_slots()
,used_slots()
, andcapacity()
methods to theRegion
trait. -
Added a check to ensure the
Limits
signal stack size is at leastMINSIGSTKSZ
, and increased the default signal stack size on macOS debug builds to fit this constraint. -
Added an option to canonicalize NaNs to the
lucetc
API. Thanks, @DavidM-D! -
Restored some of the verbosity of pretty-printed errors in
lucetc
andlucet-validate
, with more on the way. -
Fixed OS detection for LDFLAGS on macOS. Thanks, @roman-kashitsyn!
- Fixed a memory corruption bug that could arise in certain runtime configurations. (PR) (RustSec advisory)
-
Lucet officially became a project of the Bytecode Alliance 🎉.
-
Integrated
wasi-common
as the underlying implementation for WASI inlucet-wasi
. -
Updated to Cranelift to version 0.51.0.
-
Fixed a soundness bug by changing the types of the
Vmctx::yield*()
methods to require exclusive&mut self
access to theVmctx
. This prevents resources like embedder contexts or heap views from living across yield points, which is important for safety since the host can modify the data underlying those resources while the instance is suspended. -
Added the
#[lucet_hostcall]
attribute to replacelucet_hostcalls!
, which is now deprecated. -
Added the ability to specify an alignment for the base of a
MmapRegion
-backed instance's heap. Thanks, @shravanrn! -
Added a
--target
option tolucetc
to allow cross-compilation to other architectures than the host's. Thanks, @froydnj! -
Changed the Cargo dependencies between Lucet crates to be exact (e.g.,
"=0.5.0"
rather than"0.5.0"
) rather than allowing semver differences. -
Fixed the
KillSwitch
type not being exported from the public API, despite being usable viaInstance::kill_switch()
. -
Improved the formatting of error messages.
-
Ensured the
lucet-wasi
executable properly links in the exported symbols fromlucet-runtime
.
- Backported the fix for a memory corruption bug that could arise in certain runtime configurations. (PR) (RustSec advisory)