Wasmtime

Released 2021-09-17.

Security Fixes

* [CVE-2021-39216](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf):
Fixed a use after free passing `externref`s to Wasm in Wasmtime.

* [CVE-2021-39218](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49):
Fixed an out-of-bounds read/write and invalid free with `externref`s and GC
safepoints in Wasmtime.

* [CVE-2021-39219](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx):
Fixed a bug where using two different `Engine`s with the same `Linker`-define
functions caused unsafety without `unsafe` blocks.

Added

* Added experimental support for the in-progress 64-bit memories Wasm proposal.

* Added support to build Wasmtime without the compiler. This lets you run
pre-compiled Wasm modules, without the ability (or potential attack surface)
of compiling new Wasm modules. The compilation functionality is gated by the
on-by-default `cranelift` cargo feature.

* Added support for NaN canonicalization with SIMD vectors.

* Added support for differential fuzzing against V8's Wasm engine.

* Added support for fuzzing against the Wasm spec interpreter.

* Enabled SIMD fuzzing on oss-fuzz.

Changed

* A variety of performance improvements to loading pre-compiled modules.

* A variety of performance improvements to function calls, both through Rust and
the C API.

* Leaf functions that do not use the stack no longer bump the frame pointer on
aarch64 and s390x.

* Many updates and expanded instruction support to the in-progress CLIF
interpreter.

* Expanded fuzzing of reference types and GC.

Fixed

* A number of fixes to both aarch64 and x86_64 support for the Wasm SIMD
proposal and the underlying CLIF vector instructions.

* Fixed a potential infinite loop in the SSA computation for
`cranelift-frontend`. This was not reachable from `cranelift-wasm` or
Wasmtime, but might have affected general Cranelift users.

Removed

* The `wasmtime wasm2obj` subcommand has been removed. Generating raw object
files for linking natively is no longer supported. Use the `wasmtime compile`
subcommand to pre-compile a Wasm module and `wasmtime run` to run pre-compiled
Wasm modules.

Released 2021-08-02.

Changed

* Instance exports are now loaded lazily from instances instead of eagerly as
they were before. This is an internal-only change and is not a breaking
change.
[2984](https://github.com/bytecodealliance/wasmtime/pull/2984)

* All linear memories created by Wasmtime will now, by default, have guard pages
in front of them in addition to after them. This is intended to help mitigate
future bugs in Cranelift, should they arise.
[2977](https://github.com/bytecodealliance/wasmtime/pull/2977)

* Linear memories now correctly support a maximum size of 4GB. Previously, the
limit field was 32 bits, which did not properly support a full 4GB memory.
This update is also a necessary change in preparation for future memory64
support.
[3013](https://github.com/bytecodealliance/wasmtime/pull/3013)
[3134](https://github.com/bytecodealliance/wasmtime/pull/3134)

* Injection counts of fuel into a `wasmtime::Store` now uses a u64 instead of a
u32.
[3048](https://github.com/bytecodealliance/wasmtime/pull/3048)

Added

* Support for `i128` has improved in the AArch64 backend.
[2959](https://github.com/bytecodealliance/wasmtime/pull/2959)
[2975](https://github.com/bytecodealliance/wasmtime/pull/2975)
[2985](https://github.com/bytecodealliance/wasmtime/pull/2985)
[2990](https://github.com/bytecodealliance/wasmtime/pull/2990)
[3002](https://github.com/bytecodealliance/wasmtime/pull/3002)
[3004](https://github.com/bytecodealliance/wasmtime/pull/3004)
[3005](https://github.com/bytecodealliance/wasmtime/pull/3005)
[3008](https://github.com/bytecodealliance/wasmtime/pull/3008)
[3027](https://github.com/bytecodealliance/wasmtime/pull/3027)

* The s390x backend now supports z14 and atomics.
[2988](https://github.com/bytecodealliance/wasmtime/pull/2988)
[2991](https://github.com/bytecodealliance/wasmtime/pull/2991)

* The `wasmtime::Linker` type now implements `Clone`.
[2993](https://github.com/bytecodealliance/wasmtime/pull/2993)

* Support for the SIMD proposal on both x86\_64 and AArch64 has improved. On
x86\_64, all SIMD opcodes are now supported.
[2997](https://github.com/bytecodealliance/wasmtime/pull/2997)
[3035](https://github.com/bytecodealliance/wasmtime/pull/3035)
[2982](https://github.com/bytecodealliance/wasmtime/pull/2982)
[3084](https://github.com/bytecodealliance/wasmtime/pull/3084)
[3082](https://github.com/bytecodealliance/wasmtime/pull/3082)
[3107](https://github.com/bytecodealliance/wasmtime/pull/3107)
[3105](https://github.com/bytecodealliance/wasmtime/pull/3105)
[3114](https://github.com/bytecodealliance/wasmtime/pull/3114)
[3070](https://github.com/bytecodealliance/wasmtime/pull/3070)
[3126](https://github.com/bytecodealliance/wasmtime/pull/3126)

* A `Trap` can now display its reason without also displaying the backtrace.
[3033](https://github.com/bytecodealliance/wasmtime/pull/3033)

* An initiall fuzzer for CLIF has been added.
[3038](https://github.com/bytecodealliance/wasmtime/pull/3038)

* High-level architecture documentation has been added for Wasmtime.
[3019](https://github.com/bytecodealliance/wasmtime/pull/3019)

* Support for multi-memory can now be configured in Wasmtime's C API.
[3071](https://github.com/bytecodealliance/wasmtime/pull/3071)

* The `wasmtime` crate now supports a `posix-signals-on-macos` feature to force
the usage of signals instead of mach ports to handle traps on macOS.
[3063](https://github.com/bytecodealliance/wasmtime/pull/3063)

* Wasmtime's C API now has a `wasmtime_trap_code` function to get the raw trap
code, if present, for a trap.
[3086](https://github.com/bytecodealliance/wasmtime/pull/3086)

* Wasmtime's C API now has a `wasmtime_linker_define_func` function to define a
store-independent function within a linker.
[3122](https://github.com/bytecodealliance/wasmtime/pull/3122)

* A `wasmtime::Linker::module_async` function was added as the asynchronous
counterpart to `wasmtime::Linker::module`.
[3121](https://github.com/bytecodealliance/wasmtime/pull/3121)

Fixed

* Compiling the `wasmtime` crate into a `dylib` crate type has been fixed.
[3010](https://github.com/bytecodealliance/wasmtime/pull/3010)

* The enter/exit hooks for WebAssembly are now executed for an instance's
`start` function, if present.
[3001](https://github.com/bytecodealliance/wasmtime/pull/3001)

* Some WASI functions in `wasi-common` have been fixed for big-endian platforms.
[3016](https://github.com/bytecodealliance/wasmtime/pull/3016)

* Wasmtime no longer erroneously assumes that all custom sections may contain
DWARF information, reducing instances of `Trap`'s `Display` implementation
providing misleading information to set an env var to get more information.
[3083](https://github.com/bytecodealliance/wasmtime/pull/3083)

* Some issues with parsing DWARF debug information have been fixed.
[3116](https://github.com/bytecodealliance/wasmtime/pull/3116)

Released 2021-06-09.

Changed

* Breaking: Wasmtime's embedding API has been redesigned, as specified in [RFC
11]. Rust users can now enjoy easier times with `Send` and `Sync`, and all
users can now more clearly manage memory, especially in the C API. Language
embeddings have been updated to the new API as well.
[2897](https://github.com/bytecodealliance/wasmtime/pull/2897)

[RFC 11]: https://github.com/bytecodealliance/rfcs/pull/11

Added

* A new `InstancePre` type, created with `Linker::instantiate_pre`, has been
added to perform type-checking of an instance once and reduce the work done
for each instantiation of a module:
[2962](https://github.com/bytecodealliance/wasmtime/pull/2962)

* Deserialization of a module can now optionally skip checking the wasmtime
version string:
[2945](https://github.com/bytecodealliance/wasmtime/pull/2945)

* A method has been exposed to frontload per-thread initialization costs if the
latency of every last wasm call is important:
[2946](https://github.com/bytecodealliance/wasmtime/pull/2946)

* Hooks have been added for entry/exit into wasm code to allow embeddings to
track time and other properties about execution in a wasm environment:
[2952](https://github.com/bytecodealliance/wasmtime/pull/2952)

* A [C++ embedding of Wasmtime has been written][cpp].

[RFC 11]: https://github.com/bytecodealliance/rfcs/pull/11
[cpp]: https://github.com/bytecodealliance/wasmtime-cpp

Fixed

* Multiple returns on macOS AArch64 have been fixed:
[2956](https://github.com/bytecodealliance/wasmtime/pull/2956)

Released 2021-05-21.

Security Fixes

* Fixed a security issue in Cranelift's x64 backend that could result in a heap
sandbox escape due to an incorrect sign-extension:
[2913](https://github.com/bytecodealliance/wasmtime/issues/2913).

Added

* Support for IBM z/Archiecture (`s390x`) machines in Cranelift and Wasmtime:
[2836](https://github.com/bytecodealliance/wasmtime/pull/2836),
[2837](https://github.com/bytecodealliance/wasmtime/pull/2837),
[2838](https://github.com/bytecodealliance/wasmtime/pull/2838),
[2843](https://github.com/bytecodealliance/wasmtime/pull/2843),
[2854](https://github.com/bytecodealliance/wasmtime/pull/2854),
[2870](https://github.com/bytecodealliance/wasmtime/pull/2870),
[2871](https://github.com/bytecodealliance/wasmtime/pull/2871),
[2872](https://github.com/bytecodealliance/wasmtime/pull/2872),
[2874](https://github.com/bytecodealliance/wasmtime/pull/2874).

* Improved async support in wasi-common runtime:
[2832](https://github.com/bytecodealliance/wasmtime/pull/2832).

* Added `Store::with_limits`, `StoreLimits`, and `ResourceLimiter` to the
Wasmtime API to help with enforcing resource limits at runtime. The
`ResourceLimiter` trait can be implemented by custom resource limiters to
decide if linear memories or tables can be grown.

* Added `allow-unknown-exports` option for the run command:
[2879](https://github.com/bytecodealliance/wasmtime/pull/2879).

* Added API to notify that a `Store` has moved to a new thread:
[2822](https://github.com/bytecodealliance/wasmtime/pull/2822).

* Documented guidance around using Wasmtime in multithreaded contexts:
[2812](https://github.com/bytecodealliance/wasmtime/pull/2812).
In the future, the Wasmtime API will change to allow some of its core types
to be Send/Sync; see the in-progress
[2897](https://github.com/bytecodealliance/wasmtime/pull/2897) for details.

* Support calls from native code to multiple-return-value functions:
[2806](https://github.com/bytecodealliance/wasmtime/pull/2806).

Changed

* Breaking: `Memory::new` has been changed to return `Result` as creating a
host memory object is now a fallible operation when the initial size of
the memory exceeds the store limits.

Fixed

* Many instruction selection improvements on x64 and aarch64:
[2819](https://github.com/bytecodealliance/wasmtime/pull/2819),
[2828](https://github.com/bytecodealliance/wasmtime/pull/2828),
[2823](https://github.com/bytecodealliance/wasmtime/pull/2823),
[2862](https://github.com/bytecodealliance/wasmtime/pull/2862),
[2886](https://github.com/bytecodealliance/wasmtime/pull/2886),
[2889](https://github.com/bytecodealliance/wasmtime/pull/2889),
[2905](https://github.com/bytecodealliance/wasmtime/pull/2905).

* Improved performance of Wasmtime runtime substantially:
[2811](https://github.com/bytecodealliance/wasmtime/pull/2811),
[2818](https://github.com/bytecodealliance/wasmtime/pull/2818),
[2821](https://github.com/bytecodealliance/wasmtime/pull/2821),
[2847](https://github.com/bytecodealliance/wasmtime/pull/2847),
[2900](https://github.com/bytecodealliance/wasmtime/pull/2900).

* Fixed WASI issue with file metadata on Windows:
[2884](https://github.com/bytecodealliance/wasmtime/pull/2884).

* Fixed an issue with debug info and an underflowing (trapping) offset:
[2866](https://github.com/bytecodealliance/wasmtime/pull/2866).

* Fixed an issue with unwind information in the old x86 backend:
[2845](https://github.com/bytecodealliance/wasmtime/pull/2845).

* Fixed i32 spilling in x64 backend:
[2840](https://github.com/bytecodealliance/wasmtime/pull/2840).

Released 2021-04-05.

Added

* Added the `wasmtime compile` command to support AOT compilation of Wasm
modules. This adds the `Engine::precompile_module` method. Also added the
`Config::target` method to change the compilation target of the
configuration. This can be used in conjunction with
`Engine::precompile_module` to target a different host triple than the
current one.
[2791](https://github.com/bytecodealliance/wasmtime/pull/2791)

* Support for macOS on aarch64 (Apple M1 Silicon), including Apple-specific
calling convention details and unwinding/exception handling using Mach ports.
[2742](https://github.com/bytecodealliance/wasmtime/pull/2742),
[2723](https://github.com/bytecodealliance/wasmtime/pull/2723)

* A number of SIMD instruction implementations in the new x86-64 backend.
[2771](https://github.com/bytecodealliance/wasmtime/pull/2771)

* Added the `Config::cranelift_flag_enable` method to enable setting Cranelift
boolean flags or presets in a config.

* Added CLI option `--cranelift-enable` to enable boolean settings and ISA presets.

* Deduplicate function signatures in Wasm modules.
[2772](https://github.com/bytecodealliance/wasmtime/pull/2772)

* Optimize overheads of calling into Wasm functions.
[2757](https://github.com/bytecodealliance/wasmtime/pull/2757),
[2759](https://github.com/bytecodealliance/wasmtime/pull/2759)

* Improvements related to Module Linking: compile fewer trampolines;

[2774](https://github.com/bytecodealliance/wasmtime/pull/2774)

* Re-export sibling crates from `wasmtime-wasi` to make embedding easier
without needing to match crate versions.
[2776](https://github.com/bytecodealliance/wasmtime/pull/2776)

Changed

* Switched the default compiler backend on x86-64 to Cranelift's new backend.
This should not have any user-visible effects other than possibly runtime
performance improvements. The old backend is still available with the
`old-x86-backend` feature flag to the `cranelift-codegen` or `wasmtime`
crates, or programmatically with `BackendVariant::Legacy`. We plan to
maintain the old backend for at least one more release and ensure it works on
CI.
[2718](https://github.com/bytecodealliance/wasmtime/pull/2718)

* Breaking: `Module::deserialize` has been removed in favor of `Module::new`.

* Breaking: `Config::cranelift_clear_cpu_flags` was removed. Use `Config::target`
to clear the CPU flags for the host's target.

* Breaking: `Config::cranelift_other_flag` was renamed to `Config::cranelift_flag_set`.

* CLI changes:
* Wasmtime CLI options to enable WebAssembly features have been replaced with
a singular `--wasm-features` option. The previous options are still
supported, but are not displayed in help text.
* Breaking: the CLI option `--cranelift-flags` was changed to
`--cranelift-set`.
* Breaking: the CLI option `--enable-reference-types=false` has been changed
to `--wasm-features=-reference-types`.
* Breaking: the CLI option `--enable-multi-value=false` has been changed to
`--wasm-features=-multi-value`.
* Breaking: the CLI option `--enable-bulk-memory=false` has been changed to
`--wasm-features=-bulk-memory`.

* Improved error-reporting in wiggle.
[2760](https://github.com/bytecodealliance/wasmtime/pull/2760)

* Make WASI sleeping fallible (some systems do not support sleep).
[2756](https://github.com/bytecodealliance/wasmtime/pull/2756)

* WASI: Support `poll_oneoff` with a sleep.
[2753](https://github.com/bytecodealliance/wasmtime/pull/2753)

* Allow a `StackMapSink` to be passed when defining functions with
`cranelift-module`.
[2739](https://github.com/bytecodealliance/wasmtime/pull/2739)

* Some refactoring in new x86-64 backend to prepare for VEX/EVEX (e.g.,
AVX-512) instruction encodings to be supported.
[2799](https://github.com/bytecodealliance/wasmtime/pull/2799)

Fixed

* Fixed a corner case in `srem` (signed remainder) in the new x86-64 backend:
`INT_MIN % -1` should return `0`, rather than trapping. This only occurred
when `avoid_div_traps == false` was set by the embedding.
[2763](https://github.com/bytecodealliance/wasmtime/pull/2763)

* Fixed a memory leak of the `Store` when an instance traps.
[2803](https://github.com/bytecodealliance/wasmtime/pull/2803)

* Some fuzzing-related fixes.
[2788](https://github.com/bytecodealliance/wasmtime/pull/2788),
[2770](https://github.com/bytecodealliance/wasmtime/pull/2770)

* Fixed memory-initialization bug in uffd allocator that could copy into the
wrong destination under certain conditions. Does not affect the default
wasmtime instance allocator.
[2801](https://github.com/bytecodealliance/wasmtime/pull/2801)

* Fix printing of float values from the Wasmtime CLI.
[2797](https://github.com/bytecodealliance/wasmtime/pull/2797)

* Remove the ability for the `Linker` to instantiate modules with duplicate
import strings of different types.
[2789](https://github.com/bytecodealliance/wasmtime/pull/2789)

Released 2021-03-16.

Added

* An implementation of a pooling instance allocator, optionally backed by
`userfaultfd` on Linux, was added to improve the performance of embeddings
that instantiate a large number of instances continuously.
[2518](https://github.com/bytecodealliance/wasmtime/pull/2518)

* Host functions can now be defined on `Config` to share the function across all
`Store` objects connected to an `Engine`. This can improve the time it takes
to instantiate instances in a short-lived `Store`.
[2625](https://github.com/bytecodealliance/wasmtime/pull/2625)

* The `Store` object now supports having typed values attached to it which can
be retrieved from host functions.
[2625](https://github.com/bytecodealliance/wasmtime/pull/2625)

* The `wiggle` code generator now supports `async` host functions.
[2701](https://github.com/bytecodealliance/wasmtime/pull/2701)

Changed

* The `Func::getN{,_async}` APIs have all been removed in favor of a new
`Func::typed` API which should be more compact in terms of API surface area as
well as more flexible in how it can be used.
[2719](https://github.com/bytecodealliance/wasmtime/pull/2719)

* `Engine::new` has been changed from returning `Engine` to returning
`anyhow::Result<Engine>`. Callers of `Engine::new` will need to be updated to
use the `?` operator on the return value or otherwise unwrap the result to get
the `Engine`.

Fixed

* Interpretation of timestamps in `poll_oneoff` for WASI have been fixed to
correctly use nanoseconds instead of microseconds.
[2717](https://github.com/bytecodealliance/wasmtime/pull/2717)