Wasmtime

Released 2022-12-01.

Fixed

* The instruction cache is now flushed for AArch64 Android.
[5331](https://github.com/bytecodealliance/wasmtime/pull/5331)

* Building for FreeBSD and Android has been fixed.
[5323](https://github.com/bytecodealliance/wasmtime/pull/5323)

--------------------------------------------------------------------------------

Released 2022-11-21

Added

* New `WasiCtx::{push_file, push_dir}` methods exist for embedders to add their
own objects.
[5027](https://github.com/bytecodealliance/wasmtime/pull/5027)

* Wasmtime's `component-model` support now supports `async` host functions and
embedding in the same manner as core wasm.
[5055](https://github.com/bytecodealliance/wasmtime/pull/5055)

* The `wasmtime` CLI executable now supports a `--max-wasm-stack` flag.
[5156](https://github.com/bytecodealliance/wasmtime/pull/5156)

* AOT compilation support has been implemented for components (aka the
`component-model` feature of the Wasmtime crate).
[5160](https://github.com/bytecodealliance/wasmtime/pull/5160)

* A new `wasi_config_set_stdin_bytes` function is available in the C API to set
the stdin of a WASI-using module from an in-memory slice.
[5179](https://github.com/bytecodealliance/wasmtime/pull/5179)

* When using the pooling allocator there are now options to reset memory with
`memset` instead of `madvisev` on Linux to keep pages resident in memory to
reduce page faults when reusing linear memory slots.
[5207](https://github.com/bytecodealliance/wasmtime/pull/5207)

Changed

* Consuming 0 fuel with 0 fuel left is now considered to succeed. Additionally a
store may not consume its last unit of fuel.
[5013](https://github.com/bytecodealliance/wasmtime/pull/5013)

* A number of variants in the `wasi_common::ErrorKind` enum have been removed.
[5015](https://github.com/bytecodealliance/wasmtime/pull/5015)

* Methods on `WasiDir` now error-by-default instead of requiring a definition by
default.
[5019](https://github.com/bytecodealliance/wasmtime/pull/5019)

* Bindings generated by the `wiggle` crate now always depend on the `wasmtime`
crate meaning crates like `wasi-common` no longer compile for platforms such
as `wasm32-unknown-emscripten`.
[5137](https://github.com/bytecodealliance/wasmtime/pull/5137)

* Error handling in the `wasmtime` crate's API has been changed to primarily
work with `anyhow::Error` for custom errors. The `Trap` type has been replaced
with a simple `enum Trap { ... }` and backtrace information is now stored as a
`WasmBacktrace` type inserted as context into an `anyhow::Error`.
Host-functions are expected to return `anyhow::Result<T>` instead of the prior
`Trap` error return from before. Additionally the old `Trap::i32_exit`
constructor is now a concrete `wasi_commont::I32Exit` type which can be tested
for with a `downcast_ref` on the error returned from Wasmtime.
[5149](https://github.com/bytecodealliance/wasmtime/pull/5149)

* Configuration of the pooling allocator is now done through a builder-style
`PoolingAllocationConfig` API instead of the prior enum-variant API.
[5205](https://github.com/bytecodealliance/wasmtime/pull/5205)

Fixed

* The instruction cache is now properly flushed for AArch64 on Windows.
[4997](https://github.com/bytecodealliance/wasmtime/pull/4997)

* Backtrace capturing with many sequences of wasm->host calls on the stack no
longer exhibit quadratic capturing behavior.
[5049](https://github.com/bytecodealliance/wasmtime/pull/5049)

--------------------------------------------------------------------------------

Released 2022-11-10.

Fixed

* [CVE-2022-39392] - modules may perform out-of-bounds reads/writes when the
pooling allocator was configured with `memory_pages: 0`.

* [CVE-2022-39393] - data can be leaked between instances when using the pooling
allocator.

* [CVE-2022-39394] - An incorrect Rust signature for the C API
`wasmtime_trap_code` function could lead to an out-of-bounds write of three
zero bytes.

[CVE-2022-39392]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg
[CVE-2022-39393]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf
[CVE-2022-39394]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q

--------------------------------------------------------------------------------

Released 2022-10-27.

Fixed

* A compilation error when building only the `wasmtime` crate on Windows with
only the default features enabled has been fixed.
[5134](https://github.com/bytecodealliance/wasmtime/pull/5134)

Changed

* The `rayon` dependency added to `cranelift-isle` in 2.0.0 has been removed to
improve the compile time of the `cranelift-codegen` crate.
[5101](https://github.com/bytecodealliance/wasmtime/pull/5101)

--------------------------------------------------------------------------------

Released 2022-10-20

Added

* Cranelift has gained support for forward-edge CFI on the AArch64 backend.
[3693](https://github.com/bytecodealliance/wasmtime/pull/3693)

* A `--disable-parallel-compilation` CLI flag is now implemented for `wasmtime`.
[4911](https://github.com/bytecodealliance/wasmtime/pull/4911)

* [Tier 3] support has been added for for RISC-V 64 with a new backend in
Cranelift for this architecture.
[4271](https://github.com/bytecodealliance/wasmtime/pull/4271)

* Basic [tier 3] support for Windows ARM64 has been added but features such as
traps don't work at this time.
[4990](https://github.com/bytecodealliance/wasmtime/pull/4990)

Changed

* The implementation of the `random_get` function in `wasi-common` is now faster
by using a userspace CSPRNG rather than the OS for randomness.
[4917](https://github.com/bytecodealliance/wasmtime/pull/4917)

* The AArch64 backend has completed its transition to ISLE.
[4851](https://github.com/bytecodealliance/wasmtime/pull/4851)
[4866](https://github.com/bytecodealliance/wasmtime/pull/4866)
[4898](https://github.com/bytecodealliance/wasmtime/pull/4898)
[4884](https://github.com/bytecodealliance/wasmtime/pull/4884)
[4820](https://github.com/bytecodealliance/wasmtime/pull/4820)
[4913](https://github.com/bytecodealliance/wasmtime/pull/4913)
[4942](https://github.com/bytecodealliance/wasmtime/pull/4942)
[4943](https://github.com/bytecodealliance/wasmtime/pull/4943)

* The size of the `sigaltstack` allocated per-thread for signal handling has
been increased from 16k to 64k.
[4964](https://github.com/bytecodealliance/wasmtime/pull/4964)


[Tier 3]: https://docs.wasmtime.dev/stability-tiers.html

--------------------------------------------------------------------------------

Released 2022-11-10.

Fixed

* [CVE-2022-39392] - modules may perform out-of-bounds reads/writes when the
pooling allocator was configured with `memory_pages: 0`.

* [CVE-2022-39393] - data can be leaked between instances when using the pooling
allocator.

* [CVE-2022-39394] - An incorrect Rust signature for the C API
`wasmtime_trap_code` function could lead to an out-of-bounds write of three
zero bytes.

--------------------------------------------------------------------------------