Deduplicate listings of traps in Wasmtime (#5299)

This commit replaces `wasmtime_environ::TrapCode` with `wasmtime::Trap`.
This is possible with past refactorings which slimmed down the `Trap`
definition in the `wasmtime` crate to a simple `enum`. This means that
there's one less place that all the various trap opcodes need to be
listed in Wasmtime.

Author: alexcrichton

crates/cranelift/src/compiler.rs

@@ -32,7 +32,7 @@ use std::sync::{Arc, Mutex};
 use wasmparser::{FuncValidatorAllocations, FunctionBody};
 use wasmtime_environ::{
     AddressMapSection, CacheStore, CompileError, FilePos, FlagValue, FunctionBodyData, FunctionLoc,
-    InstructionAddressMap, ModuleTranslation, ModuleTypes, PtrSize, StackMapInformation, TrapCode,
+    InstructionAddressMap, ModuleTranslation, ModuleTypes, PtrSize, StackMapInformation, Trap,
     TrapEncodingBuilder, TrapInformation, Tunables, VMOffsets, WasmFunctionInfo,
 };
 
@@ -1003,18 +1003,18 @@ fn mach_trap_to_trap(trap: &MachTrap) -> TrapInformation {
     TrapInformation {
         code_offset: offset,
         trap_code: match code {
-            ir::TrapCode::StackOverflow => TrapCode::StackOverflow,
-            ir::TrapCode::HeapOutOfBounds => TrapCode::HeapOutOfBounds,
-            ir::TrapCode::HeapMisaligned => TrapCode::HeapMisaligned,
-            ir::TrapCode::TableOutOfBounds => TrapCode::TableOutOfBounds,
-            ir::TrapCode::IndirectCallToNull => TrapCode::IndirectCallToNull,
-            ir::TrapCode::BadSignature => TrapCode::BadSignature,
-            ir::TrapCode::IntegerOverflow => TrapCode::IntegerOverflow,
-            ir::TrapCode::IntegerDivisionByZero => TrapCode::IntegerDivisionByZero,
-            ir::TrapCode::BadConversionToInteger => TrapCode::BadConversionToInteger,
-            ir::TrapCode::UnreachableCodeReached => TrapCode::UnreachableCodeReached,
-            ir::TrapCode::Interrupt => TrapCode::Interrupt,
-            ir::TrapCode::User(ALWAYS_TRAP_CODE) => TrapCode::AlwaysTrapAdapter,
+            ir::TrapCode::StackOverflow => Trap::StackOverflow,
+            ir::TrapCode::HeapOutOfBounds => Trap::MemoryOutOfBounds,
+            ir::TrapCode::HeapMisaligned => Trap::HeapMisaligned,
+            ir::TrapCode::TableOutOfBounds => Trap::TableOutOfBounds,
+            ir::TrapCode::IndirectCallToNull => Trap::IndirectCallToNull,
+            ir::TrapCode::BadSignature => Trap::BadSignature,
+            ir::TrapCode::IntegerOverflow => Trap::IntegerOverflow,
+            ir::TrapCode::IntegerDivisionByZero => Trap::IntegerDivisionByZero,
+            ir::TrapCode::BadConversionToInteger => Trap::BadConversionToInteger,
+            ir::TrapCode::UnreachableCodeReached => Trap::UnreachableCodeReached,
+            ir::TrapCode::Interrupt => Trap::Interrupt,
+            ir::TrapCode::User(ALWAYS_TRAP_CODE) => Trap::AlwaysTrapAdapter,
 
             // these should never be emitted by wasmtime-cranelift
             ir::TrapCode::User(_) => unreachable!(),

crates/environ/src/trap_encoding.rs

@@ -2,6 +2,7 @@ use crate::obj::ELF_WASMTIME_TRAPS;
 use object::write::{Object, StandardSegment};
 use object::{Bytes, LittleEndian, SectionKind, U32Bytes};
 use std::convert::TryFrom;
+use std::fmt;
 use std::ops::Range;
 
 /// A helper structure to build the custom-encoded section of a wasmtime
@@ -26,29 +27,30 @@ pub struct TrapInformation {
     pub code_offset: u32,
 
     /// Code of the trap.
-    pub trap_code: TrapCode,
+    pub trap_code: Trap,
 }
 
-/// A trap code describing the reason for a trap.
-///
-/// All trap instructions have an explicit trap code.
+// The code can be accessed from the c-api, where the possible values are
+// translated into enum values defined there:
+//
+// * `wasm_trap_code` in c-api/src/trap.rs, and
+// * `wasmtime_trap_code_enum` in c-api/include/wasmtime/trap.h.
+//
+// These need to be kept in sync.
+#[non_exhaustive]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Hash)]
-#[repr(u8)]
-pub enum TrapCode {
+#[allow(missing_docs)]
+pub enum Trap {
     /// The current stack space was exhausted.
     StackOverflow,
 
-    /// A `heap_addr` instruction detected an out-of-bounds error.
-    ///
-    /// Note that not all out-of-bounds heap accesses are reported this way;
-    /// some are detected by a segmentation fault on the heap unmapped or
-    /// offset-guard pages.
-    HeapOutOfBounds,
+    /// An out-of-bounds memory access.
+    MemoryOutOfBounds,
 
     /// A wasm atomic operation was presented with a not-naturally-aligned linear-memory address.
     HeapMisaligned,
 
-    /// A `table_addr` instruction detected an out-of-bounds error.
+    /// An out-of-bounds access to a table.
     TableOutOfBounds,
 
     /// Indirect call to a null table entry.
@@ -70,15 +72,45 @@ pub enum TrapCode {
     UnreachableCodeReached,
 
     /// Execution has potentially run too long and may be interrupted.
-    /// This trap is resumable.
     Interrupt,
 
-    /// Used for the component model when functions are lifted/lowered in a way
-    /// that generates a function that always traps.
+    /// When the `component-model` feature is enabled this trap represents a
+    /// function that was `canon lift`'d, then `canon lower`'d, then called.
+    /// This combination of creation of a function in the component model
+    /// generates a function that always traps and, when called, produces this
+    /// flavor of trap.
     AlwaysTrapAdapter,
-    // if adding a variant here be sure to update the `check!` macro below
+
+    /// When wasm code is configured to consume fuel and it runs out of fuel
+    /// then this trap will be raised.
+    OutOfFuel,
 }
 
+impl fmt::Display for Trap {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        use Trap::*;
+
+        let desc = match self {
+            StackOverflow => "call stack exhausted",
+            MemoryOutOfBounds => "out of bounds memory access",
+            HeapMisaligned => "misaligned memory access",
+            TableOutOfBounds => "undefined element: out of bounds table access",
+            IndirectCallToNull => "uninitialized element",
+            BadSignature => "indirect call type mismatch",
+            IntegerOverflow => "integer overflow",
+            IntegerDivisionByZero => "integer divide by zero",
+            BadConversionToInteger => "invalid conversion to integer",
+            UnreachableCodeReached => "wasm `unreachable` instruction executed",
+            Interrupt => "interrupt",
+            AlwaysTrapAdapter => "degenerate component adapter called",
+            OutOfFuel => "all fuel consumed by WebAssembly",
+        };
+        write!(f, "wasm trap: {desc}")
+    }
+}
+
+impl std::error::Error for Trap {}
+
 impl TrapEncodingBuilder {
     /// Appends trap information about a function into this section.
     ///
@@ -136,7 +168,7 @@ impl TrapEncodingBuilder {
 /// The `section` provided is expected to have been built by
 /// `TrapEncodingBuilder` above. Additionally the `offset` should be a relative
 /// offset within the text section of the compilation image.
-pub fn lookup_trap_code(section: &[u8], offset: usize) -> Option<TrapCode> {
+pub fn lookup_trap_code(section: &[u8], offset: usize) -> Option<Trap> {
     let mut section = Bytes(section);
     // NB: this matches the encoding written by `append_to` above.
     let count = section.read::<U32Bytes<LittleEndian>>().ok()?;
@@ -164,16 +196,16 @@ pub fn lookup_trap_code(section: &[u8], offset: usize) -> Option<TrapCode> {
     // FIXME: this could use some sort of derive-like thing to avoid having to
     // deduplicate the names here.
     //
-    // This simply converts from the `trap`, a `u8`, to the `TrapCode` enum.
+    // This simply converts from the `trap`, a `u8`, to the `Trap` enum.
     macro_rules! check {
-        ($($name:ident)*) => ($(if trap == TrapCode::$name as u8 {
-            return Some(TrapCode::$name);
+        ($($name:ident)*) => ($(if trap == Trap::$name as u8 {
+            return Some(Trap::$name);
         })*);
     }
 
     check! {
         StackOverflow
-        HeapOutOfBounds
+        MemoryOutOfBounds
         HeapMisaligned
         TableOutOfBounds
         IndirectCallToNull
@@ -184,6 +216,7 @@ pub fn lookup_trap_code(section: &[u8], offset: usize) -> Option<TrapCode> {
         UnreachableCodeReached
         Interrupt
         AlwaysTrapAdapter
+        OutOfFuel
     }
 
     if cfg!(debug_assertions) {

crates/runtime/src/instance.rs

@@ -30,7 +30,7 @@ use wasmtime_environ::{
     packed_option::ReservedValue, DataIndex, DefinedGlobalIndex, DefinedMemoryIndex,
     DefinedTableIndex, ElemIndex, EntityIndex, EntityRef, EntitySet, FuncIndex, GlobalIndex,
     GlobalInit, HostPtr, MemoryIndex, Module, PrimaryMap, SignatureIndex, TableIndex,
-    TableInitialization, TrapCode, VMOffsets, WasmType,
+    TableInitialization, Trap, VMOffsets, WasmType,
 };
 
 mod allocator;
@@ -580,7 +580,7 @@ impl Instance {
         dst: u32,
         src: u32,
         len: u32,
-    ) -> Result<(), TrapCode> {
+    ) -> Result<(), Trap> {
         // TODO: this `clone()` shouldn't be necessary but is used for now to
         // inform `rustc` that the lifetime of the elements here are
         // disconnected from the lifetime of `self`.
@@ -602,7 +602,7 @@ impl Instance {
         dst: u32,
         src: u32,
         len: u32,
-    ) -> Result<(), TrapCode> {
+    ) -> Result<(), Trap> {
         // https://webassembly.github.io/bulk-memory-operations/core/exec/instructions.html#exec-table-init
 
         let table = unsafe { &mut *self.get_table(table_index) };
@@ -612,7 +612,7 @@ impl Instance {
             .and_then(|s| s.get(..usize::try_from(len).unwrap()))
         {
             Some(elements) => elements,
-            None => return Err(TrapCode::TableOutOfBounds),
+            None => return Err(Trap::TableOutOfBounds),
         };
 
         match table.element_type() {
@@ -662,7 +662,7 @@ impl Instance {
         src_index: MemoryIndex,
         src: u64,
         len: u64,
-    ) -> Result<(), TrapCode> {
+    ) -> Result<(), Trap> {
         // https://webassembly.github.io/reference-types/core/exec/instructions.html#exec-memory-copy
 
         let src_mem = self.get_memory(src_index);
@@ -684,8 +684,8 @@ impl Instance {
         Ok(())
     }
 
-    fn validate_inbounds(&self, max: usize, ptr: u64, len: u64) -> Result<usize, TrapCode> {
-        let oob = || TrapCode::HeapOutOfBounds;
+    fn validate_inbounds(&self, max: usize, ptr: u64, len: u64) -> Result<usize, Trap> {
+        let oob = || Trap::MemoryOutOfBounds;
         let end = ptr
             .checked_add(len)
             .and_then(|i| usize::try_from(i).ok())
@@ -708,7 +708,7 @@ impl Instance {
         dst: u64,
         val: u8,
         len: u64,
-    ) -> Result<(), TrapCode> {
+    ) -> Result<(), Trap> {
         let memory = self.get_memory(memory_index);
         let dst = self.validate_inbounds(memory.current_length(), dst, len)?;
 
@@ -738,7 +738,7 @@ impl Instance {
         dst: u64,
         src: u32,
         len: u32,
-    ) -> Result<(), TrapCode> {
+    ) -> Result<(), Trap> {
         let range = match self.module().passive_data_map.get(&data_index).cloned() {
             Some(range) if !self.dropped_data.contains(data_index) => range,
             _ => 0..0,
@@ -757,7 +757,7 @@ impl Instance {
         dst: u64,
         src: u32,
         len: u32,
-    ) -> Result<(), TrapCode> {
+    ) -> Result<(), Trap> {
         // https://webassembly.github.io/bulk-memory-operations/core/exec/instructions.html#exec-memory-init
 
         let memory = self.get_memory(memory_index);

crates/runtime/src/instance/allocator.rs

@@ -13,8 +13,8 @@ use std::sync::Arc;
 use thiserror::Error;
 use wasmtime_environ::{
     DefinedMemoryIndex, DefinedTableIndex, HostPtr, InitMemory, MemoryInitialization,
-    MemoryInitializer, Module, PrimaryMap, TableInitialization, TableInitializer, TrapCode,
-    VMOffsets, WasmType, WASM_PAGE_SIZE,
+    MemoryInitializer, Module, PrimaryMap, TableInitialization, TableInitializer, Trap, VMOffsets,
+    WasmType, WASM_PAGE_SIZE,
 };
 
 #[cfg(feature = "pooling-allocator")]
@@ -105,7 +105,7 @@ pub enum InstantiationError {
 
     /// A trap ocurred during instantiation, after linking.
     #[error("Trap occurred during instantiation")]
-    Trap(TrapCode),
+    Trap(Trap),
 
     /// A limit on how many instances are supported has been reached.
     #[error("Limit of {0} concurrent instances has been reached")]
@@ -386,7 +386,7 @@ fn initialize_memories(instance: &mut Instance, module: &Module) -> Result<(), I
         },
     );
     if !ok {
-        return Err(InstantiationError::Trap(TrapCode::HeapOutOfBounds));
+        return Err(InstantiationError::Trap(Trap::MemoryOutOfBounds));
     }
 
     Ok(())

crates/runtime/src/libcalls.rs

@@ -63,7 +63,7 @@ use anyhow::Result;
 use std::mem;
 use std::ptr::{self, NonNull};
 use wasmtime_environ::{
-    DataIndex, ElemIndex, FuncIndex, GlobalIndex, MemoryIndex, TableIndex, TrapCode,
+    DataIndex, ElemIndex, FuncIndex, GlobalIndex, MemoryIndex, TableIndex, Trap,
 };
 
 /// Actually public trampolines which are used by the runtime as the entrypoint
@@ -228,7 +228,7 @@ unsafe fn table_fill(
     // `VMCallerCheckedAnyfunc` until we look at the table's element type.
     val: *mut u8,
     len: u32,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     let instance = (*vmctx).instance_mut();
     let table_index = TableIndex::from_u32(table_index);
     let table = &mut *instance.get_table(table_index);
@@ -259,7 +259,7 @@ unsafe fn table_copy(
     dst: u32,
     src: u32,
     len: u32,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     let dst_table_index = TableIndex::from_u32(dst_table_index);
     let src_table_index = TableIndex::from_u32(src_table_index);
     let instance = (*vmctx).instance_mut();
@@ -278,7 +278,7 @@ unsafe fn table_init(
     dst: u32,
     src: u32,
     len: u32,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     let table_index = TableIndex::from_u32(table_index);
     let elem_index = ElemIndex::from_u32(elem_index);
     let instance = (*vmctx).instance_mut();
@@ -300,7 +300,7 @@ unsafe fn memory_copy(
     src_index: u32,
     src: u64,
     len: u64,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     let src_index = MemoryIndex::from_u32(src_index);
     let dst_index = MemoryIndex::from_u32(dst_index);
     let instance = (*vmctx).instance_mut();
@@ -314,7 +314,7 @@ unsafe fn memory_fill(
     dst: u64,
     val: u32,
     len: u64,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     let memory_index = MemoryIndex::from_u32(memory_index);
     let instance = (*vmctx).instance_mut();
     instance.memory_fill(memory_index, dst, val as u8, len)
@@ -328,7 +328,7 @@ unsafe fn memory_init(
     dst: u64,
     src: u32,
     len: u32,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     let memory_index = MemoryIndex::from_u32(memory_index);
     let data_index = DataIndex::from_u32(data_index);
     let instance = (*vmctx).instance_mut();
@@ -498,14 +498,14 @@ unsafe fn validate_atomic_addr(
     addr: u64,
     access_size: u64,
     access_alignment: u64,
-) -> Result<(), TrapCode> {
+) -> Result<(), Trap> {
     debug_assert!(access_alignment.is_power_of_two());
-    ensure!(addr % access_alignment == 0, TrapCode::HeapMisaligned);
+    ensure!(addr % access_alignment == 0, Trap::HeapMisaligned);
 
     let length = u64::try_from(instance.get_memory(memory).current_length()).unwrap();
     ensure!(
         addr.saturating_add(access_size) < length,
-        TrapCode::HeapOutOfBounds
+        Trap::MemoryOutOfBounds
     );
 
     Ok(())