lucet-module, which is part of the runtime pulls in all of cranelift-codegen which is large

[shravanrn]

Context
This is part of a series of bugs that I spoke to @tyler @pchickey about. We are currently using Lucet to sandbox libraries in C++ applications. The idea behind this is that using a wasm sandboxed version of the library allows ensuring that a memory safety issue in the library does not automatically result in a memory safety vulnerability in the full application. One of the consumers of this work is the Firefox web browser.

Problem
lucet-module, which is part of the runtime pulls in all of cranelift-codegen. So, from code comments here, this is already on people's radar. I am just opening this bug to express that we have an interest in solving this.

Actions
Could you let me know if this is a change that is being planned anytime soon internally, or if it would be better if I work on a patch that can be accepted? (cc @froydnj)

[pchickey]

We use cranelift-codegen's types for signatures in lucet-module, which I think is desirable over defining types in lucet-module that mirror cranelift's, and impl to/from conversions in lucetc and lucet-runtime. So, I think the right thing to do here is to make a PR to cranelift that factors the signatures into a separate module, similar to what cranelift-entity did for the entity datatypes. Once that exists, we can switch the dep to cranelift-signatures.

[shravanrn]

We brought this up with the cranelift team. See here. The suggestion was to see if we could perform the cranelift IR types to lucet type translation during compilation of the module instead of the runtime.

At this time, I'm not well versed enough in the lucet code to know if this is feasible?
@pchickey - any thoughts?

[pchickey]

Ah, I didn't see that, I never look at bugzilla for Cranelift things, just the github issue tracker.

The solution they're proposing is basically for lucet-module to have its own version of the small collection of cranelift-codegen::ir types it uses: the integers types, AbiParam, and the ir::Argument... types.

I just went and looked through the lucet-module::types and cranelift-codegen::ir types actually get generated from the meta crate, I no longer think a separate cranelift-signatures crate is feasible. And we already have our analog to signatures defined. So, scratch the suggestion I made in my prior post.

The way forward is for lucet-module to move everything from lucet-module/src/types.rs that mentions cranelift-codegen::ir out into lucetc. The only things that should remain in lucet-module::types are pub struct Signature and pub enum ValueType.

[shravanrn]

Makes sense. In the interest of next steps, could you let me know if this is something that would be handled internally (given that this involves a bit of surgery in the code base) or something I should contribute a patch for (compared to some of the other open bugs, I'm a bit hesitant on if I can figure this out right away, as it is touching parts of the code base that I don't know as well... I'm hoping that with some explorations, I could probably figure it out)?

[pchickey]

I don't think anyone is going to have time to get to this in the next few days, so if you want to do a PR I'm happy to review it and help however you need.