fix panic when trapping while handling multiple work items #11678
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now we wrap the "ready" set of work items in a struct which will gracefully dispose of the remainder if we trap or panic while handling one of them. Fixes bytecodealliance#11668 Signed-off-by: Joel Dice <joel.dice@fermyon.com>
alexcrichton
approved these changes
Sep 10, 2025
alexcrichton
pushed a commit
to alexcrichton/wasmtime
that referenced
this pull request
Sep 11, 2025
…lliance#11678) Now we wrap the "ready" set of work items in a struct which will gracefully dispose of the remainder if we trap or panic while handling one of them. Fixes bytecodealliance#11668 Signed-off-by: Joel Dice <joel.dice@fermyon.com>
alexcrichton
added a commit
that referenced
this pull request
Sep 11, 2025
* p3-http: rework `content-length` handling (#11658) * p3-http: correctly handle `result` future cancellation Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * p3-http: restructure the `content-length` test a bit Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * test(http): keep accepting connections after errors prtest:full Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * test(p3-http): assert `handle` error on exceeding `content-length` Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * p3-http: perform `content-length` check early Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * test(p3-http): account for `handle` race condition Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * refactor(http): reuse `get_content_length` Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * p3-http: check `content-length` for host bodies Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * doc(p3-http): call out that host bodies are not validated Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * p3-http: refactor body size error send Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * fix(p3-http): do not rely on `Drop` for host body check Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * doc(p3-http): ensure non-default send request is documented Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * doc(p3-http): correct `send_request` doc Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> --------- Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> * return `TaskExit` future from `[Typed]Func::call_concurrent` (#11662) * return `TaskExit` future from `[Typed]Func::call_concurrent` In addition to returning the value produced by the callee, these functions now also return a `TaskExit` future which resolves once the subtask (and any transitively-created subtasks) have exited. This partially addresses #11600; the next step will be to add a `wasmtime-wit-bindgen` option to expose the `TaskExit` value in generated bindings. Signed-off-by: Joel Dice <joel.dice@fermyon.com> * address review feedback `TaskExit` now has an `async fn block` instead of closing over an `impl AsAccessor` and implementing `Future`. Signed-off-by: Joel Dice <joel.dice@fermyon.com> --------- Signed-off-by: Joel Dice <joel.dice@fermyon.com> * Update to wasm-tools 239 (#11660) Changes include: * `async` option on some CM intrinsics renamed to `cancellable` * New `backpressure.{inc,dec}` intrinsics * New component-model-threading-related intrinsics New features aren't yet implemented, they're left for future PRs. * add `task_exit` option to `wasmtime-wit-bindgen` (#11665) This builds on #11662 by optionally exposing the `TaskExit` return value from `[Typed]Func::call_concurrent` in the bindings generated for exported functions. Note that the first two commits are shared with #11662. Fixes #11600 Signed-off-by: Joel Dice <joel.dice@fermyon.com> * make `waitable-set.{poll,wait}` and `yield` non-cancellable by default (#11671) This fixes a divergence between the spec and the implementation. Thanks (again) to Luke for providing a test case, which I've added here. This addresses half of #11582 Signed-off-by: Joel Dice <joel.dice@fermyon.com> * fix panic in `Instance::set_consumer` when write end is already dropped (#11669) * fix panic in `Instance::set_consumer` when write end is already dropped In this case, we can drop the whole stream or future immediately since there's nothing left to do with it. Fixes #11621 Signed-off-by: Joel Dice <joel.dice@fermyon.com> * add test for piping from a stream whose write end is already dropped Signed-off-by: Joel Dice <joel.dice@fermyon.com> --------- Signed-off-by: Joel Dice <joel.dice@fermyon.com> * wasip3: Add support to `wasmtime serve` (#11646) * wasip3: Add support to `wasmtime serve` This commit adds support for WASIp3 to `wasmtime serve` by detecting whether the input component is using a WASIp3 exported interface instead of a WASIp2 exported interface (similar to how `wasmtime run` detects which is supported). * Fix tests * Log guest result * fix panic when trapping while handling multiple work items (#11678) Now we wrap the "ready" set of work items in a struct which will gracefully dispose of the remainder if we trap or panic while handling one of them. Fixes #11668 Signed-off-by: Joel Dice <joel.dice@fermyon.com> * Implement `backpressure.{inc,dec}` (#11661) Added to the async specification in WebAssembly/component-model#560 these are minor adaptations to the preexisting `backpressure.set` intrinsic and are intended to replace it. The `backpressure.set` intrinsic will remain until tooling propagates to understand `backpressure.{inc,dec}`. --------- Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net> Signed-off-by: Joel Dice <joel.dice@fermyon.com> Co-authored-by: Roman Volosatovs <rvolosatovs@users.noreply.github.com> Co-authored-by: Joel Dice <joel.dice@fermyon.com>
bongjunj
pushed a commit
to prosyslab/wasmtime
that referenced
this pull request
Oct 20, 2025
…lliance#11678) Now we wrap the "ready" set of work items in a struct which will gracefully dispose of the remainder if we trap or panic while handling one of them. Fixes bytecodealliance#11668 Signed-off-by: Joel Dice <joel.dice@fermyon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now we wrap the "ready" set of work items in a struct which will gracefully dispose of the remainder if we trap or panic while handling one of them.
Fixes #11668