Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Request]: enable, or allow to opt-in rkyv's strict features #3695

Closed
kwonoj opened this issue Mar 21, 2023 · 1 comment
Closed

[Request]: enable, or allow to opt-in rkyv's strict features #3695

kwonoj opened this issue Mar 21, 2023 · 1 comment
Assignees
Labels
bug Something isn't working 🎉 enhancement New feature! 📦 lib-engine About wasmer-engine priority-high High priority issue 🔈soundness Bugs causing an unsound API
Milestone

Comments

@kwonoj
Copy link
Contributor

kwonoj commented Mar 21, 2023

Motivation

swc-project/swc#6922

There are couples of obscure report from plugin author / users of swc that plugin execution fails unexpectedly. It should have various different root cause, but one of them was identified as having different rustc compiler version can cause those. Per orignal PR's description and its comment swc-project/swc#6922 (comment), enabling strict in rkyv's serialization / deserialization would possibly resolve some of those issues via rkyv's gaurantee.

SWC itself tried to apply those changes, however found out underlying wasmer (specifically wasmer-types in wasmer@2) cannot be built when upstream SWC enables those features.

Proposed solution

Basically request is enabling, or feature flag to support opt-in for rkyv's strict mode. Since SWC relies on wasmer@2 still, it'd be great if changes can be backported to @2 versions. I may try to make necessary changes myself if it is acceptable (and possible to release a new 2.x patch release).

Alternatives

SWC could try to fork wasmer@2, but that'll be too heavyweight option.

@kwonoj kwonoj added the 🎉 enhancement New feature! label Mar 21, 2023
@ptitSeb ptitSeb self-assigned this Mar 21, 2023
@ptitSeb ptitSeb added this to the v3.3 milestone Mar 21, 2023
@Michael-F-Bryan Michael-F-Bryan added bug Something isn't working 🔈soundness Bugs causing an unsound API priority-high High priority issue 📦 lib-engine About wasmer-engine labels Mar 21, 2023
theduke added a commit that referenced this issue Mar 30, 2023
Guarantess that archived data has the same structure on all platforms.

Related to #3695
theduke added a commit that referenced this issue Mar 30, 2023
Guarantess that archived data has the same structure on all platforms.

Related to #3695
@theduke
Copy link
Contributor

theduke commented Mar 31, 2023

#3693 has enabled strict mode by default, and also introduced a deserialize_checked() function that validates the artifact.

Our current policy is that 2.x only receives critical security updates, so we are very unlikely to accept a backport and push out a new release.

I recommend upgrading to 3.x.
Version 3.2 , which will include the changes, will be released soon.

@ptitSeb ptitSeb closed this as completed Apr 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working 🎉 enhancement New feature! 📦 lib-engine About wasmer-engine priority-high High priority issue 🔈soundness Bugs causing an unsound API
Projects
None yet
Development

No branches or pull requests

4 participants