fixups

Cargo.toml

@@ -31,6 +31,7 @@ rustflags = ["-Zoom=panic"]
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 serde = { version = "1", features = ["derive"] }
+tokio = { version = "1.30.0", features = ["macros"] }
 toml = "0.7"
 walrus = "0.20.1"
 wasm-compose = { git = "https://github.com/bytecodealliance/wasm-tools" }

README.md

@@ -180,6 +180,16 @@ fn main() {
 
 When calling a subsystem for the first time, its virtualization will be enabled. Subsystems not used or configured at all will be omitted from the virtualization entirely.
 
+### Selective Subsystem Virtualization
+
+By default, when using the `wasi-virt` CLI command, all virtualizations are enabled. This way, not only is encapsulation the default, but composition with arbitrary components will always work out as all interfaces for WASI should always be available.
+
+Selective subsystem virtualization can be performed directly with the WASI Virt library as above (which does not virtualize all subsystems by default). This allows virtualizing just a single subsystem like `env`, where it is possible to virtualize only that subsystem and skip other virtualizations and end up creating a smaller virtualization component.
+
+There is an important caveat to this: _as soon as any subsystem uses IO, all subsystems using IO need to be virtualized in order to fully subclass streams and polls in the virtualization layer_. In future this caveat requirement should weaken as these features lower into the core ABI in subsequent WASI versions.
+
+`wasm-tools compose` will error in these scenarios, and better [error messaging](https://github.com/bytecodealliance/wasm-tools/issues/1147) may be provided in future when performing invalid compositions like the above. Missing subsystems can be usually detected from the composition warnings list.
+
 ## Contributing
 
 To build, run `./build-adapter.sh` which builds the master `virtual-adapter` component, followed by `cargo build` to build

src/bin/wasi-virt.rs

@@ -131,13 +131,11 @@ fn main() -> Result<()> {
     // http
     virt_opts.http(args.allow_http.unwrap_or(allow_all));
 
-    // TODO: These need completing
-
     // random
     virt_opts.random(args.allow_random.unwrap_or(allow_all));
 
     // sockets
-    // virt_opts.sockets(args.allow_sockets.unwrap_or(allow_all));
+    virt_opts.sockets(args.allow_sockets.unwrap_or(allow_all));
 
     // stdio
     virt_opts

src/lib.rs

@@ -198,7 +198,7 @@ impl WasiVirt {
             .resolve
             .select_world(*pkg_id, Some("virtual-sockets"))?;
 
-        // env & exit subsystems are fully independent
+        // env, exit & random subsystems are fully independent
         if self.env.is_some() {
             bindgen.resolve.merge_worlds(env_world, base_world)?;
         } else {
@@ -225,36 +225,36 @@ impl WasiVirt {
             strip_io_virt(&mut module)?;
         }
         if let Some(clocks) = self.clocks {
-            if clocks {
-                // When subsystem is enabled, we can pass through all interfaces
-                // that do not rely on io. The adapter default is passthrough.
-                bindgen.resolve.merge_worlds(io_clocks_world, base_world)?;
-            } else {
-                // When subsystem is disabled, we must do a full virtualization
+            if !clocks {
+                // deny is effectively virtualization
+                // in future with fine-grained virtualization options, they
+                // also would extend here (ie !clocks is deceiving)
                 bindgen.resolve.merge_worlds(clocks_world, base_world)?;
                 deny_clocks_virt(&mut module)?;
+            } else {
+                // passthrough can be simplified to just rewrapping io interfaces
+                bindgen.resolve.merge_worlds(io_clocks_world, base_world)?;
             }
         } else {
             strip_clocks_virt(&mut module)?;
         }
         // sockets and http are identical to clocks above
         if let Some(sockets) = self.sockets {
-            if sockets {
-                bindgen.resolve.merge_worlds(io_sockets_world, base_world)?;
-            } else {
+            if !sockets {
                 bindgen.resolve.merge_worlds(sockets_world, base_world)?;
-                // TODO:
-                // deny_sockets_virt(&mut module)?;
+                deny_sockets_virt(&mut module)?;
+            } else {
+                bindgen.resolve.merge_worlds(io_sockets_world, base_world)?;
             }
         } else {
             strip_sockets_virt(&mut module)?;
         }
         if let Some(http) = self.http {
-            if http {
-                bindgen.resolve.merge_worlds(io_http_world, base_world)?;
-            } else {
+            if !http {
                 bindgen.resolve.merge_worlds(http_world, base_world)?;
                 deny_http_virt(&mut module)?;
+            } else {
+                bindgen.resolve.merge_worlds(io_http_world, base_world)?;
             }
         } else {
             strip_http_virt(&mut module)?;

src/virt_deny.rs

@@ -378,5 +378,6 @@ pub(crate) fn deny_exit_virt(module: &mut Module) -> Result<()> {
 }
 
 pub(crate) fn deny_sockets_virt(module: &mut Module) -> Result<()> {
-    todo!();
+    // TODO: Complete stubbing implementation
+    Ok(())
 }

tests/cases/fs-dir-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/mydir"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs.preopens."/".dir."mydir".dir]
 "file1.txt" = { source = "inner contents1" }
 "file2.txt" = { source = "inner contents2" }

tests/cases/fs-file-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/file.txt"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs.preopens."/".dir]
 "file.txt" = { source = "contents" }
 

tests/cases/fs-host-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/file.txt"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs.preopens."/".dir]
 "file.txt" = { runtime-file = "/LICENSE" }
 

tests/cases/fs-inner-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/mydir/file.txt"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs.preopens."/".dir."mydir".dir]
 "file.txt" = { source = "inner contents" }
 

tests/cases/fs-nested-dir-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/clocks/monotonic-clock.wit"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs.preopens."/"]
 virtualize = "./wit/deps"
 

tests/cases/fs-passive-file-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/env-none.toml"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs]
 passive-cutoff = 10
 

tests/cases/fs-virt-dir-read.toml

@@ -2,6 +2,11 @@ component = "file-read"
 
 host-fs-path = "/env-none.toml"
 
+[virt-opts.stdio]
+stdin = true
+stdout = true
+stderr = true
+
 [virt-opts.fs.preopens."/"]
 virtualize = "./tests/cases"
 

tests/virt.rs

@@ -60,7 +60,9 @@ struct TestCase {
     expect: TestExpectation,
 }
 
-#[async_std::test]
+const DEBUG: bool = false;
+
+#[tokio::test]
 async fn virt_test() -> Result<()> {
     let wasi_adapter = fs::read("lib/wasi_snapshot_preview1.reactor.wasm")?;
 
@@ -71,10 +73,16 @@ async fn virt_test() -> Result<()> {
         let test_case_name = test_case_file_name.strip_suffix(".toml").unwrap();
 
         // Filtering...
-        // if test_case_name != "encapsulate" {
+        // if test_case_name != "passthrough" {
         //     continue;
         // }
 
+        if DEBUG {
+            if test_case_name == "encapsulate" {
+                continue;
+            }
+        }
+
         println!("> {:?}", test_case_path);
 
         // load the test case JSON data
@@ -90,12 +98,14 @@ async fn virt_test() -> Result<()> {
         let mut generated_component_path = generated_path.join(component_name);
         generated_component_path.set_extension("component.wasm");
         cmd(&format!(
-            "cargo build -p {component_name} --target wasm32-wasi --release"
+            "cargo build -p {component_name} --target wasm32-wasi {}",
+            if DEBUG { "" } else { "--release" }
         ))?;
 
         // encode the component
         let component_core = fs::read(&format!(
-            "target/wasm32-wasi/release/{}.wasm",
+            "target/wasm32-wasi/{}/{}.wasm",
+            if DEBUG { "debug" } else { "release" },
             component_name.to_snake_case()
         ))?;
         let mut encoder = ComponentEncoder::default()
@@ -112,7 +122,9 @@ async fn virt_test() -> Result<()> {
         virt_component_path.set_extension("virt.wasm");
         let mut virt_opts = test.virt_opts.clone().unwrap_or_default();
         virt_opts.exit(Default::default());
-        // virt_opts.wasm_opt = Some(false);
+        if DEBUG {
+            virt_opts.wasm_opt = Some(false);
+        }
 
         let virt_component = virt_opts
             .finish()
@@ -137,18 +149,17 @@ async fn virt_test() -> Result<()> {
         }
 
         // execute the composed virtualized component test function
-        let mut builder = WasiCtxBuilder::new().inherit_stdio().push_preopened_dir(
+        let mut builder = WasiCtxBuilder::new();
+        builder.inherit_stdio().preopened_dir(
             Dir::open_ambient_dir(".", ambient_authority())?,
             DirPerms::READ,
             FilePerms::READ,
             "/",
         );
         if let Some(host_env) = &test.host_env {
-            let env: Vec<(String, String)> = host_env
-                .iter()
-                .map(|(k, v)| (k.to_string(), v.to_string()))
-                .collect();
-            builder = builder.set_env(env.as_slice());
+            for (k, v) in host_env {
+                builder.env(k, v);
+            }
         }
         let mut table = Table::new();
         let wasi = builder.build(&mut table)?;

virtual-adapter/src/io.rs

@@ -1004,7 +1004,7 @@ impl Streams for VirtAdapter {
         match IoState::get_stream(sid)? {
             Stream::Null => Ok((bytes.len() as u64, StreamStatus::Ended)),
             Stream::StaticFile(_) | Stream::StaticDir(_) => Err(stream_err()),
-            Stream::Host(sid) => stream_res_map(streams::write(*sid, bytes.as_slice())),
+            Stream::Host(sid) => stream_res_map(streams::blocking_write(*sid, bytes.as_slice())),
         }
     }
     fn write_zeroes(sid: u32, len: u64) -> Result<(u64, StreamStatus), StreamError> {