Runtime compilation: fail if importing from unexpected modules

vouillon · hhugo · commit 18cc92667d86 · 2025-04-11T10:49:47.000+02:00
diff --git a/compiler/bin-wasm_of_ocaml/compile.ml b/compiler/bin-wasm_of_ocaml/compile.ml
@@ -116,6 +116,15 @@ let build_runtime ~runtime_file =
         ~link_options:[ "-g" ]
         ~opt_options:[ "-g"; "-O2" ]
         ~variables
+        ~allowed_imports:
+          (Some
+             [ "bindings"
+             ; "Math"
+             ; "js"
+             ; "wasm:js-string"
+             ; "wasm:text-encoder"
+             ; "wasm:text-decoder"
+             ])
         ~inputs
         ~output_file:runtime_file
 
diff --git a/compiler/bin-wasm_of_ocaml/link_wasm.ml b/compiler/bin-wasm_of_ocaml/link_wasm.ml
@@ -30,6 +30,7 @@ type options =
   { input_modules : (string * string) list
   ; output_file : string
   ; variables : Preprocess.variables
+  ; allowed_imports : string list option
   ; binaryen_options : binaryen_options
   }
 
@@ -47,6 +48,13 @@ let options =
     let doc = "Specify the Wasm binary output file $(docv)." in
     Arg.(required & pos 0 (some string) None & info [] ~docv:"WASM_FILE" ~doc)
   in
+  let allowed_imports =
+    let doc = "List of modules we expect to import from." in
+    Arg.(
+      value
+      & opt_all (list ~sep:',' string) []
+      & info [ "allowed-imports" ] ~docv:"IMPORT" ~doc)
+  in
   let binaryen_options =
     let doc = "Pass option $(docv) to binaryen tools" in
     Arg.(value & opt_all string [] & info [ "binaryen" ] ~docv:"OPT" ~doc)
@@ -59,30 +67,45 @@ let options =
     let doc = "Pass option $(docv) to $(b,wasm-merge)" in
     Arg.(value & opt_all string [] & info [ "binaryen-merge" ] ~docv:"OPT" ~doc)
   in
-  let build_t input_modules output_file variables common opt merge =
+  let build_t input_modules output_file variables allowed_imports common opt merge =
+    let allowed_imports =
+      if List.is_empty allowed_imports then None else Some (List.concat allowed_imports)
+    in
     `Ok
-      { input_modules; output_file; variables; binaryen_options = { common; opt; merge } }
+      { input_modules
+      ; output_file
+      ; variables
+      ; allowed_imports
+      ; binaryen_options = { common; opt; merge }
+      }
   in
   let t =
     Term.(
       const build_t
       $ input_modules
       $ output_file
       $ Preprocess.variable_options
+      $ allowed_imports
       $ binaryen_options
       $ opt_options
       $ merge_options)
   in
   Term.ret t
 
 let link
-    { input_modules; output_file; variables; binaryen_options = { common; merge; opt } } =
+    { input_modules
+    ; output_file
+    ; variables
+    ; allowed_imports
+    ; binaryen_options = { common; merge; opt }
+    } =
   let inputs =
     List.map
       ~f:(fun (module_name, file) -> { Wat_preprocess.module_name; file; source = File })
       input_modules
   in
   Runtime.build
+    ~allowed_imports
     ~link_options:(common @ merge)
     ~opt_options:(common @ opt)
     ~variables:(Preprocess.set_variables variables)
diff --git a/compiler/lib-wasm/runtime.ml b/compiler/lib-wasm/runtime.ml
@@ -1,6 +1,6 @@
 open Stdlib
 
-let build ~link_options ~opt_options ~variables ~inputs ~output_file =
+let build ~allowed_imports ~link_options ~opt_options ~variables ~inputs ~output_file =
   Fs.with_intermediate_file (Filename.temp_file "runtime-merged" ".wasm")
   @@ fun merge_file ->
   (Wat_preprocess.with_preprocessed_files ~variables ~inputs
@@ -18,4 +18,20 @@ let build ~link_options ~opt_options ~variables ~inputs ~output_file =
     ~input_file:merge_file
     ~opt_output_sourcemap:None
     ~output_file
-    ()
+    ();
+  let imports = Link.Wasm_binary.read_imports ~file:output_file in
+  Option.iter allowed_imports ~f:(fun allowed_imports ->
+      let missing_imports =
+        List.filter
+          ~f:(fun { Link.Wasm_binary.module_; _ } ->
+            not (List.mem module_ ~set:allowed_imports))
+          imports
+      in
+      if not (List.is_empty missing_imports)
+      then (
+        Format.eprintf "The runtime contains unknown imports:@.";
+        List.iter
+          ~f:(fun { Link.Wasm_binary.module_; name } ->
+            Format.eprintf "  %s %s@." module_ name)
+          missing_imports;
+        exit 2))
diff --git a/compiler/lib-wasm/runtime.mli b/compiler/lib-wasm/runtime.mli
@@ -1,5 +1,6 @@
 val build :
-     link_options:string list
+     allowed_imports:string list option
+  -> link_options:string list
   -> opt_options:string list
   -> variables:(string * Wat_preprocess.value) list
   -> inputs:Wat_preprocess.input list
diff --git a/runtime/wasm/dune b/runtime/wasm/dune
@@ -17,6 +17,7 @@
    --binaryen=-g
    --binaryen-opt=-O3
    --set=effects=jspi
+   --allowed-imports=bindings,Math,js,wasm:js-string,wasm:text-encoder,wasm:text-decoder
    %{target}
    %{read-lines:args})))
 
@@ -31,6 +32,7 @@
    --binaryen=-g
    --binaryen-opt=-O3
    --set=effects=cps
+   --allowed-imports=bindings,Math,js,wasm:js-string,wasm:text-encoder,wasm:text-decoder
    %{target}
    %{read-lines:args})))
 
