Add WASIp2 build and test support#3172
Open
justsmth wants to merge 4 commits into
Open
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3172 +/- ##
==========================================
- Coverage 78.13% 78.12% -0.02%
==========================================
Files 689 689
Lines 123563 123564 +1
Branches 17183 17184 +1
==========================================
- Hits 96550 96529 -21
- Misses 26095 26115 +20
- Partials 918 920 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Add sub-variant macros under OPENSSL_WASM for WASI and Emscripten targets, allowing code to specialize for each WebAssembly environment. WASI Preview 2 does not support pthreads, BSD sockets, or terminal I/O, so set OPENSSL_NO_SOCK, OPENSSL_NO_TTY, and OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED when OPENSSL_WASM_WASI is defined. WASI does provide filesystem access and getentropy() for randomness, so OPENSSL_NO_FILESYSTEM and OPENSSL_NO_POSIX_IO are intentionally not set.
Guard fork-dependent code in rand_test.cc behind !OPENSSL_WASM_WASI, consistent with the existing OPENSSL_WINDOWS and OPENSSL_IOS guards. Guard the iovec redefinition in bio_ssl.cc behind !OPENSSL_WASM_WASI. WASI's libc provides iovec through standard headers, so the local definition would be a redefinition error. Other OPENSSL_NO_SOCK platforms (nanolibc, baremetal) still need the local definition since their libcs don't provide it. Add WASI implementations of createTempFILEpath, createTempDirPath, and createRawTempFILE in test_util.cc and TemporaryFile::Init in file_util.cc. WASI lacks mkstemp/mkdtemp/tmpfile, so these use counter-based naming with RAND_bytes for uniqueness. Thread safety of the static counters is a non-issue since WASI is single-threaded. Guard forkAndRunTest to return false on WASI (no fork support).
Skip explicit -lpthread linking on Generic systems in crypto/CMakeLists.txt. The AWSLC_LINK_THREADS path already excludes Generic, but the legacy direct -lpthread link did not have that guard. Use OBJECT library instead of STATIC for boringssl_gtest_main on Generic systems. wasm-ld does not pull main() from static archives, causing 'undefined_weak:main' runtime errors. OBJECT ensures gtest_main.o is directly included in every test executable. Guard rwlock_static_init (requires std::thread/pthreads), the OCSP integration test (requires sockets), and bssl_shim (requires BIO_new_socket) behind NOT CMAKE_SYSTEM_NAME STREQUAL "Generic". Add GTEST_HAS_DEATH_TEST=0 and GTEST_HAS_STREAM_REDIRECTION=0 compile definitions for wasm32 Generic targets in the top-level CMakeLists.txt. WASI lacks fork() and dup()/dup2() which these GTest features require.
Add util/wasi-sdk-toolchain.cmake for cross-compiling to wasm32-wasip2. Configures the WASI SDK compilers, sysroot, WASI-emulated signal/clock libraries, and wasm memory layout (1MB stack, 128MB initial, 256MB max). Add tests/ci/run_wasi_tests.sh which builds AWS-LC in Release mode with -DDISABLE_GO=ON -DDISABLE_PERL=ON and runs crypto_test, ssl_test, and urandom_test under wasmtime. Tests requiring fork, sockets, threads, or unsupported file operations are excluded via gtest filter. Add .github/workflows/wasi.yml which installs WASI SDK 25 and wasmtime 29.0.1 on ubuntu-latest and invokes the test script.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes:
Add support for building and testing AWS-LC on the
wasm32-wasip2target using the WASI SDK. WASI Preview 2 does not support pthreads, BSD sockets, or terminal I/O, so the corresponding capability flags (OPENSSL_NO_SOCK,OPENSSL_NO_TTY,OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED) are set when the newOPENSSL_WASM_WASImacro is defined. WASI does provide filesystem access andgetentropy(), so those capabilities are left intact.New files:
util/wasi-sdk-toolchain.cmake— CMake toolchain file for cross-compiling towasm32-wasip2.tests/ci/run_wasi_tests.sh— CI script that builds AWS-LC and runscrypto_test,ssl_test, andurandom_testunder wasmtime..github/workflows/wasi.yml— CI workflow for WASI builds.Call-outs:
boringssl_gtest_mainis built as anOBJECTlibrary (instead ofSTATIC) on WASI to work around wasm-ld not pullingmainfrom static archives.iovecredefinition guard inssl/bio_ssl.ccis scoped toOPENSSL_WASM_WASI; WASI's libc providesiovecthrough standard headers so the redefinition would be a conflict.Testing:
The
wasi.ymlCI workflow builds with WASI SDK 25 and runs tests under wasmtime 29.0.1.crypto_test,ssl_test, andurandom_testare executed with a gtest filter excluding tests that require fork, sockets, threads, or unsupported file operations.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.