1pub mod wit;
2
3use crate::capability_granter::CapabilityGranter;
4use crate::{ExtensionManifest, ExtensionSettings};
5use anyhow::{Context as _, Result, anyhow, bail};
6use async_trait::async_trait;
7use dap::{DebugRequest, StartDebuggingRequestArgumentsRequest};
8use extension::{
9 CodeLabel, Command, Completion, ContextServerConfiguration, DebugAdapterBinary,
10 DebugTaskDefinition, ExtensionCapability, ExtensionHostProxy, KeyValueStoreDelegate,
11 ProjectDelegate, SlashCommand, SlashCommandArgumentCompletion, SlashCommandOutput, Symbol,
12 WorktreeDelegate,
13};
14use fs::Fs;
15use futures::future::LocalBoxFuture;
16use futures::{
17 Future, FutureExt, StreamExt as _,
18 channel::{
19 mpsc::{self, UnboundedSender},
20 oneshot,
21 },
22 future::BoxFuture,
23};
24use gpui::{App, AsyncApp, BackgroundExecutor, Task};
25use http_client::HttpClient;
26use language::LanguageName;
27use lsp::LanguageServerName;
28use moka::sync::Cache;
29use node_runtime::NodeRuntime;
30use release_channel::ReleaseChannel;
31use semver::Version;
32use settings::Settings;
33use std::{
34 borrow::Cow,
35 path::{Path, PathBuf},
36 sync::{
37 Arc, LazyLock, OnceLock,
38 atomic::{AtomicBool, Ordering},
39 },
40 time::Duration,
41};
42use task::{DebugScenario, SpawnInTerminal, TaskTemplate, ZedDebugConfig};
43use util::paths::SanitizedPath;
44use wasmtime::{
45 CacheStore, Engine, Store,
46 component::{Component, ResourceTable},
47};
48use wasmtime_wasi::p2::{self as wasi, IoView as _};
49use wit::Extension;
50
51pub struct WasmHost {
52 engine: Engine,
53 release_channel: ReleaseChannel,
54 http_client: Arc<dyn HttpClient>,
55 node_runtime: NodeRuntime,
56 pub(crate) proxy: Arc<ExtensionHostProxy>,
57 fs: Arc<dyn Fs>,
58 pub work_dir: PathBuf,
59 /// The capabilities granted to extensions running on the host.
60 pub(crate) granted_capabilities: Vec<ExtensionCapability>,
61 _main_thread_message_task: Task<()>,
62 main_thread_message_tx: mpsc::UnboundedSender<MainThreadCall>,
63}
64
65#[derive(Clone, Debug)]
66pub struct WasmExtension {
67 tx: UnboundedSender<ExtensionCall>,
68 pub manifest: Arc<ExtensionManifest>,
69 pub work_dir: Arc<Path>,
70 #[allow(unused)]
71 pub zed_api_version: Version,
72 _task: Arc<Task<Result<(), gpui_tokio::JoinError>>>,
73}
74
75impl Drop for WasmExtension {
76 fn drop(&mut self) {
77 self.tx.close_channel();
78 }
79}
80
81#[async_trait]
82impl extension::Extension for WasmExtension {
83 fn manifest(&self) -> Arc<ExtensionManifest> {
84 self.manifest.clone()
85 }
86
87 fn work_dir(&self) -> Arc<Path> {
88 self.work_dir.clone()
89 }
90
91 async fn language_server_command(
92 &self,
93 language_server_id: LanguageServerName,
94 language_name: LanguageName,
95 worktree: Arc<dyn WorktreeDelegate>,
96 ) -> Result<Command> {
97 self.call(|extension, store| {
98 async move {
99 let resource = store.data_mut().table().push(worktree)?;
100 let command = extension
101 .call_language_server_command(
102 store,
103 &language_server_id,
104 &language_name,
105 resource,
106 )
107 .await?
108 .map_err(|err| store.data().extension_error(err))?;
109
110 Ok(command.into())
111 }
112 .boxed()
113 })
114 .await?
115 }
116
117 async fn language_server_initialization_options(
118 &self,
119 language_server_id: LanguageServerName,
120 language_name: LanguageName,
121 worktree: Arc<dyn WorktreeDelegate>,
122 ) -> Result<Option<String>> {
123 self.call(|extension, store| {
124 async move {
125 let resource = store.data_mut().table().push(worktree)?;
126 let options = extension
127 .call_language_server_initialization_options(
128 store,
129 &language_server_id,
130 &language_name,
131 resource,
132 )
133 .await?
134 .map_err(|err| store.data().extension_error(err))?;
135 anyhow::Ok(options)
136 }
137 .boxed()
138 })
139 .await?
140 }
141
142 async fn language_server_workspace_configuration(
143 &self,
144 language_server_id: LanguageServerName,
145 worktree: Arc<dyn WorktreeDelegate>,
146 ) -> Result<Option<String>> {
147 self.call(|extension, store| {
148 async move {
149 let resource = store.data_mut().table().push(worktree)?;
150 let options = extension
151 .call_language_server_workspace_configuration(
152 store,
153 &language_server_id,
154 resource,
155 )
156 .await?
157 .map_err(|err| store.data().extension_error(err))?;
158 anyhow::Ok(options)
159 }
160 .boxed()
161 })
162 .await?
163 }
164
165 async fn language_server_additional_initialization_options(
166 &self,
167 language_server_id: LanguageServerName,
168 target_language_server_id: LanguageServerName,
169 worktree: Arc<dyn WorktreeDelegate>,
170 ) -> Result<Option<String>> {
171 self.call(|extension, store| {
172 async move {
173 let resource = store.data_mut().table().push(worktree)?;
174 let options = extension
175 .call_language_server_additional_initialization_options(
176 store,
177 &language_server_id,
178 &target_language_server_id,
179 resource,
180 )
181 .await?
182 .map_err(|err| store.data().extension_error(err))?;
183 anyhow::Ok(options)
184 }
185 .boxed()
186 })
187 .await?
188 }
189
190 async fn language_server_additional_workspace_configuration(
191 &self,
192 language_server_id: LanguageServerName,
193 target_language_server_id: LanguageServerName,
194 worktree: Arc<dyn WorktreeDelegate>,
195 ) -> Result<Option<String>> {
196 self.call(|extension, store| {
197 async move {
198 let resource = store.data_mut().table().push(worktree)?;
199 let options = extension
200 .call_language_server_additional_workspace_configuration(
201 store,
202 &language_server_id,
203 &target_language_server_id,
204 resource,
205 )
206 .await?
207 .map_err(|err| store.data().extension_error(err))?;
208 anyhow::Ok(options)
209 }
210 .boxed()
211 })
212 .await?
213 }
214
215 async fn labels_for_completions(
216 &self,
217 language_server_id: LanguageServerName,
218 completions: Vec<Completion>,
219 ) -> Result<Vec<Option<CodeLabel>>> {
220 self.call(|extension, store| {
221 async move {
222 let labels = extension
223 .call_labels_for_completions(
224 store,
225 &language_server_id,
226 completions.into_iter().map(Into::into).collect(),
227 )
228 .await?
229 .map_err(|err| store.data().extension_error(err))?;
230
231 Ok(labels
232 .into_iter()
233 .map(|label| label.map(Into::into))
234 .collect())
235 }
236 .boxed()
237 })
238 .await?
239 }
240
241 async fn labels_for_symbols(
242 &self,
243 language_server_id: LanguageServerName,
244 symbols: Vec<Symbol>,
245 ) -> Result<Vec<Option<CodeLabel>>> {
246 self.call(|extension, store| {
247 async move {
248 let labels = extension
249 .call_labels_for_symbols(
250 store,
251 &language_server_id,
252 symbols.into_iter().map(Into::into).collect(),
253 )
254 .await?
255 .map_err(|err| store.data().extension_error(err))?;
256
257 Ok(labels
258 .into_iter()
259 .map(|label| label.map(Into::into))
260 .collect())
261 }
262 .boxed()
263 })
264 .await?
265 }
266
267 async fn complete_slash_command_argument(
268 &self,
269 command: SlashCommand,
270 arguments: Vec<String>,
271 ) -> Result<Vec<SlashCommandArgumentCompletion>> {
272 self.call(|extension, store| {
273 async move {
274 let completions = extension
275 .call_complete_slash_command_argument(store, &command.into(), &arguments)
276 .await?
277 .map_err(|err| store.data().extension_error(err))?;
278
279 Ok(completions.into_iter().map(Into::into).collect())
280 }
281 .boxed()
282 })
283 .await?
284 }
285
286 async fn run_slash_command(
287 &self,
288 command: SlashCommand,
289 arguments: Vec<String>,
290 delegate: Option<Arc<dyn WorktreeDelegate>>,
291 ) -> Result<SlashCommandOutput> {
292 self.call(|extension, store| {
293 async move {
294 let resource = if let Some(delegate) = delegate {
295 Some(store.data_mut().table().push(delegate)?)
296 } else {
297 None
298 };
299
300 let output = extension
301 .call_run_slash_command(store, &command.into(), &arguments, resource)
302 .await?
303 .map_err(|err| store.data().extension_error(err))?;
304
305 Ok(output.into())
306 }
307 .boxed()
308 })
309 .await?
310 }
311
312 async fn context_server_command(
313 &self,
314 context_server_id: Arc<str>,
315 project: Arc<dyn ProjectDelegate>,
316 ) -> Result<Command> {
317 self.call(|extension, store| {
318 async move {
319 let project_resource = store.data_mut().table().push(project)?;
320 let command = extension
321 .call_context_server_command(store, context_server_id.clone(), project_resource)
322 .await?
323 .map_err(|err| store.data().extension_error(err))?;
324 anyhow::Ok(command.into())
325 }
326 .boxed()
327 })
328 .await?
329 }
330
331 async fn context_server_configuration(
332 &self,
333 context_server_id: Arc<str>,
334 project: Arc<dyn ProjectDelegate>,
335 ) -> Result<Option<ContextServerConfiguration>> {
336 self.call(|extension, store| {
337 async move {
338 let project_resource = store.data_mut().table().push(project)?;
339 let Some(configuration) = extension
340 .call_context_server_configuration(
341 store,
342 context_server_id.clone(),
343 project_resource,
344 )
345 .await?
346 .map_err(|err| store.data().extension_error(err))?
347 else {
348 return Ok(None);
349 };
350
351 Ok(Some(configuration.try_into()?))
352 }
353 .boxed()
354 })
355 .await?
356 }
357
358 async fn suggest_docs_packages(&self, provider: Arc<str>) -> Result<Vec<String>> {
359 self.call(|extension, store| {
360 async move {
361 let packages = extension
362 .call_suggest_docs_packages(store, provider.as_ref())
363 .await?
364 .map_err(|err| store.data().extension_error(err))?;
365
366 Ok(packages)
367 }
368 .boxed()
369 })
370 .await?
371 }
372
373 async fn index_docs(
374 &self,
375 provider: Arc<str>,
376 package_name: Arc<str>,
377 kv_store: Arc<dyn KeyValueStoreDelegate>,
378 ) -> Result<()> {
379 self.call(|extension, store| {
380 async move {
381 let kv_store_resource = store.data_mut().table().push(kv_store)?;
382 extension
383 .call_index_docs(
384 store,
385 provider.as_ref(),
386 package_name.as_ref(),
387 kv_store_resource,
388 )
389 .await?
390 .map_err(|err| store.data().extension_error(err))?;
391
392 anyhow::Ok(())
393 }
394 .boxed()
395 })
396 .await?
397 }
398
399 async fn get_dap_binary(
400 &self,
401 dap_name: Arc<str>,
402 config: DebugTaskDefinition,
403 user_installed_path: Option<PathBuf>,
404 worktree: Arc<dyn WorktreeDelegate>,
405 ) -> Result<DebugAdapterBinary> {
406 self.call(|extension, store| {
407 async move {
408 let resource = store.data_mut().table().push(worktree)?;
409 let dap_binary = extension
410 .call_get_dap_binary(store, dap_name, config, user_installed_path, resource)
411 .await?
412 .map_err(|err| store.data().extension_error(err))?;
413 let dap_binary = dap_binary.try_into()?;
414 Ok(dap_binary)
415 }
416 .boxed()
417 })
418 .await?
419 }
420 async fn dap_request_kind(
421 &self,
422 dap_name: Arc<str>,
423 config: serde_json::Value,
424 ) -> Result<StartDebuggingRequestArgumentsRequest> {
425 self.call(|extension, store| {
426 async move {
427 let kind = extension
428 .call_dap_request_kind(store, dap_name, config)
429 .await?
430 .map_err(|err| store.data().extension_error(err))?;
431 Ok(kind.into())
432 }
433 .boxed()
434 })
435 .await?
436 }
437
438 async fn dap_config_to_scenario(&self, config: ZedDebugConfig) -> Result<DebugScenario> {
439 self.call(|extension, store| {
440 async move {
441 let kind = extension
442 .call_dap_config_to_scenario(store, config)
443 .await?
444 .map_err(|err| store.data().extension_error(err))?;
445 Ok(kind)
446 }
447 .boxed()
448 })
449 .await?
450 }
451
452 async fn dap_locator_create_scenario(
453 &self,
454 locator_name: String,
455 build_config_template: TaskTemplate,
456 resolved_label: String,
457 debug_adapter_name: String,
458 ) -> Result<Option<DebugScenario>> {
459 self.call(|extension, store| {
460 async move {
461 extension
462 .call_dap_locator_create_scenario(
463 store,
464 locator_name,
465 build_config_template,
466 resolved_label,
467 debug_adapter_name,
468 )
469 .await
470 }
471 .boxed()
472 })
473 .await?
474 }
475 async fn run_dap_locator(
476 &self,
477 locator_name: String,
478 config: SpawnInTerminal,
479 ) -> Result<DebugRequest> {
480 self.call(|extension, store| {
481 async move {
482 extension
483 .call_run_dap_locator(store, locator_name, config)
484 .await?
485 .map_err(|err| store.data().extension_error(err))
486 }
487 .boxed()
488 })
489 .await?
490 }
491}
492
493pub struct WasmState {
494 manifest: Arc<ExtensionManifest>,
495 pub table: ResourceTable,
496 ctx: wasi::WasiCtx,
497 pub host: Arc<WasmHost>,
498 pub(crate) capability_granter: CapabilityGranter,
499}
500
501std::thread_local! {
502 /// Used by the crash handler to ignore panics in extension-related threads.
503 pub static IS_WASM_THREAD: AtomicBool = const { AtomicBool::new(false) };
504}
505
506type MainThreadCall = Box<dyn Send + for<'a> FnOnce(&'a mut AsyncApp) -> LocalBoxFuture<'a, ()>>;
507
508type ExtensionCall = Box<
509 dyn Send + for<'a> FnOnce(&'a mut Extension, &'a mut Store<WasmState>) -> BoxFuture<'a, ()>,
510>;
511
512fn wasm_engine(executor: &BackgroundExecutor) -> wasmtime::Engine {
513 static WASM_ENGINE: OnceLock<wasmtime::Engine> = OnceLock::new();
514 WASM_ENGINE
515 .get_or_init(|| {
516 let mut config = wasmtime::Config::new();
517 config.wasm_component_model(true);
518 config.async_support(true);
519 config
520 .enable_incremental_compilation(cache_store())
521 .unwrap();
522 // Async support introduces the issue that extension execution happens during `Future::poll`,
523 // which could block an async thread.
524 // https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#execution-in-poll
525 //
526 // Epoch interruption is a lightweight mechanism to allow the extensions to yield control
527 // back to the executor at regular intervals.
528 config.epoch_interruption(true);
529
530 let engine = wasmtime::Engine::new(&config).unwrap();
531
532 // It might be safer to do this on a non-async thread to make sure it makes progress
533 // regardless of if extensions are blocking.
534 // However, due to our current setup, this isn't a likely occurrence and we'd rather
535 // not have a dedicated thread just for this. If it becomes an issue, we can consider
536 // creating a separate thread for epoch interruption.
537 let engine_ref = engine.weak();
538 let executor2 = executor.clone();
539 executor
540 .spawn(async move {
541 // Somewhat arbitrary interval, as it isn't a guaranteed interval.
542 // But this is a rough upper bound for how long the extension execution can block on
543 // `Future::poll`.
544 const EPOCH_INTERVAL: Duration = Duration::from_millis(100);
545 loop {
546 executor2.timer(EPOCH_INTERVAL).await;
547 // Exit the loop and thread once the engine is dropped.
548 let Some(engine) = engine_ref.upgrade() else {
549 break;
550 };
551 engine.increment_epoch();
552 }
553 })
554 .detach();
555
556 engine
557 })
558 .clone()
559}
560
561fn cache_store() -> Arc<IncrementalCompilationCache> {
562 static CACHE_STORE: LazyLock<Arc<IncrementalCompilationCache>> =
563 LazyLock::new(|| Arc::new(IncrementalCompilationCache::new()));
564 CACHE_STORE.clone()
565}
566
567impl WasmHost {
568 pub fn new(
569 fs: Arc<dyn Fs>,
570 http_client: Arc<dyn HttpClient>,
571 node_runtime: NodeRuntime,
572 proxy: Arc<ExtensionHostProxy>,
573 work_dir: PathBuf,
574 cx: &mut App,
575 ) -> Arc<Self> {
576 let (tx, mut rx) = mpsc::unbounded::<MainThreadCall>();
577 let task = cx.spawn(async move |cx| {
578 while let Some(message) = rx.next().await {
579 message(cx).await;
580 }
581 });
582
583 let extension_settings = ExtensionSettings::get_global(cx);
584
585 Arc::new(Self {
586 engine: wasm_engine(cx.background_executor()),
587 fs,
588 work_dir,
589 http_client,
590 node_runtime,
591 proxy,
592 release_channel: ReleaseChannel::global(cx),
593 granted_capabilities: extension_settings.granted_capabilities.clone(),
594 _main_thread_message_task: task,
595 main_thread_message_tx: tx,
596 })
597 }
598
599 pub fn load_extension(
600 self: &Arc<Self>,
601 wasm_bytes: Vec<u8>,
602 manifest: &Arc<ExtensionManifest>,
603 cx: &AsyncApp,
604 ) -> Task<Result<WasmExtension>> {
605 let this = self.clone();
606 let manifest = manifest.clone();
607 let executor = cx.background_executor().clone();
608
609 // Parse version and compile component on gpui's background executor.
610 // These are cpu-bound operations that don't require a tokio runtime.
611 let compile_task = {
612 let manifest_id = manifest.id.clone();
613 let engine = this.engine.clone();
614
615 executor.spawn(async move {
616 let zed_api_version = parse_wasm_extension_version(&manifest_id, &wasm_bytes)?;
617 let component = Component::from_binary(&engine, &wasm_bytes)
618 .context("failed to compile wasm component")?;
619
620 anyhow::Ok((zed_api_version, component))
621 })
622 };
623
624 let load_extension = |zed_api_version: Version, component| async move {
625 let wasi_ctx = this.build_wasi_ctx(&manifest).await?;
626 let mut store = wasmtime::Store::new(
627 &this.engine,
628 WasmState {
629 ctx: wasi_ctx,
630 manifest: manifest.clone(),
631 table: ResourceTable::new(),
632 host: this.clone(),
633 capability_granter: CapabilityGranter::new(
634 this.granted_capabilities.clone(),
635 manifest.clone(),
636 ),
637 },
638 );
639 // Store will yield after 1 tick, and get a new deadline of 1 tick after each yield.
640 store.set_epoch_deadline(1);
641 store.epoch_deadline_async_yield_and_update(1);
642
643 let mut extension = Extension::instantiate_async(
644 &executor,
645 &mut store,
646 this.release_channel,
647 zed_api_version.clone(),
648 &component,
649 )
650 .await?;
651
652 extension
653 .call_init_extension(&mut store)
654 .await
655 .context("failed to initialize wasm extension")?;
656
657 let (tx, mut rx) = mpsc::unbounded::<ExtensionCall>();
658 let extension_task = async move {
659 // note: Setting the thread local here will slowly "poison" all tokio threads
660 // causing us to not record their panics any longer.
661 //
662 // This is fine though, the main zed binary only uses tokio for livekit and wasm extensions.
663 // Livekit seldom (if ever) panics 🤞 so the likelihood of us missing a panic in sentry is very low.
664 IS_WASM_THREAD.with(|v| v.store(true, Ordering::Release));
665 while let Some(call) = rx.next().await {
666 (call)(&mut extension, &mut store).await;
667 }
668 };
669
670 anyhow::Ok((
671 extension_task,
672 manifest.clone(),
673 this.work_dir.join(manifest.id.as_ref()).into(),
674 tx,
675 zed_api_version,
676 ))
677 };
678
679 cx.spawn(async move |cx| {
680 let (zed_api_version, component) = compile_task.await?;
681
682 // Run wasi-dependent operations on tokio.
683 // wasmtime_wasi internally uses tokio for I/O operations.
684 let (extension_task, manifest, work_dir, tx, zed_api_version) =
685 gpui_tokio::Tokio::spawn(cx, load_extension(zed_api_version, component)).await??;
686
687 // Run the extension message loop on tokio since extension
688 // calls may invoke wasi functions that require a tokio runtime.
689 let task = Arc::new(gpui_tokio::Tokio::spawn(cx, extension_task));
690
691 Ok(WasmExtension {
692 manifest,
693 work_dir,
694 tx,
695 zed_api_version,
696 _task: task,
697 })
698 })
699 }
700
701 async fn build_wasi_ctx(&self, manifest: &Arc<ExtensionManifest>) -> Result<wasi::WasiCtx> {
702 let extension_work_dir = self.work_dir.join(manifest.id.as_ref());
703 self.fs
704 .create_dir(&extension_work_dir)
705 .await
706 .context("failed to create extension work dir")?;
707
708 let file_perms = wasmtime_wasi::FilePerms::all();
709 let dir_perms = wasmtime_wasi::DirPerms::all();
710 let path = SanitizedPath::new(&extension_work_dir).to_string();
711 #[cfg(target_os = "windows")]
712 let path = path.replace('\\', "/");
713
714 let mut ctx = wasi::WasiCtxBuilder::new();
715 ctx.inherit_stdio()
716 .env("PWD", &path)
717 .env("RUST_BACKTRACE", "full");
718
719 ctx.preopened_dir(&path, ".", dir_perms, file_perms)?;
720 ctx.preopened_dir(&path, &path, dir_perms, file_perms)?;
721
722 Ok(ctx.build())
723 }
724
725 pub async fn writeable_path_from_extension(
726 &self,
727 id: &Arc<str>,
728 path: &Path,
729 ) -> Result<PathBuf> {
730 let canonical_work_dir = self
731 .fs
732 .canonicalize(&self.work_dir)
733 .await
734 .with_context(|| format!("canonicalizing work dir {:?}", self.work_dir))?;
735 let extension_work_dir = canonical_work_dir.join(id.as_ref());
736
737 let absolute = if path.is_relative() {
738 extension_work_dir.join(path)
739 } else {
740 path.to_path_buf()
741 };
742
743 let normalized = util::paths::normalize_lexically(&absolute)
744 .map_err(|_| anyhow!("path {path:?} escapes its parent"))?;
745
746 // Canonicalize the nearest existing ancestor to resolve any symlinks
747 // in the on-disk portion of the path. Components beyond that ancestor
748 // are re-appended, which lets this work for destinations that don't
749 // exist yet (e.g. nested directories created by tar extraction).
750 let mut existing = normalized.as_path();
751 let mut tail_components = Vec::new();
752 let canonical_prefix = loop {
753 match self.fs.canonicalize(existing).await {
754 Ok(canonical) => break canonical,
755 Err(_) => {
756 if let Some(file_name) = existing.file_name() {
757 tail_components.push(file_name.to_owned());
758 }
759 existing = existing
760 .parent()
761 .context(format!("cannot resolve path {path:?}"))?;
762 }
763 }
764 };
765
766 let mut resolved = canonical_prefix;
767 for component in tail_components.into_iter().rev() {
768 resolved.push(component);
769 }
770
771 anyhow::ensure!(
772 resolved.starts_with(&extension_work_dir),
773 "cannot write to path {resolved:?}",
774 );
775 Ok(resolved)
776 }
777}
778
779pub fn parse_wasm_extension_version(extension_id: &str, wasm_bytes: &[u8]) -> Result<Version> {
780 let mut version = None;
781
782 for part in wasmparser::Parser::new(0).parse_all(wasm_bytes) {
783 if let wasmparser::Payload::CustomSection(s) =
784 part.context("error parsing wasm extension")?
785 && s.name() == "zed:api-version"
786 {
787 version = parse_wasm_extension_version_custom_section(s.data());
788 if version.is_none() {
789 bail!(
790 "extension {} has invalid zed:api-version section: {:?}",
791 extension_id,
792 s.data()
793 );
794 }
795 }
796 }
797
798 // The reason we wait until we're done parsing all of the Wasm bytes to return the version
799 // is to work around a panic that can happen inside of Wasmtime when the bytes are invalid.
800 //
801 // By parsing the entirety of the Wasm bytes before we return, we're able to detect this problem
802 // earlier as an `Err` rather than as a panic.
803 version.with_context(|| format!("extension {extension_id} has no zed:api-version section"))
804}
805
806fn parse_wasm_extension_version_custom_section(data: &[u8]) -> Option<Version> {
807 if data.len() == 6 {
808 Some(Version::new(
809 u16::from_be_bytes([data[0], data[1]]) as _,
810 u16::from_be_bytes([data[2], data[3]]) as _,
811 u16::from_be_bytes([data[4], data[5]]) as _,
812 ))
813 } else {
814 None
815 }
816}
817
818impl WasmExtension {
819 pub async fn load(
820 extension_dir: &Path,
821 manifest: &Arc<ExtensionManifest>,
822 wasm_host: Arc<WasmHost>,
823 cx: &AsyncApp,
824 ) -> Result<Self> {
825 let path = extension_dir.join("extension.wasm");
826
827 let mut wasm_file = wasm_host
828 .fs
829 .open_sync(&path)
830 .await
831 .context(format!("opening wasm file, path: {path:?}"))?;
832
833 let mut wasm_bytes = Vec::new();
834 wasm_file
835 .read_to_end(&mut wasm_bytes)
836 .context(format!("reading wasm file, path: {path:?}"))?;
837
838 wasm_host
839 .load_extension(wasm_bytes, manifest, cx)
840 .await
841 .with_context(|| format!("loading wasm extension: {}", manifest.id))
842 }
843
844 pub async fn call<T, Fn>(&self, f: Fn) -> Result<T>
845 where
846 T: 'static + Send,
847 Fn: 'static
848 + Send
849 + for<'a> FnOnce(&'a mut Extension, &'a mut Store<WasmState>) -> BoxFuture<'a, T>,
850 {
851 let (return_tx, return_rx) = oneshot::channel();
852 self.tx
853 .unbounded_send(Box::new(move |extension, store| {
854 async {
855 let result = f(extension, store).await;
856 return_tx.send(result).ok();
857 }
858 .boxed()
859 }))
860 .map_err(|_| {
861 anyhow!(
862 "wasm extension channel should not be closed yet, extension {} (id {})",
863 self.manifest.name,
864 self.manifest.id,
865 )
866 })?;
867 return_rx.await.with_context(|| {
868 format!(
869 "wasm extension channel, extension {} (id {})",
870 self.manifest.name, self.manifest.id,
871 )
872 })
873 }
874}
875
876impl WasmState {
877 fn on_main_thread<T, Fn>(&self, f: Fn) -> impl 'static + Future<Output = T>
878 where
879 T: 'static + Send,
880 Fn: 'static + Send + for<'a> FnOnce(&'a mut AsyncApp) -> LocalBoxFuture<'a, T>,
881 {
882 let (return_tx, return_rx) = oneshot::channel();
883 self.host
884 .main_thread_message_tx
885 .clone()
886 .unbounded_send(Box::new(move |cx| {
887 async {
888 let result = f(cx).await;
889 return_tx.send(result).ok();
890 }
891 .boxed_local()
892 }))
893 .unwrap_or_else(|_| {
894 panic!(
895 "main thread message channel should not be closed yet, extension {} (id {})",
896 self.manifest.name, self.manifest.id,
897 )
898 });
899 let name = self.manifest.name.clone();
900 let id = self.manifest.id.clone();
901 async move {
902 return_rx.await.unwrap_or_else(|_| {
903 panic!("main thread message channel, extension {name} (id {id})")
904 })
905 }
906 }
907
908 fn work_dir(&self) -> PathBuf {
909 self.host.work_dir.join(self.manifest.id.as_ref())
910 }
911
912 fn extension_error(&self, message: String) -> anyhow::Error {
913 anyhow!(
914 "from extension \"{}\" version {}: {}",
915 self.manifest.name,
916 self.manifest.version,
917 message
918 )
919 }
920}
921
922impl wasi::IoView for WasmState {
923 fn table(&mut self) -> &mut ResourceTable {
924 &mut self.table
925 }
926}
927
928impl wasi::WasiView for WasmState {
929 fn ctx(&mut self) -> &mut wasi::WasiCtx {
930 &mut self.ctx
931 }
932}
933
934/// Wrapper around a mini-moka bounded cache for storing incremental compilation artifacts.
935/// Since wasm modules have many similar elements, this can save us a lot of work at the
936/// cost of a small memory footprint. However, we don't want this to be unbounded, so we use
937/// a LFU/LRU cache to evict less used cache entries.
938#[derive(Debug)]
939struct IncrementalCompilationCache {
940 cache: Cache<Vec<u8>, Vec<u8>>,
941}
942
943impl IncrementalCompilationCache {
944 fn new() -> Self {
945 let cache = Cache::builder()
946 // Cap this at 32 MB for now. Our extensions turn into roughly 512kb in the cache,
947 // which means we could store 64 completely novel extensions in the cache, but in
948 // practice we will more than that, which is more than enough for our use case.
949 .max_capacity(32 * 1024 * 1024)
950 .weigher(|k: &Vec<u8>, v: &Vec<u8>| (k.len() + v.len()).try_into().unwrap_or(u32::MAX))
951 .build();
952 Self { cache }
953 }
954}
955
956impl CacheStore for IncrementalCompilationCache {
957 fn get(&self, key: &[u8]) -> Option<Cow<'_, [u8]>> {
958 self.cache.get(key).map(|v| v.into())
959 }
960
961 fn insert(&self, key: &[u8], value: Vec<u8>) -> bool {
962 self.cache.insert(key.to_vec(), value);
963 true
964 }
965}
966
967#[cfg(test)]
968mod tests {
969 use super::*;
970 use extension::ExtensionHostProxy;
971 use fs::FakeFs;
972 use gpui::TestAppContext;
973 use http_client::FakeHttpClient;
974 use node_runtime::NodeRuntime;
975 use serde_json::json;
976 use settings::SettingsStore;
977
978 fn init_test(cx: &mut TestAppContext) {
979 cx.update(|cx| {
980 let store = SettingsStore::test(cx);
981 cx.set_global(store);
982 release_channel::init(semver::Version::new(0, 0, 0), cx);
983 extension::init(cx);
984 gpui_tokio::init(cx);
985 });
986 }
987
988 #[gpui::test]
989 async fn test_writeable_path_rejects_escape_attempts(cx: &mut TestAppContext) {
990 init_test(cx);
991
992 let fs = FakeFs::new(cx.executor());
993 fs.insert_tree(
994 "/work",
995 json!({
996 "test-extension": {
997 "legit.txt": "legitimate content"
998 }
999 }),
1000 )
1001 .await;
1002 fs.insert_tree("/outside", json!({ "secret.txt": "sensitive data" }))
1003 .await;
1004 fs.insert_symlink("/work/test-extension/escape", PathBuf::from("/outside"))
1005 .await;
1006
1007 let host = cx.update(|cx| {
1008 WasmHost::new(
1009 fs.clone(),
1010 FakeHttpClient::with_200_response(),
1011 NodeRuntime::unavailable(),
1012 Arc::new(ExtensionHostProxy::default()),
1013 PathBuf::from("/work"),
1014 cx,
1015 )
1016 });
1017
1018 let extension_id: Arc<str> = "test-extension".into();
1019
1020 // A path traversing through a symlink that points outside the work dir
1021 // must be rejected. Canonicalization resolves the symlink before the
1022 // prefix check, so this is caught.
1023 let result = host
1024 .writeable_path_from_extension(
1025 &extension_id,
1026 Path::new("/work/test-extension/escape/secret.txt"),
1027 )
1028 .await;
1029 assert!(
1030 result.is_err(),
1031 "symlink escape should be rejected, but got: {result:?}",
1032 );
1033
1034 // A path using `..` to escape the extension work dir must be rejected.
1035 let result = host
1036 .writeable_path_from_extension(
1037 &extension_id,
1038 Path::new("/work/test-extension/../../outside/secret.txt"),
1039 )
1040 .await;
1041 assert!(
1042 result.is_err(),
1043 "parent traversal escape should be rejected, but got: {result:?}",
1044 );
1045
1046 // A legitimate path within the extension work dir should succeed.
1047 let result = host
1048 .writeable_path_from_extension(
1049 &extension_id,
1050 Path::new("/work/test-extension/legit.txt"),
1051 )
1052 .await;
1053 assert!(
1054 result.is_ok(),
1055 "legitimate path should be accepted, but got: {result:?}",
1056 );
1057
1058 // A relative path with non-existent intermediate directories should
1059 // succeed, mirroring the integration test pattern where an extension
1060 // downloads a tar to e.g. "gleam-v1.2.3" (creating the directory)
1061 // and then references "gleam-v1.2.3/gleam" inside it.
1062 let result = host
1063 .writeable_path_from_extension(&extension_id, Path::new("new-dir/nested/binary"))
1064 .await;
1065 assert!(
1066 result.is_ok(),
1067 "relative path with non-existent parents should be accepted, but got: {result:?}",
1068 );
1069
1070 // A symlink deeper than the immediate parent must still be caught.
1071 // Here "escape" is a symlink to /outside, so "escape/deep/file.txt"
1072 // has multiple non-existent components beyond the symlink.
1073 let result = host
1074 .writeable_path_from_extension(&extension_id, Path::new("escape/deep/nested/file.txt"))
1075 .await;
1076 assert!(
1077 result.is_err(),
1078 "symlink escape through deep non-existent path should be rejected, but got: {result:?}",
1079 );
1080 }
1081}