You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hyperpolymath/typed-wasm has filed proposal 0002 — the access-site carrier section (typedwasm.access-sites) that completes L2 enforcement on emitted wasm by mapping i32.load offset=N back to (region_id, field_id).
This is the companion to proposal 0001 (which ephapax already reviewed in #165). 0002 is the spec response to typed-wasm#78 (access-site carrier gap discovered during 0001's codec work).
Per 0002's §Coordination with downstream producers (line 252) and §Acceptance criteria (line 384), this proposal requires explicit review-and-sign-off from ephapax maintainers before promotion from [draft] to [accepted].
What we're asking
Please review the proposal as it relates to ephapax's wasm emitter (src/ephapax-wasm/). The proposal proposes Encoding B (LEB128 per field) at v1, with per-instruction (func_idx, byte_offset, region_id, field_id) records emitted after any optimisation passes (e.g. wasm-opt).
Specifically, please assess:
Post-optimisation emission constraint. Ephapax currently emits typedwasm.ownership from src/ephapax-wasm/src/lib.rs:1277. Will the access-site carrier need to land downstream of any binaryen / wasm-opt pass in ephapax's pipeline, or does ephapax skip that step today? If skipped, this proposal's "emit AFTER all such passes" requirement is trivially satisfied; if not, ephapax needs a hook between optimisation and final emission.
byte_offset stability. Encoding B records byte_offset of each typed access within the function body. Does ephapax's codegen produce stable offsets at the point of emission (no further rewrites after section build), or is there a rewrite stage that would invalidate offsets?
Source-language scope. Per the proposal, typed accesses are defined as i32.load offset=N / i32.store offset=N instructions emitted as part of a typed region access (not arbitrary memory ops). Does ephapax's codegen distinguish typed-region loads from arbitrary memory loads at emission time? If not, this is a producer-side work item.
Encoding cost. Per the prototype measurement in typed-wasm#78's second comment, Encoding B is ~5 B/access (~43% overhead vs the bare i32.load). Acceptable for ephapax-emitted modules?
verify_region_binding interaction. The proposal's acceptance criterion 4 lands the verify_region_binding pass (omitted from typed-wasm PR V2 grammar extern typecheck #77 pending this proposal). Does ephapax need any change to how it currently emits typedwasm.ownership to accommodate the verifier's L2 round-trip, or is the change wholly on the typed-wasm verifier side?
Process
This is the paired-review pattern that worked for proposal 0001 (this repo's #165 + affinescript#402). Same shape:
File this issue + the affinescript sibling.
Maintainers post a structured review comment ("covered / gap / not-emitted-yet" per question).
When both producers greenlight, proposal 0002 promotes [draft] → [accepted] and the codec + verifier work in typed-wasm proceeds.
Context
hyperpolymath/typed-wasm has filed proposal 0002 — the access-site carrier section (
typedwasm.access-sites) that completes L2 enforcement on emitted wasm by mappingi32.load offset=Nback to(region_id, field_id).This is the companion to proposal 0001 (which ephapax already reviewed in #165). 0002 is the spec response to typed-wasm#78 (access-site carrier gap discovered during 0001's codec work).
Per 0002's §Coordination with downstream producers (line 252) and §Acceptance criteria (line 384), this proposal requires explicit review-and-sign-off from ephapax maintainers before promotion from
[draft]to[accepted].What we're asking
Please review the proposal as it relates to ephapax's wasm emitter (
src/ephapax-wasm/). The proposal proposes Encoding B (LEB128 per field) at v1, with per-instruction(func_idx, byte_offset, region_id, field_id)records emitted after any optimisation passes (e.g. wasm-opt).Specifically, please assess:
Post-optimisation emission constraint. Ephapax currently emits
typedwasm.ownershipfromsrc/ephapax-wasm/src/lib.rs:1277. Will the access-site carrier need to land downstream of any binaryen / wasm-opt pass in ephapax's pipeline, or does ephapax skip that step today? If skipped, this proposal's "emit AFTER all such passes" requirement is trivially satisfied; if not, ephapax needs a hook between optimisation and final emission.byte_offset stability. Encoding B records
byte_offsetof each typed access within the function body. Does ephapax's codegen produce stable offsets at the point of emission (no further rewrites after section build), or is there a rewrite stage that would invalidate offsets?Source-language scope. Per the proposal, typed accesses are defined as
i32.load offset=N/i32.store offset=Ninstructions emitted as part of a typed region access (not arbitrary memory ops). Does ephapax's codegen distinguish typed-region loads from arbitrary memory loads at emission time? If not, this is a producer-side work item.Encoding cost. Per the prototype measurement in typed-wasm#78's second comment, Encoding B is ~5 B/access (~43% overhead vs the bare
i32.load). Acceptable for ephapax-emitted modules?verify_region_bindinginteraction. The proposal's acceptance criterion 4 lands theverify_region_bindingpass (omitted from typed-wasm PR V2 grammar extern typecheck #77 pending this proposal). Does ephapax need any change to how it currently emitstypedwasm.ownershipto accommodate the verifier's L2 round-trip, or is the change wholly on the typed-wasm verifier side?Process
This is the paired-review pattern that worked for proposal 0001 (this repo's #165 + affinescript#402). Same shape:
[draft]→[accepted]and the codec + verifier work in typed-wasm proceeds.References