Jonas Kruckenberg (Mar 10 2025 at 09:50): Jonas Kruckenberg (Mar 10 2025 at 09:50):has the topic of mutually distrustful wasm modules ever been discussed? as i see it right now wasm assumes all modules that are linked together are mutually trusting (only talking about function calls right now)
even with the component modules shared nothing design function calls are assuming a well behaving callee
Jonas Kruckenberg (Mar 10 2025 at 09:52):in particular id love to see catching traps at function calls and the ability to call functions with timeouts. though the latter probably doesn’t fit neatly into the current spec
Jonas Kruckenberg (Mar 10 2025 at 09:55):the former could be modeled by having a function/instruction that calls the calle turning traps into exceptions
Jonas Kruckenberg (Mar 10 2025 at 09:55):but id be curious if this has been discussed before
Jonas Kruckenberg (Mar 10 2025 at 10:11):i guess untrusted calls would also limit inlining and other optimizations :thinking:
bjorn3 (Mar 10 2025 at 11:25):Jonas Kruckenberg said:
in particular id love to see catching traps at function calls and the ability to call functions with timeouts. though the latter probably doesn’t fit neatly into the current spec
https://github.com/WebAssembly/component-model/blob/main/design/high-level/Goals.md
Don't attempt to solve problems that are better solved by some combination of the toolchain, the platform or higher layer specifications, including:
[...]
* distributed computing and partial failure.
bjorn3 (Mar 10 2025 at 11:26):I think the component model is supposed to ensure confidentiality and integrity betwene mutually untrusting components, but not to ensure availability.
Jonas Kruckenberg (Mar 10 2025 at 11:38):hmm yeah okay i can see that :thinking: makes sense for the component model
Joel Dice (Mar 10 2025 at 20:19):I believe the intention is to add both runtime component instantiation and partial failure support (i.e. the ability to limit the scope of a trap to a defined "blast radius") to the component model. I don't believe anything's been formally specified yet, but I know it's on the informal roadmap.
Jonas Kruckenberg (Mar 10 2025 at 21:11):Joel Dice said:
I believe the intention is to add both runtime component instantiation and partial failure support (i.e. the ability to limit the scope of a trap to a defined "blast radius") to the component model. I don't believe anything's been formally specified yet, but I know it's on the informal roadmap.
cool yeah that’s exactly what i meant but put into better words :joy:
Jonas Kruckenberg (Mar 10 2025 at 21:11):do you know by chance who to talk to?
Joel Dice (Mar 10 2025 at 21:24):@Luke Wagner (who is not currently subscribed to this channel, so he won't get that notification) is the one to talk to.
Joel Dice (Mar 10 2025 at 21:25):You could also open an issue (or search for an existing one) on https://github.com/WebAssembly/component-model, which he should see.
primoly (Mar 13 2025 at 16:48):By the way, it’s already listed as a potential future feature here: Blast zones and shorty mentioned at the end of this section: Structured concurrency.
Jonas Kruckenberg (Apr 04 2025 at 16:01):small update in case anyone is interested: i talked to luke at wasmio and he suggested (quite sensibly) that blast zones would require resourcified components
Jonas Kruckenberg (Apr 04 2025 at 16:02):which would allow blast zones to essentially have the same api as joinhandles from rust stdlib or tokio
Last updated: Apr 07 2025 at 02:31 UTC