Stream: wasmtime

Topic: lucet killswitch docs


view this post on Zulip Pat Hickey (Apr 16 2020 at 16:20):

@Andy Wortman just wrote up these docs on lucet's killswitch mechanism: https://github.com/bytecodealliance/lucet/blob/master/docs/src/lucet-runtime/killswitch.md

Lucet, the Sandboxing WebAssembly Compiler. Contribute to bytecodealliance/lucet development by creating an account on GitHub.

view this post on Zulip Pat Hickey (Apr 16 2020 at 16:20):

(apropos discussion in the weekly meeting)

view this post on Zulip Till Schneidereit (Apr 16 2020 at 16:23):

cc @Alex Crichton

view this post on Zulip Alex Crichton (Apr 16 2020 at 20:52):

@Pat Hickey this is a pretty cool writeup, thanks for sharing! I think that the support implemented in https://github.com/bytecodealliance/wasmtime/pull/1490 is both sort of orthogonal and related to what y'all are doing.

This commit is a relatively large change for wasmtime with two main goals: Primarily this enables interrupting executing wasm code with a trap, preventing infinite loops in wasm code. Note that r...

view this post on Zulip Alex Crichton (Apr 16 2020 at 20:53):

the main thing I see is that SIGALRM isn't needed with a technique like https://github.com/bytecodealliance/wasmtime/pull/1490 (where the wasm code is instrumented), but otherwise it looks like y'all are handling a lot of the complexity with returning from host calls and interrupting that

This commit is a relatively large change for wasmtime with two main goals: Primarily this enables interrupting executing wasm code with a trap, preventing infinite loops in wasm code. Note that r...

view this post on Zulip Alex Crichton (Apr 16 2020 at 20:53):

that's something that the PR doesn't try to handle at all and leaves up to the embedder, but what y'all are doing makes sense to me

view this post on Zulip Pat Hickey (Apr 16 2020 at 20:57):

indeed. we have to handle stack overflows in the signal handler as well.

view this post on Zulip iximeow (Apr 18 2020 at 01:27):

one edge lucet doesn't handle at the moment, which i know we (Alex/i) talked about in a wasmtime issue at some point, is recursive calls into a wasm guest. i'm pretty confident that our approach can be extended to handle that in a straightforward manner, we just haven't had that specific use case as a priority quite yet. i'd be super curious if benchmarks show much difference, whenever in the future that's a straightforward comparison :D


Last updated: Dec 23 2024 at 13:07 UTC