|
|
|
|
|
|
by pfooti
3320 days ago
|
|
|
Yeah, it's of moderate concern. I can see why it's not really a priority here, since they're probably targeting languages that already don't have GC to compile into WASM, like c++ as a canonical example. I have to imagine that GC is also a pretty huge section of performance / JIT compilation problems in the javascript runtime. So shipping a spec that doesn't support it is no worse than allowing statically compiled code to run on desktop computers. That said, I wonder how the WASM runtime is sandboxed. Not having a runtime-provided memory manager makes me worry not just about memory leaks, but also about explicit shenanigans in different memory zones. It's hard to believe that a WASM runtime doesn't protect against this sort of escaping though, so it's more of an academic wondering than a real concern. |
|
|
Pointers into memory are 32bit base + 32bit offset, non-wrapping, so 33-bit distances from a base pointer. Each memory access needs a check to that (relatively non-changing) pointer. Memory spaces can request expansion in multiples of 64KB, and can have configured maximum sizes. This leaves it all compatible with using the MMU to trap accesses beyond allowed memory. The example from the paper linked elsewhere is that on a 64 bit machine, you can allocate 8GB of virtual address space, which covers the entire possible addressable range of wasm instructions, and use permissions to trap out of boundness. The very notion of allocating that 8GB already encapsulates memory sandboxing, as long as the addressability limits of instructions can't be usurped (and it's formally been shown to be sound).