Comments (14)
How would you get rid of this once reference types will be available?
from wasi.
@dumblob i think you could just have a tool that removes the custom header and transforms the annotated i32s to reference types.
from wasi.
@wanderer I mean in production - you'll have some "binary app" compiled using the annotated i32
s and suddenly the WASI runtime will have just (?) reference types (because if there won't be any "hard" switch to reference types, then annotations become the "living standard" and reference types won't find their use in this case effectively forcing all implementers implement and forever maintain both - annotated fd
s along with reference types). Unless annotated fd
s will be "binary" compatible with reference types in which case I'm fine with annotations.
This is the biggest pain of web development - everything changes all the time 😢.
from wasi.
@dumblob doesn't that question also apply to the current situation too? Once we have actually references the API will totally change and I assume older binaries will use the older version of the API (once we figure out versioning as well). Annotations are just trying to enforces the unforgeablality of references between modules with what we have now.
from wasi.
forcing all implementers implement and forever maintain both
yeah this is particularly annoying. But forward looking implementations could just go ahead and implement references and translate the annotation to actually references internally. The problem with this approach would be that those implementation would still have to support operations that actually references wouldn't support. I don't have any other ideas here 😶
from wasi.
Once we have actually references the API will totally change and I assume older binaries will use the older version of the API (once we figure out versioning as well).
@wanderer I admit I didn't think of this at all as I assume this won't happen after a "1.0" WASI standard will be published. But I must be missing something and so I'll rather keep waiting until some clarification from the versioning and reference types discussions emerges 😉.
from wasi.
It's unclear what this mechanism would guard against. If someone forges a file descriptor i32
value, either:
- it's not valid, and calls to WASI functions with it return
__WASI_EBADF
and do nothing - it's valid, and can be used to access some resource, however it would also pass integrity checks
from wasi.
@sunfishcode so maybe the assumption i made here that isn't entirely clear is that the two instantiates are separate stores and instead of inheriting fd
s they would have to passed as arguments. Each store would have to have an associated capabilities-list which could be replaced by a table later. The c-list would just be a table of opened fd
that the given instance has access to.
If instance a
called my_method(i32)
on instance b
which was annotated as fd
the runtime would use an i32 to as an index into a
c-list and then place the fd onto b
s c-list then call b.my_method
with b
index.
If we don't have a mechanism like this then how would to separate store be able to share fd
s?
from wasi.
Could you spell out the scenario in more detail? How does a
obtain the fd
? Who decides whether the capability should be transferred from a
's c-list to b
's c-list?
Also, another option here is to just accept that forging is possible with integer file descriptors, and wait for reference types to fix this properly.
from wasi.
Let me see if I understand what you are asking for here @wanderer?
In your scenario there are two separate wasi modules (is this what you mean by store?) that can directly call functions on each other? Right now as of today if you pass and fd
(say fd=55) from one to the other it won't be usable on the other side since the loader/kernel didn't assign fd 55 to the other wasi module. Worse still, it might have an fd 55 assigned but it wouldn't represent the same thing.
In the future this will work if we have first class reference types.
In the interim you are suggesting we could build some kind of annotation that would automatically generate the code needed to pass the fd (via some kind of wasi fd passing syscall) before making the call to my_method()
?
from wasi.
How does
a
obtain the fd?
It could just be preopened. All the preopend fd's would be added to c-list or table once we have ref types.
Who decides whether the capability should be transferred from a's c-list to b's c-list?
thats the job of the runtime. When a fd
is used in a call to another instance then it is transferred.
It would look like this now with annotations.
(module $a
(import "b" "my_method" (func $my_method (param i32))) ;; annotated as a `fd`
(func $main
i32.const 0 ;; a preopened fd
call $my_method ;; the fd is now in b's c-list
))
on b's side
(module $b
(func (export "my_method") (param i32)
local.get 0 ;; this is the index of the fd on b's clist
...
;; do stuff with the fd
))
Here is the equivalents with ref-types
(module $a
(import "b" "my_method" (func $my_method (param i32)))
(table (export "clist") $clist 1 anyref) ;; the runtime populates this with preopens
(func $main
i32.const 0
table.get $clist
call $my_method
))
(module $b
(table $clist 1 anyref)
(func (export "my_method") (param anyref)
(table.set $t (i32.const 0) (local.get 0))
(i32.const 0)
...
;; do stuff with the fd
))
Also, another option here is to just accept that forging is possible with integer file descriptors, and wait for reference types to fix this properly.
yeah annotations are a bit pain but in some usecases, like smart contracts, i think that unforgeability is necessary from the get go or any situation when multiple untrusted stores are interacting.
from wasi.
In your scenario there are two separate wasi modules (is this what you mean by store?)
yes this is what i was thinking. but i guess this scenario would be fine for multiple wasm instances that are linked together in a single wasi module / store too.
In your scenario there are two separate wasi modules (is this what you mean by store?) that can directly call functions on each other?
yep! this at least allows us to have the room to do that. Currently i think it would be hard to implement a system used WASI and that needed to have multiple untrusted programs interacting and sharing capabilities/fd.
from wasi.
The design principles document describes an approach where we can think of c-lists as WebAssembly tables. With that in mind, the way to have two instances that are linked without sharing is to give them each their own table, aka c-list, and to have tooling and interface-types support for conceptually passing handles from one instance to another, which handle actually copying handles from one table to another.
This avoids the need for special types or special annotations -- instances can access any of the capabilities within their c-lists, but they need not see all c-lists present within a store.
from wasi.
WASI is now moving to a model where handles are a first-class type in wit, and instance-local indices are used to refer to them. They're instance-local, so when a handle is passed from one instance to another, the indices are translated. For further questions about the underlying mechanism, please follow up in the component model.
from wasi.
Related Issues (20)
- wasi_snapshot_preview2 - lack of sched_yield interface HOT 5
- Best Practices for Versioning WIT Packages in WASI Proposals HOT 1
- Proposal: WASI Windowing HOT 6
- (Pre)Proposal: wasi-math HOT 2
- versioning like "WASI 0.2.0" is confusing HOT 2
- Inconsistency with wasi:[email protected] snapshots HOT 1
- Request: wasi-icu HOT 6
- WASM/WASI support for actix-web
- __wasm_call_dtors for reactors HOT 1
- Request: Support sharing mutable memory between host and guest HOT 14
- Long-term support for WASIp1 in the toolchain HOT 12
- Pull-based I/O may interfere with fully compositional concurrency HOT 11
- How to use sock in WASI? HOT 1
- Any chance to see WASI allowing UDP socket like to be created? HOT 2
- Where is "Wasmtime's WASI Preview 2 test suite"? HOT 2
- Using OCI for WIT specs HOT 7
- Metadata for WASI OCI artifacts HOT 2
- wasi calls from wasm start function HOT 5
- WebAssembly: A promising technology that is quietly being sabotaged HOT 3
- Wassembly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wasi.