Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add resource limiting to the Wasmtime API. #2736

Merged
merged 4 commits into from
Apr 19, 2021
Merged

Add resource limiting to the Wasmtime API. #2736

merged 4 commits into from
Apr 19, 2021

Commits on Apr 16, 2021

  1. Add resource limiting to the Wasmtime API. 

    This commit adds a `ResourceLimiter` trait to the Wasmtime API.

When used in conjunction with `Store::new_with_limiter`, this can be used to
monitor and prevent WebAssembly code from growing linear memories and tables.

This is particularly useful when hosts need to take into account host resource
usage to determine if WebAssembly code can consume more resources.

A simple `StaticResourceLimiter` is also included with these changes that will
simply limit the size of linear memories or tables for all instances created in
the store based on static values.
    @peterhuene
    peterhuene committed Apr 16, 2021
    Configuration menu
    Copy the full SHA
    b9205b0 View commit details
    Browse the repository at this point in the history

  2. Code review feedback. 

    * Implemented `StoreLimits` and `StoreLimitsBuilder`.
* Moved `max_instances`, `max_memories`, `max_tables` out of `Config` and into
  `StoreLimits`.
* Moved storage of the limiter in the runtime into `Memory` and `Table`.
* Made `InstanceAllocationRequest` use a reference to the limiter.
* Updated docs.
* Made `ResourceLimiterProxy` generic to remove a level of indirection.
* Fixed the limiter not being used for `wasmtime::Memory` and
  `wasmtime::Table`.
    @peterhuene
    peterhuene committed Apr 16, 2021
    Configuration menu
    Copy the full SHA
    fd6d264 View commit details
    Browse the repository at this point in the history

  3. Code review feedback and bug fix. 

    * `Memory::new` now returns `Result<Self>` so that an error can be returned if
  the initial requested memory exceeds any limits placed on the store.

* Changed an `Arc` to `Rc` as the `Arc` wasn't necessary.

* Removed `Store` from the `ResourceLimiter` callbacks. Custom resource limiter
  implementations are free to capture any context they want, so no need to
  unnecessarily store a weak reference to `Store` from the proxy type.

* Fixed a bug in the pooling instance allocator where an instance would be
  leaked from the pool. Previously, this would only have happened if the OS was
  unable to make the necessary linear memory available for the instance. With
  these changes, however, the instance might not be created due to limits
  placed on the store. We now properly deallocate the instance on error.

* Added more tests, including one that covers the fix mentioned above.
    @peterhuene
    peterhuene committed Apr 16, 2021
    Configuration menu
    Copy the full SHA
    a82f722 View commit details
    Browse the repository at this point in the history

  4. Code review feedback. 

    * Add another memory to `test_pooling_allocator_initial_limits_exceeded` to
  ensure a partially created instance is successfully deallocated.
* Update some doc comments for better documentation of `Store` and
  `ResourceLimiter`.
    @peterhuene
    peterhuene committed Apr 16, 2021
    Configuration menu
    Copy the full SHA
    17ec96e View commit details
    Browse the repository at this point in the history