Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't suppose you have any concrete benchmark numbers, e.g. coremark? (:

Also, how do you sandbox the guest program? Just bounds checks on memory accesses? Do you use the same trick as wasmtime does where they map a ton of inaccessible address space and depend on a SIGSEGV to catch violations? What about potential stack overflows - how do you protect against those?



This is coremark for wazero: https://github.com/ncruces/wazero-coremark

Also, there's been some progress since this was published, but results are still mostly valid: https://00f.net/2023/01/04/webassembly-benchmark-2023/

An optimizing compiler is being worked on; the current single pass compiler compiles fast, but generated code quality is hard to improve.


As for bounds checks (and other traps) they're all checked at runtime, no reliance on OS protections.

This has a runtime cost, the reduction of which was a focus of the last release: https://github.com/tetratelabs/wazero/releases/tag/v1.2.1

The optimizing compiler should also help here (with bounds checks elimination, and elision of some other checks, like divide-by-zero).


so as for the first question, I'll refer to Adrian's reply on an older thread https://news.ycombinator.com/item?id=31415317

as for the second, that's an excellent question but I'll have to be honest and tell you that I am the n00b of the team and I don't know the answer :D

I can refer you to these possibly related docs

- https://github.com/tetratelabs/wazero/blob/main/RATIONALE.md...

- https://wazero.io/docs/how_do_compiler_functions_work/ (e.g. traps are handled on the Go side)

...and then my awesome team mates might get back to you with a proper answer later when they wake up :^)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: