wasmtime and wasmer are basically state-of-the-art. Our compilation backend is a...

kouteiheika · on July 1, 2023

I don't suppose you have any concrete benchmark numbers, e.g. coremark? (:

Also, how do you sandbox the guest program? Just bounds checks on memory accesses? Do you use the same trick as wasmtime does where they map a ton of inaccessible address space and depend on a SIGSEGV to catch violations? What about potential stack overflows - how do you protect against those?

ncruces · on July 1, 2023

This is coremark for wazero: https://github.com/ncruces/wazero-coremark

Also, there's been some progress since this was published, but results are still mostly valid: https://00f.net/2023/01/04/webassembly-benchmark-2023/

An optimizing compiler is being worked on; the current single pass compiler compiles fast, but generated code quality is hard to improve.

ncruces · on July 2, 2023

As for bounds checks (and other traps) they're all checked at runtime, no reliance on OS protections.

This has a runtime cost, the reduction of which was a focus of the last release: https://github.com/tetratelabs/wazero/releases/tag/v1.2.1

The optimizing compiler should also help here (with bounds checks elimination, and elision of some other checks, like divide-by-zero).

evacchi · on July 1, 2023

so as for the first question, I'll refer to Adrian's reply on an older thread https://news.ycombinator.com/item?id=31415317

as for the second, that's an excellent question but I'll have to be honest and tell you that I am the n00b of the team and I don't know the answer :D

I can refer you to these possibly related docs

- https://github.com/tetratelabs/wazero/blob/main/RATIONALE.md...

- https://wazero.io/docs/how_do_compiler_functions_work/ (e.g. traps are handled on the Go side)

...and then my awesome team mates might get back to you with a proper answer later when they wake up :^)