-
Notifications
You must be signed in to change notification settings - Fork 699
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
w2c_env
and w2c_wasi
: what are they?
#2289
Comments
Yes, exactly. Here's an in-process implementation that you might find helpful to draw from: #2002
It looks like emscripten's current implementation of the
These are opaque instance pointers whose contents are up to the implementer of the WASI API (and in this case, also the "env" API that provides Here's an example where the host defines the |
Thanks a lot for the reply @keithw. Your answers clarify most aspects of my questions.
Indeed, compiling with Am I understanding the following process correctly:
Out of interest, does web assembly differentiate (nominally or otherwise) between 'object' code and 'executable' modules?
Thanks for the pointer. Does this imply that previous/current sandboxing, which has utilised wasm2c (e.g., on Firefox), relies on the sandboxed code not needing to interact with the system (i.e., being computation only, rather than making system calls)? |
✅ (I think most compilers are using the LLVM wasm backend to generate the Wasm...)
✅
✅
Here I would distinguish between the WebAssembly "runtime" (which for wasm2c is extremely minimal: https://github.com/WebAssembly/wabt/blob/main/wasm2c/README.md#symbols-that-must-be-defined-by-the-embedder) vs. the "host," who provides the imported host functions. In wasm2c, the Wasm module is transformed into generated C code that expects to link with
Yeah, I'd say it's a WIP implementation of the WASI API as host functions that will work with Wasm modules run through wasm2c. You could also imagine implementating the WASI API as another Wasm module and run that through wasm2c (but ultimately there needs to be some host API that gets called if you want to interact with the real world).
Yes, "objects" carry custom sections for linking/relocations that are used by the LLVM linker. (The linker doesn't have to parse the code section -- it just applies relocations.)
I'm not 100% sure -- #2002 is from the same team that's been responsible for the wasm2c work in Firefox, so my understanding is that they are starting to need support for some WASI calls. But I think you're basically right; a lot of libraries do not need to make (many) system calls, so you can get pretty far with sandboxing without needing much support on that end. (Even many libc functions don't ultimately end up making a syscall, including malloc and free.) They have a lot of information here: https://rlbox.dev/ |
Closing as answered, but happy to keep helping if we can. |
Thanks again for your reply, @keithw, and apologies for my slow responses; it takes me some time to do additional reading/process your answers, with the hope that I don't then ask silly questions! I am currently working on performance benchmarking various compartmentalisation/sandboxing mechanisms, hence trying to understand the various stages in the pipeline from source code to sandboxed executable. At each stage, there are quite a few options, which causes a small combinatoric explosion. It may be that all configurations perform relatively similarly, but I suppose various runtimes (and possibly even different host implementations of APIs, such as WASI) will have different performance characteristics. This leads to my next question: what is the difference between |
I think the biggest difference is the intention behind each tool.
So I think if you're looking for a tool that creates "sandboxed executables," I don't think w2c2 is trying to do that unless you consider the OS's process isolation to be enough sandboxing. (But to be fair, we should probably ask the w2c2 folks -- I don't want to speak for them!) Beyond that, I think the remaining differences are more minor. I think w2c2 used to be a lot faster than wasm2c on transpiling large modules, but wasm2c made a big speed improvement in #2171 and I would be surprised if there were still big differences. (Although we'd love to know if there are!) It looks like both wasm2c and w2c2 have "parallel output" modes that can output, e.g., 256 .c files that can all be compiled in parallel; this makes it practical to transpile things like clang or other gigantic modules and then compile the result to machine code. It looks like wasm2c supports a broader list of Wasm features (multi-value, multi-memory, memory64, reference types, exception-handling, SIMD, extended-const, tail calls coming in #2272); on the other hand, w2c2 has built-in support for much of WASI preview1 and uses libdwarf to include debugging information in the C output (traced back to the debugging information in the Wasm input), which is a great feature. Footnotes
|
I have the following C file, which I have compiled into a
.wasm
module, and then translated to C usingwasm2c
:When linking, I get the following errors:
It's my understanding that the
w2c_wasi__snapshot__preview1_fd_write
error is because I need to provide an implementation of the WASI API. What does the__snapshot__preview1
aspect mean in the function call name?And what about
w2c_env_0x5F_syscall_unlinkat
? Why is this not translated into thepath_unlink_file
WASI call?Furthermore, the signature for the instantiate function is as follows:
What is
struct w2c_env
andstruct w2c_wasi__snapshot__preview1
? How are these initialised? Are they documented anywhere?The text was updated successfully, but these errors were encountered: