pub trait ResourceLimiter {
    // Required methods
    fn memory_growing(
        &mut self,
        current: usize,
        desired: usize,
        maximum: Option<usize>
    ) -> Result<bool>;
    fn table_growing(
        &mut self,
        current: u32,
        desired: u32,
        maximum: Option<u32>
    ) -> Result<bool>;

    // Provided methods
    fn memory_grow_failed(&mut self, error: Error) -> Result<()> { ... }
    fn table_grow_failed(&mut self, error: Error) -> Result<()> { ... }
    fn instances(&self) -> usize { ... }
    fn tables(&self) -> usize { ... }
    fn memories(&self) -> usize { ... }
}
Available on crate feature runtime only.
Expand description

Used by hosts to limit resource consumption of instances.

This trait is used in conjunction with the Store::limiter to synchronously limit the allocation of resources within a store. As a store-level limit this means that all creation of instances, memories, and tables are limited within the store. Resources limited via this trait are primarily related to memory and limiting CPU resources needs to be done with something such as Config::consume_fuel or Config::epoch_interruption.

Note that this trait does not limit 100% of memory allocated via a Store. Wasmtime will still allocate memory to track data structures and additionally embedder-specific memory allocations are not tracked via this trait. This trait only limits resources allocated by a WebAssembly instance itself.

This trait is intended for synchronously limiting the resources of a module. If your use case requires blocking to answer whether a request is permitted or not and you’re otherwise working in an asynchronous context the ResourceLimiterAsync trait is also provided to avoid blocking an OS thread while a limit is determined.

Required Methods§

source

fn memory_growing( &mut self, current: usize, desired: usize, maximum: Option<usize> ) -> Result<bool>

Notifies the resource limiter that an instance’s linear memory has been requested to grow.

  • current is the current size of the linear memory in bytes.
  • desired is the desired size of the linear memory in bytes.
  • maximum is either the linear memory’s maximum or a maximum from an instance allocator, also in bytes. A value of None indicates that the linear memory is unbounded.

The current and desired amounts are guaranteed to always be multiples of the WebAssembly page size, 64KiB.

This function is not invoked when the requested size doesn’t fit in usize. Additionally this function is not invoked for shared memories at this time. Otherwise even when desired exceeds maximum this function will still be called.

§Return Value

If Ok(true) is returned from this function then the growth operation is allowed. This means that the wasm memory.grow instruction will return with the desired size, in wasm pages. Note that even if Ok(true) is returned, though, if desired exceeds maximum then the growth operation will still fail.

If Ok(false) is returned then this will cause the memory.grow instruction in a module to return -1 (failure), or in the case of an embedder API calling Memory::new or Memory::grow an error will be returned from those methods.

If Err(e) is returned then the memory.grow function will behave as if a trap has been raised. Note that this is not necessarily compliant with the WebAssembly specification but it can be a handy and useful tool to get a precise backtrace at “what requested so much memory to cause a growth failure?”.

source

fn table_growing( &mut self, current: u32, desired: u32, maximum: Option<u32> ) -> Result<bool>

Notifies the resource limiter that an instance’s table has been requested to grow.

  • current is the current number of elements in the table.
  • desired is the desired number of elements in the table.
  • maximum is either the table’s maximum or a maximum from an instance allocator. A value of None indicates that the table is unbounded.

Currently in Wasmtime each table element requires a pointer’s worth of space (e.g. mem::size_of::<usize>()).

See the details on the return values for memory_growing for what the return value of this function indicates.

Provided Methods§

source

fn memory_grow_failed(&mut self, error: Error) -> Result<()>

Notifies the resource limiter that growing a linear memory, permitted by the memory_growing method, has failed.

Note that this method is not called if memory_growing returns an error.

Reasons for failure include: the growth exceeds the maximum passed to memory_growing, or the operating system failed to allocate additional memory. In that case, error might be downcastable to a std::io::Error.

See the details on the return values for memory_growing for what the return value of this function indicates.

source

fn table_grow_failed(&mut self, error: Error) -> Result<()>

Notifies the resource limiter that growing a linear memory, permitted by the table_growing method, has failed.

Note that this method is not called if table_growing returns an error.

Reasons for failure include: the growth exceeds the maximum passed to table_growing. This could expand in the future.

See the details on the return values for memory_growing for what the return value of this function indicates.

source

fn instances(&self) -> usize

The maximum number of instances that can be created for a Store.

Module instantiation will fail if this limit is exceeded.

This value defaults to 10,000.

source

fn tables(&self) -> usize

The maximum number of tables that can be created for a Store.

Creation of tables will fail if this limit is exceeded.

This value defaults to 10,000.

source

fn memories(&self) -> usize

The maximum number of linear memories that can be created for a Store

Creation of memories will fail with an error if this limit is exceeded.

This value defaults to 10,000.

Implementors§