-
Notifications
You must be signed in to change notification settings - Fork 165
Move AsyncContext to field on Instance rather than field on State #644
base: main
Are you sure you want to change the base?
Conversation
Side note: it's kind of ironic that the |
fb2d055
to
65e2e01
Compare
Rebased onto main. Squashed all the changes together to make it easier to cherry-pick onto #643. |
收到,谢谢!
----- 原始邮件 -----
发件人:Ben Aubin <notifications@github.com>
收件人:bytecodealliance/lucet <lucet@noreply.github.com>
抄送人:Subscribed <subscribed@noreply.github.com>
主题:Re: [bytecodealliance/lucet] Move AsyncContext to field on Instance rather than field on State (#644)
日期:2021年02月27日 10点55分
Rebased onto main, squashed the changes together, so I could cherry-pick onto #643.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
As a quick update - the Lucet folks at Fastly have discussed this and we are keen on removing the asynchronous (signal-based) timeouts feature in favor of synchronous fuel-based timeouts. Our first reason is that making that change will make this code sound: all rust code that is safe ought to be sound, and the way in which this was unsound was surprising to us, the "experts", so how could anyone be confident? The second reason to get rid of asynchronous timeouts is that Wasmtime doesn't have them, and we don't think we want to add them there. Fastly and other Lucet users will need a migration path to Wasmtime and, if that feature can't ever migrate, we should get rid of it. |
@pchickey I agree with that rationale. Should there be a new issue to discuss replacing async signals? This PR sidesteps the signal safety issue entirely by moving the Arc to the instance, rather than As a stopgap, forcing |
On removing signals: I don't love gas/instruction counting as the sole criteria for stopping instances, because malicious guests can consume a much larger (orders of magnitude more) amount of CPU time (such as by forcing a large number of cache misses), versus benevolent guests. Would it be sound to call a user-defined function for Note: no matter what, signals will need to be handled by the instance. Especially |
Also, in case it helps review, here's the code diff versus the commit on main immediately prior to the revert of #626: 2a02670...benaubin:custom-run-async-future |
Addresses #643. @pchickey
Here's the code diff versus main, prior to the revert of #626: 2a02670...benaubin:custom-run-async-future