wabt
wabt copied to clipboard
WebAssembly
Limits
wabt currently applies no limits anywhere ever.
we would like to introduce a limits.json file that can be passed in the CLI. (we think a json would be a better fit than putting it all in the CLI.) like --limits limits.json.
the hard part is enforcing the limits tbh... but anyway.
Hmm, I'm not sure I totally follow. The BinaryReaderIR does impose limits like kMaxNestingDepth, kMaxFunctionLocals, kMaxFunctionParams, and kMaxFunctionResults, which match the values in V8 (https://chromium.googlesource.com/v8/v8/+/refs/heads/main/src/wasm/wasm-limits.h) and hopefully the other big engines.
You're saying WABT should limit other kinds of things? And/or the values should be configurable at runtime? I think prevailing practice so far has just been to sort of handshake agree on reasonable values for the various "implementation limitations" (https://webassembly.github.io/spec/core/appendix/implementation.html) across major implementations.
right, so
https://github.com/WebAssembly/wabt/blob/ea193b40d6d4a1a697d68ae855b2b3b3e263b377/src/binary-reader-ir.cc#L94-L97
... we would never have found these if you hadn't mentioned them. (... why aren't they in a header??? or, alternatively, configurable by the user.)
it is worth noting that these only apply to the IR reader, they do not apply to text format or - more importantly - to interpreter.
Making them configurable seems like maybe unnecessary. Putting them in a header seems pretty reasonable. Maybe just in the existing header for the binary file stuff.
we feel like making them configurable might be useful given the whole wabt is primarily a developer tool (tho having defaults probably wouldn't hurt), but we mean... maybe. we also need to get these to apply to the interpreter and the text format and whatnot tho.
Hopefully only the parsers / validators need to enforce these limits. The interpreter can assume all its inputs have been validated. There may be some exceptions but I can't think of any