perlin-network
Example for resource control and further questions
Can you provide an example of how to invoke a process in your VM with instruction step limits? Can instruction steps and memory usage be limited separately? What is the granularity of resource control (for time: the number of milliseconds or with Instruction steps: per instruction, per block, per function call; for memory: bytes, kilobytes, pages, etc.)? Is it possible to refuel a process that ran out of gas? Can a process within your VM create and sandbox another one? (Either by a custom VM instruction or providing an external function that the process can call)
-
It is the gas limit - there's no example just yet but it's as simple as setting the
GasLimitfield in yourVMConfigstruct. -
Yes, they can.
-
For execution time you can control either the clock time (number of milliseconds etc.) or instruction count or both. For memory you can control it to a single byte but it's suggested to respect the WebAssembly page size of 64KB.
-
Yes, it is possible. Set
ReturnOnGasLimitExceededinVMConfigto true, check theGasLimitExceededflag inVMon each return and set theGasLimitfield inVMConfigto a higher value if you want to "refuel" the process. -
Yes. Basically you can do almost anything possible in Go through external function calls.
Thank you, very interesting, and very close in semantics to my own project, which I wanted to port to WebAssembly: https://github.com/void4/notes/issues/23 / https://www.youtube.com/watch?v=MBymOp6bTII
One last question for now: In your virtual machine, is it possible to retrieve full snapshots of suspended processes, serialize them, and then de-serialize and resume execution elsewhere (possibly on another machine)?
Yes, it's definitely possible. At any point when Execute() returns under a good condition (non-termination and non-error) like when a call to an external function happens, it's safe to snapshot the whole virtual machine and restore it anywhere else.
Are you familiar with Capability Security?
I made a presentation about it: https://twitter.com/dd4ta/status/1049793599804723201
I'd highly encourage you to have a look at KeyKOS, an operating system that combines both resource metering and capability security: http://cap-lore.com/CapTheory/upenn/OSRpaper.html
@void4 We are aware of capabilities-aware execution, and have basic capabilities provided under Life's API given how limited WebAssembly is as an instruction set.
To make execution deterministic for example, we have provided the necessary capabilities to disable floating point-related WebAssembly instructions.
Capability (transfer) security is a bit different than what is known as capabilities in Linux for example.
When designing a smart contract system (mainly interfaces and access permissions), especially with regard to secure composability in the case of contracts written by (partially) untrusted third parties, I highly recommend reading this paper: http://waterken.sourceforge.net/aclsdont/current.pdf
Object capabilities can prevent issues arising in identity based access controlled systems, such as the https://en.wikipedia.org/wiki/Confused_deputy_problem by eliminating ambient authority through combining remote object designation and access permissions in object called keys (or capabilities), which can be transferred and revoked.
The main difference here to pretty much all current languages (except E and a few others), is that called contracts can handle obtained permissions like variables and keep them apart. They cannot be tricked into misusing a permission given by a third party (previously or simultaneously) to execute a task that the calling party wouldn't have the permission to.
Somewhat related, you might like reading the Agoric Papers which were written in 1988.
@losfair
For execution time you can control either the clock time (number of milliseconds etc.) or instruction count or both
Is there an example of timed execution of a given export function ?
