pub trait ResourceLimiter {
    // Required methods
    fn memory_growing(
        &mut self,
        current: usize,
        desired: usize,
        maximum: Option<usize>
    ) -> bool;
    fn table_growing(
        &mut self,
        current: u32,
        desired: u32,
        maximum: Option<u32>
    ) -> bool;

    // Provided methods
    fn memory_grow_failed(&mut self, _error: &Error) { ... }
    fn table_grow_failed(&mut self, _error: &Error) { ... }
    fn instances(&self) -> usize { ... }
    fn tables(&self) -> usize { ... }
    fn memories(&self) -> usize { ... }
}
Expand description

Used by hosts to limit resource consumption of instances.

This trait is used in conjunction with the Store::limiter to synchronously limit the allocation of resources within a store. As a store-level limit this means that all creation of instances, memories, and tables are limited within the store. Resources limited via this trait are primarily related to memory and limiting CPU resources needs to be done with something such as Config::consume_fuel or Config::epoch_interruption.

Note that this trait does not limit 100% of memory allocated via a Store. Wasmtime will still allocate memory to track data structures and additionally embedder-specific memory allocations are not tracked via this trait. This trait only limits resources allocated by a WebAssembly instance itself.

This trait is intended for synchronously limiting the resources of a module. If your use case requires blocking to answer whether a request is permitted or not and you’re otherwise working in an asynchronous context the ResourceLimiterAsync trait is also provided to avoid blocking an OS thread while a limit is determined.

Required Methods§

source

fn memory_growing( &mut self, current: usize, desired: usize, maximum: Option<usize> ) -> bool

Notifies the resource limiter that an instance’s linear memory has been requested to grow.

  • current is the current size of the linear memory in bytes.
  • desired is the desired size of the linear memory in bytes.
  • maximum is either the linear memory’s maximum or a maximum from an instance allocator, also in bytes. A value of None indicates that the linear memory is unbounded.

The current and desired amounts are guaranteed to always be multiples of the WebAssembly page size, 64KiB.

This function should return true to indicate that the growing operation is permitted or false if not permitted. Returning true when a maximum has been exceeded will have no effect as the linear memory will not grow.

This function is not guaranteed to be invoked for all requests to memory.grow. Requests where the allocation requested size doesn’t fit in usize or exceeds the memory’s listed maximum size may not invoke this method.

Returning false from this method will cause the memory.grow instruction in a module to return -1 (failure), or in the case of an embedder API calling Memory::new or Memory::grow an error will be returned from those methods.

source

fn table_growing( &mut self, current: u32, desired: u32, maximum: Option<u32> ) -> bool

Notifies the resource limiter that an instance’s table has been requested to grow.

  • current is the current number of elements in the table.
  • desired is the desired number of elements in the table.
  • maximum is either the table’s maximum or a maximum from an instance allocator. A value of None indicates that the table is unbounded.

This function should return true to indicate that the growing operation is permitted or false if not permitted. Returning true when a maximum has been exceeded will have no effect as the table will not grow.

Currently in Wasmtime each table element requires a pointer’s worth of space (e.g. mem::size_of::<usize>()).

Like memory_growing returning false from this function will cause table.grow to return -1 or embedder APIs will return an error.

Provided Methods§

source

fn memory_grow_failed(&mut self, _error: &Error)

Notifies the resource limiter that growing a linear memory, permitted by the memory_growing method, has failed.

Reasons for failure include: the growth exceeds the maximum passed to memory_growing, or the operating system failed to allocate additional memory. In that case, error might be downcastable to a std::io::Error.

source

fn table_grow_failed(&mut self, _error: &Error)

Notifies the resource limiter that growing a linear memory, permitted by the table_growing method, has failed.

Reasons for failure include: the growth exceeds the maximum passed to table_growing. This could expand in the future.

source

fn instances(&self) -> usize

The maximum number of instances that can be created for a Store.

Module instantiation will fail if this limit is exceeded.

This value defaults to 10,000.

source

fn tables(&self) -> usize

The maximum number of tables that can be created for a Store.

Creation of tables will fail if this limit is exceeded.

This value defaults to 10,000.

source

fn memories(&self) -> usize

The maximum number of linear memories that can be created for a Store

Creation of memories will fail with an error if this limit is exceeded.

This value defaults to 10,000.

Implementors§