pub trait ResourceLimiter {
// Required methods
fn memory_growing(
&mut self,
current: usize,
desired: usize,
maximum: Option<usize>,
) -> Result<bool>;
fn table_growing(
&mut self,
current: usize,
desired: usize,
maximum: Option<usize>,
) -> Result<bool>;
// Provided methods
fn memory_grow_failed(&mut self, error: Error) -> Result<()> { ... }
fn table_grow_failed(&mut self, error: Error) -> Result<()> { ... }
fn instances(&self) -> usize { ... }
fn tables(&self) -> usize { ... }
fn memories(&self) -> usize { ... }
}
Expand description
Used by hosts to limit resource consumption of instances.
This trait is used in conjunction with the
Store::limiter
to synchronously limit the
allocation of resources within a store. As a store-level limit this means
that all creation of instances, memories, and tables are limited within the
store. Resources limited via this trait are primarily related to memory and
limiting CPU resources needs to be done with something such as
Config::consume_fuel
or
Config::epoch_interruption
.
Note that this trait does not limit 100% of memory allocated via a
Store
. Wasmtime will still allocate memory to track data
structures and additionally embedder-specific memory allocations are not
tracked via this trait. This trait only limits resources allocated by a
WebAssembly instance itself.
This trait is intended for synchronously limiting the resources of a module.
If your use case requires blocking to answer whether a request is permitted
or not and you’re otherwise working in an asynchronous context the
ResourceLimiterAsync
trait is also provided to avoid blocking an OS
thread while a limit is determined.
Required Methods§
sourcefn memory_growing(
&mut self,
current: usize,
desired: usize,
maximum: Option<usize>,
) -> Result<bool>
fn memory_growing( &mut self, current: usize, desired: usize, maximum: Option<usize>, ) -> Result<bool>
Notifies the resource limiter that an instance’s linear memory has been requested to grow.
current
is the current size of the linear memory in bytes.desired
is the desired size of the linear memory in bytes.maximum
is either the linear memory’s maximum or a maximum from an instance allocator, also in bytes. A value ofNone
indicates that the linear memory is unbounded.
The current
and desired
amounts are guaranteed to always be
multiples of the WebAssembly page size, 64KiB.
This function is not invoked when the requested size doesn’t fit in
usize
. Additionally this function is not invoked for shared memories
at this time. Otherwise even when desired
exceeds maximum
this
function will still be called.
§Return Value
If Ok(true)
is returned from this function then the growth operation
is allowed. This means that the wasm memory.grow
instruction will
return with the desired
size, in wasm pages. Note that even if
Ok(true)
is returned, though, if desired
exceeds maximum
then the
growth operation will still fail.
If Ok(false)
is returned then this will cause the memory.grow
instruction in a module to return -1 (failure), or in the case of an
embedder API calling Memory::new
or
Memory::grow
an error will be returned from
those methods.
If Err(e)
is returned then the memory.grow
function will behave
as if a trap has been raised. Note that this is not necessarily
compliant with the WebAssembly specification but it can be a handy and
useful tool to get a precise backtrace at “what requested so much memory
to cause a growth failure?”.
sourcefn table_growing(
&mut self,
current: usize,
desired: usize,
maximum: Option<usize>,
) -> Result<bool>
fn table_growing( &mut self, current: usize, desired: usize, maximum: Option<usize>, ) -> Result<bool>
Notifies the resource limiter that an instance’s table has been requested to grow.
current
is the current number of elements in the table.desired
is the desired number of elements in the table.maximum
is either the table’s maximum or a maximum from an instance allocator. A value ofNone
indicates that the table is unbounded.
Currently in Wasmtime each table element requires a pointer’s worth of
space (e.g. mem::size_of::<usize>()
).
See the details on the return values for memory_growing
for what the
return value of this function indicates.
Provided Methods§
sourcefn memory_grow_failed(&mut self, error: Error) -> Result<()>
fn memory_grow_failed(&mut self, error: Error) -> Result<()>
Notifies the resource limiter that growing a linear memory, permitted by
the memory_growing
method, has failed.
Note that this method is not called if memory_growing
returns an
error.
Reasons for failure include: the growth exceeds the maximum
passed to
memory_growing
, or the operating system failed to allocate additional
memory. In that case, error
might be downcastable to a std::io::Error
.
See the details on the return values for memory_growing
for what the
return value of this function indicates.
sourcefn table_grow_failed(&mut self, error: Error) -> Result<()>
fn table_grow_failed(&mut self, error: Error) -> Result<()>
Notifies the resource limiter that growing a linear memory, permitted by
the table_growing
method, has failed.
Note that this method is not called if table_growing
returns an error.
Reasons for failure include: the growth exceeds the maximum
passed to
table_growing
. This could expand in the future.
See the details on the return values for memory_growing
for what the
return value of this function indicates.
sourcefn instances(&self) -> usize
fn instances(&self) -> usize
The maximum number of instances that can be created for a Store
.
Module instantiation will fail if this limit is exceeded.
This value defaults to 10,000.