webassemblyfaultisolation

how webassembly provides software fault isolation


everywhere you listen about isolation that webassembly provides. they told webassembly provides software fault isolation with fine-grain. but how does it provide isolation? with linear memory? how linear memory is isolated? i can't find resources on how webassembly provides SFI (software fault isolation).


Solution

  • At the specification level, "linear memory" is the only space that WebAssembly programs can access with its load and store instructions. Ensuring that this is true is the job of the WebAssembly VM, which is free to do it in any way so long as it meets the specification. In the VM I work on, Wasmer, the pointers into linear memory are 32-bit offsets from a base pointer and by default we allocate 6GiB of virtual addresses so that all possible pointer accesses fall inside the linear memory (from -2GiB to +4GiB, hence 6GiB). Some of these addresses are mapped inaccessible so that accesses to them cause a trap as required by the Wasm spec. There's no need to implement linear memory this way, you could write a WebAssembly VM that uses a hashtable for linear memory accesses (key=address, value=byte) and as long as it's implemented correctly no program should be able to tell.

    On the broader topic of SFI, I answered a variation of this question elsewhere on StackOverflow. Why is WebAssembly safe and what is linear memory model .