pub trait ResourceLimiter {
// Required methods
fn memory_growing(
&mut self,
current: usize,
desired: usize,
maximum: Option<usize>,
) -> bool;
fn table_growing(
&mut self,
current: u32,
desired: u32,
maximum: Option<u32>,
) -> bool;
// Provided methods
fn memory_grow_failed(&mut self, _error: &Error) { ... }
fn table_grow_failed(&mut self, _error: &Error) { ... }
fn instances(&self) -> usize { ... }
fn tables(&self) -> usize { ... }
fn memories(&self) -> usize { ... }
}
Expand description
Used by hosts to limit resource consumption of instances.
This trait is used in conjunction with the
Store::limiter
to synchronously limit the
allocation of resources within a store. As a store-level limit this means
that all creation of instances, memories, and tables are limited within the
store. Resources limited via this trait are primarily related to memory and
limiting CPU resources needs to be done with something such as
Config::consume_fuel
or
Config::epoch_interruption
.
Note that this trait does not limit 100% of memory allocated via a
Store
. Wasmtime will still allocate memory to track data
structures and additionally embedder-specific memory allocations are not
tracked via this trait. This trait only limits resources allocated by a
WebAssembly instance itself.
This trait is intended for synchronously limiting the resources of a module.
If your use case requires blocking to answer whether a request is permitted
or not and you’re otherwise working in an asynchronous context the
[ResourceLimiterAsync
] trait is also provided to avoid blocking an OS
thread while a limit is determined.
Required Methods§
fn memory_growing(
&mut self,
current: usize,
desired: usize,
maximum: Option<usize>,
) -> bool
fn memory_growing( &mut self, current: usize, desired: usize, maximum: Option<usize>, ) -> bool
Notifies the resource limiter that an instance’s linear memory has been requested to grow.
current
is the current size of the linear memory in bytes.desired
is the desired size of the linear memory in bytes.maximum
is either the linear memory’s maximum or a maximum from an instance allocator, also in bytes. A value ofNone
indicates that the linear memory is unbounded.
The current
and desired
amounts are guaranteed to always be
multiples of the WebAssembly page size, 64KiB.
This function should return true
to indicate that the growing
operation is permitted or false
if not permitted. Returning true
when a maximum has been exceeded will have no effect as the linear
memory will not grow.
This function is not guaranteed to be invoked for all requests to
memory.grow
. Requests where the allocation requested size doesn’t fit
in usize
or exceeds the memory’s listed maximum size may not invoke
this method.
Returning false
from this method will cause the memory.grow
instruction in a module to return -1 (failure), or in the case of an
embedder API calling Memory::new
or
Memory::grow
an error will be returned from
those methods.
fn table_growing(
&mut self,
current: u32,
desired: u32,
maximum: Option<u32>,
) -> bool
fn table_growing( &mut self, current: u32, desired: u32, maximum: Option<u32>, ) -> bool
Notifies the resource limiter that an instance’s table has been requested to grow.
current
is the current number of elements in the table.desired
is the desired number of elements in the table.maximum
is either the table’s maximum or a maximum from an instance allocator. A value ofNone
indicates that the table is unbounded.
This function should return true
to indicate that the growing
operation is permitted or false
if not permitted. Returning true
when a maximum has been exceeded will have no effect as the table will
not grow.
Currently in Wasmtime each table element requires a pointer’s worth of
space (e.g. mem::size_of::<usize>()
).
Like memory_growing
returning false
from this function will cause
table.grow
to return -1 or embedder APIs will return an error.
Provided Methods§
fn memory_grow_failed(&mut self, _error: &Error)
fn memory_grow_failed(&mut self, _error: &Error)
Notifies the resource limiter that growing a linear memory, permitted by
the memory_growing
method, has failed.
Reasons for failure include: the growth exceeds the maximum
passed to
memory_growing
, or the operating system failed to allocate additional
memory. In that case, error
might be downcastable to a std::io::Error
.
fn table_grow_failed(&mut self, _error: &Error)
fn table_grow_failed(&mut self, _error: &Error)
Notifies the resource limiter that growing a linear memory, permitted by
the table_growing
method, has failed.
Reasons for failure include: the growth exceeds the maximum
passed to
table_growing
. This could expand in the future.
fn instances(&self) -> usize
fn instances(&self) -> usize
The maximum number of instances that can be created for a Store
.
Module instantiation will fail if this limit is exceeded.
This value defaults to 10,000.