Open gaocegege opened 3 years ago
Software fault isolation (SFI) 是个很好的概念,但是在工业界很少落地,只有 Google Chrome 的 NaCl 应用比较多。这是因为:
SFI vendors need to develop and maintain their own compiler backend (to rewrite modules to restrict memory accesses), their own linker and loader (to install modules in the host address space), and their own base library and ABI (to facilitate interaction between the module and the outside world).
比如 NaCl 在 x86 和 64 上是采取了很多不同的设计与实现。
而 WASM 是一个很好的替代品,它实现了 SFI 最核心的需求:isolated modules can access memory only within a single region.
与 NaCl 一个不同的地方在于,NaCl 是跑在一个单独的进程中的,而 WASM 是 in-process 的。这篇文章就描述了如何利用 WASM 来做 SFI 的。
(这篇的prototype代码是我写的 ,里面没提到的东西可以问我)
lstql (专门从 pyq 赶来点赞 .w.
也tql吧 哭哭
On Sun, Oct 11, 2020, 9:29 AM Pinglei Guo notifications@github.com wrote:
lstql (专门从 pyq 赶来点赞 .w.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/dyweb/papers-notebook/issues/235#issuecomment-706730336, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABVSYTUR3OOBCC7OOZZV5MTSKHMNHANCNFSM4SK6UF6A .
@htfy96 ls,敢问 syscall 是怎么实现的,在论文里没有看到
@htfy96 ls,敢问 syscall 是怎么实现的,在论文里没有看到
基本上来说就是lucet-wasi-sdk的实现。sandboxed的库链接这个libc后,syscall就可以直接调用。
https://arxiv.org/pdf/1912.02285.pdf