You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a reminder - protection agains inf. loops in contract's code. Currently added protection (Promise.race) is not enough (but not much more can be done in case of pure JS).
In case of WASM - it should possible with the help of bytecodealliance/wasmtime#1490 krustlet/krustlet#223
My vote is for Wasm. Since it would allow you guys not to have to create multiple implementations for different languages. And allow you to focus on core functionality instead.
It's fast, widely supported across languages and OS platforms, and continues to be developed with better features. Like Gpu, threading, garbage collection, and Simd support.
Should be implemented as a separate library with an
ExecutorFactory
implementation.First idea worth checking out is the https://github.com/laverdet/isolated-vm - but of course this will work only in a node env.
Other:
https://2021.esec-fse.org/details/fse-2021-papers/46/JSISOLATE-Lightweight-In-Browser-JavaScript-Isolation
https://www.semanticscholar.org/paper/TrustJS%3A-Trusted-Client-side-Execution-of-Goltzsche-Wulf/03a79b989b9852b8bf4bb77c54bf8d5124efeba6
or use WASM?
https://webassembly.org/docs/security/
https://developer.mozilla.org/pl/docs/WebAssembly
https://engineering.q42.nl/webassembly/ - very good analysis!
https://www.assemblyscript.org/
https://developer.mozilla.org/en-US/docs/WebAssembly/Using_the_JavaScript_API
The text was updated successfully, but these errors were encountered: