SaaSHub helps you find the best software and product alternatives Learn more →
Multi-memory Alternatives
Similar projects and alternatives to multi-memory
-
memory-control
A proposal to introduce finer grained control of WebAssembly memory.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
reference-crdts
Simple, tiny spec-compliant reference implementations of Yjs and Automerge's list types.
-
uwm-masters-thesis
My thesis for my Master's in Computer Science degree from the University of Wisconsin - Milwaukee.
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
wit-bindgen
A language binding generator for WebAssembly interface types
-
-
spec
WebAssembly specification, reference interpreter, and test suite. (by WebAssembly)
-
component-model
Repository for design and specification of the Component Model
-
-
-
-
-
wai
A language binding generator for `wai` (a precursor to WebAssembly interface types) (by wasmerio)
-
-
relaxed-simd
Relax the strict determinism requirements of SIMD operations.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
multi-memory reviews and mentions
-
Top 8 Recent V8 Updates
Support for multi-memory to deal with multiple memories in Wasm.
-
WASI Support in Go
> You can do attacks that most people haven't been able to do for 20+ years.
This is a bad and roundabout way to say that vulnerabilities in WebAssembly modules may cause a corruption in their linear memory. Which is absolutely true, but those attacks still matter today (not everyone turns ASLR on) and similar defences also apply. In the future multiple memories [1] should make it much easier to guard against remaining issues. WebAssembly is a lucrative target only because it is so widespread, not because it has horrible security (you don't know what the actually horrible security looks like).
[1] https://github.com/WebAssembly/multi-memory/blob/main/propos...
-
WASI: WebAssembly System Interface
Thanks! These claims are really interesting.
- WASM has no ASLR.
So I guess if a buffer overrun lets you modify a function pointer, you could replace that function pointer with another pointer to execute different code. As you say, this is hard in native linux programs because ASLR and NX. You need a pointer to some code thats loaded in memory and you need to know where it is. In wasm, the "pointer" isn't a pointer at all. indirect_call takes an index into the jump table. Yes, this makes it easier to find other valid function pointers. But wasm also has some advantages here. Unlike in native code, you can't "call" arbitrary locations in memory. And indirect_call is also runtime typechecked. So you can't call functions with an unexpected type signature. Also (I think) the jump table itself can't be edited by the running wasm module. So there's no way to inject code into the module and run it.
I could be wrong, but I wouldn't be surprised if on balance wasm still ends up safer than native code here. I'm sure there will be more than zero wasm sandbox escapes made by abusing this, but I haven't heard of any so far.
Docs: https://developer.mozilla.org/en-US/docs/WebAssembly/Underst...
- WASM allows writing to 0x0.
You're probably right about this. To be clear, it means if pointers are set to 0 then dereferenced, the program might continue before crashing. And the memory around 0 may be overwritten by an attacker. How bad this is in practice depends on the prevelance of use-after-free bugs (common in C / C++) and what ends up near 0 in memory. In rust, these sort of software bugs seem incredibly rare. And I wouldn't be surprised if wasm compilers for C/C++ start making a memory deadzone here - if they aren't doing that already.
- wasm can easily overflow buffers
Sure, but so can native C code. And unlike native code, wasm can't overflow buffers outside of the data section. So you can't overwrite methods or modify the memory of any other loaded modules. So on net, wasm is still marginally safer than native code here. If you're worried about buffer overflows, use a safer language.
- wasm doesn't have the concept of read-only memory
Interesting! I can see this definitely being useful for system libraries like mmap. This would definitely be nice to have, and it looks like the wasm authors agree with you.
-
Accessing WebAssembly reference-typed arrays from C++
There are stray references to the concept of multiple address spaces (or 'memories') in the wasm spec at present, and I recall at one point you may have always been passing 'memory #0' to your load/store opcodes. It looks like people are still working on that as the solution.
-
WebAssembly and C++
It's not segmented, so no... or rather, not yet.
The wasm spec already accommodates to some extent the notion of multiple "memories" (i.e. distinct flat heaps), although it only allows for one in practice:
https://webassembly.github.io/spec/core/syntax/modules.html#...
And there's an active proposal to allow for multiple memories:
https://github.com/WebAssembly/multi-memory/blob/main/propos...
In an environment like that, you'd need full-fledged pointers to carry both the memory index and the offset; and then you might want a non-fat "pointer to same memory" alternative for perf. Might as well call them far and near.
- WebAssembly 2.0 Working Draft
-
A note from our sponsor - SaaSHub
www.saashub.com | 28 Mar 2024
Stats
WebAssembly/multi-memory is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of multi-memory is WebAssembly.