Comment by potsandpans

Comment by potsandpans a day ago

0 replies

View on Hacker News

Fta

> However, for system libraries, WebAssembly's isolated memory model comes with serious tradeoffs.

> Isolation means no system calls WebAssembly can only access functions the runtime exposes to it. Usually, that's JavaScript.

Without digging into the code I'm going to assume (guess) that this feature did not take the main value-prop of the WASM model.

Afaik, this is explicitly against the isolation that WASM imposes [1]

> Modules must declare all accessible functions and their associated types at load time, even when dynamic linking is used. This allows implicit enforcement of control-flow integrity (CFI) through structured control-flow.

I seem to remember a WASI developer talk that discussed syscalls here, but I can't remember the specifics. The gist was basically along the lines of, "syscalls are a level of privilege that should not be cart-blanche accessible to all programs at all times"