Question: where is the WASM API implemention?

[Kevin0626]

Hi,

I want to build some basic understanding about the WASI implementation. Previously I guessed a WASI API like __wasi_fd_pread() is like a replacement of some SYS_CALL. I searched the repo source code and found it was called a few times. But I didn't see it is implemented anywhere.

Can anyone give a clue where it is implemened?

Thanks,
Kevin

[NineKa]

Hello. If I am not mistaken, these are the functions that should be implemented by the embedded system. In the compiled WebAssembly module, these are declared as import functions. For detailed documentation, check this, https://github.com/WebAssembly/WASI/blob/master/design/WASI-core.md .

[Kevin0626]

Thanks! @NineKa

In the repo readme, it introduced this repo provides a wasi reference implementation. so I assume it should be somewhere in the bottom half.

[sunfishcode]

Yes; the "bottom half" here refers to the bottom half of "libc", which is functions like pread which are wrappers around calls to system calls like __wasi_fd_pread. These system calls aren't implemented in libc -- they need to be provided by the embedder. For example, Wasmtime's implementation for Unix-type platforms is here.

[Kevin0626]

@sunfishcode Thanks, Dan!

I think I got some understanding about this repo structure now. The bottom half are mostly the added component on the musl with additional permission check and re-routing the syscalls to the WASI APIs.

If my understanding is right, I have another question - the bottom half seems to be built as part of WASM application binary. For the security reason, should we put the permission into the runtime implementation rather than being part of application?

[tschneidereit]

You're right, any required security checks need to happen in the runtime—and they do. For example the implementation of __wasi_fd_pread in Wasmtime that @sunfishcode mentions contains checks that ensure that the requested operation is allowed. If you look at the implementation of pread here, it doesn't perform any security checks itself; it just calls __wasi_fd_pread and then just tries to provide some more specific information if the check failed and otherwise just returns an error.

[Kevin0626]

@tschneidereit Thank you for your further explanation! I was trying to understand what is the boundary between the top half and bottom half. I just compared the current implementation of fopen and its original implementation of musl. Now I feel the bottom half is more like the replacement of some key functions from the musl source code.

It will be great if some basic introduction can be available from the readme about the boundary definition between the two half parts.

I also came up with a few other questions during exploring the source code and will raise new issues. Your input is very appreciated.

[sbc100]

I maintain a simple (and partial) JS implementation of the current syscall layer here: https://github.com/WebAssembly/waterfall/blob/master/src/wasi.js.