Expand description
Aegis Resource Management
This crate provides resource management functionality for the Aegis WebAssembly sandbox runtime, including:
- Memory limiting via
AegisResourceLimiter - CPU limiting via fuel management in
FuelManager - Timeout management via epochs in
EpochManager
§Resource Management Strategy
Aegis uses a multi-layered approach to resource management:
- Memory Limits: Hard limits on linear memory growth
- Fuel Limits: Deterministic CPU limiting via fuel consumption
- Epoch Timeouts: Wall-clock timeout via epoch-based interruption
§Memory Limiting
Memory limits are enforced via AegisResourceLimiter, which implements
Wasmtime’s ResourceLimiter trait. This prevents guests from allocating
unbounded memory.
ⓘ
use aegis_resource::limiter::{AegisResourceLimiter, LimiterConfig};
let limiter = AegisResourceLimiter::new(
LimiterConfig::default().with_max_memory(64 * 1024 * 1024)
);§Fuel Limiting
Fuel provides deterministic CPU limiting. Each WASM instruction consumes fuel, and execution traps when fuel is exhausted.
ⓘ
use aegis_resource::fuel::{FuelManager, FuelConfig};
let manager = FuelManager::new(FuelConfig::new(1_000_000_000));§Epoch Timeouts
Epochs provide wall-clock timeout support. A background thread increments the epoch counter, and stores configured with deadlines will trap when the deadline is exceeded.
ⓘ
use aegis_resource::epoch::{EpochManager, EpochConfig};
let manager = EpochManager::new(engine, EpochConfig::default())?;Re-exports§
pub use epoch::EpochConfig;pub use epoch::EpochManager;pub use epoch::EpochStats;pub use epoch::TimeoutGuard;pub use error::ResourceError;pub use error::ResourceResult;pub use fuel::FuelConfig;pub use fuel::FuelCostEstimates;pub use fuel::FuelManager;pub use fuel::FuelStats;pub use limiter::AegisResourceLimiter;pub use limiter::LimiterConfig;pub use limiter::LimiterStats;pub use limiter::MemoryGrowthEvent;