Aegis Resource Management

This crate provides resource management functionality for the Aegis WebAssembly sandbox runtime, including:

Memory limiting via [AegisResourceLimiter]
CPU limiting via fuel management in [FuelManager]
Timeout management via epochs in [EpochManager]

Resource Management Strategy

Aegis uses a multi-layered approach to resource management:

Memory Limits: Hard limits on linear memory growth
Fuel Limits: Deterministic CPU limiting via fuel consumption
Epoch Timeouts: Wall-clock timeout via epoch-based interruption

Memory Limiting

Memory limits are enforced via [AegisResourceLimiter], which implements Wasmtime's ResourceLimiter trait. This prevents guests from allocating unbounded memory.

use aegis_resource::limiter::{AegisResourceLimiter, LimiterConfig};

let limiter = AegisResourceLimiter::new(
    LimiterConfig::default().with_max_memory(64 * 1024 * 1024)
);

Fuel Limiting

Fuel provides deterministic CPU limiting. Each WASM instruction consumes fuel, and execution traps when fuel is exhausted.

use aegis_resource::fuel::{FuelManager, FuelConfig};

let manager = FuelManager::new(FuelConfig::new(1_000_000_000));

Epoch Timeouts

Epochs provide wall-clock timeout support. A background thread increments the epoch counter, and stores configured with deadlines will trap when the deadline is exceeded.

use aegis_resource::epoch::{EpochManager, EpochConfig};

let manager = EpochManager::new(engine, EpochConfig::default())?;

aegis-resource 0.1.0

Resource Management Strategy

Memory Limiting

Fuel Limiting

Epoch Timeouts