Struct KillState

pub struct KillState { /* private fields */ }

All instance state a remote kill switch needs to determine if and how to signal that execution should stop.

Some definitions for reference in this struct’s documentation:

• “stopped” means “stop executing at some point before reaching the end of the entrypoint wasm function”.
• “critical section” means what it typically means - an uninterruptable region of code. The detail here is that currently “critical section” and “hostcall” are interchangeable, but in the future this may change. Hostcalls may one day be able to opt out of criticalness, or perhaps guest code may include critical sections.

“Stopped” is a particularly loose word here because it encompasses the worst case: trying to stop a guest that is currently in a critical section. Because the signal will only be checked when exiting the critical section, the latency is bounded by whatever embedder guarantees are made. In fact, it is possible for a kill signal to be successfully sent and still never impactful, if a hostcall itself invokes lucet_hostcall_terminate!. In this circumstance, the hostcall would terminate the instance if it returned, but lucet_hostcall_terminate! will terminate the guest before the termination request would even be checked.

Implementations

impl KillState

pub fn new() -> KillState

pub fn is_terminable(&self) -> bool

pub fn enable_termination(&self)

pub fn disable_termination(&self)

pub fn terminable_ptr(&self) -> *const AtomicBool

pub fn begin_hostcall(&self)

pub fn end_hostcall(&self) -> Option<TerminationDetails>

pub fn schedule(&self, tid: pthread_t)

pub fn deschedule(&self)