undefined | Better HN

0 pointsmamcx4y ago0 comments

>What type of strings though?

The good one!

UTf-8, NOT null terminated, pascal like.

ie: what rust have:

https://doc.rust-lang.org/std/string/struct.String.html

REPEAT the mistakes of C (and considering the security angle! in a browser!) must be a big no.

0 comments

flohofwoe4y ago

This would still require conversion from and to Javascript strings, and doesn't help with any language compiled to WASM that isn't Rust. And it probably wouldn't even help Rust because such a native WASM string type would presumably live outside the WASM heap (because if the string data would be on the WASM heap, there's no need for a native string type).

mamcxOP4y ago

Any complex structure past int/floats requiere conversion. Heck, even floats and ints (for example: oCalm and anybody with more/less bits than JS).

So, given this is a fact, the best course of action is chosen the most safe alternative.

And for everyone else? Well an array of bits ant let the host/callers that are the only that know their own stuff deal with it.

INCLUDING Js.

brabel4y ago

I don't know what you're arguing about. The interface types proposal defines a string like this:

    string ≡ (list char)

char is defined to be a Unicode scalar value (i.e., a non-surrogate code point).

Basically, this is "the most safe alternative"??!

1 more reply

masklinn4y ago

> UTf-8, NOT null terminated, pascal like. > > ie: what rust have: > > https://doc.rust-lang.org/std/string/struct.String.html

Rust (or C++) strings are not pascal strings. In pascal strings, the "string buffer" also contains the length information, and historically it was all bytes with a length byte at the start, which was why your strings started at index 1 and limited to 254 bytes.

It's possible to modernise this style of strings to be less crummy (that is essentially what sds does), but C++/Rust string are a third take where the length (and capacity) are stored separately from the string buffer, and that buffer is always on the other side of a pointer (ignoring SSO, which Rust sadly doesn't have due to the original interface definition).

pjmlp4y ago

Unfortunely that is not what WASM designers decided when they went without memory tagging for linear memory segments.

So you get all the fun to corrupt linear memory C style.

flohofwoe4y ago

I think if you're afraid of memory corruption inside the WASM heap, it's better to use Rust instead of C or C++. WASM's job is to prevent code inside the sandbox from escaping the sandbox, not to prevent memory corruption inside the sandbox.

pjmlp4y ago

> I think if you're afraid of memory corruption inside the WASM heap, it's better to use Rust instead of C or C++.

Agreed, but as consumer from WASM modules that isn't your option to make.

> WASM's job is to prevent code inside the sandbox from escaping the sandbox, not to prevent memory corruption inside the sandbox.

That is not better than a typical OS process, just it happens to be randomly downloaded into my computer.

1 more reply

j / k navigate · click thread line to collapse

0 comments

flohofwoe4y ago

mamcxOP4y ago

Any complex structure past int/floats requiere conversion. Heck, even floats and ints (for example: oCalm and anybody with more/less bits than JS).

So, given this is a fact, the best course of action is chosen the most safe alternative.

And for everyone else? Well an array of bits ant let the host/callers that are the only that know their own stuff deal with it.

INCLUDING Js.

brabel4y ago

I don't know what you're arguing about. The interface types proposal defines a string like this:

    string ≡ (list char)

char is defined to be a Unicode scalar value (i.e., a non-surrogate code point).

Basically, this is "the most safe alternative"??!

1 more reply

masklinn4y ago

> UTf-8, NOT null terminated, pascal like. > > ie: what rust have: > > https://doc.rust-lang.org/std/string/struct.String.html

pjmlp4y ago

Unfortunely that is not what WASM designers decided when they went without memory tagging for linear memory segments.

So you get all the fun to corrupt linear memory C style.

flohofwoe4y ago

pjmlp4y ago

> I think if you're afraid of memory corruption inside the WASM heap, it's better to use Rust instead of C or C++.

Agreed, but as consumer from WASM modules that isn't your option to make.

> WASM's job is to prevent code inside the sandbox from escaping the sandbox, not to prevent memory corruption inside the sandbox.

That is not better than a typical OS process, just it happens to be randomly downloaded into my computer.

1 more reply

j / k navigate · click thread line to collapse