
Wac: Minimal WebAssembly interpreter written in C - ingve
https://github.com/grassel/wac#wac---webassembly-in-c
======
pcwalton
This line: [https://github.com/grassel/wac-
esp/blob/master/main/wa.c#L68...](https://github.com/grassel/wac-
esp/blob/master/main/wa.c#L683)

What prevents me from writing a wasm file with an arbitrary value for "depth"
greater than CALLSTACK_SIZE (1024) and overflowing the buffer? (If the answer
is "nothing", that's probably arbitrary code execution.)

~~~
rcfox
You should probably write this in an issue so that the developers see it.

~~~
pcwalton
It took me 10 minutes to find on my phone on the train. There are probably
dozens of bugs like this...

~~~
JeremyBanks
Well, it is written in C...

~~~
bexsella
I knew it would only be a matter of time before someone mentioned this,
although I was actually expecting someone to mention a specific alternate
language.

~~~
pjmlp
Want to use C? Fine.

But then actually use the myriad of compiler flags, static analysers and
dependent typing tooling (Frama-C) available for it.

Some of them exist since 1979.

------
redmar
link gives a 404 because the repo is renamed minutes ago to
[https://github.com/grassel/wac-esp](https://github.com/grassel/wac-esp)

~~~
donpdonp
which was forked from
[https://github.com/kanaka/wac](https://github.com/kanaka/wac) the kanaka
project appears to be a generic platform project where as the grassel fork is
targeting the esp32.

------
jerrysievert
not just a WASM interpreter, but one that is targeting small devices, which is
pretty darned cool.

my thoughts go directly to fast over the air updates without a full flash,
fixing bugs or reconfiguring on the fly.

------
kevingadd
Given the small scope and some of the ideal use cases for this, it would be
really great to have some objectives like being 100% asan, msan, ubsan-clean
and passing valgrind. People will eventually ship stuff like this in IoT and
that'll make it unlikely that security and bug patches will get deployed.

~~~
daniel_rh
or written in a secure language without undefined behavior and without any
"unsafe" code like Rust or Safe Haskell.

IoT probably should be shipping code that uses static compiler checks as the
first line of security defense rather than run-time checks like valgrind and
asan.

~~~
BubRoss
Hello World in Haskell would already be too large for many micro controllers.

~~~
pjmlp
OCaml, Oberon, Java, Lisp and Scheme manage just fine.

~~~
BubRoss
The parent didn't mention any of those.

~~~
pjmlp
> "written in a secure language without undefined behavior"

"Like" following the rest of the sentence can be understood as "for example",
and not as the only possibilities to choose from.

------
snops
For a interpreter targeted at small/embedded devices, it would be interesting
to see the ROM/RAM usage.

~~~
astrodust
Trial by fire: Get it on the PICO8:
[https://www.lexaloffle.com/pico-8.php](https://www.lexaloffle.com/pico-8.php)

~~~
RodgerTheGreat
PICO8 is in many ways less constrained than real-world microcontrollers, and
the nature of the constraints is quite different. It simply isn't a meaningful
comparison.

------
swiley
The URL for the original project is [1]

It's strange that the readme says it requires 32 bit userspace tools.

Part of me is pretty excited to have an open "write once run everywhere"
environment but the other part of me really likes that autoconf/cmake more or
less provide that now and I'm worried that things like this will discourage
people from making their projects easily buildable by the end user.

Docker already does that, try building freeciv-web yourself without tools like
docker, the end result is that it can be very difficult to modify it when you
need to.

[1] [https://github.com/kanaka/wac](https://github.com/kanaka/wac)

------
jokoon
Is the gcc team/clang team working to allow wasm as a target?

I heard there are several compilers that work with c++ but i don't see many.

~~~
nestorD
LLVM has a wasm target so, in theory, clang should be able yo target it
without modifications . In practice I found this short guide :
[https://stackoverflow.com/questions/45146099/how-do-i-
compil...](https://stackoverflow.com/questions/45146099/how-do-i-compile-a-c-
file-to-webassembly)

~~~
jokoon
This guide requires binaryen... I tried to build it once, it was not fun.

