Linuxeden开源社区
We are pleased to announce the release of Ruby 3.2.0-preview1. Ruby 3.2 adds many features and performance improvements.
WASI based WebAssembly support
This is an initial port of WASI based WebAssembly support. This enables a CRuby binary to be available on Web browser, Serverless Edge environment, and other WebAssembly/WASI embedders. Currently this port passes basic and bootstrap test suites not using Thread API.
Background
WebAssembly (WASM) is originally introduced to run programs safely and fast in web browsers. But its objective – running programs efficinently with security on various environment – is long wanted not only by web but also by general applications.
WASI (The WebAssembly System Interface) is designed for such use cases. Though such applications need to communicate with operating systems, WebAssembly runs on a virtual machine which didn’t have a system interface. WASI standardizes it.
WebAssembly/WASI Support in Ruby intends to leverage those projects. It enables Ruby developers to write applications which runs on such promised platform.
Use case
This support encourages developers can utilize CRuby in WebAssembly environment. An example use case of it is TryRuby playground’s CRuby support. Now you can try original CRuby in your web browser.
Technical points
Today’s WASI and WebAssembly itself has some missing features to implement Fiber, exception, and GC because it’s still evolving and also for security reasons. So CRuby fills the gap by using Asyncify, which is a binary transformation technique to control execution in userland.
In addition, we built a VFS on top of WASI so that we can easily pack Ruby apps into a single .wasm file. This makes distribution of Ruby apps a bit easier.
Related links
Regexp timeout
A timeout feature for Regexp matching is introduced.
Regexp.timeout = 1.0
/^a*b?a*$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
It is known that Regexp matching may take unexpectedly long. If your code attempts to match an possibly inefficient Regexp against an untrusted input, an attacker may exploit it for efficient Denial of Service (so-called Regular expression DoS, or ReDoS).
The risk of DoS can be prevented or significantly mitigated by configuring Regexp.timeout according to the requirements of your Ruby application. Please try it out in your application and welcome your feedback.
Note that Regexp.timeout is a global configuration. If you want to use different timeout settings for some special Regexps, you may want to use timeout keyword for Regexp.new.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new("^a*b?a*$", timeout: nil)
long_time_re =~ "a" * 50000 + "x" # never interrupted
The original proposal is https://bugs.ruby-lang.org/issues/17837