Mindburn Labs
Founding Cohort
Research NoteSeptember 9, 20253 min read

Wazero Memory Allocation Bounds

Hard limits on sandbox memory footprints.

Problem

A rogue or poorly optimized policy executed inside the WebAssembly sandbox might allocate memory indiscriminately. Left unchecked, the host OS's OOM killer will terminate the entire node, resulting in total system failure.

Approach

Under the HELM Wazero configuration, linear memory pages are strictly pre-allocated. We define a hard 16MB limit for standard policy evaluations. Wazero intercepts dynamic allocation requests (e.g., memory.grow); if the limit is breached, the trap immediately suspends the WebAssembly instance.

Invariants

  • The Sandbox instance cannot dynamically exceed 16 * 1024 * 1024 bytes.
  • Memory allocation faults evaluate as DENY_EXHAUSTION.

Artifacts

References

  • WebAssembly Core Specification: Linear Memory
Pesquisa Mindburn LabsSeptember 9, 2025
Every claim in this article can be independently verified using our open-source evidence tooling. Check the standards and conformance demos below.
PadrõesVerificar evidênciasConformidade