Resource Limiting

Deterministic Mode and Non-Deterministic Mode have two separate RAM budgets. Each budget starts at 4294967295 octets (4 GiB). All sub-VM instances within the same mode share the same budget.

RAM Consumption

Every resource allocation subtracts from the RAM budget of the current VM Execution Modes. When an allocation would cause the remaining budget to become negative, the sub-VM exits with VMError with gvm-def-str-trie-value-vm-error-OOM-RAM message.

The following operations consume RAM:

• WASM memory growth: each page (65536 octets) costs its size in bytes

• WASM table growth: each table entry costs gvm-def-consts-value-memory-limiter-consts-table-entry octets

• File mapping: gvm-def-consts-value-memory-limiter-consts-file-mapping octets base cost plus the length of the filename in bytes

• File descriptor allocation: gvm-def-consts-value-memory-limiter-consts-fd-allocation octets per descriptor

RAM Release

File content memory is released when the corresponding file descriptor is closed via fd_close. When a sub-VM finishes execution, all remaining RAM consumed by it is released back to the shared budget.

Other Limits

In addition to the RAM budget, the following hard limits apply:

• Maximum sub-VM nesting depth: gvm-def-consts-value-top-limits-vm-recursion

• Maximum RunNondet calls per execution: gvm-def-consts-value-top-limits-nondet-blocks

• Maximum open file descriptors per sub-VM: gvm-def-consts-value-top-limits-max-fds

• Maximum locked storage slots: gvm-def-consts-value-top-limits-locked-slots

• Minimum remaining RAM to issue a WebRequest: gvm-def-consts-value-top-limits-web-request-min-space octets

• Minimum remaining RAM to issue a WebRender: gvm-def-consts-value-top-limits-web-render-min-space octets

Exceeding any of these limits causes the sub-VM to exit with VMError.