Skip to content

safety: STPA analysis of BA RFC #46 and cross-toolchain consistency#25

Merged
avrabe merged 1 commit intomainfrom
safety/rfc46-stpa-analysis
Mar 10, 2026
Merged

safety: STPA analysis of BA RFC #46 and cross-toolchain consistency#25
avrabe merged 1 commit intomainfrom
safety/rfc46-stpa-analysis

Conversation

@avrabe
Copy link
Contributor

@avrabe avrabe commented Mar 10, 2026

Summary

  • STPA comparative analysis of Bytecode Alliance RFC #46 vs Meld
  • Cross-toolchain canonical ABI consistency analysis (Meld ↔ Kiln ↔ Synth)
  • RFC-specific hazard catalog (5 losses, 6 hazards, 12 UCAs)

RFC #46 Analysis

The RFC proposes lower-component (= Meld) + host-wit-bindgen (= syn/kiln) + Host C APIs. Key findings:

  • Meld's trust boundary is smaller — self-contained output vs RFC's required host intrinsics
  • 6 things Meld covers that RFC doesn't — attestation, reproducibility, formal verification, certification evidence, cycle-tolerant topology, CopyLayout
  • P3 scope blocked on upstream ecosystem tool availability (wit-bindgen, runtime stack-switching), not on Meld's readiness
  • Host bindings map to syn/kiln, not Meld
  • Multiply-instantiated modules is the highest-priority shared gap (Handle multiply-instantiated modules #24)

Cross-Toolchain Consistency

5 consistency hazards (XH-1 through XH-5) where Meld, Kiln, and Synth must agree on canonical ABI layout. Shared wit-bindgen fixtures are the primary mitigation.

Related PRs

🤖 Generated with Claude Code

@avrabe @claude
safety: STPA analysis of BA RFC #46 and cross-toolchain consistency
2b83cb8 
Add comparative STPA analysis of Bytecode Alliance RFC #46
("lower-component") against Meld's architecture:
- 5 RFC-specific losses, 6 hazards, 12 UCAs
- Gap analysis (6 RFC gaps Meld covers, 6 Meld gaps from RFC scope)
- Open questions mapped to hazards with recommendations
- Trust boundary comparison (Meld's smaller TCB vs RFC's host API)

Add cross-toolchain canonical ABI consistency analysis:
- 5 consistency hazards between Meld, Kiln, and Synth
- Shared wit-bindgen fixtures as executable conformance tests
- Coverage matrix tracking which tool paths are verified

Key findings:
- P3 scope blocked on upstream ecosystem tool availability, not Meld
- Host bindings (RFC's host-wit-bindgen) map to syn/kiln
- Multiply-instantiated modules is highest-priority shared gap (#24)
- Gale+Kiln form the runtime/OS stack; prepared for P3 threads/async

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@avrabe avrabe merged commit fa76d34 into main Mar 10, 2026
3 checks passed
@avrabe avrabe deleted the safety/rfc46-stpa-analysis branch March 10, 2026 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe