Skip to content

Web Assembly

Background

From Swivel: Hardening WebAssembly against Spectre (USENIX SECURITY 21).

Take Lucet Wasm compiler as an example, Wasm features:

  • Control flow safety: control flow of the compiled code is restricted to the sandbox and cannot be bent to bypass bounds checks.
  • Memory isolation: explicitly bound all heap loads and stores and masks all pointers to be within a 4GB range, using guard pages to trap any offsets that may reach beyond the 4GB heap space.
  • Embedding Wasm: allows safe control and data flow across the host-sandbox boundary via springboards and trampolines.
  • Wasm in FaaS platforms: FaaS platforms place thousands of client Wasm modules within a single host process, and distribute these processes across thousands of servers and multiple datacenters.

extism - The Universal Plug-in System. Extend anything with WebAssembly (wasm).

The universal plug-in system. Run WebAssembly extensions inside your app. Use idiomatic Host SDKs for Go, Ruby, Python, Node, Rust, C, C++, OCaml, Haskell, PHP, Elixir/Erlang, .NET, Java, Zig & more (others coming soon).

Plug-in development kits (PDK) for plug-in authors supported in Rust, AssemblyScript, Go, C/C++, Haskell, and Zig.

yavkOS Operating system based off of blog_os, with the goal of running wasm modules as executables