Mozilla, Fastly, Intel, and Red Hat have teamed up to develop technologies that make WebAssembly a universal platform to run code safely on any infrastructure, operating system and device. For the joint development of the runtime and compilers, which allows the use of WebAssembly not only in web browsers, the Bytecode Alliance community has been formed.
To create portable programs delivered in WebAssembly format that can be executed outside the browser, it is proposed to use the WASI API (WebAssembly system interface), which provides program interfaces for direct interaction with the operating system (POSIX API for working with files, sockets, etc.).
A distinctive feature of the execution model of applications that use WASI is launching in a sandbox environment to isolate from the main system and the use of a security mechanism based on capacity management, for actions with each of the resources (files, directories, sockets, system calls, etc.) the application must have the corresponding authorization ( access is only provided to declared functionality).
One of the objectives of the alliance created is to solve the problem of diffusion of modern modular applications with a lot of dependencies. In such applications, each dependency can be a potential source of vulnerabilities or attacks. Gaining Dependency Control allows you to gain control over all the applications associated with it.
Bytecode Alliance members intend to prepare a complete solution for the safe execution of WebAssembly applications that are initially untrusted.
For protection, it is proposed to use the concept of nanoprocesss, in which each dependency module is separated in a separate isolated WebAssembly module, whose authority is configured to bind only to this module (for example, a library for processing strings cannot open a network socket or file).
Unlike process separation, WebAssembly handlers are lightweight and require almost no additional resources In addition, the interaction between the handlers is not much slower than calling ordinary functions.
For joint development, several WebAssembly-related projects, previously developed separately by the founding companies of the alliance, were transferred under the wing of the Bytecode Alliance:
- Wasmtime: A runtime for running WebAssembly applications with WASI extensions as regular standalone apps. It supports launching the WebAssembly bytecode using a special command line utility and designing out-of-the-box executable files (wasmtime is built into the application as a library).
- Lucet: is a compiler and a runtime to run programs in WebAssembly format. A distinctive feature of Lucet is the use of a full preventive compilation (AOT, upfront) on machine code suitable for direct execution instead of JIT. The project was developed by Fastly and optimized to consume minimal resources and quickly launch new instances. As part of a joint project, it is planned to change the Lucet compiler to use Wasmtime as a base.
- WAMR (WebAssembly Micro Runtime): es another runtime to run WebAssembly, originally developed by Intel for use in IoT devices. WAMR it is optimized for minimal resource consumption and can be used on devices with a small amount of RAM. The project includes an interpreter and virtual machine to run WebAssembly bytecode, an API (a subset of Libc), and tools to dynamically manage applications.
- Cranelift: Is a code generator that translates a hardware-independent intermediate representation into machine code executable optimized for specific hardware platforms. Cranelift supports function compilation parallelization for very fast output generation, allowing you to use it to create JIT compilers (Cranelift-based JIT is used in Wasmtime virtual machine).
- WASI: a standalone implementation of the WASI API (Web Assembly System Interface) to organize interaction with the operating system.
- cargo-wasi: un module for cargo package manager which implements a command to compile Rust code into WebAssembly bytecode using the WASI interface to use WebAssembly outside of the browser.
- wat and wasmparser: sound parsers for analyzing text (WAT, WAST) and binary representations of the WebAssembly byte code.