[HN Gopher] Wasmtime 1.0 ___________________________________________________________________ Wasmtime 1.0 Author : ridruejo Score : 331 points Date : 2022-09-20 15:57 UTC (7 hours ago) (HTM) web link (bytecodealliance.org) (TXT) w3m dump (bytecodealliance.org) | gkorland wrote: | Congratulation! We're following this project for long time, | considering embedding it in couple of projects. The aim is to use | it as a lightweight sandbox to replace docker. But, it still | feels like the performance impact is too high compared to docker. | gkorland wrote: | I see on the blog some performance numbers compared to | Spidermonkey.wasm anyone compared it to V8? | cfallin wrote: | The perf blogpost actually uses SpiderMonkey-compiled-to-Wasm | as a _benchmark_ rather than a comparison (peer) of Wasmtime. | However, there are some good comparisons done by a third | party in this paper: | | https://arxiv.org/pdf/2011.13127.pdf | | See Figs. 20-22 on page 19. They found Wasmtime to be quite | competitive to V8 and others. | | (disclosure: I work on Wasmtime + Cranelift) | bullen wrote: | Seems the micro runtime also released 1.0: | | https://github.com/bytecodealliance/wasm-micro-runtime | | But why does it not have binaries compiled and ready? | | nm: https://github.com/bytecodealliance/wasm-micro- | runtime/issue... | asim wrote: | I'm more bullish on this runtime than all the others. I | personally think this one could promote itself as being | embeddable and spread far and wide. | bullen wrote: | Yes, I had almost given up on modern solutions but this might | just lead to something! | | wasmtime.dll is 8MB... if the micro runtime .dll is around | 1MB I'm giving it a try! | | Edit: Looking at source sizes it could be 500KB! But we'll | see! | asim wrote: | I'm sold on the future of wasm. What really still bothers me is | the effort and hoops I have to jump through to actually leverage | it. Networking, just fix networking so I can drop in most things | and it would be great. The fact that I have to rewrite the | majority of my network access to do any external IO is painful | but I get that containers took more than a decade after Google's | use to get there too. | tensors wrote: | Why would you choose to use this runtime, rather than, say, | writing your program in Rust to get both its safety guarantees | and native performance? | anderspitman wrote: | A standard Rust program has full access to any filesystem, | network, etc resources that the user running the program has. | WASM sandboxes these resources by default, only giving the | program access to exactly what you explicitly allow at runtime. | vanous wrote: | This allows you to run my library without having to trust me or | my code. | colordrops wrote: | Performance is going to be fast enough in most cases, you get | the extra sandboxing, and it runs multiplatform. I'm not | speaking from experience but just my understanding, so I may be | incorrect. | syrusakbary wrote: | Congrats to the Wasmtime team on the 1.0 release! | | I'm happy to see that more runtimes are maturing and getting use | on production cases... I can't wait to see and show what the | future entails for WebAssembly on both the server side and the | browser! | | Keep up the good work. Also I'd like to use this message to | congratulate other runtimes that I'm excited about (apart from | Wasmer, of course!): Wizard Engine [1], Wazero [2] and Lunatic | [3]. | | The future is bright in Wasm land :) | | [1] https://github.com/titzer/wizard-engine | | [2] https://github.com/tetratelabs/wazero | | [3] https://github.com/lunatic-solutions/lunatic | lhnz wrote: | Maybe a stupid question, but: what is Wasmtime for? What kind of | use-cases/applications does it enable and why is this good? | dljsjr wrote: | The Bytecode Alliance is a nonprofit group with members from | all over the industry working to provide what is ostensibly a | reference implementation of a WebAssembly runtime w/ full WASI | support. Wasmtime is their implementation. | | They are far from the only implementation, though. You can find | links to other runtimes in other comments here already. | oxff wrote: | https://blog.cloudflare.com/announcing-wasi-on-workers/ will | probably open it up a bit for you with a concrete example | btown wrote: | I would add that it can be useful to have isolated runtimes | even if you're not a PaaS. Say you need to parse an obscure | file format that can be uploaded from untrusted users (and | nowadays, that's all users). You've got some ancient C or C++ | source code for the parser, but it hasn't been vetted for | security or denial-of-service issues. Compile it to WASM, run | it in an isolated runtime, and you can be confident that it | won't be able to escape its sandbox while also minimizing | startup times and using significantly fewer resources than | needing a container for each invocation. | jon-wood wrote: | Personally I'd want to be very cautious about this. It's | probably more secure than just running this untrusted | binary directly on a server full of user uploaded content | but I don't know what level of confidence is should have in | wasmtime not having any container escapes possible. | schemescape wrote: | Yes. Consider that Spectre allowed reading browser memory | that wasn't exposed to JavaScript from within the JS | sandbox. Something similar probably would have been | possible with WASM, if Spectre hadn't already been found | and mitigated. | | I love capability based limits like this (and in Deno), | but they're not a panacea. | cesarb wrote: | > You've got some ancient C or C++ source code for the | parser, but it hasn't been vetted for security or denial- | of-service issues. Compile it to WASM, run it in an | isolated runtime, and you can be confident that it won't be | able to escape its sandbox | | This is not just a theory: according to | https://hacks.mozilla.org/2021/12/webassembly-and-back- | again... Firefox does exactly that trick with five of its C | or C++ dependencies. | baq wrote: | Thanks for that. | | > Back to the future | | > For those of you who have been around for the better part | of the past couple of decades, you may notice this looks very | similar to RFC3875, better known as CGI (The Common Gateway | Interface). While our example here certainly does not conform | to the specification, you can imagine how this can be | extended to turn the stdin of a basic 'command line' | application into a full-blown http handler. | | they should've started with that ;) | mikewarot wrote: | It's a way of running WASM code, which can be anything from | anywhere, safely. It only gets access to the folders you let it | access as a _capability_. It gets no access to anything else. | | So, no matter how evil, or confused, the program is, you aren't | risking your entire system. It's the best part of capability | based security. | imhoguy wrote: | "Write once run anywere" heard that many times. No sandbox is | going to give you safety. Spectre and Meltdown are great | examples of that. It is the matter of time and popularity. | Cryptojacking and malware is already the problem[0]. | | [0] https://software-lab.org/publications/sp2022.pdf | pjmlp wrote: | Basically Java Security Manager for App Servers rebranded for | a new generation. | hinkley wrote: | Java Security Manager has a rich history of leaking | capabilities to code that should not have them. As has | practically every capability-based system ever. | | Capabilities are no Silver Bullet. They work exceptionally | well with small teams, but like memory leaks, reachability | decisions tend not to scale to very large teams, and people | start exposing information for a feature without being able | to trace the consequences of having done so. | | I could potentially see someone recasting this story as a | parable against shared state, but I'm not convinced it's | the sole cause or that you could have one without the | other. I think it is true that they share a problem space, | but that's neither a particularly brave nor illuminating | statement. | anderspitman wrote: | Do you have a favorite alternative to the capability | model that you feel is superior? I somewhat casually | follow these discussions and I'm always looking for new | ideas (or old ones that actually work better in some | cases). | hinkley wrote: | The weird thing about the security APIs in Java is that | it contained both capabilities and an ACL model with a | sort of hierarchy to it, both of inheritance and being | able to run a function in a scope. I got to use it for | real on a project and if you overlooked the extreme | clunkiness of trying to capture a set of rights as | configuration, it wasn't that bad. | | So I could say, do that again but with a better way to | define rules programatically instead of a priori. Multi- | tenant, multiple roles, or a Cartesian product of the two | sort of demand a little bit of bespoke rules engine work. | VyseofArcadia wrote: | A bit like OpenBSD's pledge[0]. Seems a bit of a waste to | need a whole runtime for something the OS could provide. | | [0] https://man.openbsd.org/pledge.2 | VWWHFSfQ wrote: | Operating systems on are becoming increasingly irrelevant. | mtkhaos wrote: | Missing interoperability between web/server. It's moving | away from the OS model into something more pure | mnemonik wrote: | There is a section in the linked announcement titled "Why use a | WebAssembly Runtime?" that hopefully answers your question. | fweimer wrote: | It doesn't say why one should use _this_ WebAssembly | implementation, and not (for example) the V8-based | implementation that comes with Node.js. | paulgb wrote: | I wrote a (very surface level) comparison on this last | year[1]. If you already have V8 in your environment, it's | _probably_ worth using V8, but if you just want to load a | wasm interpreter into some Rust code, wasmtime is a much | nicer interface to work with and more lightweight. | | [1] https://paulbutler.org/2021/calling-webassembly-from- | rust/ | | (nb. if I were to write this post today, it would be an | omission not to mention the component model) | wongarsu wrote: | Anything that wants to run arbitrary, possibly untrusted user- | provided code, with good speed and minimal startup time. The | big use cases are AWS Lambda-like things (whether that's | serving web requests or reacting to event queues), as well as | plugin systems for software. | eminence32 wrote: | The announcement post has a "Why use a WebAssembly Runtime?" | section that might answer your question. | eis wrote: | Congrats on the 1.0 release! Wasmtime has a world class team of | developers and I truly believe that WASM will play an important | part in many industries. I'm pretty excited for what's to come. | We've barely scratched the surface yet. | xmly wrote: | Exciting! Can not wait to try it! | ainar-g wrote: | Go issue for adding WASI: | https://github.com/golang/go/issues/31105 | xmly wrote: | Exciting! Can not wait to try it! | continuational wrote: | Really exciting, however, I'd like to see some benchmarks backing | up those "Wasmtime is fast" claims. | 1980phipsi wrote: | I like the little drawings that Lin Clark includes. | dang wrote: | Recent and related: | | _Security and Correctness in Wasmtime_ - | https://news.ycombinator.com/item?id=32825377 - Sept 2022 (16 | comments) | | _Wasmtime 1.0: A Look at Performance_ - | https://news.ycombinator.com/item?id=32739941 - Sept 2022 (22 | comments) | my2iu wrote: | I don't understand why they propose all sorts of enterprise use- | cases for wasmtime, yet they don't provide any official Java | bindings for wasmtime. | periram wrote: | Congrats to the wasmtime team and loved the documentation! | [deleted] | sn9 wrote: | Deeply envious of everyone who gets to work on this. What a dream | project. | ctoth wrote: | Doesn't seem as though I can run the QJS REPL on Windows with | this yet. I thought the entire point of these sorts of projects | was serving as a cross-platform runtime, but Wasmtime doesn't | actually accept key input for the REPL, and Wasmer errors out | with an ugly error. | | thread 'main' panicked at 'not implemented: VirtualFile::poll is | not implemented for non-Unix-like targets yet' | | Guess I still just have to wait, but seems weird to call it 1.0. | IshKebab wrote: | Because it uses WASI which is basically "POSIX for | Webassembly". Check out the API: | | https://github.com/WebAssembly/wasi-libc/blob/main/libc-bott... | | Symlinks, hardlinks, errno, etc. It's not surprising that it's | better supported on Unix than other platforms. | | And yeah I agree it's disappointing they tacked such an | obviously platform-biased API on to something that is supposed | to be platform independent. I guess it was the pragmatic thing | but still... | denisw wrote: | What you linked to is WASI-libc, which is a C standard | library implementation on top of WASI - which itself is more | low-level and less POSIX-like. | https://github.com/WebAssembly/WASI | IshKebab wrote: | Nope, the file I linked to _is_ the WASI API, just | expressed as a C header (which I find a bit easier to skim | than the actual specification). | | Here's the actual WASI spec: | | https://github.com/WebAssembly/WASI/blob/main/phases/snapsh | o... | | You'll find it matches the file I linked. Search for | "POSIX" or "errno". | syrusakbary wrote: | We are working on the poll for Windows in Wasmer... stay tuned! | brundolf wrote: | I assumed that like most low-level runtimes it wouldn't be easy | to just go and play with for fun, but the example is impressively | simple: https://github.com/bytecodealliance/wasmtime#example | | Maybe I'll take it for a spin | ur-whale wrote: | Dumb question time: | | I am assuming that browsers come with a pre-installed wasm | engine, and that this can't easily be replaced with a 3rd party | one. | | I therefore assume that this product does not run in a browser, | but rather standalone, and therefore probably on the server ... | | That brings up the following, likely dumb question: what is the | use case? | callahad wrote: | Same as with Node. Take some browser tech, remove the browser, | find out it's useful on its own. | | Browsers are really good incubators for fast, secure runtimes. | Every time you open a new tab, that engine has to run | untrusted, third-party code provided by the website. And it has | to do start up so quickly that you don't perceive it. Turns out | those properties are useful on the server, too. | bbatchelder wrote: | Universal bytecode that is architecture agnostic. | | Take some rust code, compile it into wasm, and call it from | dotnet. | | Compile your app into wasm and run it anywhere on any | architecture. | | At least that is the end goal as I understand it. The idea of | it also being really fast and safe is an extra bonus. | pjmlp wrote: | The idea is as old as UNCOL (1958). | | https://en.m.wikipedia.org/wiki/UNCOL | schemescape wrote: | I'm not an expert, but you could drop the same WASM binary on | servers of any architecture, provided the runtime is installed. | I also assume (hope) this runtime is much lighter weight than | e.g. Node or Ruby or Python or whatever is popular. | | It also seems nice because of the sandbox aspect, similar to | how I'd rather run a random tool in my browser than give it | unfettered access to my local resources by default. | eins1234 wrote: | Instantiating a runtime in microseconds is deeply exciting! | | Though after skimming through the docs, I'm still left wondering | a few things: | | - JS is notably missing from the list of languages supported on | the front page. But I see mentions of a Spidermonkey.wasm in the | blog post. Is running JS on top of wasmtime in production a | realistic prospect today? If so, where can I read more? (mainly | interested in this for the instantiation time benefits, though | maybe all/most of that will be negated by the embedded JS | engine?) | | - How should I go about building a typical web service on top of | wasmtime? Can wasmtime itself handle network requests/connections | or would I need to build the web server in some other host | language and pass request data to wasmtime modules? Haven't been | able to find anything in the docs about this. | | - What would it take to build a multitenant web service where | customer code is isolated using wasmtime, like the one like | described in the post? | phickey wrote: | These are good questions! Here's some answers from the corner | of the world I know best as a Wasmtime contributor at Fastly: | | 1. Spidermonkey.wasm is the basis of Fastly's JavaScript on | Compute@Edge support. We have found it to be faster than | QuickJS. The source code is here: https://github.com/fastly/js- | compute-runtime. | | 2. Fastly Compute@Edge is built on wasmtime. You can develop | web services for it in Rust, JS, and Go: | https://developer.fastly.com/learning/compute/ | | 3. Fastly's multi-tenant platform is closed source, but our | single-tenant local development platform, which also uses | wasmtime under the hood as well, is open source: | https://github.com/fastly/viceroy. It isn't a big leap to make | viceroy multi-tenant: Wasmtime provides everything you need, | and all Viceroy would have to do is dispatch on e.g. HTTP host | header to the correct tenant. Our multi-tenant platform is | closed source because it is very specialized for use on | Fastly's edge, not because the multi-tenant aspect is special. | eins1234 wrote: | Nice, the fact that Fastly is comfortable betting on | Spidermonkey.wasm is the vote of confidence I needed to dig | in! Also really love seeing how much Fastly is giving back to | open source! | azakai wrote: | > We have found it [spidermonkey.wasm] to be faster than | QuickJS | | Interesting! | | Do you have numbers for code size and memory usage perhaps? | ctvo wrote: | > - JS is notably missing from the list of languages supported | on the front page. But I see mentions of a Spidermonkey.wasm in | the blog post. Is running JS on top of wasmtime in production a | realistic prospect today? If so, where can I read more? (mainly | interested in this for the instantiation time benefits, though | maybe all/most of that will be negated by the embedded JS | engine?) | | Shopify and others use QuickJS as their JS engine of choice. | See https://github.com/Shopify/javy as a starting point. The | real benefit is allowing authors of plugins to write JS and not | AssemblyScript, not any performance or instantiation time | benefits. | | > - How should I go about building a typical web service on top | of wasmtime? Can wasmtime itself handle network | requests/connections or would I need to build the web server in | some other host language and pass request data to wasmtime | modules? Haven't been able to find anything in the docs about | this. | | There are a lot of choices for this. None I would consider | mature, but some leads: | | - https://github.com/deislabs/wagi | | - https://suborbital.dev/ | | - https://github.com/fermyon/spin | | They handle the passing of data between host and guest for you. | Your module, written in a language that compiles down to wasm, | is evaluated against the request. They make host functionality, | such as the ability to make other network calls, available to | your module as needed. | | > - What would it take to build a multitenant web service where | customer code is isolated using wasmtime, like the one like | described in the post? | | See suborbital linked above. Not much. This is the primary | current use case for server side wasm. | eins1234 wrote: | This is super helpful. Thank you so much! Will start digging | into these right away. | callahad wrote: | > > _What would it take to build a multitenant web service | where customer code is isolated using wasmtime, like the one | like described in the post?_ | | > _See suborbital linked above._ | | For a real world example of someone using Suborbital's | platform for exactly that, see https://avenue.so/blog/avenue- | launches-custom-filters-transf... | | It is indeed early days, but we're pretty confident that the | opportunity is real. Take webhooks. With webhooks, your | customers have to bring and manage their own infrastructure. | That's a pain in the ass. Everywhere that supports webhooks | should also support Just Running My Damn Code. Like with | GitHub Actions. | | How does GitHub do it? Simple: They're owned by Microsoft. | GitHub can bury the problem in an ungodly deluge of cheap | virtual machines from their sister company, Azure. | | You aren't owned by Microsoft, so how will you Just Run Some | Code? You're going to use WebAssembly. Specifically, in a | year or two, you're going to integrate some sort of off-the- | shelf commodity product that's powered by WebAssembly. | | Suborbital is one shot at what that future might look like. | We'll be talking more about this in the next few weeks. And | it's not just us: a lot of the serverside WebAssembly folks | will be at Cloud Native WASM Day at KubeCon next month... say | hello if you're there! ___________________________________________________________________ (page generated 2022-09-20 23:00 UTC)