Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
pywasm3
Python bindings for Wasm3, a fast WebAssembly interpreter and the most universal WASM runtime
-
nsjail
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
extism
The framework for building with WebAssembly (wasm). Easily load wasm modules, move data, call functions, and build extensible apps.
Wasmtime's `wasmtime-py` embedding in python has support for Wasm Components: https://github.com/bytecodealliance/wasmtime-py#components (disclosure, I helped create it)
The remaining piece of the puzzle would be to create a wit-bindgen guest generator https://github.com/bytecodealliance/wit-bindgen#guests for this build of the python interpreter. You could then seamlessly call back and forth between the host and guest pythons, without even knowing that wasmtime is under the hood.
I've not yet figured out the incantations I need to actually do this - in particular the limits on CPU and memory time.
I posed this question on Mastodon recently and Jim Kring put together this demo, which gets most of the way there (albeit using an old Python 3.6 build): https://github.com/jimkring/python-sandbox-wasm
It doesn't feel like this should be as hard to figure out as it is!
I have been following and playing with this repository: https://github.com/singlestore-labs/python-wasi/
It builds a single Python WASM module with all dependencies included (they use VFS) and a Dockerfile to make the process easy (and actually worked first go). It does produce large files though: wasi-python3.11.wasm 110MB
PyOdide isn't currently supported outside of browsers, though that might change.
Either way, I couldn't figure out how to do the above sequence of steps with any of the available Python WASM runtimes - they're all very under-documented at the moment, sadly. I tried all three of these:
- https://github.com/wasmerio/wasmer-python
- https://github.com/bytecodealliance/wasmtime-py
- https://github.com/wasm3/pywasm3
PyOdide isn't currently supported outside of browsers, though that might change.
Either way, I couldn't figure out how to do the above sequence of steps with any of the available Python WASM runtimes - they're all very under-documented at the moment, sadly. I tried all three of these:
- https://github.com/wasmerio/wasmer-python
- https://github.com/bytecodealliance/wasmtime-py
- https://github.com/wasm3/pywasm3
Wasmtime's `wasmtime-py` embedding in python has support for Wasm Components: https://github.com/bytecodealliance/wasmtime-py#components (disclosure, I helped create it)
The remaining piece of the puzzle would be to create a wit-bindgen guest generator https://github.com/bytecodealliance/wit-bindgen#guests for this build of the python interpreter. You could then seamlessly call back and forth between the host and guest pythons, without even knowing that wasmtime is under the hood.
Oh, and here's an example (test) showing how to construct a "manifest" to control the cpu/memory limits: https://github.com/extism/extism/blob/main/python/tests/test...
cpu is really controlled by # milliseconds until the wasm code is trapped.