Why WebAssembly is innovative even outside the browser

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • OPS - Build and Run Open Source Unikernels
  • While a "host" application (for the WASM runtime used) is required to enable access to graphical output (or user input) it doesn't have to be a browser.

    At the (almost) most basic level a chunk of memory can be used as a framebuffer--the host application would read the pixel data which the WASM bytecode wrote and then write it to the host display via OS-level routines.

    There are some plans/experiments at making a framebuffer "device" available as part of WASI.

    I've written a couple of graphical WASM host applications that aren't browsers (and which don't use memory for pixel data transfer just integer values returned from a function):

    The "WebAssembly Calling Card (WACC) Viewer" is implemented via the Godot game engine and an addon that integrates the Wasmtime WASM runtime with the engine: https://wacc.rancidbacon.com

    (Also implemented a WACC Viewer in Rust: https://gitlab.com/RancidBacon/rusty-wacc-viewer)

    WACC specifies how to transform three integer values (returned from a function in a WASM module) into a coloured triangle in order to render it on screen.

    Another "host application" I implemented was a libretro compatible plugin that loads a WASM module and then feeds the module with input from libretro & retrieves framebuffer pixel data (one pixel at a time :D ) via a WASM function call & writes it to the libretro framebuffer for display.

  • GitHub repo awesome-wasm-runtimes

    A list of webassemby runtimes

    Numerous native runtimes for webassembly already exist[0], with the current popular choices apparently being Wasmer[1] and Wasmtime[2].

    All one would need to do (AFAIK) is ship a client for all major platforms, as is done with Electron (and web browsers themselves, and everything else.)

    [0]https://github.com/appcypher/awesome-wasm-runtimes

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • GitHub repo wasmer

    🚀 The leading WebAssembly Runtime supporting WASI and Emscripten

  • GitHub repo wasmtime

    Standalone JIT-style runtime for WebAssembly, using Cranelift

  • For me, the most interesting potential of WASM is it provides a platform-independent sandboxed way to run untrusted code written in multiple programming languages.

    This means it's in theory possible to run the same code on an embedded hardware platform, a desktop app or in the browser.

    And while I'm sure there's "serious" business uses for that capability :) I'm most interested in what it enables in terms of user customisation/modding of games.

    Which was my main motivation for creating a Wasmtime WASM runtime add-on for the Godot game engine: https://gitlab.com/RancidBacon/godot-wasm-engine

    And also designing the "WebAssembly Calling Card" specification as a way of demonstrating how the same code could produce graphical output that is then used in 2D or 3D environments: https://wacc.rancidbacon.com

  • GitHub repo Graal

    GraalVM: Run Programs Faster Anywhere :rocket:

    Of course you could run Rust on the JVM (more precisely on GraalVM)!

    Have a look at Project Sulong.

    https://github.com/oracle/graal/tree/master/sulong

  • GitHub repo watt

    Runtime for executing procedural macros as WebAssembly

    Rust has an interesting application for WASM where it can be used to pre-compile macros. Saves a bunch of compilation time by skipping the need to compile the macros up front.

    https://github.com/dtolnay/watt

  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • GitHub repo Uno Platform

    Build Mobile, Desktop and WebAssembly apps with C# and XAML. Today. Open source and professionally supported.

    I won't surely change your mind, that is exactly what I am looking for.

    WebAssembly made us regress 10 years, and we lost the great GUI based tooling for Web page creation and 3D games that are actually hardware accelerated without browsers doing blacklists.

    https://platform.uno/

  • GitHub repo bsnes-plus

    debug-oriented fork of bsnes, with added emulator-networkaccess

    Hm not really but I do update my repo on github.com. It's all work in progress stuff being designed as I go.

    https://github.com/alttpo/bsnes-plus/tree/wasm/bsnes/wasm

  • GitHub repo cap-std

    Capability-oriented version of the Rust standard library

    I'm not sure you could hack the control flow when running bytecode on the JVM, but I strongly doubt that. (The JVM is "high-level" as pointed out previously and doesn't execute ASM like code. So there is no of the attack surface you have to care on the ASM level).

    And capabilities are anyway something that belongs into the OS — and than programs need to be written accordingly. The whole point of the capability-security model is that you can't add it after the fact. That's why UNIX isn't, and never will be, a capability secure OS.

    But "sanboxing" some process running on a VM is completely independent of that!

    WASM won't get you anything beyond a "simple sanbox" ootb. Exactly the same as you have in the other major VM runtimes.

    If you want capability-secure Rust, there is much more to that. You have to change a lot of code, and use an alternative std. lib¹. Of course you can't than use any code (or OS functionality) when it isn't also capability-secure. Otherwise the model breaks.

    To be capability-secure you have actually to rewrite the world…

    ¹ https://github.com/bytecodealliance/cap-std

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts