CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers

Transcript

1. Kohei Ota / Senior Field Engineer @ Open Engineering, Apple

   YAPC::Hakodate 2024 CloudNative Meets WebAssembly Exploring Wasm's Potential to Replace Containers

2. Wasm (WebAssembly) basic

3. Wasm is… • NOT the “Assembly”! • Originally derived from

   asm.js, a subset designed to run 
 non-JavaScript applications in the browser
 → Such as those written in C or C++, mainly for use cases like games that go beyond the limits of HTML5 + JS • Has stricter type constraints than JavaScript and functions like an "intermediate language"

4. Wasm is… • NOT the “Assembly”! • Originally derived from

   asm.js, a subset designed to run 
 non-JavaScript applications in the browser
 → Such as those written in C or C++, mainly for use cases like games that go beyond the limits of HTML5 + JS • Has stricter type constraints than JavaScript and functions like an "intermediate language" After Mozilla proposed asm.js in 2013 it evolved into WebAssembly (Wasm), and starting around 2017-2018, various tools began being ported to Wasm such as Vim, FFmpeg, and others.

5. Basic Wasm model Compilation Execution Language

6. Basic Wasm model Compilation Execution Language Modern browsers can execute

   Wasm on the same runtime layer as JS There are runtimes like Wasmer/ Wasmtime/WasmEdge in order to run Wasm apps on Operating Systems

7. Browser Wasm execution details • JavaScriptCore / V8 / SpiderMonkey

   can execute Wasm binary directly • (For Chromium) Lifto ff interpreter converts functions in .wasm into machine language, and TurboFan (also used for JS) optimizes functions that are called often, re-compiles and caches the machine code • Because it’s browser based, it cannot violate anywhere further than the browser, such as direct access to host fi lesystem, host memory and plugged devices

8. What Changes • Compile target is changed in static languages

   like Swift / C / Go / Etc. • Executed within a sandbox-by-default environment • High inter-language-operability

9. Different Compilation Target

10. Current compilation in existing languages Swift: swift build --swift-sdk x86_64-swift-linux-musl

    Golang: GOOS=linux GOARCH=amd64 go build main.go

11. Current compilation in existing languages Swift: swift build --swift-sdk x86_64-swift-linux-musl

    Golang: GOOS=linux GOARCH=amd64 go build main.go Compiled binaries cannot run on a host with different OS/CPU Why? → ABI is not compatible

12. Common Components in the ABI • CPU-dependent de fi nition

    including instruction set • Call numbers of system calls used • Call information for dynamically linked shared libraries

13. Windows Darwin Linux BSD Intel (AMD) ARM RISC-V PowerPC MIPS

    Compiler

14. Windows Darwin Linux BSD Intel (AMD) ARM RISC-V PowerPC MIPS

    Compiler Even for daily development use Mac / Linux / Win x Intel / Arm is 6 patterns

15. When compiling for Wasm swift build --swift-sdk wasm32-unknown-wasi GOOS=wasip1 GOARCH=wasm

    go build -o main.wasm main.go

16. When compiling for Wasm swift build --swift-sdk wasm32-unknown-wasi GOOS=wasip1 GOARCH=wasm

    go build -o main.wasm main.go Point the build target to Wasm when cross compiling the code

17. Basic Wasm model Compilation Execution Compilation
 Language For Compilation Language

18. Dynamic (Script) Languages

19. For Perl (Because we are at a Perl conference) •

    There’s WebPerl for Wasm adoption with Perl… • But the code base hasn’t changed in 4 years and the maintainer shared that they have limited time for the project • It runs on Node.js(V8), but no speci fi c timeline for WASI support

20. For Ruby • Load Ruby.wasm through JS on a browser

    Or • Load the release binary of github.com/ruby/ruby.wasm on Wasm runtimes such as Wasmtime on server

21. For Python • Major 2 runtime impls: Pyodide and Wasmer’s

    py2wasm • The former is the browser version of CPython • The latter is a fork of Nuitka (an OSS that can compile Python to an executable single binary)

22. Basic Wasm model For Script Language Compilation Execution Script Language

    Lightweight interpreter on Wasm App Code

23. More common to run the script on a language runtime

    compiled for Wasm

24. What is it like to run “a Wasm app” from

    a dev POV? • Generate a Wasm binary and ignite on a Wasm runtime Or • Put the script on a language runtime on Wasm and execute on it

25. What is it like to run “a Wasm app” from

    a dev POV? • Generate a Wasm binary and ignite on a Wasm runtime Or • Put the script on a language runtime on Wasm and execute on it This is one of the factors that makes look like containers

26. “Calling” Wasm on a browser Language .wasm Binary Lightweight interpreter

    App Code Load .wasm from JavaScript

27. “Calling” Wasm on a browser Language .wasm Binary Lightweight interpreter

    App Code Load .wasm from JavaScript WebAssembly.instantiateStreaming(fetch("simple.wasm"), importObject).then( (results) => { // Do something with the results! }, );

28. “Calling” Wasm on a container Language .wasm Binary Lightweight interpreter

    App Code Load an OCI image

29. “Calling” Wasm on a container Language .wasm Binary Lightweight interpreter

    App Code Load an OCI image FROM scratch COPY app-wasm-binary . ENTRYPOINT [“/app-wasm-binary”]

30. What Changes • Compile target is changed • Executed within

    a sandbox-by-default environment <— Browser Like • High inter-language-operability

31. What is “sandbox-by-default”?

32. Browser is like an OS that runs sandbox environments •

    Di ff erent process on each tab • That means CPU and memory space are secured/consumed separately • In modern security standards, it's common to ensure that user data is isolated between di ff erent browser tabs.

33. Browser is like an OS that runs sandbox environments •

    Di ff erent process on each tab • That means CPU and memory space are secured/consumed separately • In modern security standards, it's common to ensure that user data is isolated between di ff erent browser tabs. Basically what a container does Basically what a OS isolation does

34. Wasm specification includes… • Binary format - used by compilers

    and runtimes in common • Data structure - data types and formats Wasm handles for computing • Execution model - de fi nition of environment and behavior when processes are being executed

35. Again, key strengths of Wasm • Language and OS/CPU independent

    • Common binary format • Executable in sandboxed environment like browsers and VMs

36. Remind you of anything?

37. Containers?

38. Java Virtual Machine! ࠓ͙͢μ΢ϯϩʔ υ

39. Similarities between Java and Wasm • The compilation and execution

    model (JDK + JVM) • It’s been discussed about Docker vs JVM many times too • Run “anywhere” • WebAssembly (Wasm) gained popularity due to its easy setup for development and execution, and its growth in a CI/CD-friendly ecosystem. (Just IMO) • Java has no concept like “inter-language-operability”

40. What Changes • Compile target is changed • Executed within

    a sandbox-by-default environment • High inter-language-operability <— its just byte code

41. Inter-language-operability? 🧐

42. Again, key strengths of Wasm • Language and OS/CPU independent

    • Common binary format • Executable in sandboxed environment like browsers and VMs Inter-language-operability

43. Again, Wasm specification includes… • Binary format - Used by

    compilers and runtimes in common • Data structure - Data types and formats Wasm handles for computing • Execution model - De fi nition of environment and behavior when processes are being executed

44. Remind you of anything?

45. Java Virtual Machine!

46. Kohei Ota / Senior Field Engineer @ Open Engineering, Apple

    YAPC::Hakodate 2024 CloudNative Meets WebAssembly Exploring Wasm's Potential to Replace Containers JVM

47. Key differences from the JVM • Size of spec/impl (As

    of 2024, at least…) • Originating from highly sandboxed browsers, Wasm’s inherent limitations aim to avoid surpassing the browser environment • To enable non-browser Wasm environments, more POSIX-like capabilities were needed, leading to the creation of WASI.

48. WASI (WebAssembly System Interface) ? • WASI extends the browser-based

    Wasm runtime by o ff ering a portable, secure, POSIX-like, runtime-independent API. It covers infrastructure functions like I/O, sockets, WebGPU, as well as essential OS-provided features like random number generation, logging, and parallel processing. • As an extension of Wasm, it preserves key principles like CPU, OS, and language independence, open speci fi cation, and the security needed for running arbitrary code.

49. Wasm is used in production already on… • Running arbitrary

    applications in major browsers • Utilization in CDN-based edge cloud services • More advanced and fi ne-grained control in reverse proxies, beyond lua and mruby • A framework for FaaS, competing with AWS Lambda • A test execution platform in CI toolchains for Swift • A target runtime for applications in Docker and Kubernetes environments.

50. Benefits • Safe • Lightweight • Executable anywhere • Convenient

    runtime and ecosystem

51. Benefits • Safe • Lightweight • Executable anywhere • Convenient

    runtime and ecosystem

52. CDN FaaS Container Browser Lightweight Numbers of requests More limitations

    on platform → Yet more advanced functionality More interface support on WASI Support OCI format Support SQLɾStorageɾAI/ML use-cases… Run non-JS apps Game / Native apps Edge (on-device) AI

53. CDN FaaS Container Browser Lightweight Numbers of requests More limitations

    on platform → Yet more advanced functionality More interface support on WASI Support OCI format Support SQLɾStorageɾAI/ML use-cases… Run non-JS apps Game / Native apps Edge (on-device) AI Isn’t it cool that a single binary can do all of this? 😎

54. Standardization activities for Wasm • ɾhttps://github.com/WebAssembly/meetings/ • ɾhttps://github.com/WebAssembly/proposals • ɾhttps://github.com/WebAssembly/WASI

    • ɾhttps://github.com/bytecodealliance/meetings • Good places to start checking out

55. • We launched Wasm related community recently
 Please join us!

56. Key takeaways • Wasm has a lot of potential and

    future • WASI still needs to support more functionalities to replace containers • Maybe it won’t fully replace containers, but there will be cases where we *SHOULD* use Wasm over containers, and vice versa in practical and realistic future

57. Thank you