Skip to main content

WebAssembly

The Enarx project makes heavy use of WebAssembly. This page will tell you more about what it is, and how and why we use it.

What's Wasm?​

WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable target for compilation of high-level languages like C/C++/Rust, enabling deployment on the web for client and server applications.

-- https://webassembly.org/

In simpler terms, on every system which has a Wasm virtual machine runtime, a Wasm application (binary) will run in exactly the same way. Notably, once an application has been compiled to Wasm, it doesn't need be recompiled in order to run it on a different system.

Although it has its roots in web browsers and has been described as "Javascript, done right", it is not limited to browsers. In fact, non-web uses of Wasm were taken into account early on.

Wasm binary instructions, much like in original Assembly, operate on the machine level. Contempory programs that operate on this level -- commonly called Operating Systems -- build interfaces which mediate access to the hardware for higher-level applications.

Without a similar interface, Wasm binaries are restricted to being stand-alone applications. This means no standard to access lower layers of the software stack such as storage, which one would commonly want to use for an application running outside a browser.

This is where WASI comes in.

What's WASI?​

WASI is a modular system interface for WebAssembly. As described in the initial announcement, it’s focused on security and portability.

-- https://wasi.dev

WASI stands for WebAssembly System Interface. It's an API designed by the Wasmtime project that provides access to several operating-system-like features, including files and filesystems, Berkeley sockets, clocks, and random numbers, that we'll be proposing for standardization.

-- wasmtime WASI-intro

WebAssembly System Interface, or WASI for short, is a proposed standard under active development to give Wasm applications standardized access to the host system.

If you'd like to know more about WASI, we highly recommend this blog post by Lin Clark of Mozilla: Standardizing WASI, a WebAssembly System Interface

Why are we using Wasm/WASI?​

Enarx chose Wasm in combination with WASI for its isolation and portability features.

Isolation​

To be more specific, Enarx needs to protect guests from hosts, but also hosts from guests. The Wasm virtual machine architecture by default protects the host from the guest, giving us the second half, while our use of Trusted Execution Environments gives us the first one.

Portability​

Enarx aims to make simple to deploy applications on any TEE technology, regardless of hardware, essentially abstracting the hardware away.

The WASI standard gives applications a portable compilation target, which means that you can compile your application once and deploy it "anywhere".