Microsoft joins Bytecode Alliance to advance WebAssembly – aka the thing that lets you run compiled C/C++/Rust code in browsers

Maybe we can make software modular, secure, speedy all at the same time


The Bytecode Alliance, formed by Fastly, Intel, Mozilla, and Red Hat to move WebAssembly beyond the browser, has created a non-profit organization with the help of Microsoft to further their cause.

The gang has also added six more member organizations to advance its mission to make software more modular, secure, and fast.

In addition to Microsoft, the new members are: Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California San Diego.

In a statement, Bobby Holley, distinguished engineer at Mozilla and a Bytecode Alliance board member, described software development today as a set of vexing trade-offs.

"If you want to build something big, it’s not realistic to build each component from scratch," Holley said. "But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program.

"Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains."

This Qt Mandelbrot demo was successfully built with the gbuild LibreOffice build system; it is the only thing so far that runs

'It's where the industry is heading': LibreOffice team working on WebAssembly port

READ MORE

The Bytecode Alliance, founded in 2019, sees WebAssembly as a way to make code composable, safe, and speedy without sacrifices.

WebAssembly is a low-level byte code generated by higher level languages like C/C++ or better yet, because of its memory safety, Rust. It's an assembly-like programming language or structured stack machine, as opposed to a general stack machine like the JVM.

As a compilation target for higher level code, WebAssembly or wasm libraries are often added to web-based applications to handle computationally intensive operations.

Feross Aboukhadijeh, an open-source developer and co-creator of Wormhole, told The Register in an email that WebAssembly has two main benefits.

"WebAssembly allows developers to take existing C and C++ codebases and run them on the web, with little to no modifications," said Aboukhadijeh. "This is great for reusing old code like ffmpeg — it means it doesn’t need to be rewritten in JavaScript."

"WebAssembly also allows performance-critical components to be written in Rust and then run with near-native performance. WebAssembly can perform faster or more predictably than JavaScript since it’s lower level."

Code for the future

The Bytecode Alliance sees WebAssembly, and various related code infrastructure projects like WebAssembly System Interface (WASI), WebAssembly Micro Runtime (WAMR), and Lucet, as a way to deal with difficult-to-secure package registries like npm, PyPI, and crates.io that form the foundation of modern software development.

Package registries are essentially databases of previously written code that developers can import into their own projects so they don't have to solve problems already solved by existing programs. This saves an enormous amount of time but can lead to security problems if the imported modules have inadvertent or deliberate flaws.

As Lin Clark, Fastly senior principal software engineer, wrote in 2019 while at Mozilla, 80 per cent of code bases come from these package registries. So there's much to be gained by limiting the potential harm from any buggy or malicious libraries in an application.

WebAssembly aims to do so through nanoprocesses, which create memory-efficient isolated sandboxes for each wasm module or library. It has the potential to replace microservices with quarantined, wasm-based nanoprocesses. And that's more or less the mission of the Bytecode Alliance.

With its incorporation as a 501(C)(6) organization and its membership expansion, the Bytecode Alliance is looking to extend its vision of more modular, secure, performant applications to a broader set of environments, like the cloud and the network edge.

"WebAssembly and the emerging WebAssembly System Interface (WASI) specification enable cloud-native solutions to become more secure by default and help solve computing challenges across a variety of environments, including the 'tiny edge' of systems-on-a-chip (SoCs) and microcontroller units (MCUs)," said Ralph Squillace, principal program manager, Azure Core Upstream, at Microsoft and Bytecode Alliance board member in a statement.

Holley said the technical community has a chance to change the way software is built in a way that will empower small teams to develop big projects that manage to be both secure and speedy.

"Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way," he said.

Maybe wasm is that technology. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021