Ask HN: What are the use cases of WASM outside the browser?

17 pointsjpbadan3y ago25 comments

What are the non obvious use cases of Wasm? Other than facilitate distribution and improve security, what do you think are the best potencial applications of wasm?

25 comments

arduinomancer3y ago

Ideally I'd like to be able to write desktop apps with the syntax of C but the performance of electron

crazygringo3y ago

Thanks for the chuckle :) Reminds me of the old adage about how Washington DC combines Southern efficiency with Northern charm.

boundchecked3y ago

Coupled with WebGPU it might become the cleanest cross-platform/language abstraction to GPU programming.

nuc1e0n3y ago

That would be nice, but WASM and likely WebGPU is too far behind the state of the art of GPUs to be useful in such situations today. NVidia only implements CUDA AFAIK themselves.

mildbyte3y ago

The "running WASM on the server" use case is pretty fun and applies to whenever you want to execute untrusted user code and limit its capabilities / resources, e.g. for plugins. For example, we use it in Seafowl [1] for user-defined functions, so does ScyllaDB [2]. Cloudflare Workers [3] lets you deploy arbitrary WASM code at the edge and pay at high granularities just for the amount of time your function spends executing (e.g. 10ms is the limit for the free tier).

In addition, you can limit the amount of instructions [4] a certain subroutine is allowed to use up before halting.

Also, WASM subroutines can only call out to functions (including system calls) that you allow them to (they're sandboxed otherwise). By default, they can't open files / print to stdout, unless the module can import the relevant functions (which WASI [5] provides).

[1] https://www.splitgraph.com/docs/seafowl/guides/custom-udf-wa...

[2] https://www.scylladb.com/2022/04/14/wasmtime/

[3] https://blog.cloudflare.com/announcing-wasi-on-workers/

[4] https://docs.wasmtime.dev/api/wasmtime/trait.ResourceLimiter...

[5] https://wasi.dev/

syrusakbary3y ago

Shameless plug: https://wasmer.io

znpy3y ago

Maybe a runtime for application plugins?

You expose some apis in the wasm runtime and plug-in developers only have to target the wasm runtime.

karmakaze3y ago

Perfect use case. Any sort of script can be loaded into these app sandboxes for running with controlled access to everything external.

hickoryswindle3y ago

Kong gateway wrote an article about a wasm framework for nginx: https://konghq.com/blog/around-v8-in-seventy-days-bringing-a...

cercatrova3y ago

It's the rebirth of Java without the drawback of necessarily needing a runtime; write once in whatever (supported) language and run everywhere, if other platforms like OSes embrace the standard. The closest thing I've found is Flutter but that's only in Dart.

Another use case, imagine a single program mixing and matching many different languages because they all compile up WASM as a universal format. This already happens in the frontend web with so called microfrontends which basically let you write various components in React, Vue, Angular etc and it all compiles down to JS.

necovek3y ago

Or more like CLR/.NET (and even Java/JVM with the proliferation of JVM languages) where you've got a bunch of languages targetting the same VM.

ElevenLathe3y ago

I personally think that WASM images will eventually displace (or merge with?) OCI images in server-side use cases. It remains to be seen if this will happen by the current OCI-focused stuff (Kubernetes mainly) adding capability for WASM apps or the WASM ecosystem developing its own parallel tooling of the same type (somebody coming up with "Kubernetes for WASM"). I think the latter has the possibility of being much cleaner, but there is a lot of momentum behind the former.

mikewarot3y ago

The use case is exactly the same as running code inside a Virtual Machine... to run untrusted (and untrustable) code, yet limit its side effects to a clearly defined extent.

It provides capability based security, something Windows, Linux, etc. all lack.

mudrockbestgirl3y ago

I think a big use case is running kernels/UDFs directly inside databases or data infrastructure systems. For example, [0]. Imagine you need a custom function in postgres, but instead of implementing it in C and shipping a shared library, you would implement it in WASM.

[0] https://redpanda.com/blog/wasm-architecture

solomatov3y ago

Multiplatform development, like compile once and run everywhere. Unfortunately, my understanding is that WASM is still lags behind native compilers in perf.

Laaas3y ago

An OS built on top of WASM can provide modern features without the bloat of current CPUs, e.g. MMUs.

Sirened3y ago

Not if you care about side channels. There really aren't any good solutions here that let you safely run untrusted code in a shared address space. Yes, you can slap barriers behind every single branch and after every single store (memory ordering violations can cause mispeculations in straight line code!), but that's going to come with an enormous performance cost (academics regularly brag about inventing new mitigations with ""only"" a 20% performance overhead lmao). The only option we've really found is to make interesting secrets inaccessible (site isolation in Chrome, for example). Trying to shove all user applications into a flat address space would mean giving any application the ability to read arbitrary memory, which is not great.

Laaas3y ago

The solution to fixing side channels is no raw multithreading or shared memory. Solutions like Nix are better for parallel computation.

ridiculous_fish3y ago

WASM sandboxing requires an MMU. It achieves its performance by trapping OOB reads via page faults.

Sirened3y ago

I think they just worded that poorly. I suspect their suggestion is not that you run with the MMU _off_ (as doing so would trash your perf anyways since everything becomes uncacheable!) but rather that you don't need to context switch the page tables, which can lead to some pretty decent performance gains given that you can (on some platforms) avoid TLB flushes. Nowadays though I seriously would not consider the page table switch to be a significant cost since (in ARMv8 anyways) you have ASIDs and so switching tables is just a single msr+isb.

1 more reply

adamrezich3y ago

finally bringing the prophesy foretold in The Birth & Death Of JavaScript to fruition, nice

duped3y ago

Application extensions/plugins

Edge computing/serverless

True polyglot environments (unlike Graal)

Really anywhere you want AOT/JIT compiled code running fast in a sandbox.

redkoala3y ago

CosmWasm provides a smart contract execution layer for Cosmos application blockchains.

j / k navigate · click thread line to collapse

25 comments

arduinomancer3y ago

Ideally I'd like to be able to write desktop apps with the syntax of C but the performance of electron

crazygringo3y ago

Thanks for the chuckle :) Reminds me of the old adage about how Washington DC combines Southern efficiency with Northern charm.

boundchecked3y ago

Coupled with WebGPU it might become the cleanest cross-platform/language abstraction to GPU programming.

nuc1e0n3y ago

That would be nice, but WASM and likely WebGPU is too far behind the state of the art of GPUs to be useful in such situations today. NVidia only implements CUDA AFAIK themselves.

mildbyte3y ago

In addition, you can limit the amount of instructions [4] a certain subroutine is allowed to use up before halting.

[1] https://www.splitgraph.com/docs/seafowl/guides/custom-udf-wa...

[2] https://www.scylladb.com/2022/04/14/wasmtime/

[3] https://blog.cloudflare.com/announcing-wasi-on-workers/

[4] https://docs.wasmtime.dev/api/wasmtime/trait.ResourceLimiter...

[5] https://wasi.dev/

syrusakbary3y ago

Shameless plug: https://wasmer.io

znpy3y ago

Maybe a runtime for application plugins?

You expose some apis in the wasm runtime and plug-in developers only have to target the wasm runtime.

karmakaze3y ago

Perfect use case. Any sort of script can be loaded into these app sandboxes for running with controlled access to everything external.

hickoryswindle3y ago

Kong gateway wrote an article about a wasm framework for nginx: https://konghq.com/blog/around-v8-in-seventy-days-bringing-a...

cercatrova3y ago

necovek3y ago

Or more like CLR/.NET (and even Java/JVM with the proliferation of JVM languages) where you've got a bunch of languages targetting the same VM.

ElevenLathe3y ago

mikewarot3y ago

The use case is exactly the same as running code inside a Virtual Machine... to run untrusted (and untrustable) code, yet limit its side effects to a clearly defined extent.

It provides capability based security, something Windows, Linux, etc. all lack.

mudrockbestgirl3y ago

[0] https://redpanda.com/blog/wasm-architecture

solomatov3y ago

Multiplatform development, like compile once and run everywhere. Unfortunately, my understanding is that WASM is still lags behind native compilers in perf.

Laaas3y ago

An OS built on top of WASM can provide modern features without the bloat of current CPUs, e.g. MMUs.

Sirened3y ago

Laaas3y ago

The solution to fixing side channels is no raw multithreading or shared memory. Solutions like Nix are better for parallel computation.

ridiculous_fish3y ago

WASM sandboxing requires an MMU. It achieves its performance by trapping OOB reads via page faults.

Sirened3y ago

1 more reply

adamrezich3y ago

finally bringing the prophesy foretold in The Birth & Death Of JavaScript to fruition, nice

duped3y ago

Application extensions/plugins

Edge computing/serverless

True polyglot environments (unlike Graal)

Really anywhere you want AOT/JIT compiled code running fast in a sandbox.

redkoala3y ago

CosmWasm provides a smart contract execution layer for Cosmos application blockchains.

j / k navigate · click thread line to collapse