Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WebAssembly for the Backend

Adrian Cole
November 10, 2022

WebAssembly for the Backend

a.k.a. Why should you care about WebAssembly, presented at Øredev 2022

Adrian Cole

November 10, 2022

More Decks by Adrian Cole

Other Decks in Programming


  1. Open Source late bloomer Currently all-in on wazero.io http-wasm.io and

    projects that use them 2 I’m Adrian from Tetrate codefromthecrypt on GitHub
  2. Agenda Overview of WebAssembly Decouple programming language choice Safely run

    a binary inside yours Breaking the monolith part two Perils of programming wasm Closing thoughts 3 I work on these things and feel they are under-discussed
  3. Not Agenda Web programming practice Smart Contracts, web3, etc. Edge

    functions Attempts to retrofit Docker WAGI aka CGI part two 4 There is a lot of content on these things, and we only have forty minutes!
  4. WebAssembly is an embeddable virtual machine and bytecode format 6

    crypto crypto = WebAssembly.instantiate(cryptoWasm) crypto[sign](ptr, len) ptr, len = copyToWasm(crypto, toSign) crypto.rs
  5. 7 • Oracle JCP • Dominates the backend • Language

    bias. Ex field instructions • Other languages share object model, GC, stdlib • W3C Working Group • Dominates the browser • Hardware bias. Ex SIMD instructions • Other languages bring their own object model, GC, stlib Virtual Stack Machines
  6. WebAssembly host WebAssembly guest Is the embedding process e.g. a

    web browser, desktop application or microservice. Controls the guest e.g. instantiates guests, invokes their functions Might export functions e.g. functions that allow file access Is compiled to bytecode e.g. a %.wasm file the host compiles to machine code Has its own memory Functions work via numeric parameters or memory Might require functions e.g. will fail to start if functions aren’t available Host ~= VM Guest ~= module
  7. Application Binary Interface (ABI) Services agree on how to communicate

    via Remote APIs. Compilers and components agree via ABI. The most common ABI used outside the browser is WASI. It defines functions similar to POSIX file I/O, clocks and env variables. 9 https://wasi.dev/
  8. WebAssembly host WebAssembly guest wasi_snapshot_preview1 Importable functions: args_get clock_time_get env_get

    random_get fd_write … Required Exports memory: “memory” function: “_start” 

  9. Wasm cannot directly affect resources like files. Guests call imported

    host functions with pointers to shared memory they own. 13 out, err := run(ctx, fi leFS(path), "dcraw", "-e", "-c", "input") Safely run a binary inside yours _start fd_read(input) args_get mem.Write(dcraw_-e_…) out.Write(mem) fi le.Read(mem) github.com/ncruces/RethinkRAW fd_write(stdout) memory dcraw.wasm wasi dcraw.c clang
  10. APIs, APIs, ABIs? We’ve learned you can break large codebases

    into smaller ones with micro services, communicating over APIs. We can sometimes use WebAssembly instead. Define supported ABIs and let users provide custom functions. 15 WARNING: WebAssembly is constrained and difficult. It may not be the right fit for you!
  11. WebAssembly allows decoupling without RPC. Tools like go-plugin allow you

    to define ABI as protobuf services. 16 e.g. go-plugin gRPC Host Guest Decoupled with gRPC API Decoupled with WebAssemblyABI Monolith Breaking the Monolith Service
  12. 18 • Security and misconfiguration policy begs for modularity •

    Sites prefer custom policy vs ignoring alerts or not seeing them. • Policy needs code for analysis and classification
  13. 19 Challenges of a CLI • Trivy is ultimately a

    CLI, built for several operating systems on several architectures. • Packaging for Docker, GitHub Actions etc is easiest with a static binary. • Getting into the default build isn’t viable or relevant for all policy.
  14. Trivy provides an SDK which implements their custom ABI for

    config and analysis. Modules are installed locally or via OCI repository. 20 Trivy + wasm = site friendly policy trivy.dev acme-cves.wasm acme-cves.go Tinygo Trivy SDK ghcr.io/acme
  15. Sidecar monoliths Sidecars are usually monolithic, and while highly customizable,

    tricky to change. For example, Envoy versions are tightly coupled to Istio versions. Dapr is a static binary, so cannot custom libraries dynamically. 22
  16. Customizing sidecars with HTTP Middleware My App Middleware 1 Middleware

    2 Middleware 3 Dapr Sidecar Request Response You install this You built this You configure this
  17. You want to break the monolith My App Middleware 2

    Middleware 3 Dapr Sidecar Request Response My Filter You can’t change this binary You built this You want to own this code
  18. Sidecars define the WebAssembly ABI they support Dapr (golang) runs

    http-wasm guests. It also allows use of WASI, though doesn’t require it. Middleware compatible with these ABI can change in any way without changing Dapr. 25
  19. 26 • http-handler ABI implements HTTP server middleware • The

    ABI defines functions the host and guest are required to implement • Implementations exist for Go http.Handler and Node.js express, with more coming soon http-wasm.io
  20. So.. WebAssembly can break the monolith My App Middleware 2

    Middleware 3 Dapr Sidecar Request Response My Filter WebAssembly allows custom functionality in a static binary, based on an ABI contract http-wasm guest http-wasm host My Filter http-wasm/http-wasm-guest-tinygo v1.10
  21. 29 1. Download a pre-built binary 2. Compile your own

    binary, possibly with an SDK 3. Directly import and export wasm functions wasm 3 ways
  22. SDKs implement the ABI, and compilation steps are abnormal 30

    SDK example in TinyGo Global config Not stdlib Not go http-wasm/http-wasm-guest-tinygo
  23. You can directly access imported functions by (module, name) pair

    31 Manual example in Rust Import name No strings Import module
  24. Compilers are different or at least need different flags. Performance

    varies and is runtime specific. Benchmark! There are other ways to polyglot! 32 • Features like reflection usually don’t work • Wasm has no parallelism, so garbage collection is inline • WebAssembly has no standard library, so binaries can get big. programming WebAssembly is trickier than normal code
  25. WebAssembly is a new way to modularize software safely and

    without RPC. 34 • You can embed your code into other binaries and visa versa with WebAssembly • Many projects use an SDK approach to enable success • WebAssembly is evolving and will be different next year Here are some good talks: Wasmer Things: An Upside Down Guide To WebAssembly by Edoardo Vacchi CGO-less Foreign Function Interface With WebAssembly by Takeshi Yoneda