Hyperlight WASM: Fast, secure, and OS-free

yoshuaw | 234 points

I started using WebAssembly in earnest a few months ago to make a backend auth library that works in several different languages[0]. It's built on Extism[1], which abstracts away some of the interfacing complexity. It's been an awesome experience. Frequently feels like magic.

WASM is in an interesting place. The value has clearly been proved with a pretty minimal core spec. Now there's a big push to implement a much larger API surface for WASI and the Component Model. A lot of people in the community are concerned about this direction, or at least the way it's happening[2].

For my part, I hope WASM doesn't go the way of the rest of web browsers where it gets so complicated that only big tech is capable of making implementations and experimenting.

[0]: https://github.com/lastlogin-net/decent-auth

[1]: https://extism.org/

[2]: https://www.assemblyscript.org/standards-objections.html

apitman | 25 days ago

A couple of months ago we announced Hyperlight [1], a lightweight VMM that can spawn new VMs in about a millisecond.

Today we’re happy to announce the Hyperlight Wasm guest based on the Wasmtime runtime. This makes it possible to run Wasm Component binaries on top of WASI interfaces without the need for a guest OS in the VM. In this post we explain how this works and walk through an example.

[1]: https://news.ycombinator.com/item?id=42078476

yoshuaw | 25 days ago

I'm really excite about this! I've got hopes that WASM/WASI will grow into the dream of the JVM from the 90s. A memory-safe target for development that allows easy of porting and testing across multiple platforms. WASM can, and hopefully will, be for so much more than browsers.

stusmall | 25 days ago

This seems interesting. So the use case of this would be if you wanted to role your own Cloudflare Workers or Lambda equivalent with WASM?

ecshafer | 25 days ago

Cool. Trying to understand the value-add here, how does this differ from executing via wasmtime?

dakom | 25 days ago

All these cool and interesting projects make me think that WASM is successful everywhere except the browser.

Maybe we should drop the Web from Web Assembly and call it something else?

weinzierl | 25 days ago

Any ideas on how one might cram this into a promox setup for testing purposes?

As I understand it this is designed to sit on bare metal and this is all a bit hamfisted but I don’t have a spare bare metal x86 around.

Guessing just throw this into a vm and accept that it’s nested virt?

Havoc | 25 days ago

How are instances started and managed? Via some API?

Can you give a Wasm Component binary the capability to execute a tree of connected Wasm Components, delegate capabilities, and manage their life cycle?

infogulch | 25 days ago

So essentially we have a VM (wasm) meant to sandbox programs running in a hardware VM meant to sandbox programs running in a user space process (Linux process) which is an abstraction meant to isolate programs.

Have we ever thought of .... Using Unix processes for what they were meant to do, which is .. isolate programs?

anon291 | 25 days ago

So a unikernel/library os?

temp0826 | 25 days ago

Since Wasmtime can run programs built for Wasm GC, I'm curious if this can as well. Would be neat if so.

ryukafalz | 25 days ago