Arjun Ramesh,Tianshu Huang,Ben L. Titzer,Anthony Rowe
Abstract:WebAssembly is gaining popularity as a portable binary format targetable from many programming languages. With a well-specified low-level virtual instruction set, minimal memory footprint and many high-performance implementations, it has been successfully adopted for lightweight in-process memory sandboxing in many contexts. Despite these advantages, WebAssembly lacks many standard system interfaces, making it difficult to reuse existing applications.
This paper proposes WALI: The WebAssembly Linux Interface, a thin layer over Linux's userspace system calls, creating a new class of virtualization where WebAssembly seamlessly interacts with native processes and the underlying operating system. By virtualizing the lowest level of userspace, WALI offers application portability with little effort and reuses existing compiler backends. With WebAssembly's control flow integrity guarantees, these modules gain an additional level of protection against remote code injection attacks. Furthermore, capability-based APIs can themselves be virtualized and implemented in terms of WALI, improving reuse and robustness through better layering. We present an implementation of WALI in a modern WebAssembly engine and evaluate its performance on a number of applications which we can now compile with mostly trivial effort.
What problem does this paper attempt to address?
The paper proposes a solution to the lack of standard system interfaces when interacting with the operating system in WebAssembly (Wasm). WebAssembly is a lightweight binary format supported by multiple programming languages, commonly used for executing untrusted code in a sandboxed environment. However, despite the advantages of efficiency, low memory usage, and high-performance implementation, Wasm lacks system interfaces compatible with existing applications.
The paper introduces WALI (WebAssembly Linux Interface), which is a thin layer that covers the system calls of the Linux user space, allowing WebAssembly to seamlessly interact with native processes and the underlying operating system. By virtualizing the lowest level of the user space, WALI provides application portability and reduces the porting effort using existing compiler backends. Additionally, due to the control flow integrity guarantee of Wasm, modules using WALI receive additional protection against remote code injection attacks.
Unlike the existing WebAssembly System Interface (WASI), WALI does not define a completely new API surface but faithfully emulates the underlying operating system, particularly the Linux system call interface. This approach only requires recompilation without the need for extensive application refactoring since their standard libraries and ABI are already based on the Linux system call API. WALI can also complement WASI, allowing ISA-portable APIs to be implemented on any Wasm engine that supports WALI, reducing engine complexity and trusted computation base.
The paper also discusses the potential of Wasm in modern cyber-physical systems such as industrial IoT, automotive, and manufacturing systems, which require efficiency, security, and cross-language development capabilities. WALI addresses challenges in these domains, such as high engine portability, long-term deployment, and support for legacy software, while providing support for common OS functionalities like memory mapping, process creation/execution, asynchronous I/O, and signal handling.
In summary, this paper aims to address the portability issue faced by WebAssembly when interacting with the operating system through WALI, promoting its widespread application in various scenarios.