[phickey]

Wasmtime's `wasmtime-py` embedding in python has support for Wasm Components: https://github.com/bytecodealliance/wasmtime-py#components (disclosure, I helped create it)

The remaining piece of the puzzle would be to create a wit-bindgen guest generator https://github.com/bytecodealliance/wit-bindgen#guests for this build of the python interpreter. You could then seamlessly call back and forth between the host and guest pythons, without even knowing that wasmtime is under the hood.

[simonw]

If you could provide example code for how to do this - how to run a snippet of untrusted Python code using wasmtime-py with a CPU and RAM limit - I would shout it from the rooftops. I think a LOT of people would benefit from clear examples of how to actually achieve this.

[phickey]

The wit-bindgen work required would be a significant undertaking (a week? more?) by someone who already has some expertise in wit & python. Maybe the wasmlabs folks are up for taking it on.

In general the Wasm Component ecosystem is still a few months away from being generally useful. There are a lot of people across the bytecode alliance working on the fundamentals right now, and we are making great progress, but its not ready to ship quite yet.

[iampims]

is this close to what you had in mind?

https://gist.github.com/pims/711549577759ad1341f1a90860f1f3a...

[simonw]

Yes! Very much so.

Just tried this and it works great!

I changed app.py to this:

    import sqlite3
    print(sqlite3.connect(":memory:").execute(
        "select sqlite_version()"
    ).fetchone()[0])

And it output "3.39.2" - but the same code in my regular Python interpreter output "3.40.1", which demonstrates that the WASM Python there has its own WASM-compiled SQLite.

[iampims]

Great! I still need to look into how to limit memory consumption. Fuel works well enough for now, but there might be an option to limit execution by time, not just instructions.