Does anyone know what the simplest possible recipe for running a Python script in a WASM sandbox using Spin is?
I basically want to do something like this:
my-sandbox-cli-tool 'print("hello world")
And have the snippet of Python code I provide run inside a WebAssembly container that runs one of the Python compiled to WASM builds (https://github.com/brettcannon/cpython-wasi-build for example) - with a time limit and restrictions on memory usage, and file system access, and network access.
I am on a continued quest to figure out the cleanest way to achieve this, I have so many projects I would want to build on top of this capability!
My objectives here are pretty specific: I'm building open source Python tools for people to run on their own machines, and I want to add "execute untrusted code" features to those tools (mainly for code written by LLMs) such that people can use those features with a clean 'pip install x' of my software on Mac, Linux and hopefully also Windows.
As such you're probably not the right fit for me, I should be looking more at things like wasmer and wasmtime.
Sorry for asking a possibly noob question. Doesn't firecracker vms requires bare metal instances? And does gcp support provisioning bare metal instances?
Or is it that you are able to run firecracker on normal vm instances in gcp ?
But malicious code can break the system like this:
wasmtime run --dir .::/ python.wasm -c 'open("python.wasm", "wb").write(b"blah")'
And now it fails with an error if you try to run it because we over-wrote python.wasm. Even if I move python.wasm out of the current directory I'd still be able to break things by breaking those other lib files.
Although... I guess I could use unix filesystem permissions to make those read-only? That could work.
This is just a limitation of the wasmtime CLI. The full Rust API let's you mount filesystems as read-only. Not sure why it's not exposed as an argument.
While that might be a workable stop gap, there is zero reason why this couldn’t be handle in the wasi shim layer. This is exactly what wasi was designed for.
Having worked heavily with gRPC before I like how syntactically similar WIT is to proto. Looks like its time to start experimenting more with web assembly component interop :).
Yes, its great to see progress in the tooling [1] so that the component building is easier. Although I do like to think of the component model as the "ABI linking model". You can only bind one implementation to an interface import.
You still need to cross the JS FFI boundary for wasm, I don't think WebAssembly has a specification for cross language FFI directly between WebAssembly languages.
One of the biggest goals of the component model is that it doesn't matter what language your component is written in. Composition can happen anytime one component exports an interface and another component imports it. https://component-model.bytecodealliance.org/creating-and-co...
WASM is basically similar to JVM bytecode. So the comparison would be like using compiled code from Java, Scala and/or Kotlin for example.
The source language only determines how the code is expressed in WASM and whether or not it also needs to bundle / compile-in some runtime code baggage for it to work.
I develop the Scala-to-Wasm compiler, and also maintain the JVM backend of Scala. I can tell you that Wasm is very different from JVM bytecode.
The fundamental difference is that the JVM bytecode has an object model. When they talk to each other, Java, Scala and Kotlin do so at the abstraction level of the JVM object model. You can directly call methods between them because virtual dispatch of methods is a concept with semantics in the bytecode.
There's no such thing in Wasm, even with the GC extension. You get structs and arrays, but nothing like methods. If you want virtual dispatch, you encode it yourself using your own design of virtual method tables. That means Java, Scala and Kotlin, despite all having their Wasm GC backend at this point, cannot call each other's methods in Wasm.
I really wish there were signs that maybe perhaps wasm components would be usable as such in the browser, sometime in the next handful of years. We have this whole amazing modular code system, but once again like with esm the browser gaps persist and drag on.
We finally in 2024 sort of have esm for workers, for example. But not import-maps, so the distributed esm modules aren't directly usable. This category of "making using the spec actually possible" problems tends to dwell for far too long alas.
I like the idea of CLI-first. But then could the tooling make it simple & convenient to run the exact same configuration in a browser ? With the choice of either (a) a shell-like prompt, or (b) an auto-generated basic GUI with the appropriate input widgets ?
Asking a question here that I long wanted to ask.
Is it possible to have a python handler function that uses duckdb to query a S3 hosted parquet file and that uses pandas for some data manipulation, run as a WASM app? (leveraging all features of duckdb like predicate pushdown etc)
I basically want to do something like this:
And have the snippet of Python code I provide run inside a WebAssembly container that runs one of the Python compiled to WASM builds (https://github.com/brettcannon/cpython-wasi-build for example) - with a time limit and restrictions on memory usage, and file system access, and network access.I am on a continued quest to figure out the cleanest way to achieve this, I have so many projects I would want to build on top of this capability!