Wir stellen vor: Lucet – Fastlys nativen WebAssembly Compiler samt Laufzeitumgebung
Today, we are thrilled to announce the open sourcing of Lucet, Fastly’s native WebAssembly compiler and runtime. WebAssembly is a technology created to enable web browsers to safely execute programs at near-native speeds. It has been shipping in the four major browsers since early 2017.
Lucet is designed to take WebAssembly beyond the browser, and build a platform for faster, safer execution on Fastly’s edge cloud. WebAssembly is already supported by many languages including Rust, TypeScript, C, and C++, and many more have WebAssembly support in development. We want to enable our customers to go beyond Fastly VCL and move even more logic to the edge, and use any language they choose. Lucet is the engine behind Terrarium, our experimental platform for edge computation using WebAssembly. Soon, we will make it available on Fastly’s edge cloud as well.
A major design requirement for Lucet was to be able to execute on every single request that Fastly handles. That means creating a WebAssembly instance for each of the tens of thousands of requests per second in a single process, which requires a dramatically lower runtime footprint than possible with a browser JavaScript engine. Lucet can instantiate WebAssembly modules in under 50 microseconds, with just a few kilobytes of memory overhead. By comparison, Chromium’s V8 engine takes about 5 milliseconds, and tens of megabytes of memory overhead, to instantiate JavaScript or WebAssembly programs.
With Lucet, Fastly’s edge cloud can execute tens of thousands of WebAssembly programs simultaneously, in the same process, without compromising security. The Lucet compiler and runtime work together to ensure each WebAssembly program is allowed access to only its own resources. This means that Fastly’s customers will be able to write and run programs in more common, general-purpose languages, without compromising the security and safety we’ve always offered.
Lucet separates responsibility for executing WebAssembly into two components: a compiler, which compiles WebAssembly modules to native code, and a runtime which manages resources and traps runtime faults. Lucet is designed for ahead-of-time (AOT) compilation of WebAssembly to native code, which dramatically simplifies the design and overhead of the runtime compared to the just-in-time (JIT) compilation strategy employed in browser engines.
How we built Lucet
Lucet is built on top of the Cranelift code generator. The Cranelift project was created by Mozilla for use in Firefox’s WebAssembly and JavaScript JIT engines, and presently can be enabled by a preference flag in Firefox Nightly. We contributed to the design and implementation of Cranelift, and are excited that our efforts help make the web better for Firefox users as well.
Lucet supports the WebAssembly System Interface (WASI) — a new proposed standard for safely exposing low-level interfaces to the filesystem, networking, and other system facilities to WebAssembly programs. The Lucet team has partnered with Mozilla and others on the design, implementation, and standardization of this system interface.
We’ve been working on this project behind the scenes since 2017, so we’re thrilled to finally make it public. Lucet also happens to be the first project started at Fastly using the Rust programming language, and we’re happy to report that Rust has been a huge success on this project. We found that new Rust users were able to become productive with the language quickly, and the library ecosystem provides many mature libraries for working with WebAssembly. Early in Lucet’s development, we implemented the first version of the runtime in C. However, we recently went back and translated the C runtime into Rust, and in the process, discovered and fixed several safety and concurrency bugs.
As the engine behind the Terrarium project, Lucet has gotten months of production testing, running many thousands of different WebAssembly programs since launching in late 2018. It has also been the subject of an in-depth third-party security assessment.
A quick demo of Lucet
First, clone the Lucet repository from GitHub.
$ git clone --recurse-submodules https://github.com/fastly/lucet
The README contains instructions on using Docker to setup a development environment. If you already have Docker installed, there is just one step. It may take a few minutes to complete building everything.
$ cd lucet
$ source devenv_setenv.sh
Now, lets create a small C program, and use Clang to compile it to WebAssembly:
$ mkdir demo
$ cd demo
$ cat > hello.c <<EOT
#include <stdio.h>
int main(int argc, char* argv[])
{
if (argc > 1) {
printf("Hello from Lucet, %s!\n", argv[1]);
} else {
puts("Hello, world!");
}
return 0;
}
EOT
$ wasm32-unknown-wasi-clang hello.c -o hello.wasm
Now we can compile the WebAssembly to native code, using the Lucet compiler, configured for use with WASI:
$ lucetc-wasi hello.wasm -o hello.so
Finally, we can execute the native code using the Lucet runtime configured for use with WASI:
$ lucet-wasi hello.so
Hello, world!
$ lucet-wasi hello.so world
Hello from Lucet, world!
Documentation and additional examples are available in the Lucet repository.
Beyond the edge cloud
We are excited to open source Lucet because of all the possibilities WebAssembly holds beyond the web browser and edge cloud. For instance, Lucet’s support for WASI is a big step towards WebAssembly programs that can run on whatever platform the user wants — in the cloud, at the edge, on the browser, or natively on your laptop or smartphone — all while keeping the same strong guarantees about security in place. We want to enable WebAssembly to thrive inside any program that allows scripting or extensions, while using fewer resources than current solutions built on dynamic languages, interpreters, and JIT compilers.
Most importantly, we want to collaborate with the open-source community on Lucet, Cranelift, WASI, and other WebAssembly-enabling technologies. Fastly is built on, and committed to supporting, open source. Without it, we could never have built Lucet — and we hope that Lucet allows you to build new things that we haven’t even dreamed of.