Why Gear uses WebAssembly

Published date: October 29 2021
Share:

Overview

WebAssembly (WASM) is a standard developed by W3C Community Group, which defines a low-level binary code format for executable programs that run in browsers. While it was developed to enable high-performance applications to run in browsers, it can also run as a standalone virtual machine.

WebAssembly executables are precompiled, which makes it possible to use a wide variety of programming languages to build and run applications in browsers. There are no preferences for languages and currently dozens of languages can compile to, or have their VM’s, in WASM. Moreover, WASM is hardware-independent and it can be compiled on any modern architectures, desktops and even mobile devices, albeit with some limitations.

Fast and Safe

WebAssembly’s main goal is to provide executable code in browsers with near native performance. Binary formats are used because they transmit faster as they’re smaller than typical text and native code formats. This means that programs can be transmitted, cashed and consumed separately as they’re split up into smaller parts and run independent parallel tasks. Code is also validated and executed in a memory-safe, sandboxed environment which prevents data corruption and security breaches.

Wasm for blockchains

It’s no secret that one of the keys to greater adoption for any blockchain network is maximising scalability. This is because increased speed and transactional throughput will result in lower transaction costs. Legacy blockchains have serious scalability issues and because of this, they have rising transaction costs. Previous technologies that were responsible for smart contract bytecode execution are not fast enough anymore, and they demonstrate low efficiency when compiling a large amount of code. This means that there is significant room for improvement.

WASM significantly increases the speed of transactions, which’ll contribute to improving efficiency. On top of this, WASM supports smart contracts that are written in different languages, which means that anyone can take an existing program or write a new one in a convenient language and compile it for execution in the WebAssembly virtual machine. This significantly increases application inclusivity compared to solutions based on domain specific languages.

Security considerations

WebAssembly itself does not provide ambient access to the computing environment in which code is executed. Any interaction with the environment, such as I/O, access to resources, or operating system calls, can only be performed by invoking functions provided by the WebAssembly implementation embedded into a host environment and imported into a WebAssembly module.

Such implementation defines how loading of modules is initiated, how imports are provided and how exports can be accessed. It takes responsibility for security policies suitable for a respective environment by controlling or limiting which functional capabilities it makes available for import.

Because WebAssembly is designed to be translated into machine code running directly on the host’s hardware, it is potentially vulnerable to side channel attacks on the hardware level. When this is a concern, an embedded Wasm implementation may have to put suitable mitigations into place to isolate WebAssembly computations.

Researchers have previously reported possible vulnerabilities related to threads with shared memory. Gear, which uses WebAssembly under the hood, is not subject to these concerns by-design. Any Gear smart-contract is a WebAssembly program. As a concurrent computing system, Gear uses message-passing communication (Actor model) instead of shared-memory communication model. This mitages any security concerns.

To stay up to date with the latest news and updates, Check out Gear’s GitHub.

The Gear Team