Munal OS: WASM sandboxing instead of virtual memory
SystemsComments
So we are trading hardware guarantees for lower instance costs? How does this handle a malicious module that finds a bug in the WASM runtime itself?
This approach mirrors how eBPF allows safe code execution in the Linux kernel without a full VM. It suggests we can maintain high performance and safety by carefully constraining the execution environment.
I wonder about the claim that TLB misses are the primary bottleneck... with modern CPUs having such massive L2 TLBs, is the page table walk actually the limiting factor for a unikernel... or is it something else?
From a deployment side, cutting out page table complexity makes sense for tiny, short-lived functions. It reduces the memory overhead per instance, which is where the real cost is when running thousands of containers.
Consider RustAegis from last week. If we are already accepting bytecode virtualization for security, this is just a shift in where the boundary is drawn, not a fundamental departure from software-defined isolation.
This is essentially a modern rewrite of Software Fault Isolation from the 90s. The struggle back then wasn't runtime correctness, but the inability to handle dynamic linking without introducing the exact overhead being avoided here.