Mewz: Lightweight Execution Environment for WebAssembly with High Isolation and Portability using Unikernels (2411.01129v1)

Abstract: Cloud computing requires isolation and portability for workloads. Cloud vendors must isolate each user's resources from others to prevent them from attacking other users or the whole system. Users may want to move their applications to different environments, for instance other cloud, on-premise servers, or edge devices. Virtual machines (VMs) and containers are widely used to achieve these requirements. However, there are two problems with combined use of VMs and containers. First, container images depend on host operating systems and CPU architectures. Users need to manage different container images for each platform to run the same codes on different OSes and ISAs. Second, performance is degraded by the overheads of both VMs and containers. Previous researches have solved each of these problems separately, but no solution solves both problems simultaneously. Therefore, execution environments of applications on cloud are required to be more lightweight and portable while ensuring isolation is required. We propose a new system that combines WebAssembly (Wasm) and unikernels. Wasm is a portable binary format, so it can be run on any host operating systems and architectures. Unikernels are kernels statically linked with applications, which reduces the overhead of guest kernel. In this approach, users deploy applications as a Wasm binary and it runs as a unikernel on cloud. To realize this system, we propose a mechanism to convert a Wasm binary into a unikernel image with the Wasm AoT-compiled to native code. We developed a unikernel with Wasm System Interface (WASI) API and an Ahead-of-Time (AoT) compiler that converts Wasm to native code. We evaluated the performance of the system by running a simple HTTP server compiled into Wasm and native code. The performance was improved by 30\% compared to running it with an existing Wasm runtime on Linux on a virtual machine.

Essay on "Mewz: Lightweight Execution Environment for WebAssembly with High Isolation and Portability using Unikernels"

The paper "Mewz: Lightweight Execution Environment for WebAssembly with High Isolation and Portability using Unikernels" presents an innovative approach to addressing persistent issues in cloud computing related to portability and isolation of workloads. The authors propose a system called Mewz that combines the portability features of WebAssembly (Wasm) with the isolation benefits of unikernels, effectively mitigating the dual challenges posed by current virtualization techniques like virtual machines (VMs) and containers.

Overview of the Problem

Contemporary cloud computing often leverages containers for application portability and VMs for robust isolation. However, this combination introduces significant issues. Containers are tightly coupled to specific host OSes and CPU architectures, necessitating multiple container images to accommodate various platforms. Furthermore, when combined with VMs, the overhead associated with virtualization exacerbates performance bottlenecks. Prior solutions have only addressed these issues in isolation, thus leaving a noticeable gap in comprehensive, integrated solutions.

The Proposed Solution

The Mewz system is designed to alleviate these issues by deploying applications as Wasm binaries that are subsequently executed as unikernels. Wasm offers a CPU architecture and OS-independent binary format, suitable for universal application deployment across heterogeneous environments. Unikernels, on the other hand, are lightweight, application-specific kernels that reduce the overhead typically associated with VMs by allowing applications to call kernel functions directly.

The novelty of Mewz lies in its ability to marry Wasm’s portability with unikernels’ lightweight execution model, enabling simultaneous resolution of portability and overhead issues. To facilitate this integration, the authors propose a mechanism that translates Wasm binaries into unikernel images through an AoT compilation process. This involves converting a Wasm binary into native code and linking it dynamically with Mewz, a unikernel developed specifically to provide the WASI API, which Wasm applications utilize to interact with system resources.

Implementation and Results

The paper details the implementation of Mewz and an AoT compiler named Wasker. Mewz implements a WASI-compliant execution layer through which it handles Wasm applications, utilizing minimal functionality to improve efficiency—eschewing features such as threading which can be handled at the VM level. Wasker converts Wasm binaries into object files that are then linked with Mewz to create unikernel images.

Performance evaluations demonstrated that applications running on Mewz experience a 30% performance improvement compared with existing Wasm runtimes on Linux VMs. The authors provide a valuable quantitative analysis, specifically focusing on an HTTP server benchmark. The improved performance is attributed to the reduction in system call overhead and the absence of unnecessary runtime features, highlighting Mewz's potential in delivering efficient, lightweight execution for cloud environments.

Implications and Future Work

The integration of Wasm and unikernels as posited by Mewz suggests significant implications for cloud computing and edge applications. By achieving both isolation and portability, the system supports more efficient and flexible cloud operations and potentially reduces costs related to managing multiple container images and VM overheads. This becomes increasingly relevant in multi-cloud and hybrid environments where applications must transition smoothly among diverse platforms.

Moreover, the research opens avenues for future work, particularly in enhancing WASI to support full-fledged networking capabilities and persistent file systems, extending the usability of Mewz beyond initial IoT and serverless computing applications.

In summary, the Mewz system represents a compelling approach to evolving infrastructure for cloud computing. By effectively addressing weight and compatibility issues, Mewz could foster more agile, cost-effective, and robust cloud deployments, paving the way for further exploration in high-performance, portable runtime environments.