r1ru
4 min readJan 5, 2024

WasmOS: A proof-of-concept microkernel that runs WebAssembly natively

Background

In order to utilize WebAssembly (Wasm) outside the browser, we are currently trying to standardise WASI to create an isolated and restricted Wasm execution environment. However, this is a difficult challenge. We need to define WASI carefully because the safety of Wasm relies on the capabilities of external APIs. The problem is that this takes time. I believe this is the reason why new system interfaces such as WASIX and WALI have appeared. “Portable” Wasm binaries are now becoming runtime-dependent.

By the way, the reason why we need to work hard to create a “second OS”, the Wasm runtime, is that the existing OS is not adapted to the current era. Then why not create a new one? In this article, I introduce WasmOS, a self-made microkernel designed to execute WebAssembly (Wasm).

WasmOS

WasmOS is a simple microkernel that I am developing based on HinaOS. The kernel has the system call to generate tasks from Wasm binaries, and it can directly execute Wasm using WAMR as the runtime. Many features are missing, but it can run a toy web server(Wasm binary).

Features

Portable

The core concept of a microkernel involves message passing using send and receive operations, and WasmOS provides some APIs for it to Wasm binaries. Since handling input (receive) and outputting results (send) is fundamental to the program’s structure, these system interfaces are OS-independent and minimal. This is a feature not present in the current WASI.

You can run the same binaries on existing operating systems like Linux or Windows by preparing a Wasm runtime and server implementation. The important thing is that servers can be implemented in a way that suits each environment. For instance, the wasm_webapi server running on wasmos requires the implementation of a tcpip server. As wasmos operates in a bare-metal environment, it needs a device driver server like virtio_net server. In contrast, in a Linux environment, you can implement it using the standard socket API.

Safe

Wasm binaries are validated before execution, checking for type consistency, undefined function calls, etc. Also at runtime, isolated memory space is provided and integer overflows and out-of-range references are detected. For these reasons, Wasm binaries can be executed safely. However, wasmos provides some APIs for message passing. In a microkernel, the “OS” functions are implemented by a group of servers running in user space, so this means that all “system calls” can be invoked from Wasm without any restrictions. Implementing access control is a future challenge, but the important thing is that we can consider access control methods at the OS level.

In order to build a secure by default future, which is the goal of Wasm and WASI, security should be considered at the OS level, not at the WASI level. WASI is certainly designed with security in mind, but as long as there is an option not to use it, users would prefer a more dangerous and “convenient” system interfaces.

Efficient

Due to the secure features of Wasm mentioned above, Wasm binaries can be executed relatively safely even in the kernel space. WasmOS executes all Wasm binaries in the kernel space and this has the potential to enable fast microkernels, as system calls become function calls and context switches are no longer necessary.

Related Projects

The idea of combining Wasm and kernel is actually not so new. For example, Nebulet is a project similar to WasmOS, implementing a high-speed microkernel by running Wasm in the kernel space. There are other initiatives as well, such as kernel-wasm, which operates a Wasm runtime as a Linux kernel module, allowing the execution of Wasm in the kernel space. Another OS called Wasmachine is specialized in running Wasm on IoT devices.

I need your help!

WasmOS is not a complete replacement for existing operating systems or WASI. It is important to utilise existing resources. (This is why I think WASI is similar to POSIX.) However, we are building Wasm and WASI from scratch, and we have the option to think about new things without being restricted by existing technologies.

WasmOS is a project to create an operating system that will be a true companion to WebAssembly and last the test of time. I encourage you all to extend WasmOS with your own free ideas not bound by existing technology. ( I’m waiting for your PR!).