Skip to main content

Why WebAssembly?

TAHO’s choice of WebAssembly (Wasm) as its execution substrate is fundamental to achieving its revolutionary performance and security characteristics. Unlike traditional container runtimes that virtualize at the OS level, WebAssembly provides a secure, portable instruction format that runs at near-native speed.

Near-Native Performance

95% of native speed with JIT compilation and optimized instruction set

Polyglot Support

Write in any language that compiles to Wasm: Rust, C++, Go, Python, JavaScript

Secure by Design

Memory-safe sandbox with capability-based security model

WebAssembly vs Containers

MetricContainersWebAssemblyImprovement
Cold Start2-30 seconds<100 microseconds1000x faster
Image Size100MB-1GB+<1MB typical100x smaller
Memory Overhead~100MB per container<1MB per module100x less
InstantiationProcess creationMemory allocationOrders of magnitude faster

The WebAssembly Advantage

Instant Deployment

Traditional container deployment involves multiple costly steps: TAHO with WebAssembly streamlines this to:
WebAssembly modules are typically 100x smaller than container images and can be streamed and instantiated in microseconds, not seconds.

True Polyglot Support

Write components in your language of choice:
#[no_mangle]
pub extern "C" fn process(input: i32) -> i32 {
    // High-performance system components
    input * 2
}

Security Sandbox

WebAssembly provides defense-in-depth security:
1

Memory Isolation

Each module has its own linear memory space with bounds checking on every access:
;; Memory access is bounds-checked
(i32.load (i32.const 0))  ;; Safe
(i32.load (i32.const -1)) ;; Trapped
2

Capability-Based Security

Modules must explicitly import capabilities:
world secure-component {
  // No ambient authority - must import everything
  import filesystem: interface {
    read: func(path: string) -> result<bytes, error>;
  }
  import network: interface {
    connect: func(host: string) -> result<socket, error>;
  }
}
3

Control Flow Integrity

No arbitrary jumps or code injection:
  • Structured control flow only
  • No raw pointer manipulation
  • Type-safe function calls
  • Stack isolation

TAHO’s WebAssembly Runtime Stack

TAHO supports multiple WebAssembly runtimes for different use cases:
Wasmtime - Production-grade runtime with excellent performance
[runtime]
engine = "wasmtime"

[runtime.wasmtime]
cranelift_opt_level = "speed"
parallel_compilation = true
memory_pool_size = 1000
Best for: General-purpose workloads, production deployments
  • JIT compilation with Cranelift
  • Excellent spec compliance
  • Production-hardened

Component Model & WIT

TAHO uses the WebAssembly Component Model with WIT (WebAssembly Interface Types) for composable, type-safe interfaces:

Basic WIT Definition

package taho:example@0.1.0;

// Define types
record user {
  id: u64,
  name: string,
  email: string,
}

record order {
  id: u64,
  user-id: u64,
  items: list<item>,
  total: float64,
}

record item {
  sku: string,
  quantity: u32,
  price: float64,
}

// Define interfaces
interface order-service {
  create-order: func(user: user, items: list<item>) -> result<order, string>;
  get-order: func(id: u64) -> result<order, string>;
  list-orders: func(user-id: u64) -> list<order>;
}

// Export world
world ecommerce {
  export order-service;
  
  // Import capabilities
  import logging;
  import database;
  import messaging;
}

Type Safety Across Languages

The same WIT interface generates type-safe bindings in any language:
// Auto-generated from WIT
impl OrderService for Component {
    fn create_order(&mut self, user: User, items: Vec<Item>) -> Result<Order, String> {
        // Type-safe implementation
    }
}

Memory Management

TAHO optimizes WebAssembly memory usage for maximum efficiency:

Memory Pooling

// TAHO pre-allocates memory pools
let pool = PoolingAllocationConfig::default()
    .instance_memory_pages(256)     // 16MB per instance
    .instance_table_elements(1000)  // Function pointers
    .instance_count(10000);         // Max concurrent components

Shared Memory

Components can share memory for zero-copy data transfer:
interface shared-buffer {
  // Zero-copy buffer sharing
  create-buffer: func(size: u32) -> buffer-handle;
  write-buffer: func(handle: buffer-handle, data: list<u8>);
  read-buffer: func(handle: buffer-handle) -> list<u8>;
}
Shared memory requires careful synchronization. Use TAHO’s built-in primitives for safe concurrent access.

Performance Optimization

Ahead-of-Time Compilation

For production workloads, pre-compile to native code:
# Compile to native ahead-of-time
taho compile my-component.wasm --target native --optimize speed

# Results in 5-10% performance improvement
# at the cost of larger binary size

SIMD Instructions

Enable SIMD for data-parallel operations:
#[target_feature(enable = "simd128")]
pub fn process_batch(data: &[f32]) -> Vec<f32> {
    // Vectorized operations
    data.chunks_exact(4)
        .flat_map(|chunk| {
            let v = f32x4::from_slice(chunk);
            (v * f32x4::splat(2.0)).to_array()
        })
        .collect()
}

Bulk Memory Operations

Use bulk memory instructions for efficient data transfer:
(memory.copy
  (i32.const 0)    ;; destination
  (i32.const 1000) ;; source  
  (i32.const 4096) ;; size
)

Advanced Features

Interface Linking

Components can compose through interface dependencies:
// Component A exports
interface data-processor {
  process: func(input: list<u8>) -> list<u8>;
}

// Component B imports and re-exports
world composed-service {
  import data-processor;
  
  export enhanced-processor: interface {
    process-with-validation: func(input: list<u8>) -> result<list<u8>, string>;
  }
}

Resource Handles

Manage stateful resources across component boundaries:
resource connection {
  constructor(url: string);
  send: func(data: list<u8>) -> result<_, error>;
  receive: func() -> result<list<u8>, error>;
}

interface network {
  connect: func(url: string) -> connection;
}

Debugging WebAssembly Components

TAHO provides comprehensive debugging support:
# Build with debug info
cargo build --target wasm32-wasi
wasm-tools component new target/wasm32-wasi/debug/component.wasm \
  -o component.debug.wasm \
  --embed-source

# Deploy with debugging enabled
taho deploy component.debug.wasm --debug

Best Practices

  • Target < 1MB compiled size
  • Split large components into micro-components
  • Use dynamic linking for shared libraries
  • Strip debug symbols for production
  • Design for incremental processing
  • Use streaming APIs over batch
  • Implement backpressure handling
  • Minimize memory allocation
  • Never trust user input
  • Validate at component boundaries
  • Use capability-based security
  • Audit imported interfaces
  • Enable runtime security features

Next Steps