Placeholder Image

Subtitles section Play video

  • thank you for that great introduction.

  • Uh, I am Lynn Clark, and I make code cartoons, and I also work at Mozilla on things like, what assembly?

  • Which is we'll be talking about today, and I'm joined by Tell Schneider, right, who leads our Web assembly tooling efforts and who will be fully nuts in on some of their work.

  • So First Off won his Web assembly.

  • What assembly is a way of running programming languages other than Java script on the Web, up until now to run code on a Web page, the only language he could use his job.

  • A script.

  • But now that there's Web assembly can use other languages like C, you're c++ or Rust, I've noticed that some people have a misconception about Web assembly, though people think that the M V P that landed in browsers and 2017 is the final version of Web assembly.

  • And I can understand where that misconception comes from because the Web Assembly CD is really committed to backwards compatibility.

  • So the Web assembly that you write today will continue to work far into the future.

  • But that doesn't mean that it's feature complete, and that's far from The case, in fact, features air coming toe Web assembly, which will fundamentally alter what you could do with Web assembly.

  • I think of these future features kind of like the skill tree in a video game.

  • We fully filled in the top few of these skills, but there's still this whole skill tree underneath unlock so that we can unlock all of these different applications.

  • So let's look at what's been filled in already, and then we can see what's yet to come.

  • What assembly story starts with unscripted, which made it possible to bring large sea and c++ code basis to the Web for things like desktop applications and games.

  • And it did this by trans piling that code to Java script, and at first that Java script would run pretty slow.

  • But then the Firefox engineer saw how you could add optimization sze to the Js engine to make it run fast.

  • And that gave us has, um, Js.

  • Once the other browser vendors saw how fast as Andreas was, they started adding the same optimization to their engines as well.

  • But that wasn't the end of the story.

  • It was just the beginning.

  • Engines could still make this go faster, but they couldn't do it in Java script itself.

  • Instead, they needed a new language, one that was designed specifically to be compiled Thio, and that was Web assembly.

  • So what were the skills needed for the some BP, this minimum viable product running C and C plus plus on the Web website least, designers knew that eventually they would want to support languages other than just see in C++.

  • So they needed a language agnostic compiled target, something like the assembly language that things like desktop applications are compiled to like X 86.

  • But this assembly language wouldn't be for an actual physical machine.

  • It would be for a conceptual machine that compiler Target had to run very fast to meet users.

  • Expectations for smooth interactions and game play.

  • And it also need to load fast because the Web's users are usedto pretty fast load times.

  • But these kinds of applications are very large code bases, which means that there's a lot to download when you first visit you Earl.

  • So we needed our compiler target to be compact so I could go over the Internet quickly.

  • These languages also needed to manage memory differently from Java script.

  • They need to be able to directly manage their memory.

  • And this is because languages like C and C Plus plus have a low level language feature called Pointers and Pointers.

  • Need to be able Thio, take a memory address and read and write directly from that memory address.

  • But you can't have a program that you downloaded from the Web.

  • Just accessing your memory willy nilly in order to provide a way to access memory like a native program is used to.

  • But to keep the browser secure, we had to create something that could give access to a very specific part of memory and nothing else to do.

  • This Web assembly uses a linear memory model, and that's implemented using type to race, which are basically just Java script Reyes.

  • Except the items that are in this ray are bites bites of memory.

  • So when you're accessing it, you're just using Iranian Dixie's, which you've been treat as though they were memory addresses.

  • And this means that you can pretend that this array is c++ memory.

  • So with all of those things in place, you could run desktop applications and games in your browser as if they were running natively on your computer, and that was pretty much the skill set that woman suddenly had.

  • One was released as an M V P.

  • It truly was an M v P.

  • A minimum viable product.

  • This allowed certain kinds of applications to work, but there was still a whole host of other applications that needed to be unlocked.

  • So the next achievement to unlock is heavier weight desktop applications.

  • Can you imagine if something like photo shop was running in your browser?

  • If you could load it on any of your devices and start working with your files like you can with the meal, we've already started seeing things like this.

  • For example, the auto CAD team has made their CAD software available through the browser, and Adobe has made light room available through the browser using Web assembly.

  • But there are still a few features that we need to make sure all of these applications, even the heaviest of heavyweight applications, work well in the browser.

  • First, a support for multi threading modern day computers have multiple cores that can process things in parallel.

  • But to make use of these cores, you need support for threatening.

  • There's another bit of modern hardware that processes things in parallel and that Cindy single instruction multiple data.

  • With Cindy, it's possible to take a chunk of memory and split it up across different execution units, which are basically like oars.

  • And then you have the same bit of code.

  • The same instruction run across all of those execution units, but on different parts of the data.

  • Another hardware capability is 64 bit addressing.

  • Memory addresses are just numbers.

  • So if your memory addresses for only 32 bits long, you only have so many memory of justice enough for four gigabytes.

  • But most modern hardware support 64 bit addressing, which offers 16 exabytes of memory addresses.

  • That's a big difference.

  • Adding 64 bit support will take the artificial limitation on memory address space out of Web assembly.

  • But these applications don't just need to run fast load times need to be fast, too.

  • One mix up here is to do something called streaming compilation, where you compile the file as it's being downloaded, and Web assembly was designed to enable.

  • This unti eared compiler also helps.

  • So in Firefox we have two compilers.

  • The 1st 1 The baseline compiler starts when the download starts for the first time.

  • Then another compile, earthy, optimizing compiler runs on several feds in the background and that one takes longer to compile.

  • But the code that it generates is extremely fast.

  • We're also working on a new optimizing compiler called Crane Lift and Cream Lift is designed to actually speed up that initial compile time so can compile code and parallel at a function by function level.

  • But the code it generates is still fast, and we're currently working to see if we can make it generate code that's even faster and when it's executing than our current optimizing compiler.

  • But there's an even better trick we can use to skip compiling most of the time.

  • Unlike with Java script.

  • If you load the same Web assembly file twice, it compiles to the same machine code so we can store that compiled code in the http cash and then when the pages loading and it goes to check the cash instead of pulling out that source code, it pulls out the compiled code.

  • So this gets compiling completely, and there are ways to skip even more work.

  • So stay tuned to see what else happens to improve load times.

  • Where are we with supporting these heavyweight applications right now for the threating, we have a proposal that's pretty much done.

  • But a key piece of that Chair Dre buffers had to be turned off and browsers earlier this year.

  • Last year, they will be turned again.

  • Turned on again soon, though Cindy is under active development at the moment.

  • For 1064 we have a good picture of how this is going to work, and that's pretty similar to how X 86 or arm got support for 64 bit addressing and Firefox added streaming compilation last year in Firefox.

  • We actually compiled the code so fast that's basically done compiling by the time you downloaded the file and other browsers are adding streaming, too, and we also added our baseline compiler last year, and other browsers have been adding the same kind of architecture in Firefox.

  • Http Cash earnings close and it isn't close and chrome as well, and other improvements are in discussion, even though this is all still in progress.

  • Heavyweight applications are still coming out today because Web assembly already gives these applications the performance that they need.

  • But once these features are all in place, there's going to be another achievement unlocked, and more of these heavyweight applications are going to be able to come to the browser.

  • But Webb assembly isn't just for desktop applications.

  • It's also meant for regular small modules Web development, the kind of Web development that you're used to if you have a module that does a lot of heavy computation or processing, that's a good use case for Web assembly.

  • And again, we're already seeing some of this.

  • So the part sir, in the Source Maps library that's used in Web Pack and Firefox Dev.

  • Tools that was rewritten and rust compiled toe Web assembling is now 11 times faster, and the Gutenberg Parson WordPress is now an average of 86 times faster, with its rewrite and rust compiled Web assembly.

  • But for this to go mainstream, we need to have a few more things in place.

  • First calls between Java script and Web assembly need to be fast.

  • When Webb Assembly first came out, these calls weren't fast because engines needed to optimize them.

  • We finished our working on this and Firefox last summer.

  • And now some of these calls are actually faster than non in lines JavaScript to Java.

  • Script calls.

  • That brings us to another thing, though you often need to pass data between your job, script and Web.

  • Somebody functions.

  • Need to pass arguments into your Web, suddenly function or return values from it at the moment.

  • What assembly?

  • Only state assembly only understands numbers.

  • So this means that you can't pass more complex things in like objects.

  • You need to convert your object into numbers, put it in the linear memory and then pull it back out on the Web assembly side and figure out what it is.

  • That's kind of complicated, and it takes some time to convert the data into linear memory.

  • So we need this to be easier and faster.

  • We also need to integrate with yes modules.

  • Right now, you can't use important export with waza modules, but that means that the Web assembly module isn't really part of the Js module graph.

  • Just being able to import export doesn't get us all the way there, though we also need ways to distribute and bundle Web assembly modules.

  • What's the M.

  • P M.

  • For Web assembly.

  • Well, what about MPM?

  • What's the Web pack or parcel for Web assembly?

  • Well, what about Web Pack in parcel?

  • These modules shouldn't look any different to the people that are using them, So why should we create a whole other ecosystem?

  • And there's one more thing.

  • Support for older versions of browsers, even those that don't know what Web assembly is like.

  • 11.

  • So where are we on all of these things?

  • Well, calls between JavaScript and Web assembly or Fast and fireworks now, and other browsers are also prioritizing this for easy and fast Dave Exchange.

  • There are a few proposals that will help with this, such as any ref host bindings and weak refs.

  • I unfortunately, don't have time to go into the detail on that.

  • But in the meantime, the rust ecosystem has created tools that automate the handling of this stuff for you for S module integration.

  • The proposal is pretty far along for tool chain support tools in the Rust Ecosystem Comm package.

  • Your code for M.

  • P.

  • M and the bundlers are also actively working on support.

  • And finally, for backwards compatibility, there's the wah's um two Js tool that takes a wise and pile and spits out the equivalent Java script.

  • Now that job script isn't gonna be fast, but at least it will work in older versions of browsers that don't know what Web assembly is.

  • Once we unlock this achievement, we open the path to another two.

  • Rewriting large parts of Java script framework, some Web assembly and making it possible for statically type compiled to Java script languages to compile the Web assembly instead.

  • Languages like Scala Js or Reason or else for both of these use cases whether simply needs to support high level language features.

  • So first, let's look at rewriting parts of Js frameworks.

  • For a framework like react.

  • You could paralyze the virtual dom dipping algorithm with a language that has really ergonomic support for parallel ization like rust.

  • And you can also speed things up by reducing memory usage and allocating memory differently.

  • But you'd still need to interact with Java script objects, things like components from that code.

  • You can't just rewrite everything in linear memory because that would be difficult and inefficient, so you need to be able to integrate with the browsers built in garbage collector and that will also help languages that compiled to job script like Scala, Jess, Reason and L'm.

  • Because these languages they already use JavaScript garbage collector when they compiled two Js.

  • And that's the same GC that Web assembly will be using when it's running in the browser so they won't need to change their G C.

  • We also need better support for handling exceptions, and we need good to bugging support Browsers today make it easy to bug your your Java script.

  • Using dub tools, we need that same kind of support for Web assembly.

  • And finally, for many functional languages, you need a feature called Tail Calls.

  • So where are we on all of this for garbage collection?

  • Our team already has a prototype of this working, but it will still take some time for these proposals to go through standardization.

  • So we're probably looking at some time next year.

  • Exception.

  • Handling is still in the research and development phase for debugging.

  • There's currently some support and browser deaf tools, but it's still not ideal.

  • So there's a subgroup of the Web assembly CG that is working on specifying that, and the tail calls proposal is also underway once those are all in place will have unlocked Js frameworks, and many compile two Js languages.

  • So those are all achievements that we can't unlock inside of the browser.

  • But what about outside the browser now?

  • You may be confused when I talk about outside the browser, because isn't the browser what you used to view the Web and isn't that right in the name Web assembly?

  • But the truth is, technologies like HTML and CSS and Java script are only part of what makes the Web there the visible part there what she used to make user interfaces, so they're the most obvious part.

  • But there's another really important part of the Web, which has properties which aren't as visible, and this is the link.

  • The links innovation is that I can link to your page without having to put in a central registry or ask you or even know who you are.

  • Is this ease of linking that enabled us to create these global communities with people that we don't know.

  • But there are two problems we haven't addressed.

  • If we just have this link, the 1st 1 is you go toe to visit the site and deliver some code to you.

  • How does it know what kind of code it should deliver to you?

  • Because if you're running on a Mac, then you need to have a different kind of machine code than if you're running on Windows.

  • Does the website need to have a different version of the code for every possible device?

  • No.

  • Instead, the site has one version of code, the source code, and that's what's delivered to the user and has translated to machine code on the user's device.

  • The name for this concept is portability with it.

  • Websites don't need to know what kind of device are running, but that brings us to a second problem.

  • If you don't know these people whose Web pages you're visiting, how do you know what kind of code they're going to give to you?

  • It could be trying to take over your system.

  • Doesn't this vision of the Web running code from anybody who's link you follow mean they have to blindly trust anyone who's on the Web?

  • This is where the other key concept from the Web comes in, and that's the security model.

  • Basically, the browser takes the code and puts it in a sandbox and it puts a couple of toys in that sandbox that make it possible for the code to do some interesting things.

  • But it leaves the dangerous toys outside of the sandbox.

  • So the utility of the link is based on these two things.

  • The portability.

  • Being able to deliver the same code to all these different devices and have it run and the sandbox, the security model that lets you run the code without putting your machine at risk.

  • So what difference does it make?

  • If you think of the Web this way, it changes how you think of Web assembly.

  • You can think about what assembly is just another tool in the browsers toolbox, which it is.

  • But it's not just that what assembly also gives us a way to take these other two capabilities of the Web, the portability in the security model and bring them to use cases that need them to outside of the Web.

  • We can expand the Web past the boundaries of the browser.

  • Now you may be thinking that already happened with no Js.

  • But as it is today, no, doesn't quite get us there.

  • It doesn't give us full portability and It doesn't give us the same security, the same ability to run untrusted code.

  • Hi there.

  • So J s modules with note.

  • It's possible to run Java script on servers and other devices that don't have a browser, so that does give us some portability.

  • But you still need native modules and a lot of cases, either because you need the code to run really fast.

  • Or you already have code written in a language like See That you Want to then use in your app.

  • But native modules aren't portable.

  • They have to be compiled ahead of time specifically for the kind of device the users using.

  • We're also still missing.

  • Security note could have taken the sandbox from the browser.

  • But Node made that defined decision early on that jazz modules would have full access to certain system AP eyes so jazz models can do things like right and read files on your machine.

  • These capabilities, things like direct file access to your system, are the dangerous toys that aren't available in the browser sandbox, even though they're dangerous, though for the kinds of use cases that note was built for these, he's a P.

  • I do make a certain kind of sense.

  • This kind of access makes a certain kind of sense.

  • The thing I want to make clear here is that note made a choice, really?

  • Is that no, I had a choice to make for jazz modules.

  • It could have gone with a sandbox style approach.

  • But for native modules, Note had less of a choice because it's really hard to sandbox native code.

  • So notice made this choice.

  • Basically, if you're running a note application today on your computer, you basically said I trust this code, although the node developers are actually looking at a way that they can change this in the future.

  • But despite this Web assembly can still help note, it could eliminate most of the need for native modules, ones that are compiled ahead of time for the user's device.

  • These could be written in Web assembly instead and just compiled once, and these modules could then run across all devices, just like jobs.

  • Good models.

  • D'oh!

  • The only problem here is that Web assembly doesn't have direct access to the system's resource is we would need to pass and functions to the Web assembly module so they can work with the operating system now for know this will probably include a lot of the functionality of things like the sea standard library and things that are part of posits.

  • The portable operating system interface, which is an older standard and helps with compatibility across different kinds of operating systems.

  • UNIX, like operating systems to make that happen, the note core folks.

  • We need to figure out what a P I they want to use for these functions.

  • But wouldn't it be nice if that were actually something standard?

  • Not something that was constrained just to note but could be used across other run times and use cases, too?

  • A posits for Web assembly if you will applause IX a portable Web assembly system in her face.

  • And if this were done in the right way, you could even implement the same AP I, but in a different way, for the Web.

  • Now these functions wouldn't be part of the core Web assembly speck, and there would be Web assembly hosts that didn't include them.

  • But for platforms that could make use of them, there would be a unified a p I for calling these functions, no matter which platform your code was running on, and this would make universal modules ones that run across both the Web and note so much easier.

  • So is this something that could actually happen?

  • Well, we and others are working on it, and I think we have a pretty good chance.

  • We're also seeing a lot off demand for this from a wide range off with different domains.

  • One of these remains is the remains off city ends off serverless and off that computing the fastest city and, for example, serves a significant fraction off the entire Internet traffic.

  • And they're moving from serving just static files.

  • A city answer fist are done to running their customers coat on every incoming request, and they're doing this without adding 10 times as many machines to their network, which is really what they would have to do if they were to use more traditional Several architectures where you'd use something like containers or other heavy wage mechanisms took one twisted code instead, Weapon somebody gives them the scent boxing they need at the speed and at the scale that they need.

  • People are also working on building block chimp platforms with weapons, MD dissent within the I O.

  • T space and in what wedding?

  • Portable CLI tools with weapons.

  • We've also seen Enquist Rome companies building game engines where weapons and it can be used to one game logic in sent boxes and with projects like Wes 100 Nebula JJ, some folks try to make it run inside.

  • Operating system crumbles.

  • I don't have time to explain all these different use cases, and what exactly makes 1% be good for them?

  • But, um, there are some important considerations.

  • For example, they all have in common that sent boxing and probability are important for them.

  • And there are some other important commonalities, which I want to talk a bit more about.

  • For example, how do things like network excess work of file exes the way these things work should ideally be roughly identical across all of these whose cases Where, exactly?

  • I don't if you use weapons assembly together with JavaScript in the browser or a note, then JavaScript is used to let weapons simply talk to the outside world you use fetch to load a file from the server in the browser.

  • All of this a standardized so you can rely on it and you use notes.

  • F s start.

  • We'd file to read a file, and you can also rely on this, but for a different reason.

  • There's really only 11 time you would use note, because note is the defective standards you know the FBI's you can use and carpet I own.

  • Ideally, we'll have a similar situation with weapons assembly, where you know what FBI's you can work with, but not where 11 time being completely dominant.

  • Instead, we're working towards the standardized one time environment, which means they'll be a set of functions that you can rely on for things like file access or network access.

  • That means you can compile code ones and planet in all of these different environments and in any one time that provides these functions, or in the brother where this function can be implemented using Java script using existing doll, maybe eyes, and then you can have, um, one Time said, a really tailored towards their exact use case instead of having to rely on a one size fits all.

  • So for this standard lap, we we could have said let's just use posits and be done with it.

  • Unfortunately, that eliminates one of weapons and these big advantages security model.

  • It's a Cuban model and in particular, the sandbox England talked about.

  • Lynn also talked about how note had a choice to make, at least for JavaScript modules.

  • Choice between keeping the scent box that Js runs in the brother or giving it an easy way to talk to the outside world.

  • And we now have the same choice to make.

  • Do we go with this easiest route but give up on sent boxing?

  • Or do we do something different, something that allows better control and leads to better security and audit ability?

  • And that last point is really important?

  • Um, if your plan, unification or before your unification, Ideally, you should be able to tell what it can do to your machine.

  • Sort of.

  • In the worst case, can it access your entire fight file system and then just send off things to the Internet?

  • Say your pecan wallet.

  • Maybe not run that machine.

  • Remember that that that application, but if it can only access files in a single directory and ride back to that directly, seems fine now with posits.

  • That is incredibly hard.

  • Um, and it really only works with support from the operating system and how this works is different between different operating systems.

  • So there goes a lot of your possibility.

  • Solid portable sent Boxing is hard.

  • A quick note with created Nobody had really figured out how to apply it to the real world.

  • But with things such as Google's fuchsia operating system, this has changed.

  • Better designs exist, and for Western time we're working on the standard lab quickly.

  • That will make it easy to build secure auditable and portable models and applications that'll work for all of these different use cases.

  • So with this standardized FBI, you could get the same flexibility that you have with note but still have security audit ability and the ability to run your code invented different one times, and we're making sure that you can use the tools you're used to, as well.

  • The compilers.

  • Four languages, such as breast, C, c++ and others, and the debug Earth such a L, O.

  • D.

  • B and G.

  • D B and I.

  • D E, such as X coat and visual studio code.

  • So, as you can see, there's a lot of active development in this space.

  • We are all working hard to make it easy for you to target these different use cases without making you jump through hoops to develop and debunk your code.

  • And with this, we bring these capabilities off the Web that Lynn mentioned, the possibility and security and the audit ability that I mentioned toe all of these years cases.

  • Now let's zoom back out and look at the skill tree.

  • I said the beginning of this talk that people have a misconception about Web assembly.

  • This idea that the Web assembly that landed in the M V P was the final version of Web assembly, and I think you can see now why this is a misconception.

  • Yes, the M V P opened up a lot of opportunities and made it possible to bring a lot of desktop applications to the Web.

  • But we still have many use cases to unlock, from heavyweight desktop applications to small modules to Java, script frameworks to all of those things.

  • Outside of the browser node and server.

  • Listen, the Blockchain and portable C lights was an Internet of things.

  • So the Web assembly that we have today is not the end of the story because What if somebody still has promised to keep and many places to go before it sleeps?

  • I want to thank my collaborators on developing this talk.

  • Luke Wagner until she died.

  • Right?

  • And thank you all for listening.

thank you for that great introduction.

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it