0

i'm very new to web and browsers. and i'm very confused. i'm recently studying on webassembly and i read that wasm is run in a virtual machine that provides isolation: "Wasm run on a virtual machine. This VM can be embedded into other programs (especially browsers). The wasm VM Is carefully isolated from the rest of the program or system, and is only able to communicate with its host program via specially Enumerated imports and exports" and then i search a lot to know more about this virtual machine and how it works and how provide isolation. and i read that javascript is also run in virtual machines in browsers and wasm is also run on the same virtual machine. is it true? and then i search a lot on javascript virtual machines and how it provides isolation. but i only find javascript engines, like V8. are javascript engine and javascript virtual machines are the same? i mean i thinked javascript engine is different from javascript virtual machine and i thinked javascript virtual machine provides isolation but javascript engine don't provide isolation. is it false? are they same? so V8 also provide isolation? webassembly virtual machine which is embedded in browsers is V8? if webassembly run in the same virtual machine that runs also javascript, so why they emphasize on this that webassembly runs in virtual machines and provide isolation security? well, it seems javascript also runs in virtual machine and provide isolation. so how webassembly provides more security about isolation? i'm very very confused.

capstonene
  • 179
  • 11
  • This: https://developer.mozilla.org/en-US/docs/WebAssembly/Concepts#how_does_webassembly_fit_into_the_web_platform – Randy Casburn Mar 21 '21 at 14:04
  • dear Randy i read all of the documentation of webassembly before – capstonene Mar 21 '21 at 14:29
  • 1
    Ok, but it seems you've missed some vital parts, maybe English is not your first language. Focusing on this question: "_webassembly virtual machine which is embedded in browsers is V8?_" - I'll quote the answer from the link I provided: "_With the advent of WebAssembly appearing in browsers, the virtual machine that we talked about earlier will now load and run two types of code — JavaScript AND WebAssembly._" – Randy Casburn Mar 21 '21 at 15:56
  • 1
    Additionally, here is a blog post on the v8.dev web site that describes wasm integration into V8: https://v8.dev/blog/webassembly-experimental – Randy Casburn Mar 21 '21 at 15:59
  • 1
    Finally, to address "isolation" with both WASM and JavaScript, I need to change the term a bit since "isolation" means different things in different (language) contexts. So when thinking about code running in a browser, we use the term **sandbox**. So WASM is automatically "_sandboxed_" in the browser. You can read more about sandboxing here: https://stackoverflow.com/questions/7043882/what-actually-is-sandboxing-in-javascript – Randy Casburn Mar 21 '21 at 16:22
  • thank you. yes. i read all of these before. please answer these two questions: 1- is JS VM is the same as JS machine, e.g. V8? 2- if JS is also run in VM, why wasm claim security because of running in VM? – capstonene Mar 21 '21 at 16:23
  • 1
    1. Yes...but using the term VM with JavaScript confuses many people (like it has for you). 2. The answer is in the final comment concerning **sandboxing** both WASM and JavaScript code. – Randy Casburn Mar 21 '21 at 16:25
  • 1
    I think a better answer to #2 would be to tell you that WASM is sandboxed by default and JavaScript can optionally be sandboxed. JavaScript is sandboxed using Content Security Policy or iframe attributes. The CSP version of sandboxing is provided [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox) and describes precisely what sandboxing means. Those very same rules are applied to WASM by default. – Randy Casburn Mar 21 '21 at 16:34
  • thank you. but you know i read many posts that compare Java virtual machine with webassembly virtual machine and they don't talk about javascript isolation. so i thinked webassembly VM is something similar Java VM (JVM) – capstonene Mar 21 '21 at 16:43
  • would you compare JVM with wasm? – capstonene Mar 21 '21 at 17:03
  • 1
    There are not remotely related. JVM = Java Bytecode runtime environment specifically meant for execution on the desktop ::: WASM = many (non-garbage collected) language runtime environment specifically adapted for execution within the browser. – Randy Casburn Mar 21 '21 at 17:30
  • 1
    Last comment from me here: you repeatedly point out that your "study" this, "read many" of those. Yet you have yet to provide one reference. If you are reading garbage resources that have not been vetted for accuracy, you are responsible for your own confusion. Example: "_i read many posts that compare Java virtual machine with webassembly virtual machine_" - without reference, there is very little anyone can say about what you read and perhaps, maybe, misunderstood in the "many posts". Good luck to you. – Randy Casburn Mar 21 '21 at 17:34
  • thank you dear Randy. thanks so much for your helps – capstonene Mar 21 '21 at 19:40

0 Answers0