HdacHdac

Menu Open

search result

Frequently Searched Words
Menu Close

NEWS

Latest News

Stay updated with the latest news and event on RIZON

Developers’ Journal

WASM and VMs, specialized for blockchains

Mar 7th, 2020

Many blockchain platform projects adopt a programing language to draw contracts and a concept of the sandbox virtual machine (VM) to implement those projects for usability and scalability when applying the definition of smart contracts.

For instance, Ethereum has the Ethereum Virtual Machine (EVM) along with Solidity. Some may have a misguided belief that the EVM and Solidity must have each other, but EVM’s entry consists of byte codes which are not directly related to Solidity. It can use any language if the EVM can create byte codes of the same specs. Vyper is one of the languages that can create EVM byte codes.

Ethereum announced a model change and showcased EWASM, a WASM-based VM, to replace the EVM while planning 2.0. Nowadays. other platform projects are also jumping on the bandwagon with WASM.

This post will share thoughts on WASM-based VMs said to be the next model for blockchains, progresses made in those attempts and unique problems arising in the process. If you need more general knowledge on computer operation such as languages, VMs and byte codes or descriptions in easy and simple terms, those are just one search away.

Use of WebAssembly

In fact, OPCODEs that consist of hexadecimal numbers can be used for this. A short OPCODE is written for a range of low-level approaches such as in-line hooking, stack control and register control.

Is a binary that compiles WASM composed of OPCODEs? It is not. It is also composed of intermediate representations (IR) appropriate for conversion, though not specific CPU architecture operation specs. That is why various introductory documents use the expression “more native” while specs define it as Virtual Instruction-Set-Architecture (ISA) [2].

Therefore, WASM needs a VM to compile IRs into your CPU architecture or to analyze and execute like an interpreter. WASM and Java-JVM are similar in their basic functions, but starkly different in other features. WASM was designed to partially enable parallel compilation and execute IRs while simultaneously receiving streamed IRs in the network environment. It also has other design principles to accommodate web computing. One of them is the sandbox environment, which prevents security threats by restricting access that can affect the executed host environment such as file I/O, memory I/O and others.

Then why is WASM used on blockchain platforms which are different from the web? Let us look at simple use cases to understand what characteristics of WASM make it suitable for blockchains.

Cases to implement high performance functions on the web

When complicated 3D rendering is needed on the web, additional programs are usually set up. But WASM supports 3D rendering without adding new programs on the web by using its hardware graphic control — OpenGL. Google Earth is a key example of this.

Cases to transfer native programs to web programs

QT is a C++ Cross platform UI Framework used on various operation systems to assist development of GUI programs with one code. Recently, QT advanced its WASM framework further to support GUI web programs. Its efforts are still revolving around the experimental realm such as portability, but it shows possibilities of using WASM for high-performance GUI programs on the web.

Malware

There is malware that tries to mine cryptocurrencies by secretly using others’ computers. It advanced to the level of attempting mining by just accessing a webpage without setting up any program since it started to use WASM and Emscripten. It is not likely to cause serious problems such as file manipulation because WASM and VMs are designed for security, but it will surely make various attempts to circumvent security technologies.

Native language’s architecture and loading that solved platform dependency

To resolve this problem, researchers are conducting active research on ways to add emulation layers to different types of CPU architecture on the OS. Windows 10 on ARM set up on a recently released PC limitedly supports x86 programs.

When creating a binary composed of WASM IRs with no architecture dependency, it can execute through VMs regardless of the architecture of an execution environment’s CPU. Standard specs dub this as ‘hardware-independent.’

In this process, VMs’ methods can be categorized into interpreting, JIT compiling and AOT compiling. Most VMs choose an optimal method for each situation. Further details are to be explored below in the part for optimization technology.

Compliers create the final program binary based on designated file formats for each OS as well as operation sets. Microsoft’s PE is the most well-known EXE and DLL, while Unix/Linux often use ELF and Mac uses Mach-O. OSs do not support file formats for each other, and users had to re-compile programs to use them on another OS.

WASM, on the other hand, is a standardized format that does not depend on platforms such as OSs, which is why it can be executed in any environment only if it is equipped with a VM. Standard specs refer to this characteristic as ‘platform-independent.’ Web is not an exception for this. It does not need browsers and can be executed along with an independent VM or integrated to other environments.

Of course, WASM VMs must be provided for each existing OS/CPU architecture.

Hardware-independence and platform-independence are general characteristics of programing languages designed based on VMs. But WASM opened a way to enhance flexibility for existing languages by designing more detailed IRs which can be broadly applied to various languages.

Most blockchain nodes still run on X86/AMD64 architecture generally used for server computing, which is why it would be illogical to put it up as an advantage of using a platform on blockchains. But there would be no issue if WASM contracts are executed in environments using ARM or a mobile OS as platforms advance.

VMs’ optimization method to enhance performance

Smaller, faster — Optimization of IR creation

Parameters related to optimization vary — the number of general registers the target CPU architecture has, whether it supports the newest features such as hardware acceleration and what function call protocols it entails. The newest methods are explored in all areas from hardware to software.

Which optimization method should WASM compliers focus on to create an IR? It is not an easy decision, considering platform and hardware independence mentioned above. Optimization that reduces computing power consumption for execution in a web browsing environment could result in disadvantages in other environments. Fast execution does not guarantee a fast process as code transmission takes more time in poor network conditions.

Limitations of interpreting and highlight of runtime optimization — JIT & AOT compilation

Well-optimized interpreter engines are converted into CPU OPCODEs during the initial execution of an IR block. This is called Just-In-Time (JIT) compilation, and it is effective when applied to frequently executed parts. But it would become slower than simple interpreting when it is applied to a group of simple code units executed once or twice as compilation requires time and resources. Ahead-of-Time (AOT) compilation that converts the entire IRs before execution could be appropriate if there is enough time between reception and execution of a program.

WASM was designed taking account of the well-known optimization process described above.

It selects an optimization method for different targets and purposes. The design principle that obviates information of a target to eliminate dependency and the optimization selection method which requires information on the existing execution environment and the purpose cannot be fulfilled simultaneously. Many obstacles arise in automatically selecting the optimal case. In the end, WASM module developers need to consider various environments before selecting the best optimization method. They also need to develop proper optimization methods for WASM rather than applying the existing native compilation’s optimization methods to develop WASM VMs.

Is WASM the absolute solution for blockchains?

Blockchain platforms have execution environments quite different from existing environments. Trustless decentralized platforms require servers to execute codes written by an anonymous developer, but it can be highly risky considering the security of nodes. That is why security design principles including WASM’s sandbox environment are pivotal on decentralized platforms.

As WASM is considered for web computing, it would have been great if it incorporated browser engine experiences. Several issues must be addressed to apply them onto blockchain platforms.

Considerations for blockchain hinder development

Transaction costs

Optimization methods above bear larger code sizes for optimal execution speed. Smart contract executors would naturally want to reduce transaction costs, but node or service operators cannot ignore the execution speed.

Non-deterministic results

All distributed nodes must have the same execution result when a contract is executed with the same entry at the same time. This is a prerequisite to reach the final consensus, which is why smart contracts are not supposed to have non-deterministic outputs.

An easy example would be a case where a smart contract uses a function created by a random number that does not consider non-deterministic outputs. WASM’s standard definition also has non-deterministic cases [3]. The thread feature is one of them. This may appear when a specific memory is concurrently controlled through multi-threading.

At the end of the day, developers must be able to restrict and test deterministic cases for smart contract WASM modules. But it is not easy to do so. In some known cases, they adopt nonstandard methods such as limiting execution results by force or using non-standard compiler options to find a solution. Nevertheless, it is not easy for a receiver to guarantee that a creator of smart contract WASM modules observed the methods or that all non-deterministic threats disappeared.

Various methods such as static analysis and emulation on IR codes must be tested when a new contract is registered [4], and there is no other choice but to trust the result.

Various vulnerability threats hidden in the code written by a third party

In web computing, accessing malicious websites which attack vulnerabilities of a browser engine may launch a real attack on a client on the executing end. On blockchain platforms, it may threaten servers instead of clients. As if validating these concerns, another blockchain project found vulnerabilities in VMs [5]. Fortunately, their security research team found it and installed a patch before any actual damage occurred [6].

On top of the advantages listed above, WASM is emerging as a new entry route among vulnerability researchers [7][8]. But they must guard against threats as any increase in the number of new optimization features can be translated into more vulnerability threats.

Somewhere between conservative validation and liberal optimization

In the long run, the gap between development of WASM VMs on the web and that on blockchains is bound to widen. VMs and compilers cannot be completed in a short period with limited resources. High development costs must be taken into consideration.

Moreover, it would still be difficult to choose the direction of development even though there are enough resources and time. Should we take a conservative approach and opt for the maximum validation? Or should we be more liberal and continue to try new things for commercialization even if there are threats? Or is there any way to use a browser engine highly experienced in VM development?

Leaders have different strategies for their project as there is no right or wrong answer to this. Conservative leaders limit their project’s implementation to basic methods without adopting various optimization methods as they prioritize validation. But those who take risks and try optimization uses the llvm backend for IR optimization and even create machine codes at runtime by adopting JIT.

But no project has tried to directly use a browser engine. Would a browser engine developer developing a blockchain platform try it?

Conclusion

Then how can we save development resources for blockchain’s unique elements, balance out intertwined interests such as competition between players and create a common interest so that everyone’s efforts do not go meaningless?

We will continue to share information on optimization methods while conducting meticulous validation. We should try not to go around in circles because of undefined fear but should also avoid taking unreasonable risks and harm stability of our projects. We are planning to conduct research on optimization and validation by looking into a tool that can analyze vulnerabilities of contracts or applying optimization that performs AOT compilation in advance on transactions of a block proceeding with consensus in an execution engine. Moreover, we would like to march into a more general direction so that everyone in the decentralized ecosystem can benefit from our HDAC platform.

We will continue to deliver technology-intensive development.

References

PRIVACY POLICY

1. Introduction.

Hdac Technology AG respects the privacy of its Members, Contributors, Users or Clients and is dedicated to controlling the use and disclosure of information provided by Members, Contributors, Users or Clients using the Site. This Privacy Policy (the “Privacy Policy”) sets forth Hdac Technology AG’s policies regarding collection, storage, access, use and disclosure of information relating to a Member’s, Contributor’s, User’s or Client’s registration and use of the Site. Any terms not defined herein shall have the meaning set forth in the Terms & Conditions, the Transaction Terms & Conditions or the User Agreement.

2. Information Collection, Use And Disclosure Activities.

2.1 Registration Information.

To ensure that only legitimate entities and individuals are able to access the non-public areas of the Site and enter into transactions, we require each potential Member, Contributor, User or Client to, by using the Registration Page on the Site, provide (i) information regarding themselves (including name, e-mail address, job title, work address and work phone number), and (ii) information regarding their Company (including Company name and parent Company’s name and address). Upon receipt of Your registration data, Hdac Technology AG may contact You or Your Company to obtain other background information used by Hdac Technology AG to evaluate an applicant's qualifications for Membership, Contribution and/or Participation. Other than as specified in this Privacy Policy, the registration information will be used only internally by Hdac Technology AG and will not be disclosed to third parties without the applicable Member’s, User’s or Client's prior written consent. Notwithstanding of the before mentioned, Hdac Technology AG is obliged to report suspicious transactions and facts about individuals including Contributors to the relevant authorities without further notification and without becoming liable for any damage such action may cause.

2.2 References.

In addition to the information specified in Section 2.1, Hdac Technology AG may require Members, Contributores, Users or Clients or prospective Members, Contributors, Users or Clients to provide Hdac Technology AG with Company references to allow Hdac Technology AG to verify a Company’s capacity, legitimacy and reputability. Hdac Technology AG may provide such references to parties with which a Member, User or Client enters into a Negotiation to assure such parties that Company can meet its prospective obligations thereunder.

2.3 Member, Contributors, User or Client Profile.

Each Member, User or Client will create a Member, Contributor, User or Client profile that includes, among other things, information about this Member, Contributor, User or Client. Information in a Member, Contributor, User or Client profile are accessible only by the applicable Member, Contributor, User or Client, the Member, User or Client’s Group Administrator and Hdac Technology AG. Certain Member, Contributor, User or Client profile information will be provided to the parties engaged in a Negotiation in accordance with Section 2.5. Other than as permitted under this Privacy Policy, Member, Contributor, User or Client profile information will not be disclosed to third parties without the applicable Member, Contributor, User or Client's prior written consent.

2.4 Member, Contributor, User or Client Information.

(a) Hdac Technology AG may collect, use and disclose both on and off the Site, for marketing and other purposes, certain general, demographic and statistical information regarding Site usage and transactions. (b) To assist Member, User or Clients in selecting companies they may do business with through the Site, Hdac Technology AG may make available to Member, Contributor, User or Clients and non-Member, Contributor, User or Clients certain performance statistics of all Companies, provided that such statistics shall not include any Company-identifiable pricing information.

2.5 Technical and Usage Information.

To operate the Site, enhance its functionality, and ensure that Members, Contributors, Users or Clients Negotiations and communications are convenient, dependable and secure, Hdac Technology AG may collect, store and use technical and Site usage information relating to a Member, Contributor, User or Client's activities on the Site. Such information includes the Internet Protocol (“IP”) address from which a Member, Contributor, User or Client accesses the Site, which is used only internally by Hdac Technology AG as required for server operation and other technical uses, and is not disclosed to Members, Contributors, Users or Clients or other persons. Hdac Technology AG may also track the pages of the Site accessed by Members, Users or Clients.

2.6 Member, Contributor, User or Client Communications.

Hdac Technology AG may use Member, Contributor, User or Client contact information, such as e-mail addresses, to communicate with Members, Users or Clients regarding registration and transactions, to notify Members, Contributors, Users or Clients of changes in Site functionality and features, product and service updates, policy changes, billing and other activities relating to a Members, Contributors, Users or Client's use of the Site, and for marketing purposes.

2.7 Legal Compliance.

In addition to the disclosures permitted pursuant to this Privacy Policy, Hdac Technology AG may provide Member, Contributor, User or Client information in connection with legal, administrative or judicial inquiries, claims or orders to the extent necessary to comply therewith or to enforce a User Agreement.

3. Collection And Use Of Information Using Cookies.

As with many state-of-the-art Internet sites, the Site uses “cookies” to enhance the functionality of the Site and to make transactions and other activities more convenient and efficient for Members, Contributors, Users or Clients. A “cookie” is a file stored locally on computers used to access the Member, Contributor, User or Client account that contains information relating to a Member, Contributor, User or Client's past use of the Site. For example, a cookie may contain information previously entered on a Site form, which may be recalled as default information when that form is accessed at a later time. This prevents re-entry of frequently used information each time a Member, Contributor, User or Client account is accessed. Cookies are also useful in streamlining log-in and in preserving transactional information between sessions. Cookies will likely play an increasingly important role as we enhance the ability of Members, Contributors, Users or Clients to customize the functionality of the Site to better meet their needs and preferences. Most Internet browsers include preference settings that allow users to be notified and control whether cookies are transferred to their computers. Please review Your browser's documentation or “help” feature for more information on that functionality. Although disabling cookies will not affect a Member, User or Client's ability to transact business on the Site, it may make such activities more time consuming.

4. Linked Sites.

The Site may contain hyperlinks through which other Internet websites may be accessed by Members, Contributors, Users or Clients. Hdac Technology AG is not responsible for and cannot make any assurances regarding privacy, or other policies or practices of the operators of such websites. Such links are provided only for the convenience of our Members, Contributors, Users or Clients, and the presence of any link does not imply that Hdac Technology AG endorses, approves or is responsible for such websites.

5. Security.

Hdac Technology AG is very concerned with the security of information relating to our Members, Contributors, Users or Clients' use of the Site and has implemented systems and procedures to prevent unauthorized access to that information including the use of Secure Sockets Layer (SSL) connection and password protection. Each Member, Contributor, User or Client will create its own username and password, the secrecy of which is the sole responsibility of the Member, Contributor, User or Client. In the event the integrity of a Member, Contributor, User or Client’s password is compromised, the Member, Contributor, User or Client shall immediately change its password.

6. Updates To The Privacy Policy.

Hdac Technology AG may update this Privacy Policy from time to time as new features and services become available on the Site and to keep pace with technological developments. The new terms shall be effective ten (10) days after they are initially posted on the Site. It is the responsibility of the Member, Contributor, User or Client to review the latest terms. If You do not agree with updated Privacy Policy, You should immediately cease use of the Site and the Services.