转自 HN 评论区:
WebAssembly is kind of a hack here (although a clever hack that saves a lot of effort) - the essence of what the Mozilla folks have done isn't WebAssembly, it's atrusted trustworthy compiler - by which I mean a compiler that emits trustable code, regardless of how untrusted the source is. It's a really neat idea that I hope to see more adoption of, because our current security models for software suck.
Security based on process isolation is extremely inefficient and coarse-grained - having atrusted trustworthy compiler could (eventually) massively increase performance by removing processes entirely (no more virtual memory! no more TLB flushes and misses! less task switch overhead!) and eliminating the kernel/user mode separation, with an increase in security.
"Could" because it's not clear to me if the reduction in expressiveness from our languages now to future languages with a theoreticaltrusted trustworthy compiler (all jump targets have to be known at compile-time?) will be accepted by the majority of the populace. Look at how hard it is to get people to accept borrow-checkers...
WebAssembly is kind of a hack here (although a clever hack that saves a lot of effort) - the essence of what the Mozilla folks have done isn't WebAssembly, it's a
Security based on process isolation is extremely inefficient and coarse-grained - having a
"Could" because it's not clear to me if the reduction in expressiveness from our languages now to future languages with a theoretical
