WebAssembly Virtual Machine
Getting Started | Building WAVM from Source | Exploring the WAVM source
WAVM uses LLVM to compile WebAssembly code to machine code with close to
native performance. It can even beat native performance in some cases, thanks to the ability to
generate machine code tuned for the exact CPU that is running the code.
WAVM also leverages virtual memory and signal handlers to execute WebAssembly’s bounds-checked
memory accesses at the same cost as a native, unchecked memory access.
WAVM prevents WebAssembly code from accessing state outside of WebAssembly virtual machine*, or
calling native code that you do not explicitly link with the WebAssembly module.
* WAVM is vulnerable to some side-channel attacks, such as Spectre variant 2. WAVM may
add further mitigations for specific side-channel attacks, but it’s impractical to guard against
all such attacks. You should use another form of isolation, such as OS processes, to protect
sensitive data from untrusted WebAssembly code.
WAVM fully supports WebAssembly 1.0, plus many proposed extensions to it:
WAVM is written in portable C/C++, with a small amount of architecture-specific assembly and LLVM
IR generation code.
WAVM is tested on and fully supports X86-64 Windows, MacOS, and Linux. It is designed to run on any
POSIX-compatible system, but is not routinely tested on other systems.
Support for AArch64 is a work-in-progress.
WAVM mostly works on AArch64 Linux, but with some known bugs with handling WebAssembly stack
overflow and partially out-of-bounds stores.
WAVM’s runtime requires a 64-bit virtual address space, and so is not portable to 32-bit hosts.
However, WAVM’s assembler and disassembler work on 32-bit hosts.