Ruby upgrade improves WebAssembly support

An upcoming version of the Ruby language enhances the capabilities of WebAssembly, the popular binary format intended to improve the performance of web applications.

Unveiled on April 3, Ruby 3.2.0 Preview 1 offers an initial port of WebAssembly support based on WebAssembly System Interface (WASI). This allows a CRuby binary to run in web browsers, serverless edge environments, and other WASI integrators. WASI support encourages developers to use CRuby in a WebAssembly environment. An example use case is Try Ruby CRuby support for playground.

Ruby 3.2.0 preview can be downloaded from the Ruby language website.

Elaborating on WebAssembly support, the developers of Ruby said that WebAssembly, or Wasm, was originally introduced to run programs safely and quickly in browsers. But its purpose – to run programs efficiently and securely in various environments – is sought not only by the web, but by general applications. WASI is designed for such use cases. While many applications need to communicate with operating systems, WebAssembly runs in a virtual machine that has no system interface. WASI standardizes this interface.

Ruby developers have warned that WASI and WebAssembly currently lack functionality to implement fiber, exceptions, and garbage collection, due to continuous evolution and security concerns. CRuby fills the void by using Asyncify, a binary transformation technique used to control execution. Ruby developers also created a virtual filesystem layer on top of WASI to bundle Ruby applications into a single .wasm file, making it easier to distribute Ruby applications.

Ruby’s own WebAssembly efforts follow the development of Wasmer’s Rubya WebAssembly runtime environment for Ruby based on Wasmer, which provides server-side functionality for WebAssembly.

Ruby 3.2.0 also improves performance, moves the Find pattern out of the experimental phase, and introduces timeout functionality for Regexp matching. The timeout feature is intended as a safety protection in cases where regular expression matching takes a long time. If the code attempts to match a potentially inefficient Regexp with an untrusted input, an attacker can exploit it, resulting in a denial of service.

Copyright © 2022 IDG Communications, Inc.

Comments are closed.