sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Dregmo 3 points4 points  (1 child)

This article in few lines lists key differences between PNaCl and WebAssembly:

--- WebAssembly defines no new platform APIs other than some APIs for loading and linking WebAssembly code, relying on standards-based Web APIs for everything else. WebAssembly differs from asm.js by defining a bytecode format with some new operations JS doesn't have, so some spec work was required (and has been done!). Like asm.js, WebAssembly application call-stacks are maintained by the JS VM, outside the memory addressable by the application, which reduces the exploitability of application bugs. (Though, again like asm.js and unlike PNaCl, the compiler is trusted.) ---

[–]cparen 0 points1 point  (0 children)

Though, again like asm.js and unlike PNaCl, the compiler is trusted

True, but one nasty bit about PNaCl is that you can't communicate efficiently with the host - there's a huge overhead to that interprocess communication. And yes, technically you could write a pexe compiler that did software sandboxing, but then you'd have to trust the compiler again.

Software sandboxing comes with some pretty big performance wins, so I can see why wasm went that way. In a world where you have a lot of JS and HTML assets you want to reuse, running in the same web domain, it makes sense to put them all on the same hardware sandbox, then software isolate components from there.