Bytecode Alliance logo

About the Bytecode Alliance

The Bytecode Alliance is an open source community dedicated to creating secure new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI).

The Bytecode Alliance is committed to establishing a capable, secure platform that allows application developers and service providers to confidently run untrusted code, on any infrastructure, for any operating system or device, leveraging decades of experience doing so inside web browsers.

We have a vision for a secure-by-default WebAssembly ecosystem for all platforms.

Our founding members are:

Join the Alliance

The Bytecode Alliance welcomes contributions and participation from across the industry.

If you want to start a conversation about how best to use our projects, participate in specific projects, or you’re interested in joining the alliance, please contact us at

hello@bytecodealliance.org

FAQ

Frequently Asked Questions

What is the Bytecode Alliance?

The Bytecode Alliance is a group of projects, organizations, and individuals working to provide state-of-the-art foundations for the development of runtime environments and language toolchains where security, efficiency, and modularity can all coexist across a wide range of devices and architectures. We enable innovation in compilers, runtimes, and tooling, focusing on fine-grained sandboxing, capabilities-based security, modularity, and standards such as WebAssembly and WASI.

Why is this an important focus right now?

Developers are running untrusted code in many new places, from the cloud to IoT devices. But this opens up many security concerns, and also portability challenges when you try to run the same code across these different systems. We don’t yet have a solid foundation to build upon.

With WebAssembly and emerging related standards such as WASI and WebAssembly Interface Types, this solid foundation is taking shape. By building this foundation, we can address some persistent fundamental issues of today’s software development practices.

Why does this require a cross-industry effort?

The problem we are attempting to solve is fundamentally a cross-industry problem. We want to allow for safe interaction and code reuse across server, edge, browser, mobile, and more platforms. These different platforms are developed by different groups across the industry. Our intent is to bring them together to solve problems for everyone.

How does this relate to standardization bodies like the W3C’s WebAssembly CG?

The Bytecode Alliance is focused on creating a shared implementation of standards produced by the WebAssembly CG and other standardization bodies.

We believe that standards are best informed by implementation. To enable this, we bring together a wide range of different use cases. Many of our contributors are also active in standardization and use this implementation experience and feedback to inform their work.

What projects are already a part of this?

Wasmtime

Wasmtime is a WebAssembly runtime. It runs WebAssembly outside of the browser, in a fast, portable, secure, and scalable way.

Wasmtime serves as the base layer for other hosts. For example, Fastly is refactoring the Lucet runtime on top of Wasmtime, and Red Hat is building a WebAssembly runtime based on Wasmtime for the Enarx project (part of the Confidential Computing Consortium).

Cranelift

Cranelift is a highly optimized code generator, focused on fast compilation. It’s used in Wasmtime for both JIT and AOT compilation, and is currently being integrated into Firefox as the optimizing compiler for WebAssembly. It’s also used as an experimental backend for the Rust compiler.

Lucet

Lucet is an AOT compiler utilizing Cranelift. It is meant specifically for low-latency, high-concurrency server-based applications of WebAssembly.

WebAssembly Micro-Runtime (WAMR)

WAMR is an interpreter based WebAssembly runtime, optimized for embedded and resource-constrained devices.

Enarx (affiliated)

Enarx is an application deployment system enabling applications to run within Trusted Execution Environments (TEEs) in a platform independent way. It's a project of the Confidential Computing Consortium that is based on Wasmtime and closely affiliated with the Bytecode Alliance.

How are these projects licensed?

The main projects are licensed under the Apache 2.0 license + LLVM exception (which ensures GPL compatibility). Some supporting projects are licensed under Apache 2.0/MIT dual license.

How do developers get involved?

Developers are encouraged to participate in any open source project in the Bytecode Alliance. Each project is governed by its own committer group. Developers who are very active in shaping a project are eligible for nomination to the project’s committer group.

Developers can also join in by integrating the Bytecode Alliance’s projects into their projects and products, and providing feedback based on their use cases.

How do organizations join the Alliance?

Organizations are encouraged to participate in the Alliance’s open source projects, and to use them in their own projects and products.

We will also have Alliance-wide governance, which will be comprised of organizational members. Once the Bytecode Alliance has been formally established and a governance model finalized, organizations that provide strong and ongoing contributions to the Alliance’s projects will be able to participate in Alliance governance.

If your organization is interested, please get in contact with us at: hello@bytecodealliance.org

How will the Alliance be governed?

An open governance model consistent with open source best practices and strong community norms will be established upon formal formation.

Which architectures and OS platforms are supported?

The Bytecode Alliance aims to cover as many hardware and OS configurations as possible. Right now, the architectures covered are:

Wasmtime and Cranelift are officially supported and tested on Linux, macOS 10.9+, and Windows 10 on x86_64, and reported to work on FreeBSD on x86_64.

Lucet is officially supported and tested on Linux and macOS 10.9+ on x86_64.

WAMR runs under Linux, macOS, Zephyr, AliOS Things, and VxWorks and has support for x86_32, x86_64, Arm, and MIPS.

Which execution modes are supported?

Different use cases are best served by different execution modes, or a mix of execution modes. Right now, the execution modes covered are:

  • Interpreter in WAMR
  • Baseline and optimizing JIT in Wasmtime through Lightbeam and Cranelift
  • AoT in Wasmtime/Cranelift and in Lucet

Full support for all these execution modes, including tiering where applicable, is planned for Wasmtime.