In today's cloud-native world, there are two lightweight code execution sandboxes/virtual machines that are very hot: eBPF and WebAssembly . Both are capable of running high-performance bytecode programs compiled from C, C++, and Rust.
However, the biggest difference is that eBPF runs in the Linux kernel, while WebAssembly runs in user space. eBPF has some programming limitations that make it safe in kernel use cases (for example, no infinite loops). But this also means that eBPF is not Turing complete. By contrast, WebAssembly is a Turing-complete language with extensions that can break the sandbox and access native OS libraries.
Generally speaking, eBPF is suitable for network or security related tasks, while WebAssembly is very suitable for commercial applications. But there is overlap.
First, there are some attempts to run WebAssembly in the Linux kernel . However, it was largely unsuccessful. eBPF is a better choice in this application scenario.
However, WebAssembly programs can handle many kernel-like tasks. WebAssembly can be AOT compiled into native applications. WasmEdge Runtime from CNCF is a good LLVM-based cloud-native WebAssembly compiler. Native apps incorporate all sandbox checks into the native library, which allows WebAssembly programs to behave like a standalone unikernel "library OS".
Additionally, such AOT-compiled sandboxed WebAssembly applications can run on microkernel operating systems such as seL4 and can take over many "kernel-level" tasks.
While WebAssembly can go down to the kernel level, eBPF can also go up to the application level. For example, service mesh proxies typically support WebAssembly as an extension mechanism . Since these proxies are basically network applications, some extensions can be written in eBPF to achieve higher performance and scalability without compromising security and scalability.
In a service mesh application scenario, WebAssembly is great for sidecar microservice applications , while eBPF is great for routing API traffic through a proxy and monitoring the entire application.
The rise of eBPF and WebAssembly is good news for developers. We have more tools to manage and program increasingly complex infrastructures. Rust has become the leading programming language for both virtual machines because it is powerful and can be compiled to machine code by LLVM without additional runtime support.
So in the end, developers only need to care about Rust API and compile Rust programs into eBPF and WebAssembly according to deployment needs. Rust is the answer.