Lunatic
By combining the fault-tolerance and massive concurrency of Erlang with the capability-based security of WebAssembly, it creates a powerful programming model.
Lunatic is a single executable and runs on Windows, macOS and Linux. It spawns lightweight processes from WebAssembly modules that have their own heap/stack. These processes are preemptively scheduled on a multi-threaded executor.
Lunatic's design is all about super lightweight processes. Processes are fast to create, have a small memory footprint and a low scheduling overhead. They are designed for massive concurrency.
Lunatic sits between your operating system and the running processes. This allows it to decide on a per process basis what syscalls are going to be forwarded to the operating systems.
If you would like to run some untrusted code, you can. Just spawn it inside of a process without any privileges.
Lunatic is an open source project licensed under the MIT/Apache license. You can check out the code on Github.
Lunatic builds on WebAssembly's security. We all use unaudited third-party libs that get deployed with our code, Lunatic can use capability based security to limit them.
Lunatic supports Wasmer or Wasmtime to just-in-time compile your Wasm to machine code. LLVM and Cranelift are supported as code generators. When LLVM is used, runtime performance is roughly equal to native code.
We want to support all languages that compile to Wasm. Some are better suited for Lunatic's use-cases. Currently, we are focused on Rust and AssemblyScript.
You have the freedom to architecture your app in any way you want. Ideally you should be able to compile your existing app to Wasm and enjoy some benefits of Lunatic.
Lunatic processes are completely isolated, with a per-process stack and heap. If a process crashes, it won't affect others in the runtime.