Wasmbox
Wasmbox is full WebAssembly runtime for Unity, based on Wasmtime. WebAssembly (WASM) makes it possible to execute compiled code (e.g. C, C++ or Rust) in a safe and secure sandbox - providing high performance, safe execution of potentially untrusted code, cross platform portability and deterministic execution.
Why would you want this? How about:
- Executing mods in a safe sandbox.
- Sharing mods between users without any security concerns.
- Running a plugin written in a non-C# language (e.g. Rust) on multiple platforms without recompiling.
- Adding user scripting by running an entire language runtime (e.g. Python) in a "virtual" machine.
- Executing game code in a totally deterministic runtime for easy lockstep multiplayer.
How Fast Is It?
WebAssembly is designed for near native performance. Benchmarks show Wasmtime achieves approximately the same performance as C# - usually faster than Mono (Unity) and usually slower than the latest modern runtime (e.g. dotnet 7.0). Wasmbox squeezes out the maximum performance by automatically optimising, precompiling and compressing WASM as part of the asset importing process.
How Safe Is It?
All WebAssembly code is executed in a completely memory-safe sandboxed environment - by default nothing is accessible to code running inside the sandbox. Creating new sandboxes is fast and easy, allowing multiple different bits of WASM code to be sandboxed from each other. Additional resources can be made available inside the sandbox if necessary - this can be as simple as a single C# method that can be called from inside the sandbox, or it can be as complex as an entire virtual filesystem.
How Easy Is It?
WebAssembly files (WASM/WAT format) are imported through the standard Unity asset pipeline. Just drop them into your Assets folder, and Wasmbox will bring them into your project and automatically generate a C# wrapper for your WASM module. This includes support for the Unity Job/Safety System, allowing WASM code to be executed off the main thread. Wasmbox includes a MonoBehaviour based script which handles all of the complex work of loading and invoking WASM for you.