The two hottest lightweight code execution sandboxes / VMs in the cloud-native world today are eBPF and WebAssembly. They both run high-performance bytecode programs compiled from C, C++, and Rust.
The biggest difference, however, is that eBPF runs inside the Linux kernel while WebAssembly runs in the user space. eBPF has some programming restrictions that makes it safe for kernel use cases (eg no infinite loops). But that also means that eBPF is Turing incomplete. WebAssembly, on the other hand, is a Turing complete language with extensions to break the sandbox and access native OS libraries.
In general, eBPF is suitable for network or security related tasks, while WebAssembly is well suited for business applications. But there are definitely overlaps.
First of all, there has been efforts to run WebAssembly in Linux kernels. However, they are largely unsuccessful. eBPF is the better choice for this use case.
However, WebAssembly programs can handle many kernel-like tasks. WebAssembly can be AOT compiled into native applications. A good example of an LLVM-based cloud native WebAssembly compiler is the WasmEdge Runtime from CNCF. The native application incorporates all the sandbox checks in a native library. That allows the WebAssembly program to behave like a self-contained unikernel “library OS”.
Furthermore, such AOT-compiled sandboxed WebAssembly application could run on a microkernel OS, such as seL4, and could take over many “kernel level” tasks.
While WebAssembly can go down to the kernel level, eBPF can also rise to the application level. For example, service mesh proxies often support WebAssembly as an extension mechanism. Since those proxies are fundamentally networking applications, some extensions can be written in eBPF for higher performance and observability without compromising safety and extensibility.
In the service mesh use case, WebAssembly is ideally suited for the sidecar microservice applications and eBPF is suited for routing API traffic through proxies and monitoring the entire application.
The rise of both eBPF and WebAssembly is good news for developers. We have more tools to manage and program the increasing complex infrastructure. Rust has emerged as the leading programming language for both virtual machines as it is high-performance and can be compiled by LLVM to machine code without additional runtime support.
So ultimately, developers just need to be concerned about the Rust API and compile Rust programs to eBPF and WebAssembly as. needed for deployment. Rust is the way.