Currently we have in RIOT multiple interpreters and virtual machine environments available to run code in. Most of these exist as a package in RIOT, such as WebAssembly, MicroPython and JerryScript. For these environments to be really useful for a developer, a fair set of bindings into RIOT are needed. This allows for interacting with RIOT and the outside world via network functions.
Currently there are some bindings available to RIOT-specific functions and modules. MicroPython has a fair set implement, but all environments lack bindings to make them usable out of the box.
As we have WebAssembly available for some time now, and with another VM PR’d from my side , recently, I think it is really about time to see if we can improve the situation here.
From what I’ve heard @kfessel has been working on a common system call interface for contrained devices that should work for multiple different VM environments. This should reduce the work of writing bindings to just writing VM-specific glue to this interface.
In my opinion this scaffolding should provide a way to easily glue the VM environment to these bindings and to set a number of permissions on these bindings. These permissions allow for setting rules on what an application loaded into the VM is allowed to access in terms of bindings (e.g. read sensors, but no network interaction). How fine-grained this should be is in my opinion open for discussion.
Placeholder for future ideas drafted in this topic
We got a pad Random notes on system calls - HedgeDoc