This is really cool. I've been building a GUI system in Rust that features an expression language[0] — and we ruled out using CEL a while ago because the canonical Go CEL interpreter would cost several megabytes of runtime footprint (e.g. in a WASM bundle.)
Haven't measured the footprint of cel-rust yet, but I expect it's orders of magnitude smaller than cel-go. The Go runtime itself is the culprit with cel-go.
This Rust implementation may let us port to CEL after all, while maintaining Pax's <100KB wasm footprint. Nice work!
> canonical Go CEL interpreter would cost several megabytes of runtime footprint (e.g. in a WASM bundle.)
At first blush Go seems incompatible with WASM in terms of maintaining Go's strengths—the two runtimes have different memory models and stack representations. I'm curious why one would choose Go if WASM were a target to begin with.
I don't know why people don't just use Lua. It's extremely small, can be embedded only with the Lua modules you want it to include (e.g. you do not need to provide file system access, networking etc. making it similar to CEL, just better), can be compiled to every possible target being written in standard C, is very mature and is completely open source.
The problem is that Lua is Turing complete, so you can write programs that don't halt or which take an input-dependent duration to halt. Example:
while true do
print("meow?")
end
In contrast, each CEL expression has a maximum depth which directly determines how long it takes to execute. (More precisely: by calculating the maximum costs up the expression tree from leaves to root.)
The point here is that you know (at maximum) how many instructions will be executed before running it, and so if it exceeds the limit, you can avoid running it altogether, instead of killing it midway through its execution, leaving things in an indeterminate/corrupt state.
You don't. Even non-Turing complete languages can run for an arbitrary length of time. In general Turing completeness is never a relevant property in the real world.
Well, they claim "linear time". Constant time would be impossible.
But anyway they achieve that by being much more restrictive than just "not Turing complete", e.g. you can't define functions.
It certainly sounds like an attractive feature, but how much benefit is it really to restrict a language so much that it will probably run quickly enough compared to just setting a timeout or computation limit? The only advantage I can think of is that you get some kind of computation constraints that don't depend on the data... But this is a pretty niche requirement.
It is a niche, yes. However, that niche is about adding some customizability to certain parts of a program, where Lua would be overkill. Moreover, hardening Lua, which is doable but not trivial, may be beyond the ability, interest, or simply time available to the developer. If you don't need the extra features Lua provides, why include them?
> If you don't need the extra features Lua provides, why include them?
The whole point of a feature like this is that you don't know what will be required. It's going to be pretty annoying when a user does find they need something that's impossible with CEL and they can't do it because the devs think they'll write slow code.
Lua is not very nice IMO, but I've used Rhai successfully in the past. It even has an operation limit feature already:
The games industry isn't nobody, that is how Lua got its fame, being a common scripting language, before Unreal and Unity became the only two engines most people know about.
Haven't measured the footprint of cel-rust yet, but I expect it's orders of magnitude smaller than cel-go. The Go runtime itself is the culprit with cel-go.
This Rust implementation may let us port to CEL after all, while maintaining Pax's <100KB wasm footprint. Nice work!
---
[0] https://www.pax.dev