papers related to WebAssembly / WASM

[Jacarte]

Moving GDocs notes on related works:

• 2018

  • A Synthesizing Superoptimizer
  • Wasabi: A Framework for Dynamically Analyzing WebAssembly First tool for dynamic analysis of webassembly modules, implemented in RUST. Calling callbacks to JS context decrease performance. They show a decrement between 49x and 163x from the original execution time values. Tool

• 2017

  • Learning to super-optimize programs
• 2016
  • GREENTHUMB: Superoptimizer Construction Framework
• 2013
  • STOKE

...

• 1987
  • Superoptimizer: a look at the smallest program (Seed)

[monperrus]

Make jit-spray great again https://www.usenix.org/system/files/conference/woot18/woot18-paper-gawlik.pdf

"As the source code is shared between ASM.JS and WebAssembly, this defense scheme (also known as allocation randomization) is also used for WebAssembly code allocations in Mozilla Firefox"

[Jacarte]

SOIL Single Open Intermediate Language project

[bbaudry]

constant time webassembly https://pdfs.semanticscholar.org/3887/6d86e5e7851181efc9ed3bf15765c0b59bb1.pdf

"enables developers to implement crypto algo-rithms whose security guarantees will be preserved throughcompiler optimizations and execution in the browser."

[jianguda]

Future Directions for Optimizing Compilers https://arxiv.org/abs/1809.02161

"examines the problem of making optimizing compilers faster, less buggy, and more capable of generating high-quality output."

[jianguda]

TASO: Optimizing Deep Learning Computation with Automatic Generation of Graph Substitutions https://cs.stanford.edu/~matei/papers/2019/sosp_taso.pdf

"We propose TASO, the first DNN computation graph op- timizer that automatically generates graph substitutions. TASO takes as input a list of operator specifications and generates candidate substitutions using the given operators as basic building blocks. All generated substitutions are formally verified against the operator specifications using an automated theorem prover. To optimize a given DNN computation graph, TASO performs a cost-based backtracking search, applying the substitutions to find an optimized graph, which can be directly used by existing DNN frameworks."

[monperrus]

Guided just-in-time specialization https://www.sciencedirect.com/science/article/pii/S0167642318303058?dgcid=rss_sd_all

JavaScript's portability across a vast ecosystem of browsers makes it today a core building block of the web. Yet, building efficient systems in JavaScript is still challenging. Because this language is so dynamic, JavaScript programs provide little information that just-in-time compilers can use to carry out safe optimizations. Motivated by this observation, we propose to guide the JIT compiler in the task of code specialization. To this end, we have augmented the language with an annotation that indicates which function call sites are likely to benefit from specialization. To support the automatic annotation of programs, we have introduced a novel static analysis that identifies profitable specialization points. We have implemented our ideas in JavaScriptCore, the built-in JavaScript engine for WebKit. The addition of guided specialization to this engine required us to change it in several non-trivial ways, which we describe in this paper. Such changes let us observe speedups of up to 1.7x on programs present in synthetic benchmarks.

[bbaudry]

New Kid on the Web: A Study on thePrevalence of WebAssembly in the Wild https://www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf

[monperrus]

Nice usage of randomization in the real world

Chaos Order – Randomizing Queries to Uncover Order-Dependency https://www.simplethread.com/chaos-order-randomizing-queries-uncover-order-dependency/

[monperrus]

Obfuscating JS code with WebAssembly hybrid inclusion https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8901223

[shrin18]

WASABI: http://software-lab.org/publications/Wasabi_arXiv_1808.10652.pdf

[Jacarte]

Interesting monograph about SAT and SMT solvers https://yurichev.com/writings/SAT_SMT_by_example.pdf

[jianguda]

Synthesis of Loop-free Programs (which is more general paper on program synthesis) https://www.microsoft.com/en-us/research/wp-content/uploads/2016/12/pldi11-loopfree-synthesis.pdf

Program Synthesis (survey paper summarizing the state of the art for program synthesis) https://www.microsoft.com/en-us/research/wp-content/uploads/2017/10/program_synthesis_now.pdf

[bbaudry]

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity. NDSS 2015. https://www.ics.uci.edu/~ahomescu/ndss15sidechannels.pdf

[monperrus]

Formally Verified Cryptographic Web Applications in WebAssembly https://eprint.iacr.org/2019/542.pdf

[monperrus]

Towards a WebAssembly standalone runtime on GraalVM https://dl.acm.org/doi/pdf/10.1145/3359061.3362780

[monperrus]

Gobi - WebAssembly as a Practical Path to Library Sandboxing. https://arxiv.org/pdf/1912.02285

[monperrus]

Accelerate JavaScript applications by cross-compiling to WebAssembly. https://dl.acm.org/doi/pdf/10.1145/3141871.3141873

[monperrus]

WATT - A novel web-based toolkit to generate WebAssembly-based libraries and applications. https://ieeexplore.ieee.org/iel7/8322492/8326045/08326230.pdf

[monperrus]

TruffleWasm: a WebAssembly interpreter on GraalVM (2020) https://dl.acm.org/doi/abs/10.1145/3381052.3381325

[monperrus]

SELWasm: A Code Protection Mechanism for WebAssembly https://ieeexplore.ieee.org/abstract/document/9047432/

[monperrus]

MineThrottle - Defending against Wasm In-Browser Cryptojacking. https://dl.acm.org/doi/pdf/10.1145/3366423.3380085

[monperrus]

TaintAssembly: Taint-Based Information Flow Control Tracking for WebAssembly https://arxiv.org/abs/1802.01050

Implementing taint tracking in WebAssembly as a part of the V8 Javascript Engine. https://github.com/wfus/WebAssembly-Taint

[monperrus]

WebAssembly and JavaScript Challenge: Numerical program performance using modern browser technologies and devices. http://www.sable.mcgill.ca/publications/techreports/2018-2/techrep.pdf

[Jacarte]

SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks https://wenhao1006.github.io/publication/wang-18-esorics/wang-18-esorics.pdf

[monperrus]

Read Everything Old is New Again: Binary Security of WebAssembly https://www.unibw.de/patch/papers/usenixsecurity20-wasm.pdf

Their proof-of-concept attacks are at https://github.com/sola-st/wasm-binary-security

[monperrus]

WANA: Symbolic Execution of Wasm Bytecode for Cross-Platform Smart Contract Vulnerability Detection. http://arxiv.org/pdf/2007.15510

[monperrus]

Wasmachine - Bring IoT up to Speed with A WebAssembly OS. https://ieeexplore.ieee.org/iel7/9145943/9156071/09156135.pdf

[bbaudry]

FAUST Domain Specific Audio DSP Language Compiled to WebAssembly https://hal.archives-ouvertes.fr/hal-02158925/document

[bbaudry]

Differential Fuzzing the WebAssembly. Master thesis Aalto Uni, 2020. https://aaltodoc.aalto.fi/handle/123456789/46101

https://github.com/gilanghamidy/DifferentialFuzzingWASM

[monperrus]

Wasm/k: Delimited Continuations for WebAssembly https://arxiv.org/pdf/2010.01723.pdf

[monperrus]

Developing a High-Speed Connectionless File Transfer System with WASM Based Client.

[monperrus]

Compositional Information Flow Analysis for WebAssembly Programs SCAM 2020 https://ieeexplore.ieee.org/iel7/9251915/9251922/09252076.pdf

[monperrus]

Leveraging WebAssembly for Numerical JavaScript Code Virtualization https://ieeexplore.ieee.org/iel7/6287639/8600701/08901223.pdf

[monperrus]

Discovering Vulnerabilities in WebAssembly with Code Property Graphs https://syssec.gsd.inesc-id.pt/projects/tr-wasmati.pdf

[monperrus]

WASim - Understanding WebAssembly Applications through Classification. https://dblp.org/rec/conf/kbse/RomanoW20

[orestisfl]

Swivel: Hardening WebAssembly against Spectre

https://arxiv.org/pdf/2102.12730.pdf

[monperrus]

A Self-certifying Compilation Framework for WebAssembly. https://antonxue.github.io/papers/vmcai2021-whisk.pdf