A Program Logic for First-Order Encapsulated WebAssembly

We introduce Wasm Logic, a sound program logic for first-order, encapsulated WebAssembly. We design a novel assertion syntax, tailored to WebAssembly's stack-based semantics and the strong guarantees given by WebAssembly's type system, and show how to adapt the standard separation logic triple and proof rules in a principled way to capture WebAssembly's uncommon structured control flow. Using Wasm Logic, we specify and verify a simple WebAssembly B-tree library, giving abstract specifications independent of the underlying implementation. We mechanise Wasm Logic and its soundness proof in full in Isabelle/HOL. As part of the soundness proof, we formalise and fully mechanise a novel, big-step semantics of WebAssembly, which we prove equivalent, up to transitive closure, to the original WebAssembly small-step semantics. Wasm Logic is the first program logic for WebAssembly, and represents a first step towards the creation of static analysis tools for WebAssembly.

[1]  Martin Hofmann,et al.  A Bytecode Logic for JML and Types , 2006, APLAS.

[2]  Alon Zakai Emscripten: an LLVM-to-JavaScript compiler , 2011, OOPSLA Companion.

[3]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[4]  Tobias Nipkow,et al.  Hoare Logics for Recursive Procedures and Unbounded Nondeterminism , 2002, CSL.

[5]  Daniel Lehmann,et al.  Wasabi: A Framework for Dynamically Analyzing WebAssembly , 2018, ASPLOS.

[6]  C. A. R. Hoare,et al.  Program proving: Jumps and functions , 1972, Acta Informatica.

[7]  Tarmo Uustalu,et al.  A compositional natural semantics and Hoare logic for low-level languages , 2007, Theor. Comput. Sci..

[8]  Björn Bartels,et al.  Mechanized, Compositional Verification of Low-Level Code , 2014, NASA Formal Methods.

[9]  Philippa Gardner,et al.  Towards a program logic for JavaScript , 2012, POPL '12.

[10]  Peter W. O'Hearn,et al.  Concurrent separation logic , 2016, SIGL.

[11]  Bart Jacobs,et al.  Java Program Verification via a Hoare Logic with Abrupt Termination , 2000, FASE.

[12]  Hongseok Yang,et al.  Semantics of separation-logic typing and higher-order frame rules , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[13]  Yuan Dong,et al.  Modular Certification of Low-Level Intermediate Representation Programs , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[14]  Deian Stefan,et al.  CT-wasm: type-driven secure cryptography for the web ecosystem , 2018, Proc. ACM Program. Lang..

[15]  Conrad Watt,et al.  Mechanising and verifying the WebAssembly specification , 2018, CPP.

[16]  Viktor Vafeiadis,et al.  Relaxed separation logic: a program logic for C11 concurrency , 2013, OOPSLA.

[17]  Nick Benton A Typed, Compositional Logic for a Stack-Based Abstract Machine , 2005, APLAS.

[18]  Philippa Gardner,et al.  Footprints in Local Reasoning , 2009, Log. Methods Comput. Sci..

[19]  Hongseok Yang,et al.  Relational Parametricity and Separation Logic , 2008, Log. Methods Comput. Sci..

[20]  Andrew W. Appel,et al.  A Compositional Logic for Control Flow , 2006, VMCAI.

[21]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[22]  Kevin W. Hamlen,et al.  SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks , 2018, ESORICS.

[23]  Tarmo Uustalu,et al.  Compositional Type Systems for Stack-Based Low-Level Languages , 2006, CATS.

[24]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[25]  Lars Birkedal,et al.  A Separation Logic for Fictional Sequential Consistency , 2015, ESOP.

[26]  Raymond Lin,et al.  TaintAssembly: Taint-Based Information Flow Control Tracking for WebAssembly , 2018, ArXiv.

[27]  David von Oheimb Hoare Logic for Mutual Recursion and Local Variables , 1999, FSTTCS.

[28]  Hongseok Yang,et al.  Semantics of Separation-Logic Typing and Higher-Order Frame Rules , 2005, LICS.

[29]  Alon Zakai,et al.  Bringing the web up to speed with WebAssembly , 2017, PLDI.

[30]  Lars Birkedal,et al.  The Essence of Higher-Order Concurrent Separation Logic , 2017, ESOP.

[31]  Bertrand Meyer,et al.  Proof-Transforming Compilation of Eiffel Programs , 2008, TOOLS.

[32]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[33]  Magnus O. Myreen,et al.  Hoare Logic for Realistically Modelled Machine Code , 2007, TACAS.

[34]  Peter Müller,et al.  Proof-transforming compilation of programs with abrupt termination , 2007, SAVCBS '07.

[35]  Magnus O. Myreen,et al.  Hoare logic for ARM machine code , 2007, FSEN'07.

[36]  Nick Benton,et al.  High-level separation logic for low-level code , 2013, POPL.

[37]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[38]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[39]  Konrad Rieck,et al.  Web-based Cryptojacking in the Wild , 2018, ArXiv.

[40]  Arie de Bruin,et al.  Goto statements: semantics and deduction systems , 1981, Acta Informatica.

[41]  Lars Birkedal,et al.  Higher-Order Separation Logic in Isabelle/HOLCF , 2008, MFPS.

[42]  P. Gardner,et al.  A Program Logic for First-Order Encapsulated , 2019 .

[43]  Peter Müller,et al.  A Program Logic for Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[44]  Jonathan Aldrich,et al.  Verifying Higher-Order Imperative Programs with Higher-Order Separation Logic , 2012 .

[45]  Philippa Gardner,et al.  JaVerT: JavaScript verification toolchain , 2017, Proc. ACM Program. Lang..

[46]  Philippa Gardner,et al.  JaVerT 2.0: compositional symbolic execution for JavaScript , 2019, Proc. ACM Program. Lang..