Bringing the web up to speed with WebAssembly

The maturation of the Web platform has given rise to sophisticated and demanding Web applications such as interactive 3D visualization, audio and video software, and games. With that, efficiency and security of code on the Web has become more important than ever. Yet JavaScript as the only built-in language of the Web is not well-equipped to meet these requirements, especially as a compilation target. Engineers from the four major browser vendors have risen to the challenge and collaboratively designed a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming model, WebAssembly is an abstraction over modern hardware, making it language-, hardware-, and platform-independent, with use cases beyond just the Web. WebAssembly has been designed with a formal semantics from the start. We describe the motivation, design and formal semantics of WebAssembly and provide some preliminary experience with implementations.

[1]  Alon Zakai Emscripten: an LLVM-to-JavaScript compiler , 2011, OOPSLA Companion.

[2]  Conrad Watt,et al.  Mechanising and verifying the WebAssembly specification , 2018, CPP.

[3]  ClickCliff,et al.  A simple graph-based intermediate representation , 1995 .

[4]  David Gregg,et al.  Virtual machine showdown: stack versus registers , 2005, VEE '05.

[5]  Craig Chambers,et al.  Debugging optimized code with dynamic deoptimization , 1992, PLDI '92.

[6]  Robert F. Stärk,et al.  Java bytecode verification is not possible , 2000 .

[7]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Gordon D. Plotkin,et al.  The origins of structural operational semantics , 2004, J. Log. Algebraic Methods Program..

[9]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[10]  Manish Mahajan,et al.  Proof carrying code , 2015 .

[11]  Hanspeter Mössenböck,et al.  Memory-safe Execution of C on a Java VM , 2015, PLAS@ECOOP.

[12]  Yi Lin,et al.  Draining the Swamp: Micro Virtual Machines as Solid Foundation for Language Development , 2015, SNAPL.

[13]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[14]  ScienceYale UniversityNew Haven An Overview of the Flint/ml Compiler , 1997 .

[15]  Dinakar Dhurjati,et al.  Secure virtual architecture: a safe execution environment for commodity operating systems , 2007, SOSP.

[16]  Milo M. K. Martin,et al.  Hardbound: architectural support for spatial safety of the C programming language , 2008, ASPLOS.

[17]  Alan Donovan,et al.  PNaCl : Portable Native Client Executables , 2022 .

[18]  Gilad Bracha,et al.  The Java Virtual Machine Specification, Java SE 8 Edition , 2013 .

[19]  Alon Zakai,et al.  Bringing the web up to speed with WebAssembly , 2018, Commun. ACM.

[20]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[21]  Milo M. K. Martin,et al.  SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[22]  Úlfar Erlingsson,et al.  Language-independent sandboxing of just-in-time compilation and self-modifying code , 2011, PLDI '11.

[23]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[24]  Xavier Leroy,et al.  Java Bytecode Verification: Algorithms and Formalizations , 2003, Journal of Automated Reasoning.

[25]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[26]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[27]  Cliff Click,et al.  A Simple Graph-Based Intermediate Representation , 1995, Intermediate Representations Workshop.

[28]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[29]  Dinakar Dhurjati,et al.  SAFECode: enforcing alias analysis for weakly typed languages , 2005, PLDI '06.

[30]  Peter Lee,et al.  The TIL/ML Compiler: Performance and Safety through Types , 1996 .

[31]  David A. Gudeman,et al.  Representing Type Information in Dynamically Typed Languages , 1993 .

[32]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[33]  Milo M. K. Martin,et al.  WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking , 2014, CGO '14.

[34]  de Ng Dick Bruijn,et al.  Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem , 1972 .

[35]  Damien Doligez,et al.  The OCaml system release 4.07: Documentation and user's manual , 2013 .

[36]  Miguel Castro,et al.  Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors , 2009, USENIX Security Symposium.