NSF Award
2409005
WebAssembly is a low-level, statically typed programming language aiming to serve as a universal compilation target for the Web. It boasts features of rapid compilation and execution, portability across languages, hardware, and platforms, and formal guarantees of type and memory safety. WebAssembly is supported on all four major browsers (i.e., Chrome, Firefox, Safari, and Edge) and compiles from several programming languages, including C, C++, C#, Rust, and Go. Despite these advantages, the direct application of WebAssembly to real-world challenges is hindered by the absence of robust static program analysis techniques within its ecosystem. This project will address this limitation by developing a generic static analysis framework for WebAssembly, facilitating the creation of a wide range of static program analyses. Successful completion of the proposed activities will be a substantial advancement in enhancing web application reliability, thereby benefiting all stakeholders within the web ecosystem. This includes improved productivity for web developers and reduced software release delays, critical assurance for web users by mitigating security problems and enhancing user experiences, and avenues for tooling developers to devise practical testing techniques specific to the WebAssembly environment. Education materials related to the static analysis of WebAssembly applications will be developed and integrated into the computer science curriculum.<br/><br/>The core focus of this project is the design, modeling, and implementation of a general-purpose static analysis framework named WAF (WebAssembly Analysis Framework), which enables a broad spectrum of static analyses for WebAssembly. This framework will be underpinned by three key intermediate representations (IRs) – WAF-Low, WAF-Mid, and WAF-High – each modeling the WebAssembly module’s semantics at distinct levels. WAF-Low streamlines the transition to higher-level IRs by reducing the number of instruction types. WAF-Mid abstracts the WebAssembly stack machine into three-address code, simplifying program analysis. WAF-High presents IR units in a concise syntax akin to high-level languages like C or JavaScript by removing unnecessary intermediate statements. Meanwhile, precise code transformation techniques will be designed to facilitate the gradual elevation between IR levels and subsequent lowering to output usable WebAssembly modules. Furthermore, the project entails the development of a myriad of applications harnessing the framework’s capabilities. These encompass research activity spanning WebAssembly program optimizations, binary decompilation, cross-language program analyses between WebAssembly and JavaScript, and traditional compiler analyses tailored to the WebAssembly paradigm.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
