Tutorial at PLDI 2019
Thanks for the great participation to everyone! If you couldn’t make it to PLDI or want to follow-up on your own, all the materials are available online, see below.
At a Glance
Title: Dynamically Analyzing WebAssembly with Wasabi.
Where: Room 105C at PLDI 2019 in Phoenix, AZ, USA.
When: Sunday, 23 June 2019, 9am – 12:30pm.
More Details
Abstract: WebAssembly is the new binary instruction format for the web, finally giving an alternative to JavaScript as the only portable programming language supported by web browsers. An important way of analyzing WebAssembly applications will be dynamic analyses, but implementing a dynamic analysis from scratch is non-trivial.
This tutorial gives a gentle introduction to Wasabi, a general-purpose framework for easily implementing heavyweight dynamic analyses of WebAssembly code. Wasabi is based on ahead-of-time byte code instrumentation, which inserts calls to analysis hooks in between the original program’s instructions. These hooks, written in JavaScript by the analysis author, enable the implementation of powerful dynamic analyses, e.g., taint analysis, memory profilers, coverage measurements, or detectors of cryptocurrency mining.
The tutorial will explain the design of Wasabi and give a hands-on introduction to writing dynamic analysis for WebAssembly. Participants will run a simple web application containing WebAssembly code, apply Wasabi to it, and implement a sequence of increasingly complex analyses under the guidance of the creators of Wasabi.
To learn more about Wasabi, you can follow the introduction here.
Schedule:
- 9am – 11am:
- Introduction to WebAssembly.
- Hands-on: compiling programs to WebAssembly.
- Introduction to Wasabi.
- Setup of Wasabi and warm-up exercises.
- (Coffee break)
- 11:20am – 12:30pm:
- Hands-on exercises on dynamic analysis with Wasabi.
Audience: Researchers and practitioners interested in
- WebAssembly,
- binary instrumentation,
- dynamic analysis, and/or
- how to write dynamic analyses in Wasabi and apply them to real-world web applications.
Materials
Prerequisites: To do all tasks of the tutorial, the following software is required. You can either (A) download a VirtualBox machine with all dependencies installed from https://drive.google.com/open?id=1wpMfaEJTu8DO_h5f2ejNKM-HUxs64BrI, or (B) install the following software on your own machine (see the links for the respective official installation instructions):
- A recent browser (for executing WebAssembly): Any Firefox or Chromium version less than a year old should suffice.
- Wasabi itself: http://wasabi.software-lab.org/#getting-started
- The transitive dependencies for Wasabi and other tools for the tutorial tasks:
- Rust compiler and cargo package manager (for compiling Wasabi, if there are errors, please use a recent stable version): https://www.rust-lang.org/tools/install.
- The usual suspects for building software: Git, a C++ compiler, CMake, make, and Python 2.7.
- WebAssembly Binary Toolkit (WABT) (for manually inspecting and assembling WebAssembly binaries): https://github.com/WebAssembly/wabt#cloning.
- Emscripten (for compiling C examples to WebAssembly): https://emscripten.org/docs/getting_started/downloads.html.
- Graphviz (not strictly necessary, but handy for generating pretty pictures of, e.g., call graphs): On Ubuntu with
sudo apt install graphviz
or in general https://www.graphviz.org/download/.
Slides of the “talk” part of our tutorial are available here. They give some minimal background on WebAssembly and documentation on the analysis API (mostly the analysis hooks) of Wasabi.
Tasks: The hands-on exercises (i.e., step-by-step READMEs and input programs) are in the Wasabi repository under tutorial/. In total there are 4 tasks with various subtasks: The first task is for getting started with WebAssembly, the remaining three tasks are about using Wasabi.
Organizers
Daniel Lehmann, TU Darmstadt
Daniel is a second-year PhD student interested in program analysis, programming languages, and security. He is the main developer of Wasabi, a general-purpose dynamic analysis framework for WebAssembly. Beyond that, Daniel has worked on automatic testing of JavaScript debuggers and on using return-oriented programming to circumvent course-grained control-flow integrity protection for native programs.
Michael Pradel, TU Darmstadt
Michael is an assistant professor at TU Darmstadt, which he joined after a PhD at ETH Zurich and a post-doc at UC Berkeley. His research interests span software engineering, programming languages, security, and machine learning, with a focus on tools and techniques for building reliable, efficient, and secure software. In particular, he is interested in dynamic program analysis, test generation, concurrency, performance profiling, JavaScript-based web applications, and machine learning-based program analysis.