Tutorial at PLDI 2019

Thanks for the great participation to everyone! If you couldn’t make it to PLDI or want to follow-up on your own, all the materials are available online, see below.

At a Glance

Title: Dynamically Analyzing WebAssembly with Wasabi.
Where: Room 105C at PLDI 2019 in Phoenix, AZ, USA.
When: Sunday, 23 June 2019, 9am – 12:30pm.

More Details

Abstract: WebAssembly is the new binary instruction format for the web, finally giving an alternative to JavaScript as the only portable programming language supported by web browsers. An important way of analyzing WebAssembly applications will be dynamic analyses, but implementing a dynamic analysis from scratch is non-trivial.

This tutorial gives a gentle introduction to Wasabi, a general-purpose framework for easily implementing heavyweight dynamic analyses of WebAssembly code. Wasabi is based on ahead-of-time byte code instrumentation, which inserts calls to analysis hooks in between the original program’s instructions. These hooks, written in JavaScript by the analysis author, enable the implementation of powerful dynamic analyses, e.g., taint analysis, memory profilers, coverage measurements, or detectors of cryptocurrency mining.

The tutorial will explain the design of Wasabi and give a hands-on introduction to writing dynamic analysis for WebAssembly. Participants will run a simple web application containing WebAssembly code, apply Wasabi to it, and implement a sequence of increasingly complex analyses under the guidance of the creators of Wasabi.

To learn more about Wasabi, you can follow the introduction here.

Schedule:

Audience: Researchers and practitioners interested in

  1. WebAssembly,
  2. binary instrumentation,
  3. dynamic analysis, and/or
  4. how to write dynamic analyses in Wasabi and apply them to real-world web applications.

Materials

Prerequisites: To do all tasks of the tutorial, the following software is required. You can either (A) download a VirtualBox machine with all dependencies installed from https://drive.google.com/open?id=1wpMfaEJTu8DO_h5f2ejNKM-HUxs64BrI, or (B) install the following software on your own machine (see the links for the respective official installation instructions):

Slides of the “talk” part of our tutorial are available here. They give some minimal background on WebAssembly and documentation on the analysis API (mostly the analysis hooks) of Wasabi.

Tasks: The hands-on exercises (i.e., step-by-step READMEs and input programs) are in the Wasabi repository under tutorial/. In total there are 4 tasks with various subtasks: The first task is for getting started with WebAssembly, the remaining three tasks are about using Wasabi.

Organizers

Daniel Lehmann, TU Darmstadt

Daniel is a second-year PhD student interested in program analysis, programming languages, and security. He is the main developer of Wasabi, a general-purpose dynamic analysis framework for WebAssembly. Beyond that, Daniel has worked on automatic testing of JavaScript debuggers and on using return-oriented programming to circumvent course-grained control-flow integrity protection for native programs.

Michael Pradel, TU Darmstadt

Michael is an assistant professor at TU Darmstadt, which he joined after a PhD at ETH Zurich and a post-doc at UC Berkeley. His research interests span software engineering, programming languages, security, and machine learning, with a focus on tools and techniques for building reliable, efficient, and secure software. In particular, he is interested in dynamic program analysis, test generation, concurrency, performance profiling, JavaScript-based web applications, and machine learning-based program analysis.