Abstract
The recently introduced WebAssembly standard aims to be a portable compilation target, enabling the cross-platform distribution of programs written in a variety of languages.
We propose an approach to slice WebAssembly programs in order to enable applications in reverse engineering, code comprehension, and security among others.
Given a program and a location in that program, program slicing produces a minimal version of the program that preserves the behavior at the given location.
Specifically, our approach is a static, intra-procedural, backwards slicing approach that takes into account WebAssembly-specific dependences to identify the instructions of the slice.
To do so it must correctly overcome the considerable challenges of performing dependence analysis at the binary level.
Furthermore, for the slice to be executable, the approach needs to ensure that the stack behavior of its output complies with WebAssembly's validation requirements.
We implemented and evaluated our approach on a suite of 8,386 real-world WebAssembly binaries, finding that the average size of the 97,728,325 slices computed is 46% of the original code,
an improvement over the 60% attained by related work on slicing ARM binaries.
To gain a more qualitative understanding of the slices produced by our approach, we compared them to 1,956 source-level slices of benchmark C programs.
This inspection helps to illustrate the slicer's strengths and to uncover potential future improvements.
We propose an approach to slice WebAssembly programs in order to enable applications in reverse engineering, code comprehension, and security among others.
Given a program and a location in that program, program slicing produces a minimal version of the program that preserves the behavior at the given location.
Specifically, our approach is a static, intra-procedural, backwards slicing approach that takes into account WebAssembly-specific dependences to identify the instructions of the slice.
To do so it must correctly overcome the considerable challenges of performing dependence analysis at the binary level.
Furthermore, for the slice to be executable, the approach needs to ensure that the stack behavior of its output complies with WebAssembly's validation requirements.
We implemented and evaluated our approach on a suite of 8,386 real-world WebAssembly binaries, finding that the average size of the 97,728,325 slices computed is 46% of the original code,
an improvement over the 60% attained by related work on slicing ARM binaries.
To gain a more qualitative understanding of the slices produced by our approach, we compared them to 1,956 source-level slices of benchmark C programs.
This inspection helps to illustrate the slicer's strengths and to uncover potential future improvements.
| Original language | English |
|---|---|
| Title of host publication | The 44th International Conference on Software Engineering |
| Publication status | Published - 2022 |
| Event | The 44th International Conference on Software Engineering - Pittsburgh, PA, United States Duration: 21 May 2022 → 29 May 2022 |
Conference
| Conference | The 44th International Conference on Software Engineering |
|---|---|
| Abbreviated title | ICSE 2022 |
| Country | United States |
| City | Pittsburgh, PA |
| Period | 21/05/22 → 29/05/22 |