Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries

Quentin Stiévenart; Dave Binkley; Coen De Roover

doi:10.1145/3510003.3510070

Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries

Quentin Stiévenart, Dave Binkley, Coen De Roover

Research output: Chapter in Book/Report/Conference proceeding › Conference paper

2 Citations (Scopus)

Abstract

The recently introduced WebAssembly standard aims to be a portable compilation target, enabling the cross-platform distribution of programs written in a variety of languages.
We propose an approach to slice WebAssembly programs in order to enable applications in reverse engineering, code comprehension, and security among others.
Given a program and a location in that program, program slicing produces a minimal version of the program that preserves the behavior at the given location.
Specifically, our approach is a static, intra-procedural, backwards slicing approach that takes into account WebAssembly-specific dependences to identify the instructions of the slice.
To do so it must correctly overcome the considerable challenges of performing dependence analysis at the binary level.
Furthermore, for the slice to be executable, the approach needs to ensure that the stack behavior of its output complies with WebAssembly's validation requirements.
We implemented and evaluated our approach on a suite of 8,386 real-world WebAssembly binaries, finding that the average size of the 97,728,325 slices computed is 46% of the original code,
an improvement over the 60% attained by related work on slicing ARM binaries.
To gain a more qualitative understanding of the slices produced by our approach, we compared them to 1,956 source-level slices of benchmark C programs.
This inspection helps to illustrate the slicer's strengths and to uncover potential future improvements.

Original language	English
Title of host publication	The 44th International Conference on Software Engineering (ICSE 2022)
Publisher	ACM
Pages	2031-2042
Number of pages	12
ISBN (Electronic)	9781450392211
DOIs	https://doi.org/10.1145/3510003.3510070
Publication status	Published - 2022
Event	The 44th International Conference on Software Engineering - Pittsburgh, PA, United States Duration: 21 May 2022 → 29 May 2022

Publication series

Name	Proceedings - International Conference on Software Engineering
Volume	2022-May
ISSN (Print)	0270-5257

Conference

Conference	The 44th International Conference on Software Engineering
Abbreviated title	ICSE 2022
Country	United States
City	Pittsburgh, PA
Period	21/05/22 → 29/05/22

Keywords

program analysis
program slicing
WebAssembly
binary analysis

Access to Document

10.1145/3510003.3510070

1 Finished

VLAAI2: Subsidie Onderzoeksprogramma "Cybersecurity Initiative Flanders"
De Meuter, W., Devriese, D., Gonzalez Boix, E. & De Roover, C.
1/09/19 → 31/12/22
Project: Applied

ICSE 2022 Best Artifact Award
Stiévenart, Quentin (Recipient), Binkley, D. (Recipient) & De Roover, Coen (Recipient), 2022
Prize: Prize (including medals and awards)

Cite this

@inproceedings{fc8249f0708e4cb4b841175d4e7c64ee,

title = "Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries",

abstract = "The recently introduced WebAssembly standard aims to be a portable compilation target, enabling the cross-platform distribution of programs written in a variety of languages.We propose an approach to slice WebAssembly programs in order to enable applications in reverse engineering, code comprehension, and security among others.Given a program and a location in that program, program slicing produces a minimal version of the program that preserves the behavior at the given location.Specifically, our approach is a static, intra-procedural, backwards slicing approach that takes into account WebAssembly-specific dependences to identify the instructions of the slice.To do so it must correctly overcome the considerable challenges of performing dependence analysis at the binary level.Furthermore, for the slice to be executable, the approach needs to ensure that the stack behavior of its output complies with WebAssembly's validation requirements.We implemented and evaluated our approach on a suite of 8,386 real-world WebAssembly binaries, finding that the average size of the 97,728,325 slices computed is 46% of the original code,an improvement over the 60% attained by related work on slicing ARM binaries.To gain a more qualitative understanding of the slices produced by our approach, we compared them to 1,956 source-level slices of benchmark C programs.This inspection helps to illustrate the slicer's strengths and to uncover potential future improvements.",

keywords = "program analysis, program slicing, WebAssembly, binary analysis",

author = "Quentin Sti{\'e}venart and Dave Binkley and {De Roover}, Coen",

year = "2022",

doi = "10.1145/3510003.3510070",

language = "English",

series = "Proceedings - International Conference on Software Engineering",

publisher = "ACM",

pages = "2031--2042",

booktitle = "The 44th International Conference on Software Engineering (ICSE 2022)",

note = "The 44th International Conference on Software Engineering, ICSE 2022 ; Conference date: 21-05-2022 Through 29-05-2022",

}

Stiévenart, Q, Binkley, D & De Roover, C 2022, Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries. in The 44th International Conference on Software Engineering (ICSE 2022). Proceedings - International Conference on Software Engineering, vol. 2022-May, ACM, pp. 2031-2042, The 44th International Conference on Software Engineering, Pittsburgh, PA, United States, 21/05/22. https://doi.org/10.1145/3510003.3510070

Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries. / Stiévenart, Quentin; Binkley, Dave; De Roover, Coen.

The 44th International Conference on Software Engineering (ICSE 2022). ACM, 2022. p. 2031-2042 (Proceedings - International Conference on Software Engineering; Vol. 2022-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper

TY - GEN

T1 - Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries

AU - Stiévenart, Quentin

AU - Binkley, Dave

AU - De Roover, Coen

PY - 2022

Y1 - 2022

N2 - The recently introduced WebAssembly standard aims to be a portable compilation target, enabling the cross-platform distribution of programs written in a variety of languages.We propose an approach to slice WebAssembly programs in order to enable applications in reverse engineering, code comprehension, and security among others.Given a program and a location in that program, program slicing produces a minimal version of the program that preserves the behavior at the given location.Specifically, our approach is a static, intra-procedural, backwards slicing approach that takes into account WebAssembly-specific dependences to identify the instructions of the slice.To do so it must correctly overcome the considerable challenges of performing dependence analysis at the binary level.Furthermore, for the slice to be executable, the approach needs to ensure that the stack behavior of its output complies with WebAssembly's validation requirements.We implemented and evaluated our approach on a suite of 8,386 real-world WebAssembly binaries, finding that the average size of the 97,728,325 slices computed is 46% of the original code,an improvement over the 60% attained by related work on slicing ARM binaries.To gain a more qualitative understanding of the slices produced by our approach, we compared them to 1,956 source-level slices of benchmark C programs.This inspection helps to illustrate the slicer's strengths and to uncover potential future improvements.

AB - The recently introduced WebAssembly standard aims to be a portable compilation target, enabling the cross-platform distribution of programs written in a variety of languages.We propose an approach to slice WebAssembly programs in order to enable applications in reverse engineering, code comprehension, and security among others.Given a program and a location in that program, program slicing produces a minimal version of the program that preserves the behavior at the given location.Specifically, our approach is a static, intra-procedural, backwards slicing approach that takes into account WebAssembly-specific dependences to identify the instructions of the slice.To do so it must correctly overcome the considerable challenges of performing dependence analysis at the binary level.Furthermore, for the slice to be executable, the approach needs to ensure that the stack behavior of its output complies with WebAssembly's validation requirements.We implemented and evaluated our approach on a suite of 8,386 real-world WebAssembly binaries, finding that the average size of the 97,728,325 slices computed is 46% of the original code,an improvement over the 60% attained by related work on slicing ARM binaries.To gain a more qualitative understanding of the slices produced by our approach, we compared them to 1,956 source-level slices of benchmark C programs.This inspection helps to illustrate the slicer's strengths and to uncover potential future improvements.

KW - program analysis

KW - program slicing

KW - WebAssembly

KW - binary analysis

UR - http://www.scopus.com/inward/record.url?scp=85133496958&partnerID=8YFLogxK

U2 - 10.1145/3510003.3510070

DO - 10.1145/3510003.3510070

M3 - Conference paper

T3 - Proceedings - International Conference on Software Engineering

SP - 2031

EP - 2042

BT - The 44th International Conference on Software Engineering (ICSE 2022)

PB - ACM

T2 - The 44th International Conference on Software Engineering

Y2 - 21 May 2022 through 29 May 2022

ER -

Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Projects

VLAAI2: Subsidie Onderzoeksprogramma "Cybersecurity Initiative Flanders"

Prizes

ICSE 2022 Best Artifact Award

Cite this