research-article

Open access

Bringing the web up to speed with WebAssembly

Authors:

Andreas Rossberg,

Derek L. Schuff,

Michael Holman,

JF BastienAuthors Info & Claims

PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 185 - 200

https://doi.org/10.1145/3062341.3062363

Published: 14 June 2017 Publication History

Abstract

The maturation of the Web platform has given rise to sophisticated and demanding Web applications such as interactive 3D visualization, audio and video software, and games. With that, efficiency and security of code on the Web has become more important than ever. Yet JavaScript as the only built-in language of the Web is not well-equipped to meet these requirements, especially as a compilation target.

Engineers from the four major browser vendors have risen to the challenge and collaboratively designed a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming model, WebAssembly is an abstraction over modern hardware, making it language-, hardware-, and platform-independent, with use cases beyond just the Web. WebAssembly has been designed with a formal semantics from the start. We describe the motivation, design and formal semantics of WebAssembly and provide some preliminary experience with implementations.

References

[1]

Activex controls. https://msdn.microsoft.com/en-us/ library/aa751968(v=vs.85).aspx. Accessed: 2016-11- 14.

[2]

Adobe Shockwave Player. https://get.adobe.com/ shockwave/. Accessed: 2016-11-14.

[3]

ART and Dalvik. https://source.android.com/devices/ tech/dalvik/. Accessed: 2016-11-14.

[4]

asm.js. http://asmjs.org. Accessed: 2016-11-08.

[5]

Indexed Database API. https://www.w3.org/TR/IndexedDB/. Accessed: 2016-11-08.

[6]

LEB128. https://en.wikipedia.org/wiki/LEB128. Accessed: 2016-11-08.

[7]

PolyBenchC: the polyhedral benchmark suite. http://web. cs.ucla.edu/~pouchet/software/polybench/. Accessed: 2017-03-14.

[8]

Scimark 2.0. http://math.nist.gov/scimark2/. Accessed: 2017-03-15.

[9]

Unity benchmarks. http://beta.unity3d.com/jonas/ benchmark2015/. Accessed: 2017-03-15.

[10]

P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proceedings of the 18th Conference on USENIX Security Symposium, SSYM’09, pages 51–66, Berkeley, CA, USA, 2009. USENIX Association.

Digital Library

[11]

J. Ansel, P. Marchenko, U. Erlingsson, E. Taylor, B. Chen, D. L. Schuff, D. Sehr, C. L. Biffle, and B. Yee. Languageindependent sandboxing of just-in-time compilation and selfmodifying code. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’11, pages 355–366, New York, NY, USA, 2011. ACM.

Digital Library

[12]

C. Click and M. Paleczny. A simple graph-based intermediate representation. SIGPLAN Not., 30(3):35–49, Mar. 1995.

Digital Library

[13]

J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve. Secure Virtual Architecture: A safe execution environment for commodity operating systems. SIGOPS Oper. Syst. Rev., 41(6):351–366, Oct. 2007.

Digital Library

[14]

N. G. de Bruijn. Lambda calculus notation with nameless dummies: a tool for automatic formula manipulation with application to the Church-Rosser theorem. Indag. Math., 34:381–392, 1972.

[15]

D. Dean, E. Felten, and D. Wallach. Java security: from HotJava to Netscape and beyond. In Symposium on Security and Privacy. IEEE Computer Society Press, 1996.

Digital Library

[16]

J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. HardBound: Architectural support for spatial safety of the C programming language. SIGPLAN Not., 43(3):103–114, Mar. 2008.

Digital Library

[17]

D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: Enforcing alias analysis for weakly typed languages. SIGPLAN Not., 41(6):144–157, June 2006.

Digital Library

[18]

A. Donovan, R. Muth, B. Chen, and D. Sehr. PNaCl: Portable native client executables. Technical report, 2010.

[19]

A. Gal, C. W. Probst, and M. Franz. Complexity-based denial of service attacks on mobile-code systems. Technical Report 04-09, School of Information and Computer Science, University of California, Irvine, Irvine, CA, April 2004.

[20]

M. Grimmer, R. Schatz, C. Seaton, T. Würthinger, and H. Mössenböck. Memory-safe execution of C on a Java VM. In Proceedings of the 10th ACM Workshop on Programming Languages and Analysis for Security, PLAS’15, pages 16–27, New York, NY, USA, 2015. ACM.

Digital Library

[21]

D. Gudeman. Representing type information in dynamically typed languages. Technical Report 93-27, Department of Computer Science, University of Arizona, Phoenix, Arizona, October 1993.

[22]

U. Hölzle, C. Chambers, and D. Ungar. Debugging optimized code with dynamic deoptimization. SIGPLAN Not., 27(7):32–43, July 1992.

Digital Library

[23]

T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings the USENIX Annual Technical Conference, ATEC ’02, pages 275–288, Berkeley, CA, USA, 2002. USENIX Association.

Digital Library

[24]

C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the International Symposium on Code Generation and Optimization, CGO ’04, Palo Alto, California, Mar 2004.

Digital Library

[25]

X. Leroy. Java bytecode verification: Algorithms and formalizations. J. Autom. Reason., 30(3-4):235–269, Aug. 2003.

Digital Library

[26]

X. Leroy, D. Doligez, A. Frisch, J. Garrigue, D. Rémy, and J. Vouillon. The OCaml system. INRIA, 2016.

[27]

T. Lindholm, F. Yellin, G. Bracha, and A. Buckley. The Java Virtual Machine Specification (Java SE 8 Edition). Technical report, Oracle, 2015.

Digital Library

[28]

G. Morrisett, D. Tarditi, P. Cheng, C. Stone, P. Cheng, P. Lee, C. Stone, R. Harper, and P. Lee. The TIL/ML compiler: Performance and safety through types. In In Workshop on Compiler Support for Systems Software, 1996.

[29]

G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to Typed Assembly Language. ACM TOPLAS, 21(3):527– 568, May 1999.

Digital Library

[30]

S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. WatchdogLite: Hardware-accelerated compiler-based pointer checking. In Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO ’14, pages 175:175–175:184, New York, NY, USA, 2014. ACM.

Digital Library

[31]

S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. SoftBound: Highly compatible and complete spatial memory safety for C. SIGPLAN Not., 44(6):245–258, June 2009.

Digital Library

[32]

G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’97, pages 106–119, New York, NY, USA, 1997. ACM.

Digital Library

[33]

G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proceedings of the 11th International Conference on Compiler Construction, CC ’02, pages 213– 228, London, UK, UK, 2002.

Digital Library

[34]

G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. SIGPLAN Not., 37(1):128–139, Jan. 2002.

Digital Library

[35]

B. Pierce. Types and Programming Languages. The MIT Press, Cambridge, Massachusetts, USA, 2002.

Digital Library

[36]

G. Plotkin. A structural approach to operational semantics. Journal of Logic and Algebraic Programming, 60-61:17–139, 2004.

[37]

Z. Shao. An overview of the FLINT/ML compiler. In Proc. 1997 ACM SIGPLAN Workshop on Types in Compilation (TIC’97), Amsterdam, The Netherlands, June 1997.

[38]

Y. Shi, K. Casey, M. A. Ertl, and D. Gregg. Virtual machine showdown: Stack versus registers. ACM Transactions on Architecture and Code Optimizations, 4(4):2:1–2:36, Jan. 2008.

Digital Library

[39]

R. F. Strk and J. Schmid. Java bytecode verification is not possible (extended abstract). In Formal Methods and Tools for Computer Science (Proceedings of Eurocast 2001, pages 232–234, 2001.

[40]

K. Wang, Y. Lin, S. M. Blackburn, M. Norrish, and A. L. Hosking. Draining the Swamp: Micro virtual machines as a solid foundation for language development. In 1st Summit on Advances in Programming Languages, volume 32 of SNAPL ’15, pages 321–336, Dagstuhl, Germany, 2015.

[41]

A. Wright and M. Felleisen. A syntactic approach to type soundness. Information and Computation, 115, 1994.

Digital Library

[42]

B. Yee, D. Sehr, G. Dardyk, B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Security and Privacy, Oakland ’09, IEEE, 3 Park Avenue, 17th Floor, New York, NY 10016, 2009.

Digital Library

[43]

A. Zakai. Emscripten: An LLVM-to-JavaScript compiler. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA ’11, pages 301–312, New York, NY, USA, 2011. ACM.

Digital Library

Cited By

Zhang YLiu MWang HMa YHuang GLiu X(2025)Research on WebAssembly Runtimes: A SurveyACM Transactions on Software Engineering and Methodology10.1145/3714465Online publication date: 23-Jan-2025
https://doi.org/10.1145/3714465
Fabian XPatrignani MGuarnieri MBackes M(2025)Do You Even Lift? Strengthening Compiler Security Guarantees against Spectre AttacksProceedings of the ACM on Programming Languages10.1145/37048679:POPL(893-922)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704867
Bowman WAllais GLiu Y(2025)The Ethical Compiler: Addressing the Is-Ought Gap in Compilation (Invited Talk)Proceedings of the 2025 ACM SIGPLAN International Workshop on Partial Evaluation and Program Manipulation10.1145/3704253.3706135(1-9)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3704253.3706135
Show More Cited By

Index Terms

Bringing the web up to speed with WebAssembly
1. Software and its engineering
  1. Software notations and tools
    1. Compilers
      1. Just-in-time compilers
      2. Runtime environments
    2. General programming languages
      1. Language types
        Assembly languages
  2. Software organization and properties
    1. Contextual software domains
      1. Software infrastructure
        Virtual machines

Recommendations

Bringing the web up to speed with WebAssembly
PLDI '17

The maturation of the Web platform has given rise to sophisticated and demanding Web applications such as interactive 3D visualization, audio and video software, and games. With that, efficiency and security of code on the Web has become more important ...
Weakening WebAssembly

WebAssembly (Wasm) is a safe, portable virtual instruction set that can be hosted in a wide range of environments, such as a Web browser. It is a low-level language whose instructions are intended to compile directly to bare hardware. While the initial ...
Pallene: A companion language for Lua
Highlights
- We present Pallene, a typed and ahead-of-time-compiled subset of Lua.
- Pallene ...
Abstract
The simplicity and flexibility of dynamic languages make them popular for prototyping and scripting, but the lack of compile-time type information makes it challenging to generate efficient executable code.

Inspired by ideas ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2017

708 pages

ISBN:9781450349888

DOI:10.1145/3062341

General Chair:
Albert Cohen
Inria, France
,
Program Chair:
Martin Vechev
DeepCode, Switzerland / ETH Zurich, Switzerland

ACM SIGPLAN Notices Volume 52, Issue 6
PLDI '17
June 2017
708 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3140587
Editor:
Matthew Fluet
Issue’s Table of Contents

Copyright © 2017 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PLDI '17

Sponsor:

SIGPLAN

PLDI '17: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 18 - 23, 2017

Barcelona, Spain

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

374
Total Citations
View Citations
25,223
Total Downloads

Downloads (Last 12 months)3,571
Downloads (Last 6 weeks)423

Reflects downloads up to 15 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang YLiu MWang HMa YHuang GLiu X(2025)Research on WebAssembly Runtimes: A SurveyACM Transactions on Software Engineering and Methodology10.1145/3714465Online publication date: 23-Jan-2025
https://doi.org/10.1145/3714465
Fabian XPatrignani MGuarnieri MBackes M(2025)Do You Even Lift? Strengthening Compiler Security Guarantees against Spectre AttacksProceedings of the ACM on Programming Languages10.1145/37048679:POPL(893-922)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704867
Bowman WAllais GLiu Y(2025)The Ethical Compiler: Addressing the Is-Ought Gap in Compilation (Invited Talk)Proceedings of the 2025 ACM SIGPLAN International Workshop on Partial Evaluation and Program Manipulation10.1145/3704253.3706135(1-9)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3704253.3706135
Meier WJensen MPichon-Pharabod JSpitters BStark KTimany ABlazy STabareau N(2025)CertiCoq-Wasm: A Verified WebAssembly Backend for CertiCoqProceedings of the 14th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3703595.3705879(127-139)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3703595.3705879
Narayan SGarfinkel TJohnson EYedidia ZWang YBrown AVahldiek-Oberwagner ALeMay MHuang WWang XSun MTullsen DStefan DEeckhout LSmaragdakis GLiang KSampson AKim MRossbach C(2025)Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern ArchitecturesProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707249(987-1002)Online publication date: 3-Feb-2025
https://dl.acm.org/doi/10.1145/3669940.3707249
Dharmaadi IAthanasopoulos ETurkmen F(2025)Fuzzing frameworks for server-side web applications: a surveyInternational Journal of Information Security10.1007/s10207-024-00979-w24:2Online publication date: 5-Feb-2025
https://doi.org/10.1007/s10207-024-00979-w
Fang CMiao NSrivastav SLiu JZhang RFang RAsmita Tsang RNazari NWang HHomayoun HBalzarotti DXu W(2024)Large language models for code analysisProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698947(829-846)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698947
Fang WZhou ZHe JWang WSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)StackSightProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3692591(13010-13028)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3692591
Luo ZSon SRatnasamy SShenker SGavrilovska ATerry D(2024)Harvesting memory-bound CPU stall cycles in software with MSHProceedings of the 18th USENIX Conference on Operating Systems Design and Implementation10.5555/3691938.3691942(57-75)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691938.3691942
Bakir FWang SEkaireb TPearson JKrintz CWolski R(2024)Ambience: an operating system for IoT microservicesJournal of Edge Computing10.55056/jec.786Online publication date: 5-Sep-2024
https://doi.org/10.55056/jec.786
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten