VeriWasm: SFI safety for native-compiled Wasm
This repository contains all the code and data necessary for building VeriWasm and reproducing the results presented in our NDSS'21 paper Доверя́й, но проверя́й: SFI safety for native-compiled Wasm.
WebAssembly (Wasm) is a platform-independent bytecode that offers both good performance and runtime isolation. To implement isolation, the compiler inserts safety checks when it compiles Wasm to native machine code. While this approach is cheap, it also requires trust in the compiler's correctness—trust that the compiler has inserted each necessary check, correctly formed, in each proper place. Unfortunately, subtle bugs in the Wasm compiler can break—and have broken—isolation guarantees. To address this problem, we propose verifying memory isolation of Wasm binaries post-compilation. We implement this approach in VeriWasm, a static offline verifier for native x86-64 binaries compiled from Wasm; we prove the verifier's soundness, and find that it can detect bugs with no false positives. Finally, we describe our deployment of VeriWasm at Fastly.
You first need to install several dependencies:
- nasm (to compile test cases)
- gcc (to compile test cases)
- python3 (for scripts)
Once you have these, you can build VeriWasm:
git submodule update --init --recursive
cargo build --release
To run VeriWasm on your own binaries, you just need to point it to the module you want to check:
cargo run --release -- -i <input path>
Validates safety of native Wasm code
veriwasm [FLAGS] [OPTIONS] -i <module path>
-h, --help Prints help information
-V, --version Prints version information
-j, --jobs <jobs> Number of parallel threads (default 1)
-i <module path> path to native Wasm module to validate
-o, --output <stats output path> Path to output stats file
Reproducing evaluation results
This repo contains all the infrastructure necessary for reproducing the results described in the paper. Once you build VeriWasm you can run our tests and and performance benchmarks.
Running the evaluation suite
To verify all the binaries described in the paper, except the SPEC CPU 2006 binaries (they are proprietary) and the Fastly production binaries, run:
git clone https://github.com/PLSysSec/veriwasm_public_data.git
cd veriwasm_public_data && sh setup.sh && sh build_negative_tests.sh && cd ..
cargo test --release
To get get the performance statistics for the binaries, run:
python3 graph_stats.py stats/*
To fuzz VeriWasm, you'll need to install
cmake and then build the fuzzers (and the tooling they rely on):
Then, either run the Csmith-based fuzzer:
or the Wasm-based fuzzer:
make will use four cores; you may want to change this.