wassail (WebAssembly static analyzer and inspection library) is a toolkit to perform both lightweight and heavyweight static analysis of WebAssembly modules.
Parts of Wassail can be run in your web browser here.
-
Install opam
-
Run
opam install core_unix -
Run
opam install .
Wassail can perform a number of tasks on WebAssembly modules, both in their textual representation (.wat files) or in their binary representation (.wasm)
$ wassail imports foo.wasm
0 time i32 -> i32
1 ctime i32 -> i32
2 roundf f32 -> f32
...$ wassail exports foo.wasm
11563 atof i32 -> f64
11586 strlen i32 -> i32
11483 fopen i32, i32 -> i32
...Section sizes are reported in bytes.
$ wassail sizes foo.wasm
1962 type
8724 import
13120 func
0 table
0 memory
23 global
1316 export
0 start
9480 elem
2063620 code
507825 dataTo generate the call graph for a module foo.dot:
$ wassail callgraph benchmarks/benchmarksgame/fankuchredux.wat foo.dotOutput graph:
You can either generate a single CFG, for example to generate the CFG of function 1 from file foo.wat into foo.dot:
$ wassail cfg foo.wasm 1 foo.dotOr you can generate all CFGs in a given directory:
$ wassail cfgs foo.wat out/Example output:
Contributions are welcome! Wassail is licensed under the conditions of the GPLv3.0 license with a non-commercial usage clause.
$ make testYou can access the web interface here, or compile it for yourself as follows:
$ opam install js_of_ocaml js_of_ocaml-ppx
$ make js
$ open js/index.htmlThe following publications use Wassail:
- Compositional Information Flow Analysis for WebAssembly Programs, SCAM 2020. (pdf, video)
- Wassail: A WebAssembly Static Analysis Library, ProWeb 2021.
- Static Stack-Preserving Intra-Procedural Slicing of WebAssembly Binaries, ICSE 2022.
- Dynamic Slicing of WebAssembly Binaries, ICSME 2023.