ECOOP 2022
Mon 6 June - Thu 7 July 2022 Berlin, Germany
Wed 8 Jun 2022 11:50 - 12:10 at Aurora Borealis 1 - Program Analysis 1 Chair(s): Karim Ali

WebAssembly (Wasm) is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed by the browser’s JavaScript engine with near-native speed. Despite its clear performance advantages, Wasm opens up the opportunity for bugs or security vulnerabilities to be introduced into Web programs, as pre-existing issues in programs written in unsafe languages can be transferred down to cross-compiled binaries. The source code of such binaries is frequently unavailable for static analysis, creating the demand for tools that can directly tackle Wasm code. Despite this potentially security-critical situation, there is still a noticeable lack of tool support for analysing Wasm binaries.
We present WASP, a symbolic execution engine for testing Wasm modules, which works directly on Wasm code and was built on top of a standard-compliant Wasm reference implementation. WASP was thoroughly evaluated: it was used to symbolically test a generic data-structure library for C and the Amazon Encryption SDK for C, demonstrating that it can find bugs and generate high-coverage testing inputs for real-world C applications; and was further tested against the Test-Comp benchmark, obtaining results comparable to well-established symbolic execution and testing tools for C, such as KLEE and VeriFuzz.

Wed 8 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30
Program Analysis 1Expert Discussion / Hub Talks / Research Papers at Aurora Borealis 1
Chair(s): Karim Ali University of Alberta
Software verification/program analysisExpert Discussion
Expert Discussion
P: Omer Tripp Amazon, P: Sebastian Erdweg JGU Mainz
Partial (In)Completeness in Abstract Interpretation: Limiting the Imprecision in Program AnalysisHub Talk
Hub Talks
Marco Campion University of Verona, Mila Dalla Preda University of Verona, Roberto Giacobazzi University of Verona
Link to publication DOI
Concolic Execution for WebAssemblyArtifacts Evaluated - ReusableArtifacts Evaluated - FunctionalECOOP 2022
Research Papers
Filipe Marques INESC-ID / Instituto Superior Tecnico, University of Lisbon, José Fragoso Santos INESC-ID/Instituto Superior Técnico, Portugal , Nuno Santos INESC-ID / Instituto Superior Tecnico, University of Lisbon, Pedro Adão IST-ULisboa and Instituto de Telecomunicações
Static Analysis for AWS Best Practices in Python CodeVCOOP 2022ECOOP 2022
Research Papers
Rajdeep Mukherjee Amazon Web Services, Omer Tripp Amazon, Ben Liblit Amazon, Michael Wilson Amazon Web Services