Dagstuhl Seminar 23101
Foundations of WebAssembly
( Mar 05 – Mar 10, 2023 )
Permalink
Organizers
- Karthikeyan Bhargavan (INRIA - Paris, FR)
- Jonathan Protzenko (Microsoft - Redmond, US)
- Andreas Rossberg (München, DE)
- Deian Stefan (University of California - San Diego, US)
Contact
- Andreas Dolzmann (for scientific matters)
- Christina Schwarz (for administrative matters)
WebAssembly - commonly known as Wasm - is a modern, portable code format and execution environment with a formal semantics that enforces safety and isolation. Though initially designed to run native, high-performance applications in Web browsers, Wasm is now used in many other applications domains - from CDNs to serverless, IoT, library sandboxing, and smart contracts. Wasm is one of the rare cases where practitioners are collaborating with the semantics and programming languages research community. This was exemplified by the initial design of Wasm itself, a collaboration with academia that culminated in a PLDI paper. The popularity of Wasm has since been growing exponentially as a platform for new application domains, as a target for compilers and languages, and as a subject of active scientific research – from its future semantics to its performance, and its use in building verified and secure systems.
This Dagstuhl Seminar brought together leading academics and industry representatives currently involved in the design, implementation and formal study of Wasm. It was a forum to exchange ideas that set new directions for WebAssembly research. The main focus was around three topics:
Formal methods for Wasm revolves around formalizing, reasoning and proving properties about Wasm itself. There are many WebAssembly extensions (e.g., bulk memory operations and vector instructions) which can benefit from formal semantics. Since Wasm is not a standalone language, there also is need to develop formal methods to reason about its interaction with the operating system, the execution of JITed Wasm code, etc. Finally, logics are needed that will allow us to formally capture interesting properties beyond what current work handles.
Verified Compilation to Wasm focusses on Wasm as a target of verified compilation toolchains. Wasm is positioned as a viable candidate for verified and secure compilation and we established that the clean design of Wasm offers greater simplicity when it comes to verifying a compilation toolchain – in particular, simpler and shorter proofs of compiler correctness and security.
Verified Compilation of Wasm studies the compilation of WebAssembly to native code, i.e., how to securely and correctly compile WebAssembly code to machine code. Wasm is growing rapidly, and is used on the Web and beyond (e.g., embedded systems, edge computing, IoT, and even OS kernels), and across different platforms and toolchains.
One particularly noteworthy result of the seminar was the birth of a new project that resulted in a collaboration between various participants of the seminar: to create a domain-specific language (DSL) for authoring the official Wasm specification. This project will enable creating a single source of truth for generating both the formalism and the alternative prose description in the standard, as well as transformations to representations in various theorem provers or executable reference interpreters that process the Wasm semantics for formal methods.
WebAssembly is a modern, portable binary format and execution environment with a formal semantics that enforces safety and isolation. Though initially designed to run native, high-performance applications in Web browsers, WebAssembly is now used in many other applications domains – from CDNs to serverless, IoT, library sandboxing, and smart contracts.
WebAssembly is one of the rare cases where practitioners are collaborating with the semantics and programming languages research community. This was exemplified by the initial design of WebAssembly itself, a collaboration with academia that culminated in a PLDI paper. The popularity of WebAssembly has since been growing exponentially as a platform for new application domains, as a target for compilers and languages, and as a subject of active scientific research – from its future semantics to its performance, and its use in building verified and secure systems.
The goal of this Dagstuhl Seminar is to bring together leading academics and industry representatives currently involved in the design, implementation and formal study of WebAssembly. By materializing a loose community of academics with related interests, we hope to set new directions for WebAssembly research while creating a forum to exchange ideas and increase visibility of this growing field. By bringing in industry experts, we hope to strengthen engagement with academia and renew a fruitful engagement, ensuring the input from formalists keeps informing the ongoing evolutions of Wasm.
We propose to bring the WebAssembly and Formal Methods communities together by focusing this Dagstuhl Seminar around three topics:
Formal methods for WebAssembly will revolve around formalizing, reasoning and proving properties about WebAssembly itself. While the seminal work of Watt is immensely useful, there are many WebAssembly extensions (e.g., bulk memory operations and vector instructions) which can benefit from formal semantics. Since Wasm is not a standalone language, we also need to develop formal methods to reason about its interaction with the operating system, the execution of JITed WebAssembly code, etc. Finally, we need logics that will allow us to formally capture interesting properties beyond what current work handles.
Verified Compilation to WebAssembly will focus on WebAssembly as a target of verified compilation toolchains. We hope to position WebAssembly as a viable candidate for verified and secure compilation while establishing that the clean design of WebAssembly offers greater simplicity when it comes to verifying a compilation toolchain – in particular, simpler and shorter proofs of compiler correctness and security.
Verified Compilation of WebAssembly will study the compilation of WebAssembly to native code, i.e., how to securely and correctly compile WebAssembly code to machine code. Since Wasm is growing rapidly, these efforts will focus on Wasm as used on the Web and beyond (e.g., embedded systems, edge computing, IoT, and even OS kernels), and across different platforms and toolchains.
By bringing together academics and language and compiler designers, we hope to identify grand challenges for formal verification that can be enabled by WebAssembly. At the same time, we hope that bringing academics and industry members together will also identify research problems for the still-evolving bytecode that that industry has not yet solved.
- Amal Ahmed (Northeastern University - Boston, US) [dblp]
- Léo Andrès (University Paris-Saclay - Orsay, FR)
- Karthikeyan Bhargavan (INRIA - Paris, FR) [dblp]
- Joachim Breitner (Freiburg, DE) [dblp]
- Javier Cabrera Arteaga (KTH Royal Institute of Technology - Stockholm, SE) [dblp]
- Pierre Chambart (Société OCamlPro SAS - Paris, FR) [dblp]
- Martin Fink (TU München - Garching, DE) [dblp]
- José Fragoso Santos (INESC-ID - Lisbon, PT) [dblp]
- Philippa Gardner (Imperial College London, GB) [dblp]
- Aïna Linn Georges (Aarhus University, DK) [dblp]
- Arjun Guha (Northeastern University - Boston, US & Roblox Research - San Mateo, US) [dblp]
- Reiner Hähnle (TU Darmstadt, DE) [dblp]
- Daniel Hillerström (Huawei Technologies - Zürich, CH) [dblp]
- Evan Johnson (University of California - San Diego, US) [dblp]
- Daniel Lehmann (Universität Stuttgart, DE & Google - München, DE) [dblp]
- Sam Lindley (University of Edinburgh, GB) [dblp]
- Tyler McMullen (Fastly - San Francisco, US) [dblp]
- Lucy Menon (Northeastern University - Boston, US)
- Shravan Narayan (University of California - San Diego, US) [dblp]
- Luna Phipps-Costin (Northeastern University - Boston, US) [dblp]
- Jean Pichon-Pharabod (Aarhus University, DK) [dblp]
- Michael Pradel (Universität Stuttgart, DE) [dblp]
- Matija Pretnar (University of Ljubljana, SI) [dblp]
- Jonathan Protzenko (Microsoft - Redmond, US) [dblp]
- Andreas Rossberg (München, DE) [dblp]
- Claudio Russo (DFINITY Foundation - Zürich, CH) [dblp]
- Sukyoung Ryu (KAIST - Daejeon, KR) [dblp]
- Markus Scherer (TU Wien, AT) [dblp]
- Sabine Schmaltz (Tarides - Paris, FR) [dblp]
- Till Schneidereit (Fermyon - Heidelberg, DE)
- KC Sivaramakrishnan (Tarides - Paris, FR) [dblp]
- Deian Stefan (University of California - San Diego, US) [dblp]
- Michelle Thalakottur (Northeastern University - Boston, US)
- David Thien (University of California - San Diego, US) [dblp]
- Ben L. Titzer (Carnegie Mellon University - Pittsburgh, US) [dblp]
- Alexa VanHattum (Cornell University - Ithaca, US) [dblp]
- Marco Vassena (Utrecht University, NL) [dblp]
- Luke Wagner (Fastly - San Francisco, US) [dblp]
- Conrad Watt (University of Cambridge, GB) [dblp]
- Dongjun Youn (KAIST - Daejeon, KR) [dblp]
Related Seminars
- Dagstuhl Seminar 25241: Utilising and Scaling the WebAssembly Semantics (2025-06-09 - 2025-06-13) (Details)
Classification
- Cryptography and Security
- Logic in Computer Science
- Programming Languages
Keywords
- WebAssembly
- Software Verification
- Software-fault Isolation
- Just-in-Time Compilers
- Formal Methods