Ethan Stanley and Eric Eide

40th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2025.

© Copyright 2025 IEEE

View BibTeX.

areas
Languages, Software Testing, Middleware

abstract

The WebAssembly Component Model is an emerging standard for assembling applications from parts that are implemented in WebAssembly. Unlike ordinary WebAssembly modules, components implement their interfaces in a standardized way, enabling the interoperation of software parts compiled to WebAssembly from different programming languages. A component essentially wraps an ordinary module with binding code, created by a WebAssembly Interface Type (WIT) binding generator, to adapt the module to the WebAssembly component standard. Errors in the generation of binding code can lead to hard-to-diagnose run-time errors, including crashes and silent data corruption, in applications built from WebAssembly components. Prior published work on WebAssembly testing has focused on finding bugs in WebAssembly compilers and runtimes, and has overlooked the potential for bugs in the generation of binding code. In this experience paper, we detail and evaluate our approach to addressing this oversight.

We implemented a system to perform random differential testing for two WIT binding generators, called wit-bindgen and wit-bindgen-go. Our system uses these binding generators to produce multiple WebAssembly components with the same behavior from programs written in different high-level languages. If the components' run-time behaviors differ, we expect that there is a bug in one of the generated bindings. Using our framework, we discovered seven previously unknown code-generation defects in wit-bindgen and wit-bindgen-go. We analyze these bugs in this paper and, in addition, share lessons learned that can guide future efforts to test binding generators.