Random Testing of the WebAssembly System Interface

Honors Bachelors Thesis , University of Utah. 2024.

abstract

The WebAssembly System Interface (WASI) enables WebAssembly (Wasm) programs to interact with the facilities of the computer on which the Wasm program runs. This greatly expands Wasm’s utility and power outside of the browser, but greater capability increases the risk of vulnerabilities that arise when Wasm runtimes are not implemented correctly. This is especially important given Wasm’s emphasis on security. It is therefore necessary to thoroughly test implementations of WASI. We evaluate the effectiveness of random testing for finding bugs in implementations of WASI. We create a system to perform differential testing on Wasm runtimes. This system randomly generates Rust test cases that invoke system calls and compiles them to x86 assembly and Wasm. If the runtime behavior of these executables differ, we expect that there is a bug in one of the systems under test (SUT). We evaluate the effectiveness of our random testing framework by analyzing the bugs it discovers in WASI-compliant runtimes.