Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Execution-Aware Program Reduction for WebAssembly via Record and Replay

Doehyun Baek, Daniel Lehmann, Ben L. Titzer, Sukyoung Ryu, Michael Pradel

TL;DR

This paper tackles the challenge of debugging WebAssembly engines by reducing large bug-triggering inputs. It introduces RR-Reduce, an execution-aware reduction technique that uses selective record-and-replay to preserve only the interactions necessary for a bug, and Hybrid-Reduce, which combines RR-Reduce with existing reducers to achieve even smaller outputs. Empirical evaluation across 28 Wasm programs demonstrates that RR-Reduce markedly lowers reduction size and time, while Hybrid-Reduce delivers the smallest results, often enabling rapid manual debugging. The work demonstrates that leveraging execution behavior yields substantial gains over traditional, execution-unaware reduction approaches, and provides open-source tooling to enable broader adoption. These methods can significantly accelerate on-demand debugging of Wasm engines and may generalize to other languages with record-and-replay capabilities.

Abstract

WebAssembly (Wasm) programs may trigger bugs in their engine implementations. To aid debugging, program reduction techniques try to produce a smaller variant of the input program that still triggers the bug. However, existing execution-unaware program reduction techniques struggle with large and complex Wasm programs, because they rely on static information and apply syntactic transformations, while ignoring the valuable information offered by the input program's execution behavior. We present RR-Reduce and Hybrid-Reduce, novel execution-aware program reduction techniques that leverage execution behaviors via record and replay. RR-Reduce identifies a bug-triggering function as the target function, isolates that function from the rest of the program, and generates a reduced program that replays only the interactions between the target function and the rest of the program. Hybrid-Reduce combines a complementary execution-unaware reduction technique with RR-Reduce to further reduce program size. We evaluate RR-Reduce and Hybrid-Reduce on 28 Wasm programs that trigger a diverse set of bugs in three engines. On average, RR-Reduce reduces the programs to 1.20 percent of their original size in 14.5 minutes, which outperforms the state of the art by 33.15 times in terms of reduction time. Hybrid-Reduce reduces the programs to 0.13 percent of their original size in 3.5 hours, which outperforms the state of the art by 3.42 times in terms of reduced program size and 2.26 times in terms of reduction time. We envision RR-Reduce as the go-to tool for rapid, on-demand debugging in minutes, and Hybrid-Reduce for scenarios where developers require the smallest possible programs.

Execution-Aware Program Reduction for WebAssembly via Record and Replay

TL;DR

This paper tackles the challenge of debugging WebAssembly engines by reducing large bug-triggering inputs. It introduces RR-Reduce, an execution-aware reduction technique that uses selective record-and-replay to preserve only the interactions necessary for a bug, and Hybrid-Reduce, which combines RR-Reduce with existing reducers to achieve even smaller outputs. Empirical evaluation across 28 Wasm programs demonstrates that RR-Reduce markedly lowers reduction size and time, while Hybrid-Reduce delivers the smallest results, often enabling rapid manual debugging. The work demonstrates that leveraging execution behavior yields substantial gains over traditional, execution-unaware reduction approaches, and provides open-source tooling to enable broader adoption. These methods can significantly accelerate on-demand debugging of Wasm engines and may generalize to other languages with record-and-replay capabilities.

Abstract

WebAssembly (Wasm) programs may trigger bugs in their engine implementations. To aid debugging, program reduction techniques try to produce a smaller variant of the input program that still triggers the bug. However, existing execution-unaware program reduction techniques struggle with large and complex Wasm programs, because they rely on static information and apply syntactic transformations, while ignoring the valuable information offered by the input program's execution behavior. We present RR-Reduce and Hybrid-Reduce, novel execution-aware program reduction techniques that leverage execution behaviors via record and replay. RR-Reduce identifies a bug-triggering function as the target function, isolates that function from the rest of the program, and generates a reduced program that replays only the interactions between the target function and the rest of the program. Hybrid-Reduce combines a complementary execution-unaware reduction technique with RR-Reduce to further reduce program size. We evaluate RR-Reduce and Hybrid-Reduce on 28 Wasm programs that trigger a diverse set of bugs in three engines. On average, RR-Reduce reduces the programs to 1.20 percent of their original size in 14.5 minutes, which outperforms the state of the art by 33.15 times in terms of reduction time. Hybrid-Reduce reduces the programs to 0.13 percent of their original size in 3.5 hours, which outperforms the state of the art by 3.42 times in terms of reduced program size and 2.26 times in terms of reduction time. We envision RR-Reduce as the go-to tool for rapid, on-demand debugging in minutes, and Hybrid-Reduce for scenarios where developers require the smallest possible programs.

Paper Structure

This paper contains 34 sections, 1 equation, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background
  3. WebAssembly
  4. Wasm-R3
  5. Approach
  6. Problem Statement
  7. Overview
  8. Running Example
  9. Identifying Candidate Target Functions
  10. Splitting the Program Into Target Function and Remaining Functions
  11. Record and Replay for Program Reduction
  12. Combining Target Function and Replay Functions
  13. Validation of the Candidate Program
  14. Combination with Existing Techniques into Hybrid-Reduce
  15. Evaluation
  16. ...and 19 more sections

Figures (5)

  • Figure 1: Hybrid-Reduce's output for commanderkeen.
  • Figure 2: Abstract syntax of a simplified form of Wasm Wasabi.
  • Figure 3: Overview of RR-Reduce. Components in blue are introduced in this paper, while components in gray are external.
  • Figure 4: Running example of RR-Reduce for a single iteration. We assume the target function is already selected by the previous step. Red rectangles denote the target function.
  • Figure 5: Tradeoff between time taken to reduce programs and the size of the reduced programs.

Theorems & Definitions (4)

  • Definition 1: Program
  • Definition 2: Oracle
  • Definition 3: Program reduction
  • Definition 4: execution-aware program reduction