acieroid/wassail

# Wassail `wassail`（WebAssembly 静态分析与检查库）是一个用于对 WebAssembly 模块执行轻量级和重量级静态分析的工具包。 - [Web 版本](#webversion) - [安装](#installation) - [用法](#usage) - [贡献](#contributing) # Web 版本 你可以在[这里](https://acieroid.github.io/wassail/)使用你的 Web 浏览器运行 Wassail 的部分功能。 # 安装 0. 安装 [opam](https://opam.ocaml.org/) 1. 运行 `opam install core_unix` 2. 运行 `opam install .` 然后你应该就能运行 `wassail` 命令了。如果你不想安装它，也可以直接运行 `dune exec -- wassail`。 # 用法 Wassail 可以对 WebAssembly 模块执行多项任务，无论它们是文本表示形式（`.wat` 文件）还是二进制表示形式（`.wasm`）。 ## 列出导入 ``` $ dune exec -- wassail imports ./benchmarks/benchmarksgame/fasta.wat 0 proc_exit i32 -> 1 fd_close i32 -> i32 2 fd_seek i32, i64, i32, i32 -> i32 3 fd_write i32, i32, i32, i32 -> i32 4 fd_fdstat_get i32, i32 -> i32 ``` ## 列出导出 ``` $ dune exec -- wassail exports ./benchmarks/benchmarksgame/fasta.wat 5 _start -> ``` ## 列出节大小 节大小以字节为单位报告。 ``` $ dune exec -- wassail sizes ./benchmarks/benchmarksgame/fankuchredux.wat 23 type 42 import 12 func 0 table 9 memory 14 global 25 export 0 start 0 elem 882 code 0 data ``` ## 生成 Call Graph 要为模块生成 `foo.dot` 的 Call Graph： ``` $ wassail callgraph benchmarks/benchmarksgame/fankuchredux.wat foo.dot ``` 输出图表：  ## 生成 Control-Flow Graph 你可以生成单个 CFG，例如将 benchmark `fankuchredux.wat` 中函数 4 的 CFG 生成到 `foo.dot` 中： ``` $ wassail cfg benchmarks/benchmarksgame/fankuchredux.wat 4 foo.dot ``` 或者你可以在给定目录下生成所有的 CFG： ``` $ wassail cfgs foo.wat out/ ``` 示例输出：  ## 其他入口点 ``` $ dune exec -- wassail help Static analysis of WebAssembly wassail SUBCOMMAND === subcommands === callgraph . Generate the call graph for the module from file [in], outputs as DOT to file [out] callgraph-adjlist . Generate the call graph for the module from file [in], outputs in a textual representation to file [out] cdg . Produce a CDG for a given function cfg . Generate a DOT file representing the CFG of function [fidx] from the wasm file [in], in file [out] cfg-adjlist . Generate the CFG of function [fidx] from the wasm file [in], in two text files: [out].adjlist and [out].nodes cfgs . Generate DOT files representing the CFG of each function defined in the wasm file [in], and outputs them in the directory [out_dir] count . Count instructions in a file count-in-slice . Count the number of instructions in a slice for a specific slicing criterion dependencies . Produce a PDG for a given function dump . Outputs the entire WebAssembly file without modification evaluate-slicing . Evaluate the slicer on a a benchmark exports . List functions exported by a WebAssembly module find-criterion . Find the slicing criterion in a program. Prints the address the string ORBS. find-indirect-calls . Find call_indirect instructions and shows the function in which they appear as well as their label function-body . Returns the body of a given function function-instruction-labels . Returns the labels of instructions of a given function functions . Returns the indices of functions of a WebAssembly modules, along with their name if they have one gen-slice-specific . Generate a slice for a specific slicing criterion generate . Generate a WebAssembly module from a single function icfg . Generate a DOT file representing an interprocedural CFG (ICFG), starting at function [fidx] from the wasm file [in] imports . List functions imported by a WebAssembly module instructions . List instructions used by a WebAssembly module, and how many time each instruction appears load . Load a module and quits mem-exports . Outputs the number of memories exported by this module mem-imports . Outputs the number of memories exported by this module postdom . Visualize the post-dominator tree of a function reduced-callgraph . Generate the call graph for the module from file [in], only considering functions reachable from [fidx], outputs as DOT to file [out] schedule . Generate the analysis schedule for the module from file [in] sizes . Output the size (in bytes) of each section of a WebAssembly module slice . Produce an executable program after slicing the given function at the given slicing criterion spec-inference . Annotate the CFG with the inferred variables spec-inference-inter . Annotate the ICFG with the inferred variables taint-cfg . Generate a DOT file representing the taint-annotated CFG of function [fid] from the wasm file [in], in file [out] taint-from-exported-to-imported . Detects unsafe flows from exported functions to imported functions taint-from-sources-to-sinks . Detects unsafe flows from a list of sources to a list of defined sinks taint-inter . Performs summary-based interprocedural taint analysis of a set of functions in file [file]. [funs] is a list of comma-separated function ids, e.g., to analyze function 1, then analyze both function 2 and 3 as part of the same fixpoint computation, [funs] is 1 2,3. The full schedule for any file can be computed using the `schedule` target. taint-inter-classical . Perform classical interprocedural taint analysis from a given entry point taint-intra . Just like `intra`, but only performs the taint analysis taintcall-cfg . Performs a inter-procedural taintcall analysis and displays the results for the given CFGs version . print version information help . explain a given subcommand (perhaps recursively) ``` ## 运行测试 ``` $ make test ``` ## 使用 Web 界面 你可以在[这里](https://acieroid.github.io/wassail/)访问 Web 界面，或者按照以下步骤自行编译它： ``` $ opam install js_of_ocaml js_of_ocaml-ppx $ make js $ open js/index.html ``` # 参考文献 以下出版物使用了 Wassail： - [面向 WebAssembly 程序的组合式信息流分析](http://soft.vub.ac.be/Publications/2020/vub-tr-soft-20-11.pdf)，SCAM 2020。（[演示视频](https://www.youtube.com/watch?v=IX8swyZ4TPI)）。 - [Wassail：一个 WebAssembly 静态分析库](https://soft.vub.ac.be/Publications/2021/vub-tr-soft-21-04.pdf)，ProWeb 2021。 - [WebAssembly 二进制文件的静态栈保留过程内切片](https://soft.vub.ac.be/Publications/2022/vub-tr-soft-22-04.pdf)，ICSE 2022。 - [WebAssembly 二进制文件的动态切片](http://soft.vub.ac.be/Publications/2023/vub-tr-soft-23-11.pdf)，ICSME 2023。 - [WebAssembly 二进制文件静态、动态与混合切片的实证评估](https://qstievenart.gitlab.io/pdfs/jss2025.pdf)，Journal of Systems and Software，2025。 以下演示文稿作为补充文档可能很有用： - [使用 Wassail 为 WebAssembly 二进制文件构建静态分析](https://docs.google.com/presentation/d/15J6EuRAz0WFD2TG4hBwAo_GLDhDXcy77ZAUGSzLj6yA/edit?usp=drive_link)，PAW 2022。 - [Wassail：一个 WebAssembly 静态分析库](https://docs.google.com/presentation/d/1ozzSdDTWQnMaSzX2o7wZpSC3m1cmzYfwYY6sy2kIqrE/edit?usp=drive_link)，ProWeb 2021。

标签：AI工具, OCaml, WebAssembly, 云安全监控, 代码分析, 凭证管理, 控制流图, 调用图, 静态分析