Fall 2025: New Research and Publications

WebAssembly: How Low Can a Bytecode Go? New Performance and Capabilities

WebAssembly — How Low Can a Bytecode Go? Ben Titzer explores how WebAssembly (Wasm) was originally designed to overcome the limitations of JavaScript for high-performance applications and became an official part of the web platform in 2017. Designed through a collaborative effort among browser vendors, Wasm introduced a compact, low-level bytecode that runs at near-native speed and emphasizes safety, portability and modularity. The article details the Wasm core design choices — like structured control flow and isolated module execution — that made it both secure and efficient to compile. The article gives a great overview of the recent additions such as SIMD, exception handling and garbage collection, showing how Wasm has grown into a powerful, general-purpose platform for dozens of programming languages and use cases beyond the web. (Published in acmqueue, volume 23, issue 3, July 2025)

Whamm: A Framework for Performant, Sandboxed Instrumentation by Elizabeth Gilbert, CMU

Wasm workloads are often black boxes in terms of observability, but insight into their execution is mission-critical. Where are the hot paths? How resource-heavy is the workload (e.g. usage metering)? What cache strategy is best? Does the program follow our security policies?

This talk presents Whamm, an instrumentation framework that can be used to answer questions like these. Whamm can statically rewrite bytecode ***or*** dynamically insert probes via an engine interface to invoke callbacks at runtime. Whamm’s engine interface promotes portable instrumentation with high-performance. This is achieved through leveraging engine optimizations that reduce overhead and providing logic as Wasm code, which the engine can compile and/or inline into application code. Whamm supports instrumenting Wasm modules, components…and even kernel-level events! Want to know how? This session offers an overview of the framework and a live demo of writing monitors, helping you apply Whamm in your domain.

Empowering WebAssembly with Thin Kernel Interfaces: Arjun Ramesh, Ben L. Titzer, Tianshu Huang, Anthony Rowe

Abstract

Wasm is gaining popularity outside the Web as a well-specified low-level binary format with ISA portability, low memory footprint and polyglot targetability, enabling efficient inprocess sandboxing of untrusted code. Despite these advantages, Wasm adoption for new domains is often hindered by the lack of many standard system interfaces which precludes reusability of existing software and slows ecosystem growth.

This paper proposesthin kernel interfaces for Wasm, which directly expose OS userspace syscalls without breaking intraprocess sandboxing, enabling a new class of virtualizationwith Wasm as a universal binary format. By virtualizing the bottom layer of userspace, kernel interfaces enable effortless application ISA portability, compiler backend reusability, and armor programs with Wasm’s built-in control flow integrity and arbitrary code execution protection. Furthermore, existing capability-based APIs for Wasm, such as WASI, canbe implemented as a Wasm module over kernel interfaces, improving reuse, robustness, and portability through better layering. We present an implementation of this concept for two kernels – Linux and Zephyr – by extending a modern Wasm engine and evaluate our system’s performance on a number of sophisticated applications which can run for the first time on Wasm.

Unveiling Heisenbugs with Diversified Execution: Arjun Ramesh, Tianshu Huang, Jaspreet Riar, Ben L. Titzer, Anthony Rowe

Abstract

Heisenbugs, notorious for their ability to change behavior and elude reproducibility under observation, are among the toughest challenges in debugging programs. They often evade static detection tools, making them especially prevalent in cyber-physical edge systems characterized by complex dynamics and unpredictable interactions with physical environments. Although dynamic detection tools work much better, most still struggle to meet low enough jitter and overhead performance requirements, impeding their adoption. More importantly however, dynamic tools currently lack metrics to determine an observed bug's "difficulty" or "heisen-ness" undermining their ability to make any claims regarding their effectiveness against heisenbugs. This paper proposes a methodology for detecting and identifying heisenbugs with low overheads at scale, actualized through the lens of dynamic data-race detection. In particular, we establish the critical impact of execution diversity across both instrumentation density and hardware platforms for detecting heisenbugs; the benefits of which outweigh any reduction in efficiency from limited instrumentation or weaker devices. We develop an experimental WebAssembly-backed dynamic data-race detection framework, Beanstalk, which exploits this diversity to show superior bug detection capability compared to any homogeneous instrumentation strategy on a fixed compute budget. Beanstalk's approach also gains power with scale, making it suitable for low-overhead deployments across numerous compute nodes. Finally, based on a rigorous statistical treatment of bugs observed by Beanstalk, we propose a novel metric, the heisen factor, that similar detectors can utilize to categorize heisenbugs and measure effectiveness. We reflect on our analysis of Beanstalk to provide insight on effective debugging strategies for both in-house and in deployment settings.

Ongoing WRC Projects

The Wizard Engine

What is the future of software virtual machines? A key piece of Wasm technology is the software virtual machine (or engine) that runs WebAssembly code. We are developing a new research engine to serve as a vehicle for teaching, studying and extending WebAssembly by students and researchers across the world.

Low-Level Interfaces for WebAssembly 

What are the limits of WebAssembly’s applications? This project and its subprojects investigate new interfaces for WebAssembly that have new and interesting security properties, yet allow a new class of applications by allowing Wasm code to drive new kinds of devices and software layers. 

Benchmarking WebAssembly 

How is my Wasm doing? This set of projects looks at benchmarking Wasm applications and engines to understand their performance characteristics and help Wasm programs and engines achieve better performance characteristics in multiple dimensions. 

Instrumentation for WebAssembly 

What is going on in this Wasm program? This set of projects looks at mechanisms and tools for studying how Wasm code executes in many different environments, feeding into other projects such as performance optimization, testing and fuzzing. 

Applying WebAssembly to Cyber-Physical and Real-Time Distributed Systems 

With heterogeneous hardware; soft — and even hard — real-time constraints, distributed system considerations and software-fault-isolation requirements, can WebAssembly improve the robustness and performance of cyber-physical systems? This project takes a look at several industrial applications of Wasm in these settings. 

Fault-Injection for Distributed WebAssembly Applications 

How can we make distributed programming easier? With Wasm as the basis of many different cloud, edge and networked applications, this project looks to leverage this common bottom layer to inject faults and test applications that are otherwise notoriously hard to debug. 

New Techniques To Improve Dynamic Languages on Wasm 

Yeah, but does it run Python? While a large and growing number of statically typed languages run well on Wasm today, dynamic languages still lag in performance and ergonomics. This project looks at how dynamic language implementations on Wasm can be improved. 

New Features for WebAssembly 

Is the WebAssembly feature set complete? This project looks at what features can benefit the Wasm ecosystem by bringing in new languages, improving existing languages or improving system integration.