Review of "Bringing the Web up to Speed"

"Bringing the Web up to Speed with WebAssembly" JF Bastien, Dan Gohman, Andreas Haas, Michael Holman, Andreas Rossberg, Derek L. Schuff, Ben L. Titzer, Luke Wagner, and Alon Zakai, PLDI'17, Barcelona, Spain, 2017.

CCS Terms: [PRIMARY] D.3 Programming Languages, D.3.2 Javascript, I.2.5 Programming Languages And Software, C.2.4 Client/Server

Web browsers have become a primary method of delivering applications both inside corporate networks and from corporations to the external customers and suppliers. Such applications require efficient and secure code. But the main language for browser-side programming, JavaScript, is neither. Various attempts to improve the situation, such as Java or NaCl, have not altogether succeeded.

This paper describes a recent alternative, supported by all of the major browser companies -- in fact, this paper's authors are from Apple, Google, Mozilla, and Microsoft -- that promises fast and safe browser-side code execution: WebAssembly. It is a binary code standard for a virtual machine intended to be embedded in a browser, as well as an accompanying "assembly-like" language specification. It is primarily intended as a compilation target for other languages, and promises safe, fast, platform-independent code that is easy to decode, validate and compile.

The effort seems promising: by designing the language with formal semantics, the creators have achieved a clean design that is easy to reason about. By including structured control flow concepts in their VM, they have designed out many common errors, such as branching into the middle of a multi-byte instruction. The authors note that "By design, unstructured and irreducible control flow using goto is impossible in WebAssembly," a choice that should surely help make the VM easier to debug and secure. Code fetched over the Web, is, in WebAssembly, validated by an "embarrassingly simple" type checking system. Quite importantly for its initial acceptance, WebAssembly code can be called from, and can call out to, JavaScript.

This paper is a thorough and rigorous, if dense, introduction to what could be a break-through in browser-side coding for the web. (The authors note that WebAssembly is not restricted to running inside a browser, so other uses of it may develop as well.) Only time will tell if this ambitious project will succceed, but for anyone engaged in web development, it is certainly worth tracking.