🤖 AI Summary
A lack of large-scale empirical studies on deployed WebAssembly (Wasm) binaries hinders scientific understanding of the ecosystem’s evolution and security posture. This paper presents the first systematic measurement study covering over 100,000 real-world Wasm modules, leveraging static binary analysis, source-language fingerprinting, vulnerability pattern scanning, and large-scale web crawling to construct the largest publicly available in-the-wild Wasm dataset to date. Our analysis reveals that 73% of modules are compiled from Rust, 19% exhibit potential security risks, and 62% target compute-intensive applications—particularly graphics and audio/video processing. The study uncovers critical ecosystem fragmentation and practice deviations in industrial Wasm adoption. Based on these findings, we propose three actionable, role-specific best-practice guidelines—for developers, maintainers, and researchers—addressing tooling, deployment hygiene, and measurement methodology. This work fills a fundamental gap in Wasm empirical research and establishes a foundation for evidence-based advancement of the Wasm ecosystem.
📝 Abstract
As JavaScript has been criticized for performance and security issues in web applications, WebAssembly (Wasm) was proposed in 2017 and is regarded as the complementation for JavaScript. Due to its advantages like compact-size, native-like speed, and portability, Wasm binaries are gradually used as the compilation target for industrial projects in other high-level programming languages and are responsible for computation-intensive tasks in browsers, e.g., 3D graphic rendering and video decoding. Intuitively, characterizing in-the-wild adopted Wasm binaries from different perspectives, like their metadata, relation with source programming language, existence of security threats, and practical purpose, is the prerequisite before delving deeper into the Wasm ecosystem and beneficial to its roadmap selection. However, currently, there is no work that conducts a large-scale measurement study on in-the-wild adopted Wasm binaries. To fill this gap, we collect the largest-ever dataset to the best of our knowledge, and characterize the status quo of them from industry perspectives. According to the different roles of people engaging in the community, i.e., web developers, Wasm maintainers, and researchers, we reorganized our findings to suggestions and best practices for them accordingly. We believe this work can shed light on the future direction of the web and Wasm.