WebAssembly as a Multi-Language Platform

Abstract

Developers choose languages primarily off of the quality of libraries in their ecosystems. However, what if languages and libraries were orthogonal? What if multiple languages could be seamlessly adopted in a single application, depending on the immediate task at hand? Currently, multi-language interoperability is usually pairwise, with explicit support provided to call from one specific language to another. When it's not, developers usually give up substantial safety guarantees such as type soundness or memory integrity. Yet with ongoing work in modular secure compilation, it should be possible to maintain the integrity of each language's abstractions when interoperating. What is needed for these techniques to enter common software development practice, and to evolve research further, is a sufficiently capable intermediate language that can act as a target for these modular secure compilers. WebAssembly is a nascent language with wide industry backing and strong security fundamentals. It has strong typing of instructions and function calls, and provides module-based encapsulation of functions and memory---powerful primitives for maintaining the integrity of source-level abstractions. By extending WebAssembly further, through the introduction of a lightweight abstract type system, these abilities are strengthened even more. This thesis will show practical examples of how this extended WebAssembly is sufficient to protect additional abstractions, like object method access, without needing to introduce heavy language features like first-class object support. This thesis speculates, but does not prove, that with this simple abstract types extension WebAssembly can function as a performant target language for a modular secure compiler.