The increasing adoption of WebAssembly (Wasm) for performance-critical and security-sensitive tasks drives the demand for WebAssembly program comprehension and reverse engineering. Recent studies have introduced machine learning (ML)-based WebAssembly reverse engineering tools. Yet, the generalization of task-specific ML solutions remains challenging, because their effectiveness hinges on the availability of an ample supply of high-quality task-specific labeled data. Moreover, previous works overlook the high-level semantics present in source code and its documentation. Acknowledging the abundance of available source code with documentation, which can be compiled into WebAssembly, we propose to learn representations of them concurrently and harness their mutual relationships for effective WebAssembly reverse engineering. In this paper, we present WasmRev, the first multi-modal pre-trained language model for WebAssembly reverse engineering. WasmRev is pre-trained using self-supervised learning on a large-scale multi-modal corpus encompassing source code, code documentation and the compiled WebAssembly, without requiring labeled data. WasmRev incorporates three tailored multi-modal pre-training tasks to capture various characteristics of WebAssembly and cross-modal relationships. WasmRev is only trained once to produce general-purpose representations that can broadly support WebAssembly reverse engineering tasks through few-shot fine-tuning with much less labeled data, improving data efficiency. We fine-tune WasmRev onto three important reverse engineering tasks: type recovery, function purpose identification and WebAssembly summarization. Our results show that WasmRev pre-trained on the corpus of multi-modal samples establishes a robust foundation for these tasks, achieving high task accuracy and outperforming the state-of-the-art ML methods for WebAssembly reverse engineering.

翻译：随着WebAssembly（Wasm）在性能关键和安全敏感任务中的采用率不断上升，对WebAssembly程序理解及逆向工程的需求日益迫切。近期研究已引入基于机器学习（ML）的WebAssembly逆向工程工具。然而，任务特定型ML解决方案的泛化能力仍面临挑战，因为其有效性高度依赖于充足的高质量任务特定标注数据。此外，先前工作忽略了源代码及其文档中蕴含的高级语义。鉴于大量附有文档的源代码可编译为WebAssembly，我们提出同时学习它们的表征，并利用其互相关关系实现有效的WebAssembly逆向工程。本文提出WasmRev——首个面向WebAssembly逆向工程的多模态预训练语言模型。WasmRev通过自监督学习在大规模多模态语料库（包含源代码、代码文档及编译生成的WebAssembly）上进行预训练，无需依赖标注数据。该模型设计了三种专门的多模态预训练任务，以捕获WebAssembly的多维特征及跨模态关联。WasmRev仅需单次训练即可生成通用表征，通过少量标注数据的微调即可广泛支持WebAssembly逆向工程任务，从而提升数据效率。我们针对三项关键逆向工程任务（类型恢复、函数用途识别及WebAssembly摘要生成）对WasmRev进行微调。实验结果表明，基于多模态样本语料库预训练的WasmRev为这些任务奠定了坚实基础，在实现高任务精度的同时，超越了现有最先进的WebAssembly逆向工程机器学习方法。