WebAssembly is a low-level bytecode language that allows high-level languages like C, C++, and Rust to be executed in the browser at near-native performance. In recent years, WebAssembly has gained widespread adoption is now natively supported by all modern browsers. However, vulnerabilities in memory-unsafe languages, like C and C++, can translate into vulnerabilities in WebAssembly binaries. Unfortunately, most WebAssembly binaries are compiled from such memory-unsafe languages, and these vulnerabilities have been shown to be practical in real-world scenarios. WebAssembly smart contracts have also been found to be vulnerable, causing significant financial loss. Additionally, WebAssembly has been used for malicious purposes like cryptojacking. To address these issues, several analysis techniques for WebAssembly binaries have been proposed. In this paper, we conduct a comprehensive literature review of these techniques and categorize them based on their analysis strategy and objectives. Furthermore, we compare and evaluate the techniques using quantitative data, highlighting their strengths and weaknesses. In addition, one of the main contributions of this paper is the identification of future research directions based on the thorough literature review conducted.

翻译：WebAssembly是一种低级字节码语言，能使C、C++和Rust等高级语言以接近原生性能在浏览器中执行。近年来，WebAssembly已获得广泛采用，现已被所有现代浏览器原生支持。然而，C和C++等内存不安全语言的漏洞可能转化为WebAssembly二进制文件中的漏洞。遗憾的是，大多数WebAssembly二进制文件由这些内存不安全语言编译而来，且这些漏洞已被证实在实际场景中具有实用性。此外，WebAssembly智能合约也被发现存在漏洞，导致重大经济损失。更甚者，WebAssembly已被用于加密货币挖矿劫持等恶意用途。为应对这些问题，学界已提出多种WebAssembly二进制文件分析技术。本文对这些技术进行了全面文献综述，并基于分析策略与目标对其进行分类。此外，我们利用量化数据对这些技术进行比较与评估，突出其优势与不足。基于所进行的详尽文献综述，本文的主要贡献之一是指明了未来研究方向。