[baybal2]

WASM is a stack machine, which does not add to security. You sense that no real VM specialist, nor one in field of security put hand to its design.

When I first read the specs, it screamed to me "VM design 101." It feels to be someones master thesis, more than a piece of production software. Just as the original Netscape Javascript 1.0 was.

It will have its fair share of "typeof null" style bugs to come.

[bennofs]

Why is a stack machine bad for security? The JVM also had sandboxed execution as a goal and also uses a stack machine. But perhaps the stack machine was choosen because it tends to produce smaller binaries (which is important for things you send over the net) and not for security reasons?

[baybal2]

>But perhaps the stack machine was choosen because it tends to produce smaller binaries (which is important for things you send over the net) and not for security reasons?

Who knows what was in their heads, but stack level attacks are as easy as to exploit unsafe type casting in anything that amount to a stack pointer.

My guess why they choose to do it that way is simply because there are more literature available for mid-tier coders in style of "VMs for dummies" and they wanted to always have an option to not to do extensive research on every small mater, and just copy JVMs behaviour.

[legulere]

The stack in stack-based VM does not refer to the real stack that contains return pointers that can be manipulated. You don’t have access to that from web assembly.

The security problems of java are not related to it being a stack-based VM at all. The problems are that the api lets applets do things they shouldn’t be able to and arbitrary code execution during serialisation.