{"id":20009902,"url":"https://github.com/plsyssec/zerocost_root","last_synced_at":"2026-03-19T13:03:25.265Z","repository":{"id":144629543,"uuid":"315495273","full_name":"PLSysSec/zerocost_root","owner":"PLSysSec","description":"Root repo for zerocost testing","archived":false,"fork":false,"pushed_at":"2023-11-06T19:56:19.000Z","size":42051,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-03-02T01:44:28.914Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PLSysSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-11-24T02:22:01.000Z","updated_at":"2022-11-02T21:18:57.000Z","dependencies_parsed_at":"2023-07-04T19:35:34.702Z","dependency_job_id":null,"html_url":"https://github.com/PLSysSec/zerocost_root","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PLSysSec/zerocost_root","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fzerocost_root","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fzerocost_root/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fzerocost_root/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fzerocost_root/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PLSysSec","download_url":"https://codeload.github.com/PLSysSec/zerocost_root/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fzerocost_root/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30214608,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T12:15:00.571Z","status":"ssl_error","status_checked_at":"2026-03-07T12:15:00.217Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T07:17:25.812Z","updated_at":"2026-03-07T13:01:36.838Z","avatar_url":"https://github.com/PLSysSec.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"- [Description](#description)\n- [Software being built by this repo](#software-being-built-by-this-repo)\n- [Build Instructions](#build-instructions)\n- [Test Instructions](#test-instructions)\n\n# Description\n\nThis is the top level repo for the paper \"Isolation without Taxation: Near-Zero-Cost Transitions for WebAssembly and SFI\" submitted to [POPL 2022](https://popl22.sigplan.org/) in which we introduce the zerocost transitions. This repo will download and build all tools used in the paper, such as the multiple builds of firefox with sandboxed libraries, modified compilers, and the RLBox API.\n\n# Software being built by this repo\n\n**[lucet_sandbox_compiler](https://github.com/PLSysSec/lucet_sandbox_compiler.git)** - Lucet Wasm compiler (using the fork adapted for library sandboxign)\n\n**[Sandboxing_NaCl](https://github.com/shravanrn/Sandboxing_NaCl.git)** - Nacl Sandboxing compiler  that defaults to heavy transitions written in asm\n\n**[rlbox_lucet_sandbox](https://github.com/PLSysSec/rlbox_lucet_sandbox.git)** - RLBox sandboxing API plugin with lucet that uses zerocost transitions\n\n**[zerocost_heavy_trampoline](https://github.com/PLSysSec/zerocost_heavy_trampoline.git)** - Standalone heavyweight transitions written in asm used by other repos\n\n**[zerocost_testing_sandbox](https://github.com/PLSysSec/zerocost_testing_sandbox.git)** - RLBox sandboxing API plugin with lucet that uses heavy transitions written in asm\n\n**[rlbox_lucetstock_sandbox](https://github.com/PLSysSec/rlbox_lucet_sandbox/tree/lucet-transitions)** - RLBox sandboxing API plugin with lucet's default heavyweight transitions written in rust\n\n**[rlbox_mpk_sandbox](https://github.com/PLSysSec/rlbox_mpk_sandbox.git)** - RLBox sandboxing API plugin when sandboxing with an \"ideal\" sandbox and using heavyweight transitions written in asm\n\n**[rlbox_segmentsfizerocost_sandbox](https://github.com/PLSysSec/rlbox_segmentsfizerocost_sandbox.git)** - RLBox sandboxing API plugin when sandboxing with segmentzero sandboxing that uses zerocost transitions\n\n**[rlbox_nacl_sandbox](https://github.com/PLSysSec/rlbox_nacl_sandbox.git)** - RLBox sandboxing API plugin with Native Client and using heavyweight transitions written in asm\n\n**[rlbox_sandboxing_api](https://github.com/PLSysSec/rlbox_sandboxing_api.git)** - RLBox sandboxing API\n\n**[zerocost](https://github.com/PLSysSec/zerocost-libjpeg-turbo.git)** - libjpeg with different builds for lucet, nacl, segmentzero etc.\n\n**[zerocost_testing_firefox](https://github.com/PLSysSec/zerocost_testing_firefox.git)** - firefox with different builds for lucet, nacl, segmentzero etc.\n\n**[web_resource_crawler](https://github.com/shravanrn/web_resource_crawler.git)** - A firefox extension (needs Firefox 65+) that crawls the Alexa top 500, and collects information about the resources used on the web page.\n\n**[rlbox_lucet_directcall_benchmarks](https://github.com/PLSysSec/rlbox_lucet_directcall_benchmarks.git)** - Microbenchmarks to compute the costs of direct calls vs indirect\n\n**[zerocost_llvm](https://github.com/PLSysSec/zerocost_llvm.git)** - LLVM/Clang modified to support segmentzero\n\n# Build Instructions\n\n**Requirements** - This repo has been tested on Ubuntu 20 LTS. Additionally, the process sandbox build of Firefox assumes you are on a machine with at least 4 cores.\n\n**Note** - Do not use an existing machine; our setup installs/modifies packages on the machine and has been well tested on a fresh Ubuntu Install. Use a fresh VM or machine.\n\n**Estimated build time**: Less than 24 hours\n\nTo build the repo, run\n\n```bash\n# Need make to run the scripts\nsudo apt-get install make\n# This installs required packages on the system.\n# Only need to run once per system.\nmake bootstrap\n# load the changes\nsource ~/.profile\n# Download all sub-repos and build the world\nmake\n```\n\nFor incremental builds after the first one, you can just use\n\n```bash\nmake\n```\n\n# Test Instructions\n\nAfter building the repo, you can reproduce the tests we perform in the RLBox paper as follows.\n\nAll benchmarks should be run in benchmark mode. Setup the benchmark mode (pin\ncpu frequencies, disable hyper-threading, pin benchmarks to CPU) as follows.\n\n```bash\nmake shielding_on\n# The above will spawn a subshell in your current terminal\n# Run the following command in this subshell\nmake benchmark_env_setup\n```\n\nSee the makefile on how to invoke specific benchmarks.\n\nAfter the benchmark is complete, disable benchmark mode by\n\n1. Close the terminal where you ran `make shielding on`. You can do with Ctrl + D\n2. Run the following in a **new** terminal\n\n    ```bash\n    make benchmark_env_closed\n    ```\n\u003c!---\n## Macro benchmarks\n\n1. We have several builds of Firefox included --- Stock Firefox, Firefox with heavy lucet (rust) transitions, Firefox with heavy asm transitions, Firefox with zerocost transitions. We have a macro benchmark that measure page load times and memory overheads on these three builds on 11 representative sites on different builds. Expected duration: 0.5 days. To run\n\n    ```bash\n    cd ./mozilla-release\n    ./newRunMacroPerfTest ~/Desktop/rlbox_macro_logs\n    ```\n\n    You will see the results in page_latency_metrics.txt, page_memory_overhead_metrics.txt in the folder ~/Desktop/rlbox_macro_logs\n\n    **Note** - Firefox's test harness is primarily meant for local tests and isn't really setup to make network calls prior to our modifications of the harness. Our modified test harness sometimes freezes during page load; if this happens, let the test script continue, it automatically restarts as needed in this situation.\n\n## Micro benchmarks\n\n### Caveats\n\n- Note that many of these benchmarks are run with a very large number of iterations, on a variety of different media so that we can report realistic numbers. Thus each one of these tasks below can take the better part of a day and upto a day and a half. I have indicated the expected time below. If you modify settings to reduce the number of iterations, that this may affect the numbers as benchmarks will be more prone to noise.\n- Specific choices during machine setup were made to reduce noise during benchmarks, namely disabling hyper-threading, disabling dynamic frequency scaling and pinning the CPU to a low frequency which will not introduce thermal throttling, isolating the CPUs on which we run tests using the isolcpus boot kernel parameter and running Ubuntu without a GUI and running the benchmarks on headless Firefox. Part of this setup is automated in the script \"microBenchmarkTestSetup\" in this repo. If you decide not to do this setup, this will likely result in the reported numbers being more noisy than reported.\n- If running on a VM, it is unlikely some of the benchmarking setup listed in the prior bullet will work particularly well. In particular, the video benchamark and measurements are quite unreliable in this setting.\n\n### Instructions\n\n1. We also have micro benchmarks on the same three builds performed on four classes of libraries ---- image libraries, audio libraries, video libraries, webpage decompression. Each of these have separate micro benchmarks that are included in the artifact. We start with images, for which we measure the decoding times for the three Firefox builds on a variety of jpegs and pngs in different formats.  Expected duration: 1.5 days.\n\n    ```bash\n    cd ./mozilla-release\n    ./newRunMicroImageTest ~/Desktop/rlbox_micro_image_logs\n    ```\n\n    You will see the results in jpeg_perf.dat, png_perf.dat in the folder ~/Desktop/rlbox_micro_image_logs\n\n2. We continue the microbenchmark with evaluating webpage decompression with zlib. Expected duration: 0.5 days.\n\n    In a separate terminal first run\n\n    ```bash\n    cd ./rlbox-st-test/ \u0026\u0026 node server.js\n    # Leave this running\n    ```\n\n    then run,\n\n    ```bash\n    cd ./mozilla-release\n    ./newRunMicroZlibTest ~/Desktop/rlbox_micro_compression_logs\n    ```\n\n    You will see the results in new_nacl_cpp_rlbox_test_page_render.json, new_ps_cpp_rlbox_test_page_render.json, static_stock_rlbox_test_page_render.json in the folder ~/Desktop/rlbox_micro_compression_logs\n\n3. We continue the microbenchmark with evaluating audio and video performance by measuring Vorbis audio bit rate and  throughput on a high quality audio file measuring VPX and Theora bit rate throughput on a high quality video file on the three Firefox builds. Expected duration: 1.5 hours.\n\n    ```bash\n    cd ./mozilla-release\n    ./newRunMicroAVTest ~/Desktop/rlbox_micro_audiovideo_logs\n    ```\n\n4. We also have scaling tests which test the total number of sandboxes that can reasonably be created and measure image decoding times for the same. Expected duration: 1.5 days.\n\n    In a separate terminal first run\n\n    ```bash\n    cd ./rlbox-st-test/ \u0026\u0026 node server.js\n    # Leave this running\n    ```\n\n    then run,\n\n    ```bash\n    cd ./mozilla-release\n    ./newRunMicroImageScaleTest ~/Desktop/rlbox_micro_scaling_logs\n    ```\n\n    You will see the results in sandbox_scaling.dat in the folder ~/Desktop/rlbox_micro_scaling_logs\n\n5. We also evaluate use of our sandboxing techniques outside of firefox by measuring throughput of two other applications. We first evaluate the throughput of a crypto module in node.js. Expected duration: 0.5 days.\n\n    ```bash\n    cd ./node.bcrypt.js\n    make bench\n    ```\n\n    You will see the results in the terminal.\n\n6. Continuing the prior evaluation, we also evaluate the throughput of apache web server's markdown to html conversion. Expected duration: 0.25 days\n\n    In a separate terminal first run\n\n    ```bash\n    sudo apache2ctl stop\n    sudo /usr/sbin/apache2ctl -DFOREGROUND\n    # Leave this running\n    ```\n\n    then run,\n\n    ```bash\n    cd ./mod_markdown\n    make bench\n    ```\n\n    You will see the results in the terminal.\n\n7. We also provide a benchmark of a sandboxing the Graphite font library (using a WASM based SFI) which has been upstreamed and is currently in Firefox nightly. This is easiest to test directly with the nightly builds made available by Mozilla. Download the nightly build with the sandboxed font library [here](https://ftp.mozilla.org/pub/firefox/nightly/2020/01/2020-01-03-20-22-40-mozilla-central/firefox-73.0a1.en-US.linux-x86_64.tar.bz2) and a build from a nightly that does not have this, available [here](https://ftp.mozilla.org/pub/firefox/nightly/2020/01/2020-01-01-09-29-38-mozilla-central/firefox-73.0a1.en-US.linux-x86_64.tar.bz2). Visit the following [webpage](https://jfkthame.github.io/test/udhr_urd.html) which runs a micro benchmark on Graphite fonts on both builds. Expected duration: 15 mins.\n\n8. We have a web crawler written as firefox extension that scrapes the Alexa top 500 websites and analyses the image widths. This is written as a Firefox extension. Expected duration: 2 hours. To run, we will follow the steps as outlined [here](https://extensionworkshop.com/documentation/develop/temporary-installation-in-firefox/) reproduced below\n    - Kill all open Firefox instances\n    - Open Firefox browser (we need Firefox version \u003e 65. Use the one that ships with the OS, not the one we built).\n    - Enter “about:debugging” in the URL bar\n    - Click “This Firefox”\n    - Click “Load Temporary Add-on”\n    - Open file \"zerocost-root/web_resource_crawler/manifest.json\"\n    - You will see a new icon in the toolbar next to the address bar (sort of looks like a page icon) with the tooltip WebResourceCrawler. Click this.\n    - The extension will now go through the Alexa top 500 slowly (spending 10 seconds on each page to account for dynamic resource loading). Do not click on any tabs while Firefox cycles through the webpages. It dumps the raw logs in \"zerocost-root/web_resource_crawler/out.json\"\n    - When finished it browses to a blank page. When this happens, run the following commands to process the data\n\n        ```bash\n        mkdir -p ~/Desktop/web_resource_crawler_data\n        cd ~/Desktop/web_resource_crawler_data\n        # Adjust the path as appropriate\n        zerocost-root/web_resource_crawler/process_logs.py\n        ```\n\n    You will see the results in crossOriginAnalysis.json and memory_analysis.txt in the folder ~/Desktop/web_resource_crawler_data\n\n--\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplsyssec%2Fzerocost_root","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplsyssec%2Fzerocost_root","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplsyssec%2Fzerocost_root/lists"}