javascript (JS), as a platform-independent programming language, remains to be the most popular language over the years. However, popular javascript engines that have been widely utilized by web browsers to interpret ...
详细信息
javascript (JS), as a platform-independent programming language, remains to be the most popular language over the years. However, popular javascript engines that have been widely utilized by web browsers to interpret JS code, have become the most common targets for attackers. Thus ensuring the security and reliability of JS engines is significant. Fuzzing is a simple yet effective method to unveil vulnerabilities. However, existing JS fuzzers focus more on the design of effective mutation mechanisms to generate diverse and valid seeds while they often ignore the importance of the initial seed corpus selected to drive the fuzzing process. In this paper, we performed extensive experiments to systematically evaluate the impact of seed selection on fuzzing javascript engines. In particular, we investigate seed selections from three main dimensions, their collected sources (e.g., CVE PoCs, Regression tests, etc.), the number and sizes, as well as a set of concerned code properties. Our major findings reveal that seeds collected from different sources can cast a significant impact on the fuzzing effectiveness (i.e., CVE PoC is significantly better than the other types of seeds), and seed files containing those concerned code structures can lead existing fuzzers to achieve superior results in terms of both code coverage and unique crashes identified. Inspired by our observations, we devised a simple heuristic to prioritize javascript files when selecting seed corpus. Our experiments show that when driven by our selected seed corpus, the existing state-of-art fuzzer is able to achieve significantly higher code coverage and identify more crashes.
Neural network language modeling has become a remarkable approach in the generation of test cases for fuzzing javascript engines. Fuzzers built upon neural language models offer several advantages. They obviate the ne...
详细信息
Neural network language modeling has become a remarkable approach in the generation of test cases for fuzzing javascript engines. Fuzzers built upon neural language models offer several advantages. They obviate the need for manually developing code generation rules, enable the extraction of patterns from high -quality seed sets, and exhibit commendable portability. Nevertheless, existing works confront challenges in three key aspects: diminished language modeling performance attributable to extensive vocabularies, potential semantic errors within generated test cases, and the limitation of black -box fuzzing, which fails to leverage the internal feedback from the target engine. This paper proposes an innovative neural model -based grey -box fuzzing approach for javascript engines. We incorporate the context -free grammar of javascript into the neural language model to mitigate the challenges associated with extensive vocabularies, thereby enhancing the model's performance. Furthermore, to enhance the semantic validity of the generated test cases, we introduce semantic constraints into the mutation process. Notably, this work pioneers the integration of grey -box testing into a fuzzer built upon a neural language model, thereby enhancing the exploration of deep paths. Our prototype, PMFuzz, surpasses NNLMbased counterparts in both language modeling performance and test case generation capabilities. PMFuzz demonstrates a high level of competitiveness in exploring the software state space when compared to traditional coverage -guided grey -box fuzzers. In our evaluation, PMFuzz successfully identified 20 new defects within mainstream JS engines. Eight of them have been confirmed and fixed. Moreover, upon applying our method to C compilers, PMFuzz has revealed 11 new defects.
javascript has long outpaced its original target applications, being used not only for coding complex web clients, but also web servers, game development and even desktop applications. The most appealing advantage of ...
详细信息
ISBN:
(纸本)9783642548079;9783642548062
javascript has long outpaced its original target applications, being used not only for coding complex web clients, but also web servers, game development and even desktop applications. The most appealing advantage of moving applications to javascript is its capability to run the same code in a large number of different devices. It is not surprising that many compilers target javascript as an intermediate language. However, writing optimizations and analyses passes for a compiler that emits javascript is challenging: a long time spent in optimizing the code in a certain way can be excellent for some browsers, but a futile effort for others. For example, we show that applying javascript code optimizations in a tablet with Windows 8 and Internet Explorer 11 increased performance by, on average, 5 times, while running in a desktop with Windows 7 and Firefox decreased performance by 20%. Such a scenario demands a radical new solution for the traditional compiler optimization flow. This paper proposes collecting web clients performance data to build a crowdsourced compiler flag suggestion system in the cloud that helps the compiler perform the appropriate optimizations for each client platform. Since this information comes from crowdsourcing rather than manual investigations, fruitless or harmful optimizations are automatically discarded. Our approach is based on live measurements done while clients use the application on real platforms, proposing a new paradigm on how optimizations are tested.
With the advent of the HTML5 standard, javascript is increasingly processing computationally intensive, data-parallel workloads. Thus, the enhancement of javascript performance has been emphasized because the performa...
详细信息
With the advent of the HTML5 standard, javascript is increasingly processing computationally intensive, data-parallel workloads. Thus, the enhancement of javascript performance has been emphasized because the performance gap between javascript and native applications is still substantial. Despite this urgency, conventional javascript compilers do not exploit much of parallelism even from data-parallel javascript applications, despite contemporary mobile devices being equipped with expensive parallel hardware platforms, such as multicore processors and GPGPUs. In this article, we propose an automatically parallelizing javascript compiler that targets emerging, dataparallel HTML5 applications by leveraging the mature affine loop analysis of conventional static compilers. We identify that themost critical issues when parallelizing javascript with a conventional static analysis are ensuring correct parallelization, minimizing compilation overhead, and conducting low-cost recovery when there is a speculation failure during parallel execution. We propose a mechanism for safely handling the failure at a low cost, based on compiler techniques and the property of idempotence. Our experiment shows that the proposed javascript parallelizing compiler detects most affine parallel loops. Also, we achieved a maximum speedup of 3.22 times on a quad-core system, while incurring negligible compilation and recovery overheads with various sets of data-parallel HTML5 applications.
Smart phone's full web browsing requires a high-performance javascript engine because javascript execution takes a non-trivial portion of the loading time for many web sites. The current wisdom of speeding up Java...
详细信息
ISBN:
(纸本)9781450307130
Smart phone's full web browsing requires a high-performance javascript engine because javascript execution takes a non-trivial portion of the loading time for many web sites. The current wisdom of speeding up javascript engine is simply turning on its just-in-time compilation (JITC), which compiles javascript code to machine code on the fly and executes it instead of interpretation. Unfortunately, we found that JITC actually increases the loading time tangibly for some javascript-heavy web pages compared to interpretation, while it can still reduce the running time for javascript benchmarks. We observed that the web page javascript behaves differently from the benchmark javascript in the sense that hot spots rarely exist. This would lower the reuse ratio of the compiled machine code, making the compilation overhead higher than its benefit. This is especially true for a javascript engine which compiles all executed functions at their first invocation, as the SFX engine in the WebKit. In order to overcome this problem, we introduce selective compilation to the SFX engine so as to compile only hot functions detected during interpretation. This reduces the slowdown of the SFX for web page javascript, while accelerating javascript benchmarks. However, selective compilation for web page javascript shows a different behavior from other environment, and we discuss it.
Web browsers are promising candidates for the OPC's SOAP-HTTP WS-SC UA XML StackProfile to execute visualization solutions. First tests could demonstrate the applicability of native web browsers without any plugin...
详细信息
ISBN:
(纸本)9781424468508
Web browsers are promising candidates for the OPC's SOAP-HTTP WS-SC UA XML StackProfile to execute visualization solutions. First tests could demonstrate the applicability of native web browsers without any plugins but the required cryptographic algorithms cause unacceptable response times. The enormous performance improvement of javascript engines lets expect an adequate reduction of operating times;this may be strengthen by using an effective HTTP UA-SC UA Binary Stack Profile. This paper presents the current development state and first measurements of a OPC UA javascript Stack which is able to handle OPC UA Binary encoded and with OPC UA SecureConversation secured data.
We introduce the concept of compilation space as a new pivot for the comprehensive validation of just-in-time (JIT) compilers in modern language virtual machines (LVMs). The compilation space of a program, encompasses...
详细信息
We introduce the concept of compilation space as a new pivot for the comprehensive validation of just-in-time (JIT) compilers in modern language virtual machines (LVMs). The compilation space of a program, encompasses a wide range of equivalent JIT-compilation choices, which can be cross-validated to ensure the correctness of the program’s JIT compilations. To thoroughly explore the compilation space in a lightweight and LVM-agnostic manner, we strategically mutate test programs with JIT-relevant but semantics-preserving code constructs, aiming to provoke diverse JIT compilation optimizations. We primarily implement this approach in Artemis, a tool for validating Java Virtual Machines (JVMs). Within three months, Artemis successfully discovered 85 bugs in three widely used production JVMs — HotSpot, OpenJ9, and the Android Runtime — where 53 were already confirmed or fixed and many of which were classified as critical. It is noteworthy that all reported bugs concern JIT compilers, highlighting the effectiveness and practicality of our technique. Building on the promising results with JVMs, we experimentally applied our technique to a state-of-the-art javascript Engine (JSE) fuzzer called Fuzzilli, aiming to augment it to find mis-compilation bugs without significantly sacrificing its ability to detect crashes. Our experiments demonstrate that our enhanced version of Fuzzilli namely Apollo could achieve comparable code coverage with a considerably smaller number of generated programs with a similar number of crashes. Additionally, Apollo successfully uncovered four mis-compilations in javascriptCore and SpiderMonkey within seven days. Following Artemis’ and Apollo’s success, we are expecting that the generality and practicability of our approach will make it broadly applicable for understanding and validating the JIT compilers of other LVMs.
暂无评论