计算机科学 ›› 2023, Vol. 50 ›› Issue (12): 49-57.doi: 10.11896/jsjkx.221200166
卢凌1, 周志德1, 任志磊1,2, 江贺1
LU Ling1, ZHOU Zhide1, REN Zhilei1,2, JIANG He1
摘要: 报错机制是JavaScript引擎必不可少的一部分。面对错误的程序,JavaScript引擎报错机制应输出合理的错误信息,指出错误的原因和位置,帮助开发人员修复错误。然而,JavaScript引擎报错机制中存在会阻碍开发人员修复错误的缺陷。文中提出了首个面向JavaScript引擎报错机制的类别导向模糊测试方法CAFJER。给定一个种子程序,CAFJER首先为其选择一个目标类别的错误信息,并进行动态分析得到其上下文信息。其次,CAFJER根据种子程序的上下文信息生成能触发目标类别错误信息的测试用例。然后,CAFJER将生成的测试用例输入不同JavaScript引擎中进行差分测试。若输出的错误信息间有所差异,则说明其中可能存在缺陷。最后,CAFJER自动过滤重复的和无效的测试用例,有效减少了人工的参与。为了验证CAFJER的有效性,将CAFJER与目前先进的相似方法JEST和DIPROM进行比较,实验结果表明,CAFJER在JavaScript引擎报错机制中发现的独特缺陷数分别是JEST和DIPROM的2.17倍和26倍。在为期3个月的实验中,CAFJER还向开发者提交了17个缺陷报告,其中7个已被确认。
中图分类号:
[1]RYAN DAHL.Node.js[EB/OL].(2022)[2022-12-21].https://nodejs.org/. [2]GITHUB.Github Annual Report in 2021[EB/OL].(2022)[2022-12-21].https://octovers-e.github.com/2022/top-programming-languages. [3]MOZILLA FOUNDATION.Spidermonkey[EB/OL].(2022)[2022-12-21].https://spidermonkey.dev/. [4]SPIDERMONKEY.SpiderMonkey bug#1775215.[EB/OL].(2022-6)[2022-12-21]. https://bugzilla.-mozilla.org/show_bug.cgi?id=1775215. [5]WANG J,CHEN B,WEI L,et al.Superion:Grammar-AwareGreybox Fuzzing[C]//2019 IEEE/ACM 41st International Conference on Software Engineering(ICSE).ACM,2019. [6]LI Y,XUE Y,CHEN H,et al.Cerebro:context-aware adaptive fuzzing for effective vulnerability detection[C]//2019 27th ACM Joint Meeting.ACM,2019. [7]PARK S,XU W,YUN I,et al.Fuzzing JavaScript Engines with Aspect-preserving Mutation[C]//2020 IEEE Symposium on Security and Privacy(SP).IEEE,2020. [8]MATHIS B,GOPINATH R,ZELLER A.Learning input tokens for effective fuzzing[C]//29th ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA'20).ACM,2020. [9]HE X,XIE X,LI Y,et al.SoFi:Reflection-Augmented Fuzzing for JavaScript Engines[C]//Association for Computing Machi-nery.2021. [10]PARK J,AN S,YOUN D,et al.Jest:N+ 1-version differential testing of both javascript engines and specification[C]//2021 IEEE/ACM 43rd International Conference on Software Engineering(ICSE).IEEE,2021:13-24. [11]HAN H S,OH D H,CHA S K.Codealchemist:Semantics-Aware code Generation to Find Vulnerabilities in Javascript Engines[C]//The 2019 Annual Network and Distributed System Security Symposium.2019. [12]LEE S,HAN H S,CHA S K,et al.Montage:A Neural Network Language Model-Guided JavaScript Engine Fuzzer[J].arXiv:2001.04107,2020. [13]YE G,TANG Z,TAN S H,et al.Automated Conformance Testing for JavaScript Engines via Deep Compiler Fuzzing:,10.1145/3453483.345405-4[P].2021. [14]ECMA-262.The specification of JavaScript language[S/OL].https://tc39.es/ecma262/,2021. [15]Google.V8[EB/OL].(2022)[2022-12-21].https://v8.dev/. [16]Apple.JavaScriptCore[EB/OL].(2022)[2022-12-21].https://github.com/phoboslab/JavaScript-Core-iOS. [17]TANG Y X,JIANG H,ZHOU Z D,et al.Detecting compilerwarning defects via diversity-guided program mutation.[C]//IEEE Transactions on Software Engineering,2021. [18]CHEN J J,HU W X,HAO D,et al.An empirical comparison of compiler testing techniques.[C]//Proceedings of the 38th International Conference on Software Engineering.2016:180-190. [19]Grammar-based interpreter fuzz testing[D].Christian Holler:Saarland University,2011. [20]MANÈS V J M,HAN H S,HAN C,et al.The art,science,and engineering of fuzzing:A survey[J].IEEE Transactions on Software Engineering,2019,47(11):2312-2331. [21]BARTON P M,LARS F,BRYAN S.An empirical study of the reliability of unix utilities[J].Communications of the ACM,1990,33(12):32-44. [22]HAN H S,SANG K C.IMF:Inferred Model-based Fuzzer[C]//Acm Sigsac Conference.ACM,2017. [23]HOLLER C,HERZIG K,ZELLER A.Fuzzing with Code Fragments[C]//Proceedings of the 21st Usenix Security Sympo-sium.2012. [24]YANG X,YANG C,EIDE E,et al.Finding and understanding bugs in C compilers[C]//ACM Sigplan Conference on Programming Language Design & Implementation.ACM,2011. [25]MICHA Z.AFL[EB/OL].(2022)[2022-12-21].http://lcamtuf.coredump.cx/afl/. [26]SUN C,LE V,SU Z.Finding and Analyzing Compiler Warning Defects[C]//IEEE/ACM International Conference on Software Engineering.IEEE,2017. [27]SLASHDATA.State of the developer nation[EB/OL].(2021)[2022-12-21].https://slashdataweb-sitecms.s3.amazonaws.com/sample_reports/VZtJWxZw5Q9NDSAQ.pdf. [28]ARIYA HIDAYAT.esprima[EB/OL].(2021)[2022-12-21].https://github.com/jquery/esprima. [29]YUSUKE SUZUKI.escodegen[EB/OL].(2020)[2022-12-21].https://github.com/estools/escodegen. [30]LYU C,JI S,ZHANG C,et al.MOPT:optimized mutationscheduling for fuzzers[C]//USENIX Security Symposium.2019. [31]CHEN Y,SU T,SU Z.Deep differential testing of JVM implementations[C]//2019 IEEE/ACM 41st International Confe-rence on Software Engineering(ICSE).IEEE,2019. [32]CHEN Y,SU T,SUN C,et al.Coverage-directed differentialtesting of JVM implementations[C]//ACM Sigplan Conference on Programming Language Design & Implementation.ACM,PUB27,New York,NY,USA,2016. [33]METROPOLIS N,ROSENBLUTH A W,ROSENBLUTH MN,et al.Equation of state calculations by fast computing machines[J].The Journal of Chemical Physics,1953,21(6):1087-1092. [34]CHEN J,BAI Y,DAN H,et al.Learning to Prioritize Test Programs for Compiler Testing[C]//IEEE/ACM International Conference on Software Engineering.IEEE Computer Society,2017. [35]LE V,AFSHARI M,SU Z.Compiler validation via equivalence modulo inputs[J].ACM Sigplan Notices,2014,49(6):216-226. [36]OFENBECK G,ROMPF T,PÜSCHEL M.RandIR:differential testing for embedded compilers[C]//ACM Sigplan Symposium on Scala.ACM,2016. |
|