{"title":"用于生成JavaScript测试用例的路径敏感语义分析技术","authors":"Yunheng Luo, Jianshan Peng","doi":"10.1109/ICCC56324.2022.10065909","DOIUrl":null,"url":null,"abstract":"As the core component of web browser, JavaScript engine has always been concerned about its security. Current state-of-the-art fuzzers for JavaScript engines mainly focus on generating correct and effective testcases by extracting semantic information from the initial corpus. However, we found that the existing fuzzers did not pay attention to the impact of branch conditions in the process of extracting semantic information, which led to incorrect testcases. To address this challenge, we propose a path-sensitive semantic analysis technique and implement it in a fuzz testing tool termed WindCore. Compared with the existing fuzzers, WindCore can more fully extract the semantic information in the initial corpus and generate testcases with correct syntax and semantics. Experimental results show that WindCore can greatly improve the correct rate of testcases with only a negligible performance overhead.","PeriodicalId":263098,"journal":{"name":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"WindCore: Path-Sensitive Semantic Analysis Technique for JavaScript Testcase Generation\",\"authors\":\"Yunheng Luo, Jianshan Peng\",\"doi\":\"10.1109/ICCC56324.2022.10065909\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the core component of web browser, JavaScript engine has always been concerned about its security. Current state-of-the-art fuzzers for JavaScript engines mainly focus on generating correct and effective testcases by extracting semantic information from the initial corpus. However, we found that the existing fuzzers did not pay attention to the impact of branch conditions in the process of extracting semantic information, which led to incorrect testcases. To address this challenge, we propose a path-sensitive semantic analysis technique and implement it in a fuzz testing tool termed WindCore. Compared with the existing fuzzers, WindCore can more fully extract the semantic information in the initial corpus and generate testcases with correct syntax and semantics. Experimental results show that WindCore can greatly improve the correct rate of testcases with only a negligible performance overhead.\",\"PeriodicalId\":263098,\"journal\":{\"name\":\"2022 IEEE 8th International Conference on Computer and Communications (ICCC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 8th International Conference on Computer and Communications (ICCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCC56324.2022.10065909\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCC56324.2022.10065909","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
WindCore: Path-Sensitive Semantic Analysis Technique for JavaScript Testcase Generation
As the core component of web browser, JavaScript engine has always been concerned about its security. Current state-of-the-art fuzzers for JavaScript engines mainly focus on generating correct and effective testcases by extracting semantic information from the initial corpus. However, we found that the existing fuzzers did not pay attention to the impact of branch conditions in the process of extracting semantic information, which led to incorrect testcases. To address this challenge, we propose a path-sensitive semantic analysis technique and implement it in a fuzz testing tool termed WindCore. Compared with the existing fuzzers, WindCore can more fully extract the semantic information in the initial corpus and generate testcases with correct syntax and semantics. Experimental results show that WindCore can greatly improve the correct rate of testcases with only a negligible performance overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
