Semantic Scripting Language Fuzzing
Event details
| Date | 16.06.2023 |
| Hour | 13:00 › 15:00 |
| Speaker | Chibin Zhang |
| Location | |
| Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Edouard Bugnion
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. Martin Odersky
Abstract
Scripting languages are ubiquitous due to their convenient API and broad functionality. The scripting runtime environment guarantees memory safety, type safety, and sandboxing. Unfortunately, bugs may violate these guarantees. Fuzzing is the prime technique to discover bugs. Language environments are challenging targets because (i) inputs must pass the parser stage to trigger interesting functionality, (ii) the input must trigger rich semantics, and (iii) runtime libraries are complex.
In this work, we discuss three papers: CSmith, Polyglot, and Fuzzilli. CSmith is a seminal work in compiler testing and popularized the many techniques used in this field. Polyglot is the first fuzzer to tackle fuzzing multiple languages at once, proposing semantic validation and constrained mutation. And Fuzzilli highlights unique challenges for fuzzing JIT compilers. We note the limitations of existing papers, for example, specialization towards a single language, the need for massive manual effort, and propose solutions to overcome these shortcomings.
Background papers
1. Finding and Understanding Bugs in C Compilers, Xuejun Yang, Yang Chen, Eric Eide, John Regehr https://users.cs.utah.edu/~regehr/papers/pldi11-preprint.pdf
2. NAUTILUS: Fishing for Deep Bugs with Grammars by Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-3_Aschermann_paper.pdf
3. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities by Samuel Groß, Simon Koch, Lukas Bernhard, Thorsten Holz, Martin Johns https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f290_paper.pdf
Exam president: Prof. Edouard Bugnion
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. Martin Odersky
Abstract
Scripting languages are ubiquitous due to their convenient API and broad functionality. The scripting runtime environment guarantees memory safety, type safety, and sandboxing. Unfortunately, bugs may violate these guarantees. Fuzzing is the prime technique to discover bugs. Language environments are challenging targets because (i) inputs must pass the parser stage to trigger interesting functionality, (ii) the input must trigger rich semantics, and (iii) runtime libraries are complex.
In this work, we discuss three papers: CSmith, Polyglot, and Fuzzilli. CSmith is a seminal work in compiler testing and popularized the many techniques used in this field. Polyglot is the first fuzzer to tackle fuzzing multiple languages at once, proposing semantic validation and constrained mutation. And Fuzzilli highlights unique challenges for fuzzing JIT compilers. We note the limitations of existing papers, for example, specialization towards a single language, the need for massive manual effort, and propose solutions to overcome these shortcomings.
Background papers
1. Finding and Understanding Bugs in C Compilers, Xuejun Yang, Yang Chen, Eric Eide, John Regehr https://users.cs.utah.edu/~regehr/papers/pldi11-preprint.pdf
2. NAUTILUS: Fishing for Deep Bugs with Grammars by Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-3_Aschermann_paper.pdf
3. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities by Samuel Groß, Simon Koch, Lukas Bernhard, Thorsten Holz, Martin Johns https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f290_paper.pdf
Practical information
- General public
- Free