Abstract
JavaScript is one of the most wide-spread programming languages: it drives the web applications in browsers, it runs on server side, and it gets to the embedded world as well. Because of its prevalence, ensuring the correctness of its execution engines is highly important. One of the hardest parts to test in an execution environment is the API exposed by the engine. Thus, we focus on fuzz testing of JavaScript engine APIs in this paper. We formally define a graph representation that is suited to describe type information in an engine, explain how to build such graphs, and describe how to use them for API fuzz testing. Our experimental evaluation of the techniques on a real-life in-use JavaScript engine shows that the introduced approach gives better coverage than available existing fuzzing techniques and could also find valid issues in the tested system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, C.L.: Type inference for JavaScript. Ph.D. thesis, University of London, Imperial College London, Department of Computing (2006)
Chugh, R., Herman, D., Jhala, R.: Dependent types for JavaScript. In: Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA 2012), pp. 587–606. ACM (2012)
Ecma International: ECMAScript Language Specification (ECMA-262), 5.1st edn., June 2011
Franzen, D., Aspinall, D.: Towards an amortized type system for JavaScript. In: Proceedings of the 6th International Symposium on Symbolic Computation in Software Science (SCSS 2014). EPiC Series in Computer Science, vol. 30, pp. 12–26. EasyChair (2014)
Godefroid, P., Kiezun, A., Levin, M.Y.: Grammar-based whitebox fuzzing. In: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2008), pp. 206–215. ACM (2008)
Holler, C., Herzig, K., Zeller, A.: Fuzzing with code fragments. In: 21st USENIX Security Symposium, pp. 445–458. USENIX (2012)
Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for JavaScript. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 238–255. Springer, Heidelberg (2009)
Microsoft Corporation: Security development lifecycle (verification phase). https://www.microsoft.com/en-us/sdl/default.aspx
Purdom, P.: A sentence generator for testing parsers. BIT Numer. Math. 12(3), 366–375 (1972)
Sen, K., Kalasapur, S., Brutch, T., Gibbs, S.: Jalangi: A selective record-replay and dynamic analysis framework for JavaScript. In: Proceedings of the 9th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2013), pp. 488–498. ACM (2013)
Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley, Boston (2007)
Takanen, A., DeMott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance, chap. Foreword, Artech House (2008)
Thiemann, P.: Towards a type system for analyzing JavaScript programs. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 408–422. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Hodován, R., Kiss, Á. (2016). Fuzzing JavaScript Engine APIs. In: Ábrahám, E., Huisman, M. (eds) Integrated Formal Methods. IFM 2016. Lecture Notes in Computer Science(), vol 9681. Springer, Cham. https://doi.org/10.1007/978-3-319-33693-0_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-33693-0_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33692-3
Online ISBN: 978-3-319-33693-0
eBook Packages: Computer ScienceComputer Science (R0)