Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
80 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Concolic Testing of JavaScript using Sparkplug (2405.06832v1)

Published 10 May 2024 in cs.SE

Abstract: JavaScript is prevalent in web and server apps, handling sensitive data. JS testing methods lag behind other languages. Insitu concolic testing for JS is effective but slow and complex. Our method enhances tracing with V8 Sparkplug baseline compiler and remill libraries for assembly to LLVM IR conversion. Evaluation on 160 Node.js libraries reveals comparable coverage and bug detection in significantly less time than the in-situ method.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (39)
  1. “Node.js,” https://nodejs.org/en/, 2021.
  2. “Npm,” https://www.npmjs.com/, 2021.
  3. A. Decan, T. Mens, and E. Constantinou, “On the impact of security vulnerabilities in the npm package dependency network,” in Proceedings of the 15th International Conference on Mining Software Repositories, ser. MSR ’18.   New York, NY, USA: Association for Computing Machinery, 2018, p. 181–191. [Online]. Available: https://doi.org/10.1145/3196398.3196401
  4. S. Lekies, B. Stock, and M. Johns, “25 million flows later: Large-scale detection of dom-based xss,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’13.   New York, NY, USA: Association for Computing Machinery, 2013, p. 1193–1204. [Online]. Available: https://doi.org/10.1145/2508859.2516703
  5. N. van Ginkel, W. De Groef, F. Massacci, and F. Piessens, “A server-side javascript security architecture for secure integration of third-party libraries,” Security and Communication Networks, vol. 2019, 2019.
  6. S. Mirshokraie, A. Mesbah, and K. Pattabiraman, “Jseft: Automated javascript unit test generation,” in 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).   IEEE, 2015, pp. 1–10.
  7. J. C. King, “Symbolic execution and program testing,” Communications of the ACM, vol. 19, no. 7, pp. 385–394, 1976.
  8. S. Krishnamoorthy, M. S. Hsiao, and L. Lingappan, “Tackling the path explosion problem in symbolic execution-driven test generation for programs,” in 2010 19th IEEE Asian Test Symposium.   IEEE, 2010, pp. 59–64.
  9. K. Sen, “Concolic testing,” in Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, 2007, pp. 571–572.
  10. C. Lattner and V. Adve, “Llvm: a compilation framework for lifelong program analysis transformation,” in International Symposium on Code Generation and Optimization, 2004. CGO 2004., 2004, pp. 75–86.
  11. C. Cadar, D. Dunbar, D. R. Engler et al., “Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.” in OSDI, vol. 8, 2008, pp. 209–224.
  12. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena, “Bitblaze: A new approach to computer security via binary analysis,” in International Conference on Information Systems Security.   Springer, 2008, pp. 1–25.
  13. V. Chipounov, V. Kuznetsov, and G. Candea, “S2e: A platform for in-vivo multi-path analysis of software systems,” Acm Sigplan Notices, vol. 46, no. 3, pp. 265–278, 2011.
  14. P. Godefroid, N. Klarlund, and K. Sen, “Dart: Directed automated random testing,” in Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, 2005, pp. 213–223.
  15. K. Sen, D. Marinov, and G. Agha, “Cute: A concolic unit testing engine for c,” ACM SIGSOFT Software Engineering Notes, vol. 30, no. 5, pp. 263–272, 2005.
  16. P. Godefroid, M. Y. Levin, and D. Molnar, “Sage: whitebox fuzzing for security testing,” Communications of the ACM, vol. 55, no. 3, pp. 40–44, 2012.
  17. B. Chen, C. Havlicek, Z. Yang, K. Cong, R. Kannavara, and F. Xie, “Crete: A versatile binary-level concolic testing framework,” in Fundamental Approaches to Software Engineering, A. Russo and A. Schürr, Eds.   Cham: Springer International Publishing, 2018, pp. 281–298.
  18. Z. Li and F. Xie, “In-situ concolic testing of javascript,” In Proceedings of the 30th IEEE International Conference on Software Analysis, Evolution and Reengineering, 2023.
  19. P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song, “A symbolic execution framework for javascript,” in 2010 IEEE Symposium on Security and Privacy, 2010, pp. 513–528.
  20. S. Süslü and C. Csallner, “Spejs: A symbolic partial evaluator for javascript,” in Proceedings of the 1st International Workshop on Advances in Mobile App Analysis, ser. A-Mobile 2018.   New York, NY, USA: Association for Computing Machinery, 2018, p. 7–12. [Online]. Available: https://doi.org/10.1145/3243218.3243220
  21. F. Bellard, “Qemu, a fast and portable dynamic translator.” in USENIX annual technical conference, FREENIX Track, vol. 41.   Califor-nia, USA, 2005, p. 46.
  22. “Sparkplug,” https://v8.dev/blog/sparkplug, 2023.
  23. “Understanding v8’s bytecode,” https://medium.com/dailyjs/understanding-v8s-bytecode-317d46c94775, 2021.
  24. “Firing up the ignition interpreter,” https://v8.dev/blog/ignition-interpreter, 2021.
  25. “Turbofan: A new code generation architecture for v8,” https://docs.google.com/presentation/d/1_eLlVzcj94_G4r9j9d_Lj5HRKFnq6jgpuPJtnmIBs88/htmlpresent, 2021.
  26. “Sparkplug,” https://github.com/lifting-bits/mcsema, 2023.
  27. “Sparkplug,” https://github.com/lifting-bits/remill, 2023.
  28. “Istanbul,” https://istanbul.js.org/, 2021.
  29. “Mocha: simple, flexible, fun,” https://mochajs.org/, 2021.
  30. “Node-tap,” https://node-tap.org/, 2021.
  31. “github-loc,” https://www.npmjs.com/package/github-loc, Jun. 2021.
  32. “npm-stats-api,” https://www.npmjs.com/package/npm-stats-api, Jun. 2021.
  33. “dependent-counts,” https://www.npmjs.com/package/dependent-counts, Jun. 2021.
  34. B. Loring, D. Mitchell, and J. Kinder, “Expose: practical symbolic execution of standalone javascript,” in Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software, 2017, pp. 196–199.
  35. G. Li, E. Andreasen, and I. Ghosh, “Symjs: automatic symbolic testing of javascript web applications,” in Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2014, pp. 449–459.
  36. X.-o. JIN, B.-y. ZHONG, and X. LI, “Research and implementation of interpreting javascript dynamic web page based on rhino engine [j],” Computer Technology and Development, vol. 2, no. 002, 2008.
  37. K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs, “Jalangi: A selective record-replay and dynamic analysis framework for javascript,” in Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, 2013, pp. 488–498.
  38. J. F. Santos, P. Maksimović, T. Grohens, J. Dolby, and P. Gardner, “Symbolic execution for javascript,” in Proceedings of the 20th International Symposium on Principles and Practice of Declarative Programming, 2018, pp. 1–14.
  39. Y.-F. Li, P. K. Das, and D. L. Dowe, “Two decades of web application testing—a survey of recent advances,” Information Systems, vol. 43, pp. 20–54, 2014.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (2)
  1. Zhe Li (210 papers)
  2. Fei Xie (129 papers)