Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
153 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

WRTester: Differential Testing of WebAssembly Runtimes via Semantic-aware Binary Generation (2312.10456v1)

Published 16 Dec 2023 in cs.SE

Abstract: Wasm runtime is a fundamental component in the Wasm ecosystem, as it directly impacts whether Wasm applications can be executed as expected. Bugs in Wasm runtime bugs are frequently reported, thus our research community has made a few attempts to design automated testing frameworks for detecting bugs in Wasm runtimes. However, existing testing frameworks are limited by the quality of test cases, i.e., they face challenges of generating both semantic-rich and syntactic-correct Wasm binaries, thus complicated bugs cannot be triggered. In this work, we present WRTester, a novel differential testing framework that can generated complicated Wasm test cases by disassembling and assembling of real-world Wasm binaries, which can trigger hidden inconsistencies among Wasm runtimes. For further pinpointing the root causes of unexpected behaviors, we design a runtime-agnostic root cause location method to accurately locate bugs. Extensive evaluation suggests that WRTester outperforms SOTA techniques in terms of both efficiency and effectiveness. We have uncovered 33 unique bugs in popular Wasm runtimes, among which 25 have been confirmed.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. 2023. Occam’s razor. https://en.wikipedia.org/wiki/Occam%27s_razor
  2. Bytecode Alliance. 2023. Github wasm-tools repository. https://github.com/bytecodealliance/wasm-tools/tree/main/crates/wasm-smith
  3. JIT-picking: Differential fuzzing of JavaScript engines. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 351–364.
  4. Wasmati: An efficient static vulnerability scanner for WebAssembly. Computers & Security 118 (2022), 102745.
  5. BREWasm: A General Static Binary Rewriting Framework for WebAssembly. In International Static Analysis Symposium. Springer, 139–163.
  6. Deep differential testing of JVM implementations. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). IEEE, 1257–1268.
  7. Coverage-directed differential testing of JVM implementations. In proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. 85–99.
  8. Differential Testing of Cross Deep Learning Framework {{\{{APIs}}\}}: Revealing Inconsistencies and Vulnerabilities. In 32nd USENIX Security Symposium (USENIX Security 23). 7393–7410.
  9. eosio. 2023. eosio official website. https://eos.io/
  10. Audee: Automated testing for deep learning frameworks. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 486–498.
  11. Bringing the web up to speed with WebAssembly. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. 185–200.
  12. Keno Haßler and Dominik Maier. 2021. Wafl: Binary-only webassembly fuzzing with fast snapshots. In Reversing and Offensive-oriented Trends Symposium. 23–30.
  13. EOSAFE: Security Analysis of EOSIO Smart Contracts.. In USENIX Security Symposium. 1271–1288.
  14. Eunomia: Enabling User-specified Fine-Grained Search in Symbolically Executing WebAssembly Binaries. arXiv preprint arXiv:2304.07204 (2023).
  15. Wasmfuzzer: A fuzzer for webassembly virtual machines. In 34th International Conference on Software Engineering and Knowledge Engineering, SEKE 2022. KSI Research Inc., 537–542.
  16. Revealing Performance Issues in Server-side WebAssembly Runtimes via Differential Testing. arXiv preprint arXiv:2309.12167 (2023).
  17. WaVe: a verifiably secure WebAssembly sandboxing runtime. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2940–2955.
  18. Timotej Kapus and Cristian Cadar. 2017. Automatic testing of symbolic execution engines via program generation and differential testing. In 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 590–600.
  19. Everything old is new again: Binary security of webassembly. In Proceedings of the 29th USENIX Conference on Security Symposium. 217–234.
  20. Fuzzm: Finding memory bugs through binary-only instrumentation and fuzzing of webassembly. arXiv preprint arXiv:2110.15433 (2021).
  21. Concolic Execution for WebAssembly. In 36th European Conference on Object-Oriented Programming (ECOOP 2022). Schloss Dagstuhl-Leibniz-Zentrum für Informatik.
  22. William M McKeeman. 1998. Differential testing for software. Digital Technical Journal 10, 1 (1998), 100–107.
  23. MDN. 2023. MDN web docs website. https://developer.mozilla.org/en-US/docs/WebAssembly/Rust_to_wasm
  24. Mswasm: Soundly enforcing memory-safe execution of unsafe code. Proceedings of the ACM on Programming Languages 7, POPL (2023), 425–454.
  25. Compiler testing via a theory of sound optimisations in the C11/C++ 11 memory model. ACM SIGPLAN Notices 48, 6 (2013), 187–196.
  26. RandIR: differential testing for embedded compilers. In Proceedings of the 2016 7th ACM SIGPLAN Symposium on Scala. 21–30.
  27. Flash Sheridan. 2007. Practical testing of a C99 compiler using output comparison. Software: Practice and Experience 37, 14 (2007), 1475–1488.
  28. Security risks of porting c programs to WebAssembly. In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. 1713–1722.
  29. TinyGo. 2023. TinyGo official docs webpage. https://tinygo.org/docs/guides/webassembly/
  30. Potential of WebAssembly for Embedded Systems. In 2022 11th Mediterranean Conference on Embedded Computing (MECO). IEEE, 1–4.
  31. wamr. 2023. Github wamr repository. https://github.com/bytecodealliance/wasm-micro-runtime
  32. WasmBench. 2023. Github WasmBench repository. https://github.com/sola-st/WasmBench
  33. WasmEdge. 2023. Github WasmEdge repository. https://github.com/WasmEdge/WasmEdge
  34. Wasmer. 2023. Github Wasmer repository. https://github.com/wasmerio/wasmer
  35. wasmtime. 2023. Github wasmtime repository. https://github.com/bytecodealliance/wasmtime
  36. WebAssembly. 2023a. Github WASI repository. https://github.com/WebAssembly/WASI
  37. WebAssembly. 2023b. Index of WebAssembly instructions. https://webassembly.github.io/spec/core/appendix/index-instructions.html
  38. WebAssembly. 2023c. SIMD proposal for WebAssembly. https://github.com/WebAssembly/simd
  39. WebAssembly. 2023d. WebAssembly 1.0 specification webpage. https://www.w3.org/TR/wasm-core-1/#a7-index-of-instructions
  40. WebAssembly. 2023e. WebAssembly specification webpage. https://webassembly.github.io/spec/core/binary/index.html
  41. Characterizing and Detecting WebAssembly Runtime Bugs. ACM Transactions on Software Engineering and Methodology (2023).
  42. Alon Zakai. 2011. Emscripten: an LLVM-to-JavaScript compiler. In Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion. 301–312.
  43. WADIFF: A Differential Testing Framework for WebAssembly Runtimes. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE Computer Society, 939–950.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now