JITfuzz: Coverage-guided Fuzzing for JVM Just-in-Time Compilers

被引:4
|
作者
Wu, Mingyuan [1 ,2 ]
Lu, Minghai [1 ]
Cui, Heming [2 ]
Chen, Junjie [3 ]
Zhang, Yuqun [1 ]
Zhang, Lingming [4 ]
机构
[1] Southern Univ Sci & Technol, Shenzhen, Peoples R China
[2] Univ Hong Kong, Hong Kong, Peoples R China
[3] Tianjin Univ, Tianjin, Peoples R China
[4] Univ Illinois, Champaign, IL USA
来源
2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE | 2023年
基金
中国国家自然科学基金; 美国国家科学基金会;
关键词
D O I
10.1109/ICSE48619.2023.00017
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
As a widely-used platform to support various Java-bytecode-based applications, Java Virtual Machine (JVM) incurs severe performance loss caused by its real-time program interpretation mechanism. To tackle this issue, the Just-in-Time compiler (JIT) has been widely adopted to strengthen the efficacy of JVM. Therefore, how to effectively and efficiently detect JIT bugs becomes critical to ensure the correctness of JVM. In this paper, we propose a coverage-guided fuzzing framework, namely JITfuzz, to automatically detect JIT bugs. In particular, JITfuzz adopts a set of optimization-activating mutators to trigger the usage of typical JIT optimizations, e.g., function inlining and simplification. Meanwhile, given JIT optimizations are closely coupled with program control flows, JITfuzz also adopts mutators to enrich the control flows of target programs. Moreover, JITfuzz also proposes a mutator scheduler which iteratively schedules mutators according to the coverage updates to maximize the code coverage of JIT. To evaluate the effectiveness of JITfuzz, we conduct a set of experiments based on a benchmark suite with 16 popular JVM-based projects from GitHub. The experimental results suggest that JITfuzz outperforms the state-of-the-art mutation-based and generation-based JVM fuzzers by 27.9% and 18.6% respectively in terms of edge coverage on average. Furthermore, JITfuzz also successfully detects 36 previously unknown bugs (including 23 JIT bugs) and 27 bugs (including 18 JIT bugs) have been confirmed by the developers.
引用
收藏
页码:56 / 68
页数:13
相关论文
共 50 条
  • [1] SPINALFUZZ: Coverage-Guided Fuzzing for SpinalHDL Designs
    Ruep, Katharina
    Grosse, Daniel
    [J]. 2022 IEEE EUROPEAN TEST SYMPOSIUM (ETS 2022), 2022,
  • [2] REFuzz: A Remedy for Saturation in Coverage-Guided Fuzzing
    Lyu, Qian
    Zhang, Dalin
    Da, Rihan
    Zhang, Hailong
    [J]. ELECTRONICS, 2021, 10 (16)
  • [3] Coverage-guided Fuzzing for Feedforward Neural Networks
    Xie, Xiaofei
    Chen, Hongxu
    Li, Yi
    Ma, Lei
    Liu, Yang
    Zhao, Jianjun
    [J]. 34TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2019), 2019, : 1162 - 1165
  • [4] Just Fuzz It: Solving Floating-Point Constraints using Coverage-Guided Fuzzing
    Liew, Daniel
    Cadar, Cristian
    Donaldson, Alastair F.
    Stinnett, J. Ryan
    [J]. ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2019, : 521 - 532
  • [5] RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing
    Wang, Mingzhe
    Liang, Jie
    Zhou, Chijin
    Jiang, Yu
    Wang, Rui
    Sun, Chengnian
    Sun, Jiaguang
    [J]. PROCEEDINGS OF THE 2021 USENIX ANNUAL TECHNICAL CONFERENCE, 2021, : 147 - 159
  • [6] Enhancing Coverage-Guided Fuzzing via Phantom Program
    Wu, Mingyuan
    Chen, Kunqiu
    Luo, Qi
    Xiang, Jiahong
    Qi, Ji
    Chen, Junjie
    Cui, Heming
    Zhang, Yuqun
    [J]. PROCEEDINGS OF THE 31ST ACM JOINT MEETING EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, ESEC/FSE 2023, 2023, : 1037 - 1049
  • [7] TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing
    Odena, Augustus
    Olsson, Catherine
    Andersen, David G.
    Goodfellow, Ian
    [J]. INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 97, 2019, 97
  • [8] Coverage-guided fuzzing for deep reinforcement learning systems
    Wan, Xiaohui
    Li, Tiancheng
    Lin, Weibin
    Cai, Yi
    Zheng, Zheng
    [J]. JOURNAL OF SYSTEMS AND SOFTWARE, 2024, 210
  • [9] Tardis: Coverage-Guided Embedded Operating System Fuzzing
    Shen, Yuheng
    Xu, Yiru
    Sun, Hao
    Liu, Jianzhong
    Xu, Zichen
    Cui, Aiguo
    Shi, Heyuan
    Jiang, Yu
    [J]. IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, 2022, 41 (11) : 4563 - 4574
  • [10] CoCoFuzzing: Testing Neural Code Models With Coverage-Guided Fuzzing
    Wei, Moshi
    Huang, Yuchao
    Yang, Jinqiu
    Wang, Junjie
    Wang, Song
    [J]. IEEE TRANSACTIONS ON RELIABILITY, 2023, 72 (03) : 1276 - 1289
12345