TY - GEN
T1 - One engine to fuzz 'em All
T2 - 42nd IEEE Symposium on Security and Privacy, SP 2021
AU - Chen, Yongheng
AU - Zhong, Rui
AU - Hu, Hong
AU - Zhang, Hangfan
AU - Yang, Yupeng
AU - Wu, Dinghao
AU - Lee, Wenke
N1 - Funding Information:
We thank the anonymous reviewers for their helpful feedback. The work was supported in part by the Defense Advanced Research Projects Agency (DARPA) under contracts HR00112090031 and HR00112090034, the Office of Naval Research (ONR) under grants N00014-17-1-2895, N00014-15-1-2162, N00014-18-1-2662, N00014-16-1-2912, N00014-16-1-2265 and N00014-17-1-2894, and the National Science Foundation (NSF) under grant CNS-1652790. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DARPAR, NSF or ONR.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/5
Y1 - 2021/5
N2 - Language processors, such as compilers and interpreters, are indispensable in building modern software. Errors in language processors can lead to severe consequences, like incorrect functionalities or even malicious attacks. However, it is not trivial to automatically test language processors to find bugs. Existing testing methods (or fuzzers) either fail to generate high-quality (i.e., semantically correct) test cases, or only support limited programming languages.In this paper, we propose POLYGLOT, a generic fuzzing framework that generates high-quality test cases for exploring processors of different programming languages. To achieve the generic applicability, POLYGLOT neutralizes the difference in syntax and semantics of programming languages with a uniform intermediate representation (IR). To improve the language validity, POLYGLOT performs constrained mutation and semantic validation to preserve syntactic correctness and fix semantic errors. We have applied POLYGLOT on 21 popular language processors of 9 programming languages, and identified 173 new bugs, 113 of which are fixed with 18 CVEs assigned. Our experiments show that POLYGLOT can support a wide range of programming languages, and outperforms existing fuzzers with up to 30× improvement in code coverage.
AB - Language processors, such as compilers and interpreters, are indispensable in building modern software. Errors in language processors can lead to severe consequences, like incorrect functionalities or even malicious attacks. However, it is not trivial to automatically test language processors to find bugs. Existing testing methods (or fuzzers) either fail to generate high-quality (i.e., semantically correct) test cases, or only support limited programming languages.In this paper, we propose POLYGLOT, a generic fuzzing framework that generates high-quality test cases for exploring processors of different programming languages. To achieve the generic applicability, POLYGLOT neutralizes the difference in syntax and semantics of programming languages with a uniform intermediate representation (IR). To improve the language validity, POLYGLOT performs constrained mutation and semantic validation to preserve syntactic correctness and fix semantic errors. We have applied POLYGLOT on 21 popular language processors of 9 programming languages, and identified 173 new bugs, 113 of which are fixed with 18 CVEs assigned. Our experiments show that POLYGLOT can support a wide range of programming languages, and outperforms existing fuzzers with up to 30× improvement in code coverage.
UR - http://www.scopus.com/inward/record.url?scp=85115058865&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115058865&partnerID=8YFLogxK
U2 - 10.1109/SP40001.2021.00071
DO - 10.1109/SP40001.2021.00071
M3 - Conference contribution
AN - SCOPUS:85115058865
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 642
EP - 658
BT - Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 May 2021 through 27 May 2021
ER -