M.Sc. C.S. Thesis Defense: Juan Felipe M. Coronel (Olivine: Optimization-Aware Seed Pool Updating for Just-in-Time Compiler Fuzzing)
Jan. 17, 2022
Meeting ID: 893 8498 4541
Meeting password: 88353191
Panel Members
- Jan Michael C. Yap, Ph.D., Chair
- Susan Pancho-Festin, Ph.D., Adviser
- Francis George C. Cabarle, Ph.D., Reader
Abstract
Just-in-Time (JIT) compilation, through profiling of executed code fragments, allows speculative optimizations to be applied to currently executing program code. The complexity of implementing JIT compilers for JavaScript engines has brought about numerous bugs that make up the majority of web browser vulnerabilities in recent years. These vulnerabilities, if discovered by malicious entities before they can be patched, can be exploited to steal sensitive information from users and perform remote code execution. Fuzz testing, or fuzzing, is an automated software testing technique that utilizes fuzz testing programs called fuzzers to rapidly feed a large volume of randomized inputs to the program being tested in the hope of inciting crashes and uncovering its underlying vulnerabilities. JIT compiler fuzzers in particular must not only ensure that fuzz inputs are both syntactically and semantically valid to execute deep compiler code branches, but also ascertain that optimization routines of the JIT compiler under test are thoroughly exercised. This study explores how existing JIT compiler feedback can be integrated into the fuzzing process of mutation-based JIT compiler fuzzers in order to improve their test coverage of JIT compiler code. Specifically, this study establishes the concept of optimization-guided fuzzing through the introduction of a novel seed pool updating algorithm called Olivine. Different variants of Olivine are characterized and evaluated in comparison to a state-of-the-art, coverage-guided JIT compiler fuzzer when fuzzing Safari's JavaScriptCore. Results show that the proposed optimization-guided fuzzing approach for JIT compilers is a promising alternative to the coverage-guided fuzzing approach employed traditionally. Augmenting the JIT compiler fuzzing process with optimization feedback will hopefully allow compiler maintainers to more swiftly discover and patch vulnerabilities for the protection of their users.