RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes
- Authors
- Park, Junyoung; Kim, Yunho; Yun, Insu
- Issue Date
- Jun-2025
- Keywords
- Codes (symbols); Program Compilers; Machine Codes; Novel Techniques; Runtimes; Test Case; Test Case Generation; Testing Tools; Engines
- Citation
- Proceedings - IEEE Symposium on Security and Privacy, pp 920 - 938
- Pages
- 19
- Indexed
- SCOPUS
- Journal Title
- Proceedings - IEEE Symposium on Security and Privacy
- Start Page
- 920
- End Page
- 938
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/208335
- DOI
- 10.1109/SP61157.2025.00003
- ISSN
- 1081-6011
2375-1207
- Abstract
- WebAssembly runtimes embed compilers to compile WebAssembly code into machine code for execution. These compilers use various compiler rules to define how to optimize and lower the WebAssembly code. However, existing testing tools struggle to explore these rules effectively due to their complexity. Moreover, they cannot generate test cases diversely due to their limitations, which can result in undetected bugs. This paper presents RGFuzz, a differential fuzzer for WebAssembly runtimes, addressing the existing limitations through two novel techniques. First, RGFuzz uses rule-guided fuzzing; which extracts compiler rules from the WebAssembly runtime, wasmtime, and uses them to guide test case generation, thereby effectively exploring complex rules. Second, RGFuzz uses reverse stack-based generation to generate test cases diversely. These techniques enable RGFuzz to find bugs effectively in WebAssembly runtimes. We implemented RGFuzz and evaluated it on six engines: wasmtime, Wasmer, WasmEdge, V8, SpiderMonkey, and JavaScriptCore. As a result, RGFuzz found 20 new bugs in these engines, including one bug with a CVE ID issued. Our evaluation demonstrates that RGFuzz outperforms existing fuzzers by utilizing the extracted rules and diversely generating test cases.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.