Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes

Authors
Park, JunyoungKim, YunhoYun, Insu
Issue Date
Jun-2025
Keywords
Codes (symbols); Program Compilers; Machine Codes; Novel Techniques; Runtimes; Test Case; Test Case Generation; Testing Tools; Engines
Citation
Proceedings - IEEE Symposium on Security and Privacy, pp 920 - 938
Pages
19
Indexed
SCOPUS
Journal Title
Proceedings - IEEE Symposium on Security and Privacy
Start Page
920
End Page
938
URI
https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/208335
DOI
10.1109/SP61157.2025.00003
ISSN
1081-6011
2375-1207
Abstract
WebAssembly runtimes embed compilers to compile WebAssembly code into machine code for execution. These compilers use various compiler rules to define how to optimize and lower the WebAssembly code. However, existing testing tools struggle to explore these rules effectively due to their complexity. Moreover, they cannot generate test cases diversely due to their limitations, which can result in undetected bugs. This paper presents RGFuzz, a differential fuzzer for WebAssembly runtimes, addressing the existing limitations through two novel techniques. First, RGFuzz uses rule-guided fuzzing; which extracts compiler rules from the WebAssembly runtime, wasmtime, and uses them to guide test case generation, thereby effectively exploring complex rules. Second, RGFuzz uses reverse stack-based generation to generate test cases diversely. These techniques enable RGFuzz to find bugs effectively in WebAssembly runtimes. We implemented RGFuzz and evaluated it on six engines: wasmtime, Wasmer, WasmEdge, V8, SpiderMonkey, and JavaScriptCore. As a result, RGFuzz found 20 new bugs in these engines, including one bug with a CVE ID issued. Our evaluation demonstrates that RGFuzz outperforms existing fuzzers by utilizing the extracted rules and diversely generating test cases.
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Kim, Yunho photo

Kim, Yunho
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE