Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes

Full metadata record
DC Field Value Language
dc.contributor.authorPark, Junyoung-
dc.contributor.authorKim, Yunho-
dc.contributor.authorYun, Insu-
dc.date.accessioned2025-07-28T03:00:22Z-
dc.date.available2025-07-28T03:00:22Z-
dc.date.issued2025-06-
dc.identifier.issn1081-6011-
dc.identifier.issn2375-1207-
dc.identifier.urihttps://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/208335-
dc.description.abstractWebAssembly runtimes embed compilers to compile WebAssembly code into machine code for execution. These compilers use various compiler rules to define how to optimize and lower the WebAssembly code. However, existing testing tools struggle to explore these rules effectively due to their complexity. Moreover, they cannot generate test cases diversely due to their limitations, which can result in undetected bugs. This paper presents RGFuzz, a differential fuzzer for WebAssembly runtimes, addressing the existing limitations through two novel techniques. First, RGFuzz uses rule-guided fuzzing; which extracts compiler rules from the WebAssembly runtime, wasmtime, and uses them to guide test case generation, thereby effectively exploring complex rules. Second, RGFuzz uses reverse stack-based generation to generate test cases diversely. These techniques enable RGFuzz to find bugs effectively in WebAssembly runtimes. We implemented RGFuzz and evaluated it on six engines: wasmtime, Wasmer, WasmEdge, V8, SpiderMonkey, and JavaScriptCore. As a result, RGFuzz found 20 new bugs in these engines, including one bug with a CVE ID issued. Our evaluation demonstrates that RGFuzz outperforms existing fuzzers by utilizing the extracted rules and diversely generating test cases.-
dc.format.extent19-
dc.language영어-
dc.language.isoENG-
dc.titleRGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes-
dc.typeArticle-
dc.identifier.doi10.1109/SP61157.2025.00003-
dc.identifier.scopusid2-s2.0-105009342406-
dc.identifier.wosid001540716400051-
dc.identifier.bibliographicCitationProceedings - IEEE Symposium on Security and Privacy, pp 920 - 938-
dc.citation.titleProceedings - IEEE Symposium on Security and Privacy-
dc.citation.startPage920-
dc.citation.endPage938-
dc.type.docTypeProceedings Paper-
dc.description.isOpenAccessN-
dc.description.journalRegisteredClassscopus-
dc.relation.journalResearchAreaComputer Science-
dc.relation.journalResearchAreaMathematics-
dc.relation.journalWebOfScienceCategoryComputer Science, Information Systems-
dc.relation.journalWebOfScienceCategoryComputer Science, Theory & Methods-
dc.relation.journalWebOfScienceCategoryMathematics, Applied-
dc.subject.keywordPlusCodes (symbols)-
dc.subject.keywordPlusProgram compilers-
dc.subject.keywordAuthorCodes (symbols)-
dc.subject.keywordAuthorProgram Compilers-
dc.subject.keywordAuthorMachine Codes-
dc.subject.keywordAuthorNovel Techniques-
dc.subject.keywordAuthorRuntimes-
dc.subject.keywordAuthorTest Case-
dc.subject.keywordAuthorTest Case Generation-
dc.subject.keywordAuthorTesting Tools-
dc.subject.keywordAuthorEngines-
dc.identifier.urlhttps://ieeexplore.ieee.org/document/11023506-
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Kim, Yunho photo

Kim, Yunho
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE